damondouglas commented on PR #25508: URL: https://github.com/apache/beam/pull/25508#issuecomment-1462425071
@MakarkinSAkvelon (cc: @pabloem ) Did some research on this issue. To accomplish the same goals in Google Cloud: 1) Create a private kubernetes cluster (See: https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters) 2) Create a NAT and Router (See: https://cloud.google.com/nat/docs/overview) 3) Enable private Google access (See: https://cloud.google.com/vpc/docs/private-google-access) 4) Create firewall policy that combines a deny all egress with an allow using FQDN of the outside Google frontend domains (i.e. not google APIs; you can already access google APIs via private google access in the subnetwork). The priority of the allow rule must proceed that of the deny all. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: [email protected] For queries about this service, please contact Infrastructure at: [email protected]
