This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

IaP not on by default for HTTPRoute & public Gateway, how to enforce to avoid public access

Posted on 08-23-2024 04:48 AM
pascalwhoop
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hi all,

we use HTTPRoute + Gateway on GKE. We also have IaP in front of our applications. However, when I create a new HTTPRoute to e.g. ArgoCD or MLFlow, it is by default not protected. I need to remember going into the UI and manually enabling IaP for that application in the Console.

Is there any way to set a rule in GKE globally that any HTTPRoute needs to be IaP protected for a specific gateway? 

0 1 129
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
garisingh
Staff
Reply posted on --/--/---- --:-- AM

There is not global setting for this, but you can use GCPBackendPolicy to attach IAP policy as part of deploying services.

 

apiVersion: networking.gke.io/v1
kind: GCPBackendPolicy
metadata:
  name: backend-policy
spec:
  default:
    iap:
      enabled: true
      oauth2ClientSecret:
        name: SECRET_NAME
      clientID: CLIENT_ID
  targetRef:
    group: ""
    kind: Service
    name: lb-service
0 Likes
Top Labels in this Space