From be588e830fdc1b53534c73b4633369bba529f3a4 Mon Sep 17 00:00:00 2001
From: justinsb <justinsb@google.com>
Date: Tue, 18 Apr 2023 03:24:04 -0400
Subject: [PATCH] gce: set ip address family on all FirewallRule tasks

We had missed a few code paths previously.
---
 pkg/model/gcemodel/api_loadbalancer.go | 1 +
 pkg/model/gcemodel/external_access.go  | 1 +
 2 files changed, 2 insertions(+)

diff --git a/pkg/model/gcemodel/api_loadbalancer.go b/pkg/model/gcemodel/api_loadbalancer.go
index 44d47d7edf..65c10a8fbb 100644
--- a/pkg/model/gcemodel/api_loadbalancer.go
+++ b/pkg/model/gcemodel/api_loadbalancer.go
@@ -107,6 +107,7 @@ func createPublicLB(b *APILoadBalancerBuilder, c *fi.CloudupModelBuilderContext)
 				Name:         s(b.NameForFirewallRule("pod-cidrs-to-https-api")),
 				Lifecycle:    b.Lifecycle,
 				Network:      network,
+				Family:       gcetasks.AddressFamilyIPv4, // ip alias is always ipv4
 				SourceRanges: []string{b.Cluster.Spec.Networking.PodCIDR},
 				TargetTags:   []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
 				Allowed:      []string{"tcp:" + strconv.Itoa(wellknownports.KubeAPIServer)},
diff --git a/pkg/model/gcemodel/external_access.go b/pkg/model/gcemodel/external_access.go
index f3a73c6375..4ad010e288 100644
--- a/pkg/model/gcemodel/external_access.go
+++ b/pkg/model/gcemodel/external_access.go
@@ -121,6 +121,7 @@ func (b *ExternalAccessModelBuilder) Build(c *fi.CloudupModelBuilderContext) err
 				Name:         s(b.NameForFirewallRule("pod-cidrs-to-https-api")),
 				Lifecycle:    b.Lifecycle,
 				Network:      network,
+				Family:       gcetasks.AddressFamilyIPv4, // ip alias is always ipv4
 				SourceRanges: []string{b.Cluster.Spec.Networking.PodCIDR},
 				TargetTags:   []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
 				Allowed:      []string{"tcp:" + strconv.Itoa(wellknownports.KubeAPIServer)},