-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: firewall rules for autopilot clusters are ineffective. add cluster_network_tag to autopilot cluster network_tags if firewalls are toggled on #1817
Conversation
…firewall rules toggled on
…s a fw's target tag
…rrection to readme
This is almost certainly unrelated to this change, perhaps recent change in the API. We'll address in a seperate PR.
|
/gcbrun (#1974) |
still red I see. |
OK, these finding appear to be relevant:
|
Well I wouldn't expect a fw named Hmm will look now. All tests did used to be green, I did the whole deployment in my org. But... it should fail given this: Line 39 in a4a56ff
Anyway that'll be it and I'll have to fix it regardless of what I may or may not remember. Maybe I renamed something. |
@apeabody can we try once more :) |
/gcbrun |
/gcbrun |
test/integration/autopilot_private_firewalls/autopilot_private_firewalls_test.go
Show resolved
Hide resolved
I do see a |
Ah thanks @apeabody for posting this, lead me to notice my test code was trimming the -cluster suffix from the clusterName, no idea why I did that. Have pushed fix. |
/gcbrun |
|
set deletion_protection to false Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
/gcbrun |
@apeabody need anything else from my end? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks for the contribution @GorginZ!
…er_network_tag to autopilot cluster network_tags if firewalls are toggled on (terraform-google-modules#1817) Co-authored-by: Andrew Peabody <andrewpeabody@google.com>
add_cluster_firewall_rules
,add_master_webhook_firewall_rules
oradd_shadow_firewall_rules
are toggled true.