Solved: How to prevent public access to GKE Ingress and ma...

mehdizj2000 · 10-17-2021 08:11 PM

I am new in Cloud stuff, and my question may be basic, but this problem has bugged me for a week, and I don't know how to fix it.

I deployed my first Cloud project on GCP using GKE. After that, I used Kubernetes Ingress to expose its service. On the API gateway side, I used Apigee X. And successfully created a proxy and used the Ingress's IP address as the proxy's backend. Up to now, everything is fine.

My problem is to prevent public access to GKE Ingress and make it accessible just for Apigee X to communicate with it.

I am thinking of creating an internal ingress ( I know we have both External and Internal options for the Ingress in GKE) and giving the Apigee proxy's backend the internal IP address. But I am unsure if and how to make Apigee load balancer talk to an internal IP address.

cjking

> But I am unsure if and how to make Apigee load balancer talk to an internal IP address.

So long as the Apigee X install was configured to use the same VPC as your internal GKE Ingress (or appropriate peering is in place) and the VPC doesn't have firewall rules denying access to your internal GKE ingress from Apigee then this should just work with no special requirements. Getting DNS for an internal domain to work is slightly more challenging, but just IP based should work with no special setup.

View solution in original post

cjking

> But I am unsure if and how to make Apigee load balancer talk to an internal IP address.

So long as the Apigee X install was configured to use the same VPC as your internal GKE Ingress (or appropriate peering is in place) and the VPC doesn't have firewall rules denying access to your internal GKE ingress from Apigee then this should just work with no special requirements. Getting DNS for an internal domain to work is slightly more challenging, but just IP based should work with no special setup.

How to prevent public access to GKE Ingress and make it accessible just for Apigee X