How to enable a securityPolicy for all the replicas of an external global load balanced backend service in K8s?

Question

I have a backendConfig that has a securityPolicy attached. And I have gloo configuration that defines gatewaySettings, horizontalPodAutoscaler (with min replicas of 3), kind, and service.

horizontalPodAutoscaler:
        apiVersion: "autoscaling/v1"
        minReplicas:  3
        maxReplicas: 100
kind:
      deployment:
        replicas: 3
    # Configs needed to get the L7 Google External Cloud Load Balancer setup in the "netstack" Helm chart.
    service:
      type: NodePort
      httpsNodePort: 30443
      extraAnnotations:
        cloud.google.com/neg: '{ "exposed_ports":{ "443":{"name": "<name of the config>"} } }'
        cloud.google.com/app-protocols: '{"https":"HTTP2"}'
        cloud.google.com/backend-config: '{"default": "<name of the config>"}'

There are 4 backend-services when I execute the command gcloud compute backend-services list and only one of them has the securityPolicy attached, after I execute the describe API.

Why don't all the backendServices have the securityPolicy attached and is gloo config creating those services?

Applying the Cloud Armor policy to each backend through gcloud commands will apply to only one backend, once check this [blog](https://medium.com/google-cloud/cloud-armor-setup-and-configuration-on-gke-hosted-application-9fe8847a0c0f). — Sai Chandra Gadde, Jul 07 '23 at 11:38

How to enable a securityPolicy for all the replicas of an external global load balanced backend service in K8s?

0 Answers0