How can we avoid GDPR if we use google kubernetes engine. Block EEA/EU users.

General Data Protection Regulation (GDPR). If you a business ownerEuropean Economic Area. It is something you must know.
I am not a lawer. But basically, if your system does some business to EU or EEA(European Economic Area) users through web sites, You must comply with GDPR, otherwise you can be fined €20 million (about £18 million) or 4% of annual global turnover — whichever is greater — for infringements.

Again I am now a lawyer, but I felt just scary when I launched websites before. So I will share how we can avoid for our system to be scoped for GDPR. (Please don’t suit me if you find problem below. I am not responsible.)

  1. Premise

1–1. Who is this article for?

Some one who build systems with following environments.

- Applications runs on Google Kubernetes Engine.
- Your application runs behind nginx and ingress.

1–2. What we going to do.

We will block all the https requests from EU/EEA countries.

1–3. How we can proceed

Procedure
1. Configure IAM Role 1min
2. Configure load balancer to send client country to backend services. 1min
3. Configure nginx to block requests from EU/EEA countries 5 min
4. Done!
Reference. Razer Blade Community

2.Block EU/EEA Users

2–1. Configure IAM Role 1min
Go to Google Cloud IAM Console and find your service account to set up following steps from your console. If you don’t know? enter `gcloud info`, you will find account name in Current Properties section.
And set `Compute Admin` role to the user. It allows us to update load balancers in the next step.

2–2. Configure load balancers to send client country to backend services. 1min
Go to Google Cloud Load Balancer Console. And check their names, for example `k8s-be-98765 — abcdef1234567891`.

Open console in your pc, and execute folllowing command. If you have more than two load balancers, execute the command for all of them. It makes your load balancer to set header client country code such as US for United States or JP for Japan as X-Client-Region and send it to backend services.

gcloud compute backend-services update {name of load balancer} — global — custom-request-header ‘X-Client-Region:{client_region}’

2–3. Configure nginx to block requests from EU/EEA countries 5 min
Now your enginx can receive country codes from google load balancer(ingress). So block requests if is is one of EU/EEA countries.

Configure your nginx.conf as follows and deploy it to your cluster.

*****removed here ****http {map $http_x_client_region $allowed_country {
default yes;
AT no;
BE no;
BG no;
HR no;
CY no;
CZ no;
DK no;
EE no;
FI no;
FR no;
DE no;
EL no;
HU no;
IE no;
IT no;
LV no;
LT no;
LU no;
MT no;
NL no;
PL no;
PT no;
RO no;
SK no;
SI no;
ES no;
SE no;
NO no;
IS no;
LI no;
}
server {
*****removed here ****
if ($allowed_country = no) {
return 403;
}
*****removed here ****
}
}

2–4. Done!
Now test if requests from the listed countries are blocked by nginx. I assume that your are not in EU/EEA, so just add your country code in nginx.conf at the previous step. The if you try to access to your site, the 403 forbidden page will appear.

Congratulations!

3.Tips

If you search how to block requests from specific countries, you will find articles which uses MaxMind. It will be alternative solution.

4.Links

- Google Cloud Load Balancer Creating user-defined request headers

Award-winning developer and innovator, working as Technical Specialist and the Head of Product Development at a global company. Web, Analytics, AI, AR, Cloud.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store