Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix overly strict firewall for GCP "worker pools" #154

Merged
merged 1 commit into from
Mar 4, 2018
Merged

Fix overly strict firewall for GCP "worker pools" #154

merged 1 commit into from
Mar 4, 2018

Conversation

dghubble
Copy link
Member

@dghubble dghubble commented Mar 4, 2018
edited
Loading

  • Fix issue where worker firewall rules didn't apply to additional workers attached to a GCP cluster using the new "worker pools" feature (unreleased, Add support for worker pools on Google Cloud #148). Solves host connection timeouts and pods not being scheduled to attached worker pools.
  • Add name field to GCP internal worker module to represent the unique name of the worker pool
  • Use cluster_name field of GCP internal worker module for passing the name of the cluster to which workers should be attached

Notes

No security impact. The worker pool firewalls default to disallow. This issue is about lacking whitelisting rules (i.e. they're too strict) that should be present.

No breakages. The new required name field is not covered in the changelog because through the v1.9.3 release, the Terraform "worker" submodule was considered internal. No docs suggested it could be used directly and there were a number of issues with attempting to do so.

Testing

Evaluated this after running into issues with workloads that required scheduling on the attached "worker pool". Verified cross-worker-pool network pod-to-pod connectivity and pods scheduled across pools.

@dghubble dghubble changed the title Fix firewall issue for GCP "worker pools" Fix overly strict firewall for GCP "worker pools" Mar 4, 2018
@dghubble dghubble force-pushed the fix-gcp-worker-pool-issue branch 2 times, most recently from 8ef68ee to 34d2b7b Compare March 4, 2018 00:59
@dghubble
Fix overly strict firewall for GCP "worker pools"
45b556c 
* Fix issue where worker firewall rules didn't apply to
additional workers attached to a GCP cluster using the new
"worker pools" feature (unreleased, #148). Solves host
connection timeouts and pods not being scheduled to attached
worker pools.
* Add `name` field to GCP internal worker module to represent
the unique name of of the worker pool
* Use `cluster_name` field of GCP internal worker module for
passing the name of the cluster to which workers should be
attached
@dghubble dghubble force-pushed the fix-gcp-worker-pool-issue branch from 34d2b7b to 45b556c Compare March 4, 2018 01:40
@dghubble dghubble merged commit 45b556c into master Mar 4, 2018
@dghubble dghubble deleted the fix-gcp-worker-pool-issue branch March 4, 2018 01:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
kind/bug kind/network platform/google-cloud
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@dghubble