Hi,
We have deployed an external gateway of type `gke-l7-regional-external-managed` in our GKE cluster (1.27.8-gke.1067004). This is working fine and we have successfully added HTTPRoutes and HealthCheckPolicy for our backend application.
What we are struggling with is adding a GCPBackendPolicy which references a Cloud Armour security policy. This is what our manifest looks like:
apiVersion: networking.gke.io/v1
kind: GCPBackendPolicy
metadata:
name: my-allow-list
namespace: app-ns
spec:
default:
securityPolicy: my-allow-list
targetRef:
group: ""
kind: Service
name: my-service
namespace: app-ns
This appears to deploy fine - if we do a describe on the resource the status says attached:
Status:
Conditions:
Last Transition Time: 2024-03-11T17:19:22Z
Message:
Reason: Attached
Status: True
Type: Attached
However, if we check the load balancer backend service in the console the `Backend security policy` field is empty, and the policy does not take affect.
We are able to attach the security policy to the backend service manually via the console, so we think the policy is valid.
Note the GCPBackendPolicy is in the same namespace as the backend service. The Gateway resource is in a different namespace.
What am I missing?
Solved! Go to Solution.
oh never mind, I found the answer. Its hidden in this table of Gateway class capabilities:
Hey @rob-frasers , the regional external gateway class now supports Cloud Armor security policies. See release notes: https://cloud.google.com/kubernetes-engine/docs/release-notes#May_02_2024
oh never mind, I found the answer. Its hidden in this table of Gateway class capabilities:
Hey @rob-frasers , the regional external gateway class now supports Cloud Armor security policies. See release notes: https://cloud.google.com/kubernetes-engine/docs/release-notes#May_02_2024