From 02f282187b1f9539177ebfe782d2c9145bba8ab0 Mon Sep 17 00:00:00 2001
From: Matt Matejczyk <mmat@google.com>
Date: Thu, 18 Apr 2019 17:05:33 +0200
Subject: [PATCH] Create the "internal" firewall rule for kubemark master.

This is equivalent to the "internal" firewall rule that is created for
the regular masters.
The main reason for doing it is to allow prometheus scraping metrics
from various kubemark master components, e.g. kubelet.

Ref. https://github.com/kubernetes/perf-tests/issues/503
---
 test/kubemark/gce/util.sh | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/test/kubemark/gce/util.sh b/test/kubemark/gce/util.sh
index d4ba2c00861..760db164d52 100644
--- a/test/kubemark/gce/util.sh
+++ b/test/kubemark/gce/util.sh
@@ -102,6 +102,13 @@ function create-master-instance-with-resources {
     --target-tags "${MASTER_TAG}" \
     --allow "tcp:443" &
 
+  run-gcloud-compute-with-retries firewall-rules create "${MASTER_NAME}-internal" \
+    --project "${PROJECT}" \
+    --network "${NETWORK}" \
+    --source-ranges "10.0.0.0/8" \
+    --target-tags "${MASTER_TAG}" \
+    --allow "tcp:1-2379,tcp:2382-65535,udp:1-65535,icmp" &
+
   wait
 }
 
@@ -136,6 +143,10 @@ function delete-master-instance-and-resources {
 	  --project "${PROJECT}" \
 	  --quiet || true
 
+  gcloud compute firewall-rules delete "${MASTER_NAME}-internal" \
+	  --project "${PROJECT}" \
+	  --quiet || true
+
   if [ "${SEPARATE_EVENT_MACHINE:-false}" == "true" ]; then
 	  gcloud compute instances delete "${EVENT_STORE_NAME}" \
     	  "${GCLOUD_COMMON_ARGS[@]}" || true