Best practice of access restriction in staging on GKE

Question

I want to allow only my team to access(https) our staging environments(Web application) through ingress in GKE cluster.

I found the article below. but GKE doesn't support basic authentication and setting nginx is only way .

GKE Ingress Basic Authentication (ingress.kubernetes.io/auth-type)

I want to avoid setting nginx if possible. Because I want to make staging and production as close as possible.

Thanks.

Answer 1

We're having very similar problems, however our services themselves require authentication, so public accessibility is not too much of a concern for us.

It might not apply to your scenario, but you can firewall the ingress' external IP to be accessible only from certain IPs, e.g. the one of your office. It's a quite naive but at least very quick solution. Google's Cloud Router might also be worth a shot otherwise.