Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to include firewall in VM instance creation by DeploymentManager in GCP

Tags:

google-cloud-platform

google-deployment-manager

my yaml template is as follows, I want to add firewall property to allow http traffic:

resources:

    - name: deployed-vm2222
      type: compute.v1.instance
      properties:
        zone: us-central1-f           
        machineType: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-f/machineTypes/f1-micro
        disks:
        - deviceName: boot
          type: PERSISTENT
          boot: true
          autoDelete: true
like image 336
A.JRJ Avatar asked Jun 02 '18 05:06

A.JRJ

People also ask

How do I enable firewall rule by network tag?

Create a firewall rule that allows traffic on HTTP (tcp/80) to any address and add network tag on juice-shop. In this step, you have to create a firewall rule that allows traffic on HTTP (tcp/80) to any address. In the GCP Console go to Navigation Menu >VPC Network > Firewall. Click Create firewall rule.

How do I add a firewall rule?

Open the Group Policy Management Console to Windows Defender Firewall with Advanced Security. In the navigation pane, click Inbound Rules. Click Action, and then click New rule. On the Rule Type page of the New Inbound Rule Wizard, click Custom, and then click Next.

Does GCP have a firewall?

Overview. Google Cloud Platform (GCP) firewall rules let you allow or deny traffic to and from your virtual machine (VM) instances based on a configuration you specify. By creating a firewall rule, you specify a Virtual Private Cloud (VPC) network and a set of components that define what the rule does.

2 Answers

In the firewall, we use: 

targetTags: ["http"]

Then, in the instance, we use: 

tags:
    items: ["http"]

The complete file can be as shown:

resources:
- name: default-allow-http
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]    
- name: vm-test
  type: compute.v1.instance
  properties:
    zone: xxxx
    machineType: xxxx
    tags:
        items: ["http"]
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: xxxx
        sourceImage: xxxx
    networkInterfaces:
    - network: xxxx
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT
like image 100
Fady Ibrahim Avatar answered Oct 02 '22 19:10

Fady Ibrahim

A couple things to note when performing this action, make sure the instance is correctly tagged to enable the labelling to be applied. For example, tagging the instance, http-server or https-server ensure the firewall is aware it is processing public traffic.

Adding a firewall entry can be achieved in the following way. 

resources:
  - name: instance
    type: xxxxxxxx
    properties:
      zone: us-east1-b
      tags:
        items: ["http-server", "tensorboard"]
  - name: default-allow-http
    type: compute.v1.firewall
    properties:
      network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
      targetTags: ["http-server"]
      sourceRanges: ["0.0.0.0/0"]
      allowed:
      - IPProtocol: TCP
        ports: ["80"]
  - name: default-allow-tensorboard
    type: compute.v1.firewall
    properties:
      network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
      targetTags: ["tensorboard"]
      sourceRanges: ["0.0.0.0/0"]
      allowed:
      - IPProtocol: TCP
        ports: ["6006"]
like image 21
Richard Rose Avatar answered Oct 02 '22 20:10

Richard Rose
Sign in to Comment

Related questions

Batching PubSub requests
Command to create google cloud backend service fails - what am I doing wrong?
How do I get notified when an object is uploaded to my GCS bucket?
You do not have permissions to create projects outside of an organization
GCS with GKE, 403 Insufficient permission for writing into GCS bucket [duplicate]
GCP Point Custom Domain to Specific App Engine Service
How to get apache beam for dataflow GCP on Python 3.x
GCP auto shutdown and startup using Google Cloud Schedulers
How to deploy a SpringBoot REST Application to Google App Engine?
Creating a HTTP load balancer in Google Cloud Platform
Builder Permission denied. Unable to deploy on Google cloud
Google Cloud Platform API for Python and AWS Lambda Incompatibility: Cannot import name 'cygrpc'
Exporting BigQuery table from one project to another
How do I configure managed instance group and autoscaling in Google Cloud Platform
How would I loop through all the file names in a subdirectory on Google Cloud Storage with python?
gcloud: how to download the app via cli
How can I restart the airflow server on Google Composer?
Ubuntu '-bash: nano: command not found'
CORS errors when trying to fetch from new Google Cloud API Gateway
Insert data into BigQuery table

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!