Skip to content

Commit

Permalink
fix: set max firewall name to 36 (#1645)
Browse files Browse the repository at this point in the history
Signed-off-by: Edvin Norling <[email protected]>
Co-authored-by: Bharath KKB <[email protected]>
  • Loading branch information
NissesSenap and bharathkkb authored Jun 15, 2023
1 parent 6dd5ae0 commit 29d9259
Show file tree
Hide file tree
Showing 11 changed files with 79 additions and 79 deletions.
16 changes: 8 additions & 8 deletions autogen/main/firewall.tf.tmpl
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
*****************************************/
resource "google_compute_firewall" "intra_egress" {
count = var.add_cluster_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -70,7 +70,7 @@ resource "google_compute_firewall" "intra_egress" {
*****************************************/
resource "google_compute_firewall" "tpu_egress" {
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -105,7 +105,7 @@ resource "google_compute_firewall" "tpu_egress" {
*****************************************/
resource "google_compute_firewall" "master_webhooks" {
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -137,7 +137,7 @@ resource "google_compute_firewall" "master_webhooks" {
resource "google_compute_firewall" "shadow_allow_pods" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -166,7 +166,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
resource "google_compute_firewall" "shadow_allow_master" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand All @@ -192,7 +192,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
resource "google_compute_firewall" "shadow_allow_nodes" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -227,7 +227,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
resource "google_compute_firewall" "shadow_allow_inkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
project = local.network_project_id
network = var.network
Expand All @@ -254,7 +254,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
resource "google_compute_firewall" "shadow_deny_exkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
project = local.network_project_id
network = var.network
Expand Down
14 changes: 7 additions & 7 deletions firewall.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
*****************************************/
resource "google_compute_firewall" "intra_egress" {
count = var.add_cluster_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -63,7 +63,7 @@ resource "google_compute_firewall" "intra_egress" {
*****************************************/
resource "google_compute_firewall" "master_webhooks" {
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -93,7 +93,7 @@ resource "google_compute_firewall" "master_webhooks" {
resource "google_compute_firewall" "shadow_allow_pods" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -122,7 +122,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
resource "google_compute_firewall" "shadow_allow_master" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand All @@ -148,7 +148,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
resource "google_compute_firewall" "shadow_allow_nodes" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -183,7 +183,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
resource "google_compute_firewall" "shadow_allow_inkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
project = local.network_project_id
network = var.network
Expand All @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
resource "google_compute_firewall" "shadow_deny_exkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
project = local.network_project_id
network = var.network
Expand Down
16 changes: 8 additions & 8 deletions modules/beta-autopilot-private-cluster/firewall.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
*****************************************/
resource "google_compute_firewall" "intra_egress" {
count = var.add_cluster_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" {
*****************************************/
resource "google_compute_firewall" "tpu_egress" {
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" {
*****************************************/
resource "google_compute_firewall" "master_webhooks" {
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
project = local.network_project_id
network = var.network
Expand All @@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" {
resource "google_compute_firewall" "shadow_allow_pods" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
resource "google_compute_firewall" "shadow_allow_master" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand All @@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
resource "google_compute_firewall" "shadow_allow_nodes" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
resource "google_compute_firewall" "shadow_allow_inkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
project = local.network_project_id
network = var.network
Expand All @@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
resource "google_compute_firewall" "shadow_deny_exkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
project = local.network_project_id
network = var.network
Expand Down
16 changes: 8 additions & 8 deletions modules/beta-autopilot-public-cluster/firewall.tf
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@
*****************************************/
resource "google_compute_firewall" "intra_egress" {
count = var.add_cluster_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" {
*****************************************/
resource "google_compute_firewall" "tpu_egress" {
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" {
*****************************************/
resource "google_compute_firewall" "master_webhooks" {
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" {
resource "google_compute_firewall" "shadow_allow_pods" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
resource "google_compute_firewall" "shadow_allow_master" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand All @@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
resource "google_compute_firewall" "shadow_allow_nodes" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
project = local.network_project_id
network = var.network
Expand Down Expand Up @@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
resource "google_compute_firewall" "shadow_allow_inkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
project = local.network_project_id
network = var.network
Expand All @@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
resource "google_compute_firewall" "shadow_deny_exkubelet" {
count = var.add_shadow_firewall_rules ? 1 : 0

name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
project = local.network_project_id
network = var.network
Expand Down
Loading

0 comments on commit 29d9259

Please sign in to comment.