File tree Expand file tree Collapse file tree 1 file changed +4
-1
lines changed Expand file tree Collapse file tree 1 file changed +4
-1
lines changed Original file line number Diff line number Diff line change @@ -27,7 +27,8 @@ I have assumed the following:
2727## Networking
2828The network setup is unknown. In a real scenario, there is careful planning of IP address ranges for
2929services, pods, and load balancers with each in its own subnet. The module creates a private cluster
30- so the cluster's master node is only accessible within the VPC.
30+ so the cluster's master node is only accessible within the VPC. A Default Deny VPC is an area for
31+ improvement.
3132
3233---
3334
@@ -38,6 +39,8 @@ overriding the use of the node pool service account.
3839* The ` private-k8s-cluster ` module creates a jump host to connect to the cluster's master node as
3940the master node can only be accessed from within the VPC.
4041* A user authenticates with the jump host using Identity-Aware Proxy.
42+ * By default, GKE deploys the ip-masq-agent with a configuration that selectively masquerades
43+ traffic—rewriting pod IPs for destinations that fall outside specified CIDRs.
4144
4245---
4346
You can’t perform that action at this time.
0 commit comments