SCIM 1.4.2 on GKE (GCP): Is port 80 required in firewall rules after deployment?

jfmarquis

Hello Team,
For scim bridge deployment we need an open http port to initializing configuration.
But once scim bridge is up and running is this open port (80) required ?
Can I change the rule to keep only HTTPS port open?
description of the firewall rule:
gcloud compute firewall-rules describe k8s-fw-a08c470f6b17c11eaa4c14201ac10000 [7:13:25]
allowed:

• IPProtocol: tcp
  ports:

  • '80'
  • '443'
    creationTimestamp: '2020-06-18T08:54:50.523-07:00'
    description: '{"kubernetes.io/service-name":"default/scim-bridge-svc", "kubernetes.io/service-ip":"XXXXXXXXXXX"}'
    direction: INGRESS
    disabled: false
    id: 'XXXXXXXXXXX'
    kind: compute#firewall
    logConfig:
    enable: true
    name: k8s-fw-a08c470f6b17c11eaa4c14201ac10000
    network: https://www.googleapis.com/compute/v1/projects/XXXXXXXXXXX/global/networks/XXXXXXXXXXX-default-network
    priority: 1000
    selfLink: https://www.googleapis.com/compute/v1/projects/XXXXXXXXXXX/global/firewalls/k8s-fw-a08c470f6b17c11eaa4c14201ac10000
    sourceRanges:

• 0.0.0.0/0
  targetTags:

• gke-bridge1p-gke-c250876d-node

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

graham_1P

Hey @jfmarquis,

Strictly necessary, no.

Once the machine is set up using the installation process, that port is no longer needed except as a troubleshooting aid: using the web interface is an easy way to access the machine logs. So long as you are able to get logs out of the machine via the Google Cloud Console or kubectl, that port is not needed.

Graham