cluster-api-provider-gcp icon indicating copy to clipboard operation
cluster-api-provider-gcp copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Automatically create firewall rules for networks

Open pydctw opened this issue 3 years ago • 8 comments
trafficstars

/kind feature

Describe the solution you'd like Currently, a user needs to create and delete firewall rules manually if they want to use a network other than default one. CAPG should automate this and create firewall rules for networks created by CAPG.

Also, firewall rules should allow only necessary traffic flow and restrict source/destinations, meaning current firewall rules need to be refined -> It may not require a full design doc but research and discussion w/community will be needed before full implementation.

Anything else you would like to add: Where firewall rules are created manually for e2e tests: https://github.com/kubernetes-sigs/cluster-api-provider-gcp/blob/main/scripts/ci-e2e.sh#L108-L116

pydctw avatar Apr 28 '22 16:04 pydctw

cc @lubronzhan

pydctw avatar Apr 28 '22 16:04 pydctw

So I was thinking do we add another condition or modify the existing?

sayantani11 avatar Apr 29 '22 04:04 sayantani11

So I was thinking do we add another condition or modify the existing?

We will need to delete some existing rules and add more rules to define more granular rules. For example, firewall rules for control plane and worker nodes should be different.

pydctw avatar Apr 29 '22 21:04 pydctw

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 28 '22 22:07 k8s-triage-robot

/remove-lifecycle stale

pydctw avatar Aug 23 '22 17:08 pydctw

I'd like to work on this, @pydctw is this still up for assignment?

whtssub avatar Oct 08 '22 15:10 whtssub

@SubhasmitaSw guess it is

sayantani11 avatar Oct 08 '22 22:10 sayantani11

@SubhasmitaSw, this is a much needed feature. Go for it.

pydctw avatar Oct 10 '22 02:10 pydctw

I may be a bit slow to respond, but I'm working on it!

/assign

whtssub avatar Oct 20 '22 05:10 whtssub

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jan 18 '23 05:01 k8s-triage-robot

@SubhasmitaSw are you still working in it? Can I help you with anything?

gustavomfc avatar Jan 31 '23 02:01 gustavomfc

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Mar 02 '23 02:03 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

k8s-triage-robot avatar Apr 01 '23 03:04 k8s-triage-robot

@k8s-triage-robot: Closing this issue, marking it as "Not Planned".

In response to this:

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Reopen this issue with /reopen
  • Mark this issue as fresh with /remove-lifecycle rotten
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/close not-planned

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Apr 01 '23 03:04 k8s-ci-robot