I'm trying to set up GKE with Standalone NEG (avoiding Ingress, and using Terraform for Load Balancer setup instead). Everything works fine, but so far I've been using Firewall Rules from another Ingress.
But to create a proper Firewall Rule, I need GKE_NODE_NETWORK_TAGS. But I cannot set them when creating an Autopilot cluster. I cannot list nodes as listed in the docs as well, as Autopilot nodes are not visible for gcloud compute instances describe.
How to create the Firewall Rule properly for an Autopilot cluster?
PS: Docs on Standalone NEGs: https://cloud.google.com/kubernetes-engine/docs/how-to/standalone-neg#attaching_a_load_balancer_to_your_standalone_negs
When set to Autopilot, GKE automatically creates the firewall rules and you can take a look at them by typing the gcloud command:
For a more detailed view:
Although is possible to update the firewall rules and add the desired target tags with the command:
As you correctly pointed out, it is not possible to set the tags in any autopilot's node since these are managed by Google, you would need to configure your cluster as a Standard one instead.
Network tags are not currently supported by Autopilot but the feature has been under development and will roll out very soon in the RAPID release channel.