github/kubernetes
1
0
Fork 0
mirror of https://github.com/k3s-io/kubernetes.git synced 2025-07-30 06:54:01 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #26664 from zmerlynn/parallel-firewall

Browse Source 
Automatic merge from submit-queue

GKE provider: Tear down firewall rules last

[![Analytics](https://kubernetes-site.appspot.com/UA-36037335-10/GitHub/.github/PULL_REQUEST_TEMPLATE.md?pixel)]() It turns out, it's faster to do it in this order for large clusters.

Along the way: Do it in parallel
This commit is contained in:
k8s-merge-robot 2016-06-01 18:51:07 -07:00
commit 63e589957e
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
cluster/gke/util.sh
View File

@ -23,6 +23,7 @@ KUBE_PROMPT_FOR_UPDATE=y
KUBE_SKIP_UPDATE=${KUBE_SKIP_UPDATE-"n"} KUBE_SKIP_UPDATE=${KUBE_SKIP_UPDATE-"n"}
KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../.. KUBE_ROOT=$(dirname "${BASH_SOURCE}")/../..
source "${KUBE_ROOT}/cluster/gke/${KUBE_CONFIG_FILE:-config-default.sh}" source "${KUBE_ROOT}/cluster/gke/${KUBE_CONFIG_FILE:-config-default.sh}"
source "${KUBE_ROOT}/cluster/lib/util.sh"
# Perform preparations required to run e2e tests # Perform preparations required to run e2e tests
# #
@ -211,14 +212,20 @@ function test-setup() {
--allow tcp:80,tcp:8080 \ --allow tcp:80,tcp:8080 \
--project "${PROJECT}" \ --project "${PROJECT}" \
--target-tags "${NODE_TAG},${OLD_NODE_TAG}" \ --target-tags "${NODE_TAG},${OLD_NODE_TAG}" \
--network="${NETWORK}" --network="${NETWORK}" &
"${GCLOUD}" compute firewall-rules create \ "${GCLOUD}" compute firewall-rules create \
"${CLUSTER_NAME}-nodeports" \ "${CLUSTER_NAME}-nodeports" \
--allow tcp:30000-32767,udp:30000-32767 \ --allow tcp:30000-32767,udp:30000-32767 \
--project "${PROJECT}" \ --project "${PROJECT}" \
--target-tags "${NODE_TAG},${OLD_NODE_TAG}" \ --target-tags "${NODE_TAG},${OLD_NODE_TAG}" \
--network="${NETWORK}" --network="${NETWORK}" &
# Wait for firewall rules.
kube::util::wait-for-jobs || {
echo "... gke:test-setup(): Could not create firewall" >&2
return 1
}
} }
# Detect the IP for the master. Note that on GKE, we don't know the name of the # Detect the IP for the master. Note that on GKE, we don't know the name of the
@ -322,15 +329,21 @@ function test-teardown() {
detect-project >&2 detect-project >&2
# First, remove anything we did with test-setup (currently, the firewall). # Tear down the cluster first.
"${KUBE_ROOT}/cluster/kube-down.sh" || true
# Then remove the firewall rules. We do it in this order because the
# time to delete a firewall is actually dependent on the number of
# instances, but we can safely delete the cluster before the firewall.
#
# NOTE: Keep in sync with names above in test-setup. # NOTE: Keep in sync with names above in test-setup.
"${GCLOUD}" compute firewall-rules delete "${CLUSTER_NAME}-http-alt" \ "${GCLOUD}" compute firewall-rules delete "${CLUSTER_NAME}-http-alt" \
--project="${PROJECT}" || true --project="${PROJECT}" &
"${GCLOUD}" compute firewall-rules delete "${CLUSTER_NAME}-nodeports" \ "${GCLOUD}" compute firewall-rules delete "${CLUSTER_NAME}-nodeports" \
--project="${PROJECT}" || true --project="${PROJECT}" &
# Then actually turn down the cluster. # Wait for firewall rule teardown.
"${KUBE_ROOT}/cluster/kube-down.sh" kube::util::wait-for-jobs || true
} }
# Actually take down the cluster. This is called from test-teardown. # Actually take down the cluster. This is called from test-teardown.