问题描述
我正在尝试将 Google Cloud Armor 添加到使用 Kubernetes 部署应用程序的 terraform 项目中。我遵循这个例子。但是,就我而言,我想改为创建此规则: https://github.com/hashicorp/terraform-provider-google/blob/master/examples/cloud-armor/main.tf
关闭所有端口上所有 IP 的所有流量,但打开端口 80 和 443 上所有 IP 的流量
# Cloud Armor Security policies
resource "google_compute_security_policy" "web-app-firewall" {
name = "armor-security-policy"
description = "Web application security policy to close all traffics for all IPs on all ports but open traffic for all IPs on port 80 and 443"
# Reject all traffics for all IPs on all ports
rule {
description = "Default rule,higher priority overrides it"
action = "deny(403)"
priority = "2147483647"
match {
versioned_expr = "SRC_IPS_V1"
config {
src_ip_ranges = ["*"]
}
}
}
# Open traffic for all IPs on port 80 and 443
#rule {
# description = "allow traffic for all IPs on port 80 and 443"
# action = "allow"
# priority = "1000"
# match {
# versioned_expr = "SRC_IPS_V1"
# config {
# src_ip_ranges = ["*"]
# }
# }
#}
}
resource "google_compute_firewall" "firewall-allow-ports" {
name = "firewall-allow-ports"
network = google_compute_network.default.name
allow {
protocol = "icmp"
}
allow {
protocol = "tcp"
ports = ["80"]
}
source_tags = ["web"]
}
resource "google_compute_network" "default" {
name = "test-network"
}
在这里,我停用了端口 445,但在重新部署后,我仍然可以访问 Web 应用程序。你能告诉我我在这里做错了什么吗?提前致谢。
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)