Skip to content

Commit 29d9259

Browse files
NissesSenapbharathkkb
NissesSenap
and
bharathkkb
authored
fix: set max firewall name to 36 (terraform-google-modules#1645)
Signed-off-by: Edvin Norling <[email protected]> Co-authored-by: Bharath KKB <[email protected]>
1 parent 6dd5ae0 commit 29d9259

File tree

11 files changed

+79
-79
lines changed

11 files changed

+79
-79
lines changed

autogen/main/firewall.tf.tmpl

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -70,7 +70,7 @@ resource "google_compute_firewall" "intra_egress" {
7070
*****************************************/
7171
resource "google_compute_firewall" "tpu_egress" {
7272
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
73-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
73+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
7474
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
7575
project = local.network_project_id
7676
network = var.network
@@ -105,7 +105,7 @@ resource "google_compute_firewall" "tpu_egress" {
105105
*****************************************/
106106
resource "google_compute_firewall" "master_webhooks" {
107107
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
108-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
108+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
109109
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
110110
project = local.network_project_id
111111
network = var.network
@@ -137,7 +137,7 @@ resource "google_compute_firewall" "master_webhooks" {
137137
resource "google_compute_firewall" "shadow_allow_pods" {
138138
count = var.add_shadow_firewall_rules ? 1 : 0
139139

140-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
140+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
141141
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
142142
project = local.network_project_id
143143
network = var.network
@@ -166,7 +166,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
166166
resource "google_compute_firewall" "shadow_allow_master" {
167167
count = var.add_shadow_firewall_rules ? 1 : 0
168168

169-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
169+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
170170
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
171171
project = local.network_project_id
172172
network = var.network
@@ -192,7 +192,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
192192
resource "google_compute_firewall" "shadow_allow_nodes" {
193193
count = var.add_shadow_firewall_rules ? 1 : 0
194194

195-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
195+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
196196
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
197197
project = local.network_project_id
198198
network = var.network
@@ -227,7 +227,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
227227
resource "google_compute_firewall" "shadow_allow_inkubelet" {
228228
count = var.add_shadow_firewall_rules ? 1 : 0
229229

230-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
230+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
231231
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
232232
project = local.network_project_id
233233
network = var.network
@@ -254,7 +254,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
254254
resource "google_compute_firewall" "shadow_deny_exkubelet" {
255255
count = var.add_shadow_firewall_rules ? 1 : 0
256256

257-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
257+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
258258
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
259259
project = local.network_project_id
260260
network = var.network

firewall.tf

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -63,7 +63,7 @@ resource "google_compute_firewall" "intra_egress" {
6363
*****************************************/
6464
resource "google_compute_firewall" "master_webhooks" {
6565
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
66-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
66+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
6767
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
6868
project = local.network_project_id
6969
network = var.network
@@ -93,7 +93,7 @@ resource "google_compute_firewall" "master_webhooks" {
9393
resource "google_compute_firewall" "shadow_allow_pods" {
9494
count = var.add_shadow_firewall_rules ? 1 : 0
9595

96-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
96+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
9797
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
9898
project = local.network_project_id
9999
network = var.network
@@ -122,7 +122,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
122122
resource "google_compute_firewall" "shadow_allow_master" {
123123
count = var.add_shadow_firewall_rules ? 1 : 0
124124

125-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
125+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
126126
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
127127
project = local.network_project_id
128128
network = var.network
@@ -148,7 +148,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
148148
resource "google_compute_firewall" "shadow_allow_nodes" {
149149
count = var.add_shadow_firewall_rules ? 1 : 0
150150

151-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
151+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
152152
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
153153
project = local.network_project_id
154154
network = var.network
@@ -183,7 +183,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
183183
resource "google_compute_firewall" "shadow_allow_inkubelet" {
184184
count = var.add_shadow_firewall_rules ? 1 : 0
185185

186-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
186+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
187187
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
188188
project = local.network_project_id
189189
network = var.network
@@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
210210
resource "google_compute_firewall" "shadow_deny_exkubelet" {
211211
count = var.add_shadow_firewall_rules ? 1 : 0
212212

213-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
213+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
214214
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
215215
project = local.network_project_id
216216
network = var.network

modules/beta-autopilot-private-cluster/firewall.tf

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -64,7 +64,7 @@ resource "google_compute_firewall" "intra_egress" {
6464
*****************************************/
6565
resource "google_compute_firewall" "tpu_egress" {
6666
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
67-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
67+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
6868
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
6969
project = local.network_project_id
7070
network = var.network
@@ -93,7 +93,7 @@ resource "google_compute_firewall" "tpu_egress" {
9393
*****************************************/
9494
resource "google_compute_firewall" "master_webhooks" {
9595
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
96-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
96+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
9797
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
9898
project = local.network_project_id
9999
network = var.network
@@ -120,7 +120,7 @@ resource "google_compute_firewall" "master_webhooks" {
120120
resource "google_compute_firewall" "shadow_allow_pods" {
121121
count = var.add_shadow_firewall_rules ? 1 : 0
122122

