mirror of https://github.com/kubernetes/kops.git
Trim GCE firewall rule names to their max length
This commit is contained in:
Peter Rifel
parent
5ad78601ed
commit
0e59715e15
|
|
@ -100,7 +100,11 @@ func (c *GCEModelContext) NameForHealthcheck(id string) string {
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *GCEModelContext) NameForFirewallRule(id string) string {
|
func (c *GCEModelContext) NameForFirewallRule(id string) string {
|
||||||
return c.SafeObjectName(id)
|
name, err := gce.ClusterSuffixedName(id, c.Cluster.ObjectMeta.Name, 63)
|
||||||
|
if err != nil {
|
||||||
|
klog.Fatalf("failed to construct firewallrule name: %w", err)
|
||||||
|
}
|
||||||
|
return name
|
||||||
}
|
}
|
||||||
|
|
||||||
func (c *GCEModelContext) NetworkingIsIPAlias() bool {
|
func (c *GCEModelContext) NetworkingIsIPAlias() bool {
|
||||||
|
|
|
||||||
|
|
@ -48,7 +48,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
|
||||||
// Allow all traffic from nodes -> nodes
|
// Allow all traffic from nodes -> nodes
|
||||||
{
|
{
|
||||||
t := &gcetasks.FirewallRule{
|
t := &gcetasks.FirewallRule{
|
||||||
Name: s(b.SafeObjectName("node-to-node")),
|
Name: s(b.NameForFirewallRule("node-to-node")),
|
||||||
Lifecycle: b.Lifecycle,
|
Lifecycle: b.Lifecycle,
|
||||||
Network: b.LinkToNetwork(),
|
Network: b.LinkToNetwork(),
|
||||||
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)},
|
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)},
|
||||||
|
|
@ -61,7 +61,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
|
||||||
// Allow full traffic from master -> master
|
// Allow full traffic from master -> master
|
||||||
{
|
{
|
||||||
t := &gcetasks.FirewallRule{
|
t := &gcetasks.FirewallRule{
|
||||||
Name: s(b.SafeObjectName("master-to-master")),
|
Name: s(b.NameForFirewallRule("master-to-master")),
|
||||||
Lifecycle: b.Lifecycle,
|
Lifecycle: b.Lifecycle,
|
||||||
Network: b.LinkToNetwork(),
|
Network: b.LinkToNetwork(),
|
||||||
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)},
|
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)},
|
||||||
|
|
@ -74,7 +74,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
|
||||||
// Allow full traffic from master -> node
|
// Allow full traffic from master -> node
|
||||||
{
|
{
|
||||||
t := &gcetasks.FirewallRule{
|
t := &gcetasks.FirewallRule{
|
||||||
Name: s(b.SafeObjectName("master-to-node")),
|
Name: s(b.NameForFirewallRule("master-to-node")),
|
||||||
Lifecycle: b.Lifecycle,
|
Lifecycle: b.Lifecycle,
|
||||||
Network: b.LinkToNetwork(),
|
Network: b.LinkToNetwork(),
|
||||||
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)},
|
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleMaster)},
|
||||||
|
|
@ -87,7 +87,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
|
||||||
// Allow limited traffic from nodes -> masters
|
// Allow limited traffic from nodes -> masters
|
||||||
{
|
{
|
||||||
t := &gcetasks.FirewallRule{
|
t := &gcetasks.FirewallRule{
|
||||||
Name: s(b.SafeObjectName("node-to-master")),
|
Name: s(b.NameForFirewallRule("node-to-master")),
|
||||||
Lifecycle: b.Lifecycle,
|
Lifecycle: b.Lifecycle,
|
||||||
Network: b.LinkToNetwork(),
|
Network: b.LinkToNetwork(),
|
||||||
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)},
|
SourceTags: []string{b.GCETagForRole(kops.InstanceGroupRoleNode)},
|
||||||
|
|
@ -118,7 +118,7 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
c.AddTask(&gcetasks.FirewallRule{
|
c.AddTask(&gcetasks.FirewallRule{
|
||||||
Name: s(b.SafeObjectName("pod-cidrs-to-node")),
|
Name: s(b.NameForFirewallRule("pod-cidrs-to-node")),
|
||||||
Lifecycle: b.Lifecycle,
|
Lifecycle: b.Lifecycle,
|
||||||
Network: b.LinkToNetwork(),
|
Network: b.LinkToNetwork(),
|
||||||
SourceRanges: []string{b.Cluster.Spec.PodCIDR},
|
SourceRanges: []string{b.Cluster.Spec.PodCIDR},
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue