Determines a given GKE cluster's master cidr block and adds a GCP firewall rule to permit Cert Manager access on port 10250for the admission webhook
Solves this error:
Internal error occurred: failed calling admission webhook ... the server is currently unable to handle the request
"
# used by usage() in lib/utils.sh
# shellcheck disable=SC2034
usage_args="<project> <cluster>"
help_usage "$@"
num_args 2"$@"
# project must be given explicitly to fix all subsequent gcloud commands to the right cluster to avoid concurrency race conditions of any other scripts or commands in adjacent windows from switching configs and causing these commands to go to the wrong project
target_tags="$(gcloud compute firewall-rules list --filter "name~^gke-$cluster_name" --format 'get(targetTags.list())'| sort -u)"
echo"Determined target tags to be:"
echo
echo"$target_tags"
echo
if gcloud compute firewall-rules list --filter "name=$firewall_rule_name" --format 'get(name)'| grep -q .;then
echo"GCP firewall rule '$firewall_rule_name' for cert manager already exists. If this is not working for you, check the target tags, port etc haven't changed"
timestamp "Adding a GCP firewall rule called '$firewall_rule_name' to permit GKE cluster '$cluster_name' master nodes to access cert manager pods on port $port:"