kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

fix nlb firewall rules, operations and alias network subnets

This commit is contained in:
upodroid 2024-01-20 13:41:16 +00:00
parent eb0a1c3310
commit f3bc523b17
7 changed files with 13 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkg/model/gcemodel/firewall.go
View File

@ -62,6 +62,8 @@ func (b *FirewallModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
// https://cloud.google.com/load-balancing/docs/health-checks
"35.191.0.0/16",
"130.211.0.0/22",
"209.85.204.0/22",
"209.85.152.0/22",
},
TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
Allowed: []string{"tcp"},

2
tests/integration/update_cluster/minimal_gce_dns-none/kubernetes.tf
View File

@ -266,7 +266,7 @@ resource "google_compute_firewall" "lb-health-checks-minimal-gce-example-com" {
disabled = false
name = "lb-health-checks-minimal-gce-example-com"
network = google_compute_network.minimal-gce-example-com.name
source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
source_ranges = ["35.191.0.0/16", "130.211.0.0/22", "209.85.204.0/22", "209.85.152.0/22"]
target_tags = ["minimal-gce-example-com-k8s-io-role-control-plane"]
}

2
tests/integration/update_cluster/minimal_gce_ilb/kubernetes.tf
View File

@ -250,7 +250,7 @@ resource "google_compute_firewall" "lb-health-checks-minimal-gce-ilb-example-com
disabled = false
name = "lb-health-checks-minimal-gce-ilb-example-com"
network = google_compute_network.minimal-gce-ilb-example-com.name
source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
source_ranges = ["35.191.0.0/16", "130.211.0.0/22", "209.85.204.0/22", "209.85.152.0/22"]
target_tags = ["minimal-gce-ilb-example-com-k8s-io-role-control-plane"]
}

2
tests/integration/update_cluster/minimal_gce_ilb_longclustername/kubernetes.tf
View File

@ -250,7 +250,7 @@ resource "google_compute_firewall" "lb-health-checks-minimal-gce-with-a-very-ver
disabled = false
name = "lb-health-checks-minimal-gce-with-a-very-very-very-very--96dqvi"
network = google_compute_network.minimal-gce-with-a-very-very-very-very-very-long-name-ex-96dqvi.name
source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
source_ranges = ["35.191.0.0/16", "130.211.0.0/22", "209.85.204.0/22", "209.85.152.0/22"]
target_tags = ["minimal-gce-with-a-very-very-v-96dqvi-k8s-io-role-control-plane"]
}

2
tests/integration/update_cluster/minimal_gce_plb/kubernetes.tf
View File

@ -237,7 +237,7 @@ resource "google_compute_firewall" "lb-health-checks-minimal-gce-plb-example-com
disabled = false
name = "lb-health-checks-minimal-gce-plb-example-com"
network = google_compute_network.minimal-gce-plb-example-com.name
source_ranges = ["35.191.0.0/16", "130.211.0.0/22"]
source_ranges = ["35.191.0.0/16", "130.211.0.0/22", "209.85.204.0/22", "209.85.152.0/22"]
target_tags = ["minimal-gce-plb-example-com-k8s-io-role-control-plane"]
}

4
upup/pkg/fi/cloudup/gce/network.go
View File

@ -167,12 +167,12 @@ func performNetworkAssignmentsIPAliases(ctx context.Context, c *kops.Cluster, cl
return err
}
serviceCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(20, 32))
serviceCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(16, 32))
if err != nil {
return err
}
nodeCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(20, 32))
nodeCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(19, 32))
if err != nil {
return err
}

9
upup/pkg/fi/cloudup/gce/op.go
View File

@ -58,7 +58,7 @@ func waitForZoneOp(client *compute.Service, op *compute.Operation) error {
}
return waitForOp(op, func(operationName string) (*compute.Operation, error) {
return client.ZoneOperations.Get(u.Project, u.Zone, operationName).Do()
return client.ZoneOperations.Wait(u.Project, u.Zone, operationName).Do()
})
}
@ -69,7 +69,7 @@ func waitForRegionOp(client *compute.Service, op *compute.Operation) error {
}
return waitForOp(op, func(operationName string) (*compute.Operation, error) {
return client.RegionOperations.Get(u.Project, u.Region, operationName).Do()
return client.RegionOperations.Wait(u.Project, u.Region, operationName).Do()
})
}
@ -80,7 +80,7 @@ func waitForGlobalOp(client *compute.Service, op *compute.Operation) error {
}
return waitForOp(op, func(operationName string) (*compute.Operation, error) {
return client.GlobalOperations.Get(u.Project, operationName).Do()
return client.GlobalOperations.Wait(u.Project, operationName).Do()
})
}
@ -108,7 +108,8 @@ func waitForOp(op *compute.Operation, getOperation func(operationName string) (*
}
pollOp, err := getOperation(opName)
if err != nil {
klog.Warningf("GCE poll operation %s failed: pollOp: [%v] err: [%v] getErrorFromOp: [%v]", opName, pollOp, err, getErrorFromOp(pollOp))
klog.Warningf("GCE poll operation %s failed: pollOp: [%v] err: [%v]", opName, pollOp, err)
klog.Infof("getErrorFromOp: [%v]", getErrorFromOp(pollOp))
}
done := opIsDone(pollOp)
if done {