-
Notifications
You must be signed in to change notification settings - Fork 3
/
y-cluster-provision-gke-fix-webhooks8443
executable file
·47 lines (38 loc) · 1.51 KB
/
y-cluster-provision-gke-fix-webhooks8443
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#!/bin/bash
[ -z "$DEBUG" ] || set -x
set -e
# https://github.com/jenkins-x/jx/issues/3928#issuecomment-542183302
# Seems quite common, for example https://github.com/coreos/prometheus-operator/issues/2711
CLUSTER_NAME=$1
[ -z "$CLUSTER_NAME" ] && echo "First argument must be a cluster name" && exit 1
REGION="$2"
[ -z "$REGION" ] && echo "Second argument must be a gcloud region name" && exit 1
[ -n "$PROJECT" ] || PROJECT="$(gcloud config get-value project)"
gcloud --project=$PROJECT container clusters describe $CLUSTER_NAME --region=$REGION | grep masterIpv4CidrBlock
gcloud --project=$PROJECT compute firewall-rules list \
--filter "name~^gke-$CLUSTER_NAME" \
--format 'table(
name,
network,
direction,
sourceRanges.list():label=SRC_RANGES,
allowed[].map().firewall_rule().list():label=ALLOW,
targetTags.list():label=TARGET_TAGS
)'
read -p "What's the targets' hex code above? " TARGET_HEX
TARGET=gke-$CLUSTER_NAME-$TARGET_HEX-node
FIREWALL_RULE_NAME=gke-$CLUSTER_NAME-$TARGET_HEX-master-webhooks
[ -z "$MASTER_CIDR_BLOCK" ] && echo "MASTER_CIDR_BLOCK is required, for example MASTER_CIDR_BLOCK=172.16.0.0/28"
SOURCE_RANGE=$MASTER_CIDR_BLOCK
PROTOCOL=tcp
PORT=8443
# Other firewall rules might want any port
#PORT=1-65535
echo "Suggested command:"
echo \
gcloud --project=$PROJECT compute firewall-rules create $FIREWALL_RULE_NAME \
--action ALLOW \
--direction INGRESS \
--source-ranges $SOURCE_RANGE \
--rules $PROTOCOL:$PORT \
--target-tags $TARGET