如何在GCP中通过DeploymentManager在VM实例创建中包含防火墙

时间:2018-06-02 05:24:51

标签: google-cloud-platform google-deployment-manager

我的yaml模板如下,我想添加防火墙属性以允许http流量:

resources:

    - name: deployed-vm2222
      type: compute.v1.instance
      properties:
        zone: us-central1-f           
        machineType: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-f/machineTypes/f1-micro
        disks:
        - deviceName: boot
          type: PERSISTENT
          boot: true
          autoDelete: true

4 个答案:

答案 0 :(得分:5)

在防火墙中,我们使用:

targetTags: ["http"]

然后,在实例中,我们使用:

tags:
    items: ["http"]

完整的文件可以如下所示:

resources:
- name: default-allow-http
  type: compute.v1.firewall
  properties:
    targetTags: ["http"]
    sourceRanges: ["0.0.0.0/0"]
    allowed:
      - IPProtocol: TCP
        ports: ["80"]    
- name: vm-test
  type: compute.v1.instance
  properties:
    zone: xxxx
    machineType: xxxx
    tags:
        items: ["http"]
    disks:
    - deviceName: boot
      type: PERSISTENT
      boot: true
      autoDelete: true
      initializeParams:
        diskName: xxxx
        sourceImage: xxxx
    networkInterfaces:
    - network: xxxx
      accessConfigs:
      - name: External NAT
        type: ONE_TO_ONE_NAT

答案 1 :(得分:3)

执行此操作时需要注意的几件事,请确保实例已正确标记以启用标签。例如,标记实例,http服务器或https服务器可确保防火墙知道防火墙正在处理公共流量。

可以通过以下方式添加防火墙条目。 

resources:
  - name: instance
    type: xxxxxxxx
    properties:
      zone: us-east1-b
      tags:
        - http-server
  - name: default-allow-http
    type: compute.v1.firewall
    properties:
      network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
      targetTags: ["http-server"]
      sourceRanges: ["0.0.0.0/0"]
      allowed:
      - IPProtocol: TCP
        ports: ["80"]

答案 2 :(得分:2)

您可以在模板中添加防火墙规则,如下所示:

class Grandchild(Child):
    def foo(self):
        print("Grandchild implementation")

g = Grandchild()
g.parent()
# Parent implementation
g.child()
# Grandchild implementation

您可以定义为firewall resource列出的属性。

答案 3 :(得分:0)

@LundinCast几乎完全正确 main-1-1.cpp:3:27: error: multidimensional array must have bounds for all dimensions except the first extern int diagonal(int[][]); ^ main-1-1.cpp: In function ‘int main()’: main-1-1.cpp:6:47: error: too many arguments to function ‘int diagonal()’ std::cout << "The sum is: " << diagonal(array) << std::endl; ^ main-1-1.cpp:3:12: note: declared here extern int diagonal(int[][]); ^ function-1-1.cpp: In function ‘int diagonal(int (*)[4])’: function-1-1.cpp:8:14: error: invalid conversion from ‘int*’ to ‘int’ [-fpermissive] sum = sum + array[i,j]; 下的network:丢失。

它将与properties下的值相同

相关问题
最新问题