Skip to content
This repository has been archived by the owner on Jan 3, 2023. It is now read-only.

When removing a cluster, firewall rules should be updated after removing backend services #211

Open
pdecat opened this issue Nov 29, 2018 · 0 comments
Open

When removing a cluster, firewall rules should be updated after removing backend services #211

pdecat opened this issue Nov 29, 2018 · 0 comments

Comments

@pdecat
Copy link

pdecat commented Nov 29, 2018

When removing a cluster from a gce-multi-cluster ingress, firewall rules are updated before removing backend services:

# kubemci remove-clusters portal-webfront --ingress=ingress-webfront.yml --gcp-project=$GCP_PROJECT  --kubeconfig=$KUBECONFIG  --kubecontexts=gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1                                                                       
Determining instance groups for cluster gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1                                            
Removing clusters from firewall rule
Updating existing firewall rule mci1-fr--portal-webfront to match the desired state                                                               
Firewall rule mci1-fr--portal-webfront updated successfully
Removing backend services from clusters
Updating existing backend service mci1-be-31081--portal-webfront to match the desired state                                                       
Backend service mci1-be-31081--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from https forwarding rule                                     
Updating existing forwarding rule mci1-fws--portal-webfront to match the desired state                                                            
Forwarding rule mci1-fws--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from http forwarding rule                                      
Updating existing forwarding rule mci1-fw--portal-webfront to match the desired state                                                             
Forwarding rule mci1-fw--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from url map                                                   
Updating existing url map mci1-um--portal-webfront to match the desired state                                                                     
URL Map mci1-um--portal-webfront updated successfully
Deleting Ingress from cluster: gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1...

I've not yet witnessed issues with that, but I guess firewall rules should only be updated after removing backend services to reduce the risk of failing requests.
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@pdecat