File tree 5 files changed +34
-2
lines changed
5 files changed +34
-2
lines changed Original file line number Diff line number Diff line change 41
41
permissions :
42
42
contents : write # needed for opening PR with the results files
43
43
pull-requests : write # needed for opening PR with the results files
44
+ id-token : write # needed for authenticating to GCP
44
45
45
46
steps :
46
47
- name : Checkout Repository
@@ -132,7 +133,7 @@ jobs:
132
133
- name : Create GKE cluster
133
134
working-directory : ./tests
134
135
run :
135
- make create-gke-cluster
136
+ make create-gke-cluster CI=true
136
137
137
138
- name : Create and setup VM
138
139
working-directory : ./tests
Original file line number Diff line number Diff line change @@ -12,6 +12,7 @@ GW_SVC_GKE_INTERNAL=false
12
12
GINKGO_LABEL =
13
13
GINKGO_FLAGS =
14
14
NGF_VERSION =
15
+ CI =false
15
16
16
17
ifneq ($(GINKGO_LABEL ) ,)
17
18
override GINKGO_FLAGS += -ginkgo.label-filter "$(GINKGO_LABEL ) "
@@ -86,8 +87,12 @@ cleanup-gcp: cleanup-router cleanup-vm delete-gke-cluster ## Cleanup all GCP res
86
87
87
88
.PHONY : create-gke-cluster
88
89
create-gke-cluster : # # Create a GKE cluster
89
- bash scripts/create-gke-cluster.sh
90
+ bash scripts/create-gke-cluster.sh $( CI )
90
91
91
92
.PHONY : delete-gke-cluster
92
93
delete-gke-cluster : # # Delete the GKE cluster
93
94
bash scripts/delete-gke-cluster.sh
95
+
96
+ .PHONY : add-local-ip-to-cluster
97
+ add-local-ip-to-cluster : # # Add local IP to the GKE cluster master-authorized-networks
98
+ bash scripts/add-local-ip-to-cluster.sh
Original file line number Diff line number Diff line change 37
37
```
38
38
39
39
``` text
40
+ add-local-ip-to-cluster Add local IP to the GKE cluster master-authorized-networks
40
41
build-images-with-plus Build NGF and NGINX Plus images
41
42
build-images Build NGF and NGINX images
42
43
cleanup-gcp Cleanup all GCP resources
@@ -101,6 +102,15 @@ and `GKE_NODES_SERVICE_ACCOUNT` needs to be the name of a service account that h
101
102
make create-gke-cluster
102
103
```
103
104
105
+ > Note: The GKE cluster is created with ` master-authorized-networks ` , meaning only IPs from explicitly allowed CIDR ranges
106
+ > will be able to access the cluster. The script will automatically add your current IP to the authorized list, but if
107
+ > your IP changes, you can add your new local IP to the ` master-authorized-networks ` of the cluster by running the
108
+ > following:
109
+
110
+ ``` makefile
111
+ make add-local-ip-to-cluster
112
+ ```
113
+
104
114
## Step 2 - Build and Load Images
105
115
106
116
Loading the images only applies to a ` kind ` cluster. If using a cloud provider, you will need to tag and push
Original file line number Diff line number Diff line change
1
+ #! /bin/bash
2
+
3
+ source scripts/vars.env
4
+
5
+ CURRENT_AUTH_NETWORK=$( gcloud container clusters describe ${GKE_CLUSTER_NAME} --zone=${GKE_CLUSTER_ZONE} \
6
+ --format=" value(masterAuthorizedNetworksConfig.cidrBlocks[0])" | sed ' s/cidrBlock=//' )
7
+
8
+ gcloud container clusters update ${GKE_CLUSTER_NAME} --zone=${GKE_CLUSTER_ZONE} --enable-master-authorized-networks --master-authorized-networks=${SOURCE_IP_RANGE} ,${CURRENT_AUTH_NETWORK}
Original file line number Diff line number Diff line change @@ -4,6 +4,8 @@ source scripts/vars.env
4
4
5
5
ip_random_digit=$(( 1 + $RANDOM % 250 ))
6
6
7
+ IS_CI=${1:- false}
8
+
7
9
gcloud container clusters create ${GKE_CLUSTER_NAME} \
8
10
--project ${GKE_PROJECT} \
9
11
--zone ${GKE_CLUSTER_ZONE} \
@@ -13,3 +15,9 @@ gcloud container clusters create ${GKE_CLUSTER_NAME} \
13
15
--enable-private-nodes \
14
16
--master-ipv4-cidr 172.16.${ip_random_digit} .32/28 \
15
17
--metadata=block-project-ssh-keys=TRUE
18
+
19
+ # Add current IP to GKE master control node access, if this script is not invoked during a CI run.
20
+ if [ " ${IS_CI} " = " false" ]; then
21
+ SCRIPT_DIR=$( cd -- " $( dirname -- " ${BASH_SOURCE[0]} " ) " & > /dev/null && pwd )
22
+ bash ${SCRIPT_DIR} /add-local-ip-auth-networks.sh
23
+ fi
You can’t perform that action at this time.
0 commit comments