Skip to content

Commit 470f742

Browse files
NissesSenapNissesSenap
committed
Set max firewall name to 36
This to be able to have longer and unique names. The firewall API supports 64 charters Solves #1527 Signed-off-by: Edvin Norling <[email protected]>
1 parent e87044f commit 470f742

File tree

10 files changed

+77
-77
lines changed

10 files changed

+77
-77
lines changed

autogen/main/firewall.tf.tmpl

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -70,7 +70,7 @@ resource "google_compute_firewall" "intra_egress" {
7070
*****************************************/
7171
resource "google_compute_firewall" "tpu_egress" {
7272
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
73-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
73+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
7474
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
7575
project = local.network_project_id
7676
network = var.network
@@ -105,7 +105,7 @@ resource "google_compute_firewall" "tpu_egress" {
105105
*****************************************/
106106
resource "google_compute_firewall" "master_webhooks" {
107107
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
108-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
108+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
109109
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
110110
project = local.network_project_id
111111
network = var.network
@@ -137,7 +137,7 @@ resource "google_compute_firewall" "master_webhooks" {
137137
resource "google_compute_firewall" "shadow_allow_pods" {
138138
count = var.add_shadow_firewall_rules ? 1 : 0
139139

140-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
140+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
141141
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
142142
project = local.network_project_id
143143
network = var.network
@@ -166,7 +166,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
166166
resource "google_compute_firewall" "shadow_allow_master" {
167167
count = var.add_shadow_firewall_rules ? 1 : 0
168168

169-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
169+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
170170
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
171171
project = local.network_project_id
172172
network = var.network
@@ -192,7 +192,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
192192
resource "google_compute_firewall" "shadow_allow_nodes" {
193193
count = var.add_shadow_firewall_rules ? 1 : 0
194194

195-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
195+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
196196
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
197197
project = local.network_project_id
198198
network = var.network
@@ -227,7 +227,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
227227
resource "google_compute_firewall" "shadow_allow_inkubelet" {
228228
count = var.add_shadow_firewall_rules ? 1 : 0
229229

230-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
230+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
231231
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
232232
project = local.network_project_id
233233
network = var.network
@@ -254,7 +254,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
254254
resource "google_compute_firewall" "shadow_deny_exkubelet" {
255255
count = var.add_shadow_firewall_rules ? 1 : 0
256256

257-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
257+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
258258
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
259259
project = local.network_project_id
260260
network = var.network

firewall.tf

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -63,7 +63,7 @@ resource "google_compute_firewall" "intra_egress" {
6363
*****************************************/
6464
resource "google_compute_firewall" "master_webhooks" {
6565
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
66-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
66+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
6767
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
6868
project = local.network_project_id
6969
network = var.network
@@ -93,7 +93,7 @@ resource "google_compute_firewall" "master_webhooks" {
9393
resource "google_compute_firewall" "shadow_allow_pods" {
9494
count = var.add_shadow_firewall_rules ? 1 : 0
9595

96-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
96+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
9797
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
9898
project = local.network_project_id
9999
network = var.network
@@ -122,7 +122,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
122122
resource "google_compute_firewall" "shadow_allow_master" {
123123
count = var.add_shadow_firewall_rules ? 1 : 0
124124

125-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
125+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
126126
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
127127
project = local.network_project_id
128128
network = var.network
@@ -148,7 +148,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
148148
resource "google_compute_firewall" "shadow_allow_nodes" {
149149
count = var.add_shadow_firewall_rules ? 1 : 0
150150

151-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
151+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
152152
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
153153
project = local.network_project_id
154154
network = var.network
@@ -183,7 +183,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
183183
resource "google_compute_firewall" "shadow_allow_inkubelet" {
184184
count = var.add_shadow_firewall_rules ? 1 : 0
185185

186-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
186+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
187187
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
188188
project = local.network_project_id
189189
network = var.network
@@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
210210
resource "google_compute_firewall" "shadow_deny_exkubelet" {
211211
count = var.add_shadow_firewall_rules ? 1 : 0
212212

213-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
213+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
214214
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
215215
project = local.network_project_id
216216
network = var.network

modules/beta-autopilot-private-cluster/firewall.tf

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" {
6464
*****************************************/
6565
resource "google_compute_firewall" "tpu_egress" {
6666
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
67-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
67+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
6868
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
6969
project = local.network_project_id
7070
network = var.network
@@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" {
9393
*****************************************/
9494
resource "google_compute_firewall" "master_webhooks" {
9595
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
96-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
96+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
9797
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
9898
project = local.network_project_id
9999
network = var.network
@@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" {
120120
resource "google_compute_firewall" "shadow_allow_pods" {
121121
count = var.add_shadow_firewall_rules ? 1 : 0
122122

123-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
123+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
124124
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
125125
project = local.network_project_id
126126
network = var.network
@@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
149149
resource "google_compute_firewall" "shadow_allow_master" {
150150
count = var.add_shadow_firewall_rules ? 1 : 0
151151

152-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
152+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
153153
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
154154
project = local.network_project_id
155155
network = var.network
@@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
175175
resource "google_compute_firewall" "shadow_allow_nodes" {
176176
count = var.add_shadow_firewall_rules ? 1 : 0
177177

178-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
178+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
179179
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
180180
project = local.network_project_id
181181
network = var.network
@@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
210210
resource "google_compute_firewall" "shadow_allow_inkubelet" {
211211
count = var.add_shadow_firewall_rules ? 1 : 0
212212

213-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
213+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
214214
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
215215
project = local.network_project_id
216216
network = var.network
@@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
237237
resource "google_compute_firewall" "shadow_deny_exkubelet" {
238238
count = var.add_shadow_firewall_rules ? 1 : 0
239239

240-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
240+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
241241
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
242242
project = local.network_project_id
243243
network = var.network

modules/beta-autopilot-public-cluster/firewall.tf

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" {
6767
*****************************************/
6868
resource "google_compute_firewall" "tpu_egress" {
6969
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
70-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
70+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
7171
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
7272
project = local.network_project_id
7373
network = var.network
@@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" {
9999
*****************************************/
100100
resource "google_compute_firewall" "master_webhooks" {
101101
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
102-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
102+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
103103
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
104104
project = local.network_project_id
105105
network = var.network
@@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" {
129129
resource "google_compute_firewall" "shadow_allow_pods" {
130130
count = var.add_shadow_firewall_rules ? 1 : 0
131131

132-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
132+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
133133
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
134134
project = local.network_project_id
135135
network = var.network
@@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
158158
resource "google_compute_firewall" "shadow_allow_master" {
159159
count = var.add_shadow_firewall_rules ? 1 : 0
160160

161-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
161+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
162162
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
163163
project = local.network_project_id
164164
network = var.network
@@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
184184
resource "google_compute_firewall" "shadow_allow_nodes" {
185185
count = var.add_shadow_firewall_rules ? 1 : 0
186186

187-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
187+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
188188
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
189189
project = local.network_project_id
190190
network = var.network
@@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
219219
resource "google_compute_firewall" "shadow_allow_inkubelet" {
220220
count = var.add_shadow_firewall_rules ? 1 : 0
221221

222-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
222+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
223223
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
224224
project = local.network_project_id
225225
network = var.network
@@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
246246
resource "google_compute_firewall" "shadow_deny_exkubelet" {
247247
count = var.add_shadow_firewall_rules ? 1 : 0
248248

249-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
249+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
250250
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
251251
project = local.network_project_id
252252
network = var.network

0 commit comments

Comments
 (0)