Question
I'm deploying an external HTTP load balancer for a Kubernetes cluster. What is the necessity for having a VPC firewall rule that allows TCP traffic on port 80?
Context
In preparation for the Google Cloud Platform Associate Cloud Engineer exam, I'm studying on CloudSkillsBoost. There is a challenge lab (
CodePudding user response:
The load balancer does not need or support firewall rules. Listening ports are defined by frontends. Optionally, there is Cloud Armor that can act as a firewall.
A Kubernetes cluster starts as a collection of Compute Engine instances. That means you must allow traffic into the VPC to reach the instances. In your drawing, the load balancer is listening on port 80 and forwarding traffic to port 80. Therefore you need a firewall ingress rule to allow port 80 traffic.