Menu
Is it possible to know what range of external IP the DataFlow workers on GCP are using? The goal is to set-up some kind of IP filtering on an external service, so that only our DataFlow jobs running on GCP can access the service.
600
You view the internal and external IP addresses for your instance through either the Google Cloud console, the Google Cloud CLI, or the Compute Engine API. In the Google Cloud console, go to the VM instances page. If the VM instance has an external IP address, it appears under the External IP column.
Google Cloud uses the following labels to describe different IP address types. For example, an internal IP address is not publicly routed. An external IP address is a publicly routed IP address. You can assign an external IP address to the network interface of a Google Cloud VM.
For IPv4: 8.8.8.8 and/or 8.8.4.4 . For IPv6: 2001:4860:4860::8888 and/or 2001:4860:4860::8844 .
The best solution would be to upgrade so that you can use SSL or other mechanisms of strong authentication.
You can use the --network= option to control the GCE Network that the worker VMs are assigned to. Take a look at the GCE docs on networking for details on how to set up a VPN (like the comment from Elmar suggested). You could also look at setting up a single machine in the network with a static, external IP and using it as a proxy for the other VMs in the network.
This is not a use pattern we have tested, so there may be issues with latency or throughput of traffic through the proxy/VPN. You will likely need to be careful to only send your traffic through this proxy so that you don’t accidentally hijack the traffic used by each worker to communicate with the Dataflow service.
155
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
