From d6ddb6adcfd5495a379c7cf86412faf5d9abb57d Mon Sep 17 00:00:00 2001 From: Andriy Kopachevskyy Date: Thu, 26 Dec 2019 11:01:50 +0200 Subject: [PATCH] Documented guide about GKE clusters isolation from internet access * Fix #305 --- autogen/README.md | 2 ++ modules/beta-private-cluster-update-variant/README.md | 2 ++ modules/beta-private-cluster/README.md | 2 ++ modules/private-cluster-update-variant/README.md | 2 ++ modules/private-cluster/README.md | 2 ++ 5 files changed, 10 insertions(+) diff --git a/autogen/README.md b/autogen/README.md index a54d3e8920..a49215da8e 100644 --- a/autogen/README.md +++ b/autogen/README.md @@ -25,6 +25,8 @@ If you are using these features with a private cluster, you will need to either: 3. Include the external IP of your Terraform deployer in the `master_authorized_networks` configuration. Note that only IP addresses reserved in Google Cloud (such as in other VPCs) can be whitelisted. 4. Deploy a [bastion host](https://github.com/terraform-google-modules/terraform-google-bastion-host) or [proxy](https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies) in the same VPC as your GKE cluster. +If you are going to isolate your GKE private clusters from internet access you could check [guide](https://medium.com/google-cloud/completely-private-gke-clusters-with-no-internet-connectivity-945fffae1ccd) and [repo](https://github.com/andreyk-code/no-inet-gke-cluster) + {% endif %} ## Compatibility diff --git a/modules/beta-private-cluster-update-variant/README.md b/modules/beta-private-cluster-update-variant/README.md index 81b41af60f..fdc1b66cff 100644 --- a/modules/beta-private-cluster-update-variant/README.md +++ b/modules/beta-private-cluster-update-variant/README.md @@ -23,6 +23,8 @@ If you are using these features with a private cluster, you will need to either: 3. Include the external IP of your Terraform deployer in the `master_authorized_networks` configuration. Note that only IP addresses reserved in Google Cloud (such as in other VPCs) can be whitelisted. 4. Deploy a [bastion host](https://github.com/terraform-google-modules/terraform-google-bastion-host) or [proxy](https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies) in the same VPC as your GKE cluster. +If you are going to isolate your GKE private clusters from internet access you could check [guide](https://medium.com/google-cloud/completely-private-gke-clusters-with-no-internet-connectivity-945fffae1ccd) and [repo](https://github.com/andreyk-code/no-inet-gke-cluster) + ## Compatibility diff --git a/modules/beta-private-cluster/README.md b/modules/beta-private-cluster/README.md index 1c3e4f064b..f8ab4de43c 100644 --- a/modules/beta-private-cluster/README.md +++ b/modules/beta-private-cluster/README.md @@ -23,6 +23,8 @@ If you are using these features with a private cluster, you will need to either: 3. Include the external IP of your Terraform deployer in the `master_authorized_networks` configuration. Note that only IP addresses reserved in Google Cloud (such as in other VPCs) can be whitelisted. 4. Deploy a [bastion host](https://github.com/terraform-google-modules/terraform-google-bastion-host) or [proxy](https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies) in the same VPC as your GKE cluster. +If you are going to isolate your GKE private clusters from internet access you could check [guide](https://medium.com/google-cloud/completely-private-gke-clusters-with-no-internet-connectivity-945fffae1ccd) and [repo](https://github.com/andreyk-code/no-inet-gke-cluster) + ## Compatibility diff --git a/modules/private-cluster-update-variant/README.md b/modules/private-cluster-update-variant/README.md index eb032b58b3..a79353860c 100644 --- a/modules/private-cluster-update-variant/README.md +++ b/modules/private-cluster-update-variant/README.md @@ -23,6 +23,8 @@ If you are using these features with a private cluster, you will need to either: 3. Include the external IP of your Terraform deployer in the `master_authorized_networks` configuration. Note that only IP addresses reserved in Google Cloud (such as in other VPCs) can be whitelisted. 4. Deploy a [bastion host](https://github.com/terraform-google-modules/terraform-google-bastion-host) or [proxy](https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies) in the same VPC as your GKE cluster. +If you are going to isolate your GKE private clusters from internet access you could check [guide](https://medium.com/google-cloud/completely-private-gke-clusters-with-no-internet-connectivity-945fffae1ccd) and [repo](https://github.com/andreyk-code/no-inet-gke-cluster) + ## Compatibility diff --git a/modules/private-cluster/README.md b/modules/private-cluster/README.md index 5b2bad043f..21927f242e 100644 --- a/modules/private-cluster/README.md +++ b/modules/private-cluster/README.md @@ -23,6 +23,8 @@ If you are using these features with a private cluster, you will need to either: 3. Include the external IP of your Terraform deployer in the `master_authorized_networks` configuration. Note that only IP addresses reserved in Google Cloud (such as in other VPCs) can be whitelisted. 4. Deploy a [bastion host](https://github.com/terraform-google-modules/terraform-google-bastion-host) or [proxy](https://cloud.google.com/solutions/creating-kubernetes-engine-private-clusters-with-net-proxies) in the same VPC as your GKE cluster. +If you are going to isolate your GKE private clusters from internet access you could check [guide](https://medium.com/google-cloud/completely-private-gke-clusters-with-no-internet-connectivity-945fffae1ccd) and [repo](https://github.com/andreyk-code/no-inet-gke-cluster) + ## Compatibility