Create the "internal" firewall rule for kubemark master.

This is equivalent to the "internal" firewall rule that is created for the regular masters. The main reason for doing it is to allow prometheus scraping metrics from various kubemark master components, e.g. kubelet. Ref. https://github.com/kubernetes/perf-tests/issues/503
2025-07-29 22:46:12 +00:00 · 2019-04-18 17:05:33 +02:00 · 2019-04-18 17:05:33 +02:00 · 02f282187b
commit 02f282187b
parent 18b4e1b84c
1 changed files with 11 additions and 0 deletions
--- a/test/kubemark/gce/util.sh
+++ b/test/kubemark/gce/util.sh
@ -102,6 +102,13 @@ function create-master-instance-with-resources {
    --target-tags "${MASTER_TAG}" \
    --allow "tcp:443" &

+  run-gcloud-compute-with-retries firewall-rules create "${MASTER_NAME}-internal" \
+    --project "${PROJECT}" \
+    --network "${NETWORK}" \
+    --source-ranges "10.0.0.0/8" \
+    --target-tags "${MASTER_TAG}" \
+    --allow "tcp:1-2379,tcp:2382-65535,udp:1-65535,icmp" &
+
  wait
 }

@ -136,6 +143,10 @@ function delete-master-instance-and-resources {
 	  --project "${PROJECT}" \
 	  --quiet || true

+  gcloud compute firewall-rules delete "${MASTER_NAME}-internal" \
+	  --project "${PROJECT}" \
+	  --quiet || true
+
  if [ "${SEPARATE_EVENT_MACHINE:-false}" == "true" ]; then
 	  gcloud compute instances delete "${EVENT_STORE_NAME}" \
    	  "${GCLOUD_COMMON_ARGS[@]}" || true