fix nlb firewall rules, operations and alias network subnets

kubernetes · Jan 20, 2024 · 3386976 · 3386976
1 parent eb0a1c3
commit 3386976
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 6 deletions.
diff --git a/pkg/model/gcemodel/firewall.go b/pkg/model/gcemodel/firewall.go
@@ -62,6 +62,8 @@ func (b *FirewallModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 				// https://cloud.google.com/load-balancing/docs/health-checks
 				"35.191.0.0/16",
 				"130.211.0.0/22",
+				"209.85.204.0/22",
+				"209.85.152.0/22",
 			},
 			TargetTags: []string{b.GCETagForRole(kops.InstanceGroupRoleControlPlane)},
 			Allowed:    []string{"tcp"},

diff --git a/upup/pkg/fi/cloudup/gce/network.go b/upup/pkg/fi/cloudup/gce/network.go
@@ -167,12 +167,12 @@ func performNetworkAssignmentsIPAliases(ctx context.Context, c *kops.Cluster, cl
 		return err
 	}
 
-	serviceCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(20, 32))
+	serviceCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(16, 32))
 	if err != nil {
 		return err
 	}
 
-	nodeCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(20, 32))
+	nodeCIDR, err := used.Allocate(networkCIDR, net.CIDRMask(19, 32))
 	if err != nil {
 		return err
 	}

diff --git a/upup/pkg/fi/cloudup/gce/op.go b/upup/pkg/fi/cloudup/gce/op.go
@@ -58,7 +58,7 @@ func waitForZoneOp(client *compute.Service, op *compute.Operation) error {
 	}
 
 	return waitForOp(op, func(operationName string) (*compute.Operation, error) {
-		return client.ZoneOperations.Get(u.Project, u.Zone, operationName).Do()
+		return client.ZoneOperations.Wait(u.Project, u.Zone, operationName).Do()
 	})
 }
 
@@ -69,7 +69,7 @@ func waitForRegionOp(client *compute.Service, op *compute.Operation) error {
 	}
 
 	return waitForOp(op, func(operationName string) (*compute.Operation, error) {
-		return client.RegionOperations.Get(u.Project, u.Region, operationName).Do()
+		return client.RegionOperations.Wait(u.Project, u.Region, operationName).Do()
 	})
 }
 
@@ -80,7 +80,7 @@ func waitForGlobalOp(client *compute.Service, op *compute.Operation) error {
 	}
 
 	return waitForOp(op, func(operationName string) (*compute.Operation, error) {
-		return client.GlobalOperations.Get(u.Project, operationName).Do()
+		return client.GlobalOperations.Wait(u.Project, operationName).Do()
 	})
 }
 
@@ -108,7 +108,8 @@ func waitForOp(op *compute.Operation, getOperation func(operationName string) (*
 		}
 		pollOp, err := getOperation(opName)
 		if err != nil {
-			klog.Warningf("GCE poll operation %s failed: pollOp: [%v] err: [%v] getErrorFromOp: [%v]", opName, pollOp, err, getErrorFromOp(pollOp))
+			klog.Warningf("GCE poll operation %s failed: pollOp: [%v] err: [%v]", opName, pollOp, err)
+			klog.Infof("getErrorFromOp: [%v]", getErrorFromOp(pollOp))
 		}
 		done := opIsDone(pollOp)
 		if done {