GKE Authorized Networks bypass via Cloud Functions or Cloud Run
Published Tue, Jun 7th, 2022
Executing Cloud Functions or Cloud Run in any project and in any organization allowed bypassing the GKE Authorized Networks (aka Kubernetes
control plane firewalls) of a cluster in a different project or organization.
Run the following command on existing clusters to block traffic to the GKE control plane from Google Cloud VMs or Cloud Run sourced with
Google Cloud public IPs (the same flag can be used at cluster creation time as well): `gcloud container clusters update CLUSTER_NAME --no-enable-google-cloud-access`