You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Dec 15, 2022. It is now read-only.
By default, private clusters do not allow public IPs over the internet to access the control plane endpoint. Using authorized networks in private clusters makes your control plane reachable only by allowed CIDRs, by nodes and Pods within your cluster's VPC, and by Google's internal production jobs that manage your control plane.
https://github.com/GoogleCloudPlatform/gke-network-policy-demo/blob/master/terraform/main.tf
https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#gcloud
https://cloud.google.com/kubernetes-engine/docs/how-to/authorized-networks
https://cloud.google.com/kubernetes-engine/docs/concepts/private-cluster-concept#overview
BinAuthz with VPC Service Control: https://cloud.google.com/binary-authorization/docs/securing-with-vpcsc
Private Nodes
Policy Controller
Example with BoA: https://cloud.google.com/architecture/distributed-services-on-gke-private-using-anthos-service-mesh
Other example: https://cloud.google.com/service-mesh/docs/security/egress-gateway-gke-tutorial
The text was updated successfully, but these errors were encountered: