search

GoogleCloudPlatform / k8s-multicluster-ingress

kubemci: Command line tool to configure L7 load balancers using multiple kubernetes clusters
Apache License 2.0
377 stars 68 forks source link

When removing a cluster, firewall rules should be updated after removing backend services #211

Open pdecat opened 5 years ago

pdecat commented 5 years ago

When removing a cluster from a gce-multi-cluster ingress, firewall rules are updated before removing backend services:

# kubemci remove-clusters portal-webfront --ingress=ingress-webfront.yml --gcp-project=$GCP_PROJECT  --kubeconfig=$KUBECONFIG  --kubecontexts=gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1                                                                       
Determining instance groups for cluster gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1                                            
Removing clusters from firewall rule
Updating existing firewall rule mci1-fr--portal-webfront to match the desired state                                                               
Firewall rule mci1-fr--portal-webfront updated successfully
Removing backend services from clusters
Updating existing backend service mci1-be-31081--portal-webfront to match the desired state                                                       
Backend service mci1-be-31081--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from https forwarding rule                                     
Updating existing forwarding rule mci1-fws--portal-webfront to match the desired state                                                            
Forwarding rule mci1-fws--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from http forwarding rule                                      
Updating existing forwarding rule mci1-fw--portal-webfront to match the desired state                                                             
Forwarding rule mci1-fw--portal-webfront updated successfully
Removing clusters [gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1] from url map                                                   
Updating existing url map mci1-um--portal-webfront to match the desired state                                                                     
URL Map mci1-um--portal-webfront updated successfully
Deleting Ingress from cluster: gke_myproject-prod_europe-west1-b_myproject-prod-europe-west1-cluster1...

I've not yet witnessed issues with that, but I guess firewall rules should only be updated after removing backend services to reduce the risk of failing requests.