Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable firewall rule logging by default #2057

Merged
merged 1 commit into from
Dec 19, 2023
Merged

Disable firewall rule logging by default #2057

merged 1 commit into from
Dec 19, 2023

Conversation

tpdownes
Copy link
Member

At high packet rate, we observe performance impacts when Cloud VPC Firewall logging is enabled. This turns logging off by default but allows the user to enable it with metadata included or excluded.

Blueprint tested with all 3 allowed values for var.firewall_log_config. They can be modified in-place non-destructively:

---
blueprint_name: startup-vm-instance

vars:
  project_id:  ## Set project id here
  deployment_name: testfix
  region: us-east4
  zone: us-east4-c

deployment_groups:
- group: first
  modules:
  - id: network1
    source: modules/network/vpc
    settings:
      firewall_log_config: EXCLUDE_ALL_METADATA
  - id: vm0
    source: modules/compute/vm-instance
    use:
    - network1
    settings:
      name_prefix: vm0
      machine_type: n1-standard-2

Submission Checklist

Please take the following actions before submitting this pull request.

  • Fork your PR branch from the Toolkit "develop" branch (not main)
  • Test all changes with pre-commit in a local branch #
  • Confirm that "make tests" passes all tests
  • Add or modify unit tests to cover code changes
  • Ensure that unit test coverage remains above 80%
  • Update all applicable documentation
  • Follow Cloud HPC Toolkit Contribution guidelines #

@tpdownes tpdownes added the release-module-improvements Added to release notes under the "Module Improvements" heading. label Dec 18, 2023
nick-stroud
nick-stroud approved these changes Dec 18, 2023
View reviewed changes
modules/network/vpc/variables.tf Outdated Show resolved Hide resolved
@tpdownes tpdownes assigned nick-stroud and unassigned tpdownes Dec 18, 2023
@tpdownes
Disable firewall rule logging by default
f49ebe0 
At high packet rate, we observe performance impacts when Cloud VPC
Firewall logging is enabled. This turns logging off by default but
allows the user to enable it with metadata included or excluded.
@nick-stroud nick-stroud assigned tpdownes and unassigned nick-stroud Dec 19, 2023
@tpdownes tpdownes merged commit 0c42fff into GoogleCloudPlatform:develop Dec 19, 2023
6 of 35 checks passed
@tpdownes tpdownes deleted the logging_off branch December 19, 2023 00:33
@nick-stroud nick-stroud mentioned this pull request Jan 9, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nick-stroud nick-stroud nick-stroud approved these changes

Assignees

@tpdownes tpdownes

Labels
release-module-improvements Added to release notes under the "Module Improvements" heading.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@tpdownes @nick-stroud