Is it possible to know what range of external IP the DataFlow workers on GCP are using? The goal is to set-up some kind of IP filtering on an external service, so that only our DataFlow jobs running on GCP can access the service.
是否可以知道GCP上DataFlow工作人员使用的外部IP范围?目标是在外部服务上设置某种IP过滤,以便只有我们在GCP上运行的DataFlow作业才能访问该服务。
1 个解决方案
#1
5
The best solution would be to upgrade so that you can use SSL or other mechanisms of strong authentication.
最佳解决方案是升级,以便您可以使用SSL或其他强身份验证机制。
You can use the --network= option to control the GCE Network that the worker VMs are assigned to. Take a look at the GCE docs on networking for details on how to set up a VPN (like the comment from Elmar suggested). You could also look at setting up a single machine in the network with a static, external IP and using it as a proxy for the other VMs in the network.
您可以使用--network =选项来控制工作虚拟机分配给的GCE网络。有关如何设置VPN的详细信息,请查看有关网络的GCE文档(如Elmar建议的评论)。您还可以查看使用静态外部IP在网络中设置单台计算机,并将其用作网络中其他VM的代理。
This is not a use pattern we have tested, so there may be issues with latency or throughput of traffic through the proxy/VPN. You will likely need to be careful to only send your traffic through this proxy so that you don’t accidentally hijack the traffic used by each worker to communicate with the Dataflow service.
这不是我们测试过的使用模式,因此可能存在通过代理/ VPN的流量延迟或吞吐量问题。您可能需要小心只通过此代理发送流量,这样您就不会意外地劫持每个工作人员与Dataflow服务通信所使用的流量。
#1
5
The best solution would be to upgrade so that you can use SSL or other mechanisms of strong authentication.
最佳解决方案是升级,以便您可以使用SSL或其他强身份验证机制。
You can use the --network= option to control the GCE Network that the worker VMs are assigned to. Take a look at the GCE docs on networking for details on how to set up a VPN (like the comment from Elmar suggested). You could also look at setting up a single machine in the network with a static, external IP and using it as a proxy for the other VMs in the network.
您可以使用--network =选项来控制工作虚拟机分配给的GCE网络。有关如何设置VPN的详细信息,请查看有关网络的GCE文档(如Elmar建议的评论)。您还可以查看使用静态外部IP在网络中设置单台计算机,并将其用作网络中其他VM的代理。
This is not a use pattern we have tested, so there may be issues with latency or throughput of traffic through the proxy/VPN. You will likely need to be careful to only send your traffic through this proxy so that you don’t accidentally hijack the traffic used by each worker to communicate with the Dataflow service.
这不是我们测试过的使用模式,因此可能存在通过代理/ VPN的流量延迟或吞吐量问题。您可能需要小心只通过此代理发送流量,这样您就不会意外地劫持每个工作人员与Dataflow服务通信所使用的流量。