search

GoogleCloudPlatform / cloud-run-anthos-reference-web-app

An opinionated set of best practices aimed at demonstrating a reference architecture for building a web application on Google Cloud using Cloud Run for Anthos.
https://cloud.google.com/anthos/run
Apache License 2.0
37 stars 22 forks source link

Issues with leftover firewall rules #48

Closed ssmall closed 4 years ago

ssmall commented 4 years ago

Deleting a GKE cluster doesn't reliably clean up the firewall rules for that cluster, which can lead to stale firewall rules that cause issues with make cluster. The error looks like:

Starting Step #11 - "Restrict Cluster Ingress"
Step #11 - "Restrict Cluster Ingress": Already have image (with digest): gcr.io/cloud-builders/gcloud
Step #11 - "Restrict Cluster Ingress": ERROR: (gcloud.compute.firewall-rules.update) Could not fetch resource:
Step #11 - "Restrict Cluster Ingress":  - Invalid value 'k8s-fw-a4701527bca6e408983c5fe0bb1b1be6
Step #11 - "Restrict Cluster Ingress": k8s-fw-a770669445e144ed4a44c3263abb8a0e
Step #11 - "Restrict Cluster Ingress": k8s-fw-a8dd4f59cb6554c9eb2414795d874765
Step #11 - "Restrict Cluster Ingress": k8s-fw-a95fddc491bee44f089155d212465d6e
Step #11 - "Restrict Cluster Ingress": k8s-fw-ab9604e5a6362441aaac2dc1b697538e
Step #11 - "Restrict Cluster Ingress": k8s-fw-ac3f747ec670f4792aecfa315fe3be08
Step #11 - "Restrict Cluster Ingress": k8s-fw-af0b4b9b7c9494fbb9e3a0f7af87d5be'. Values must match the following regular expression: '[a-z](?:[-a-z0-9]{0,61}[a-z0-9])?|[1-9][0-9]{0,19}'

This can be solved by cleaning up the stale firewall rules in https://console.cloud.google.com/networking/firewalls/list

This is probably a small enough edge case that it doesn't require a fix, but we should add a note to the README (perhaps in a "Troubleshooting" section?) that explains how to recover.