123-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
123+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
124124
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
125125
project = local.network_project_id
126126
network = var.network
@@ -149,7 +149,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
149149
resource "google_compute_firewall" "shadow_allow_master" {
150150
count = var.add_shadow_firewall_rules ? 1 : 0
151151

152-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
152+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
153153
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
154154
project = local.network_project_id
155155
network = var.network
@@ -175,7 +175,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
175175
resource "google_compute_firewall" "shadow_allow_nodes" {
176176
count = var.add_shadow_firewall_rules ? 1 : 0
177177

178-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
178+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
179179
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
180180
project = local.network_project_id
181181
network = var.network
@@ -210,7 +210,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
210210
resource "google_compute_firewall" "shadow_allow_inkubelet" {
211211
count = var.add_shadow_firewall_rules ? 1 : 0
212212

213-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
213+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
214214
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
215215
project = local.network_project_id
216216
network = var.network
@@ -237,7 +237,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
237237
resource "google_compute_firewall" "shadow_deny_exkubelet" {
238238
count = var.add_shadow_firewall_rules ? 1 : 0
239239

240-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
240+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
241241
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
242242
project = local.network_project_id
243243
network = var.network

modules/beta-autopilot-public-cluster/firewall.tf

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -26,7 +26,7 @@
2626
*****************************************/
2727
resource "google_compute_firewall" "intra_egress" {
2828
count = var.add_cluster_firewall_rules ? 1 : 0
29-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-intra-cluster-egress"
29+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-intra-cluster-egress"
3030
description = "Managed by terraform gke module: Allow pods to communicate with each other and the master"
3131
project = local.network_project_id
3232
network = var.network
@@ -67,7 +67,7 @@ resource "google_compute_firewall" "intra_egress" {
6767
*****************************************/
6868
resource "google_compute_firewall" "tpu_egress" {
6969
count = var.add_cluster_firewall_rules && var.enable_tpu ? 1 : 0
70-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-tpu-egress"
70+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-tpu-egress"
7171
description = "Managed by terraform gke module: Allow pods to communicate with TPUs"
7272
project = local.network_project_id
7373
network = var.network
@@ -99,7 +99,7 @@ resource "google_compute_firewall" "tpu_egress" {
9999
*****************************************/
100100
resource "google_compute_firewall" "master_webhooks" {
101101
count = var.add_cluster_firewall_rules || var.add_master_webhook_firewall_rules ? 1 : 0
102-
name = "gke-${substr(var.name, 0, min(25, length(var.name)))}-webhooks"
102+
name = "gke-${substr(var.name, 0, min(36, length(var.name)))}-webhooks"
103103
description = "Managed by terraform gke module: Allow master to hit pods for admission controllers/webhooks"
104104
project = local.network_project_id
105105
network = var.network
@@ -129,7 +129,7 @@ resource "google_compute_firewall" "master_webhooks" {
129129
resource "google_compute_firewall" "shadow_allow_pods" {
130130
count = var.add_shadow_firewall_rules ? 1 : 0
131131

132-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-all"
132+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-all"
133133
description = "Managed by terraform gke module: A shadow firewall rule to match the default rule allowing pod communication."
134134
project = local.network_project_id
135135
network = var.network
@@ -158,7 +158,7 @@ resource "google_compute_firewall" "shadow_allow_pods" {
158158
resource "google_compute_firewall" "shadow_allow_master" {
159159
count = var.add_shadow_firewall_rules ? 1 : 0
160160

161-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-master"
161+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-master"
162162
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
163163
project = local.network_project_id
164164
network = var.network
@@ -184,7 +184,7 @@ resource "google_compute_firewall" "shadow_allow_master" {
184184
resource "google_compute_firewall" "shadow_allow_nodes" {
185185
count = var.add_shadow_firewall_rules ? 1 : 0
186186

187-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-vms"
187+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-vms"
188188
description = "Managed by Terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes communication."
189189
project = local.network_project_id
190190
network = var.network
@@ -219,7 +219,7 @@ resource "google_compute_firewall" "shadow_allow_nodes" {
219219
resource "google_compute_firewall" "shadow_allow_inkubelet" {
220220
count = var.add_shadow_firewall_rules ? 1 : 0
221221

222-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-inkubelet"
222+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-inkubelet"
223223
description = "Managed by terraform GKE module: A shadow firewall rule to match the default rule allowing worker nodes & pods communication to kubelet."
224224
project = local.network_project_id
225225
network = var.network
@@ -246,7 +246,7 @@ resource "google_compute_firewall" "shadow_allow_inkubelet" {
246246
resource "google_compute_firewall" "shadow_deny_exkubelet" {
247247
count = var.add_shadow_firewall_rules ? 1 : 0
248248

249-
name = "gke-shadow-${substr(var.name, 0, min(25, length(var.name)))}-exkubelet"
249+
name = "gke-shadow-${substr(var.name, 0, min(36, length(var.name)))}-exkubelet"
250250
description = "Managed by terraform GKE module: A shadow firewall rule to match the default deny rule to kubelet."
251251
project = local.network_project_id
252252
network = var.network

0 commit comments

Comments
 (0)