The short answer is no. Here's why :

  • Egress Traffic
    • We host our applications on Kubernetes and use an Ingress Controller to direct requests to the right application.
    • In theory, customers could allow HTTPS traffic to the IPs of our ingress controllers. However, those IPs are presently subject to change and would break their firewall setup if it did change.
    • This would mean allowing the entire Google datacenter IPs for North America, but that is so large, there might as well be no firewall.

  • Ingress Traffic
    • For OUR applications reaching customer's infrastructure, in theory, you could use our Cloud NAT IPs.
    • The main limiting factor for now is that we don’t have a way to keep track of which customer whitelists those IPs, and if we were to add more IPs to the NAT, it would definitely break customer's integration.