From 8e6f73857d403cd9b6aa467d021c995a92aa43ed Mon Sep 17 00:00:00 2001
From: justinsb <justinsb@google.com>
Date: Sat, 1 Oct 2022 17:01:00 -0400
Subject: [PATCH] gce: memberlist needs TCP also

The memberlist gossip protocol exchange happens over TCP and UDP, so
we need to open both protocols.
---
 pkg/model/gcemodel/firewall.go | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/pkg/model/gcemodel/firewall.go b/pkg/model/gcemodel/firewall.go
index 3e2f01dfc4..0809122eee 100644
--- a/pkg/model/gcemodel/firewall.go
+++ b/pkg/model/gcemodel/firewall.go
@@ -115,7 +115,9 @@ func (b *FirewallModelBuilder) Build(c *fi.ModelBuilderContext) error {
 		}
 		if b.IsGossip() {
 			t.Allowed = append(t.Allowed, fmt.Sprintf("udp:%d", wellknownports.DNSControllerGossipMemberlist))
+			t.Allowed = append(t.Allowed, fmt.Sprintf("tcp:%d", wellknownports.DNSControllerGossipMemberlist))
 			t.Allowed = append(t.Allowed, fmt.Sprintf("udp:%d", wellknownports.ProtokubeGossipMemberlist))
+			t.Allowed = append(t.Allowed, fmt.Sprintf("tcp:%d", wellknownports.ProtokubeGossipMemberlist))
 		}
 		if b.NetworkingIsCalico() {
 			t.Allowed = append(t.Allowed, "ipip")