我的 yaml 模板如下,我想添加防火墙属性以允许 http 流量:
resources:
- name: deployed-vm2222
type: compute.v1.instance
properties:
zone: us-central1-f
machineType: https://www.googleapis.com/compute/v1/projects/myproject/zones/us-central1-f/machineTypes/f1-micro
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
在防火墙中,我们使用:
targetTags: ["http"]
然后,在该实例中,我们使用:
tags:
items: ["http"]
完整的文件可以如下图:
resources:
- name: default-allow-http
type: compute.v1.firewall
properties:
targetTags: ["http"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["80"]
- name: vm-test
type: compute.v1.instance
properties:
zone: xxxx
machineType: xxxx
tags:
items: ["http"]
disks:
- deviceName: boot
type: PERSISTENT
boot: true
autoDelete: true
initializeParams:
diskName: xxxx
sourceImage: xxxx
networkInterfaces:
- network: xxxx
accessConfigs:
- name: External NAT
type: ONE_TO_ONE_NAT
执行此操作时需要注意几件事,请确保正确标记实例以启用标签。例如,标记实例、http-server 或 https-server 可确保防火墙知道它正在处理公共流量。
添加防火墙条目可以通过以下方式实现。
resources:
- name: instance
type: xxxxxxxx
properties:
zone: us-east1-b
tags:
items: ["http-server", "tensorboard"]
- name: default-allow-http
type: compute.v1.firewall
properties:
network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
targetTags: ["http-server"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["80"]
- name: default-allow-tensorboard
type: compute.v1.firewall
properties:
network: https://www.googleapis.com/compute/v1/projects/myproject/global/networks/default
targetTags: ["tensorboard"]
sourceRanges: ["0.0.0.0/0"]
allowed:
- IPProtocol: TCP
ports: ["6006"]
您可以在模板中添加防火墙规则,如下所示:
- name: allow-http-fw
type: compute.v1.firewall
properties:
allowed:
- IPProtocol: TCP
ports: 80
sourceRanges: [ 0.0.0.0/0 ]
您可以定义为防火墙资源列出的属性。
network:@LundinCast 在缺少的情况下几乎完全正确
properties。
这将与下相同的值networkInterfaces: