Assume the flag is renamed? I saw other scripts still using --zone and might need to be renamed

gcloud has been pitching a warning for a while now, yeah.

Yeah, most gcloud compute list calls use --zones now instead of --zone. #29851 fixed most of these, but missed this one (which was added by #29995).

I left this change as a separate commit to make that clear.

gcloud has been pitching a warning for a while now, yeah.

I don't understand why this statement is true. Actually, I don't understand why the gke provider structures it this way, and I'm scraping my memory for this at all. It's really awkward looking.

That one is at least partially your fault. 😀

#26664

Basically, I guess firewall deletion happens faster if the cluster has already been turned down, so we do that first. I'd prefer to do the network deletion in kube-down (since it's created in kube-up), but we can'd do that unless we delete the firewalls first, and some of those firewalls are created by test-setup, and so should logically only be deleted in test-teardown.

I don't really understand why we have both test-setup/kube-up and test-teardown/kube-down everywhere. But addressing that is possibly a larger task.

I just parallelized them there. We actually don't want to delete the firewall rules until after the container clusters delete, but I can't tell why we don't just delete them in kube-down after the call to container clusters delete, except that they're test-only. I suppose this is mostly irrelevant, though, because the GKE provider is really a synthetic provider for test.

Is this the right default for config-default.sh (vs config-test.sh?) (Same question for GKE provider.)

I could leave these as false for the default case. I'm not sure if there was a strong reason for leaking the firewalls/networks by default besides laziness (@thockin's word, not mine. :)

+1 for cleaning up after ourselves by default unless there is a good reason to do otherwise.

I can't think of a good reason to intentionally leak, except MAYBE that we don't know everything we leaked, and we don't want to nuke things accidentally...

switched to false in config-default.sh

alternately this could be false if $NETWORK is "default", true otherwise, but I don't know how much logic we want to embed here.

firewalls?

the command is gcloud compute firewall-rules, so I'm not sure what your comment means.

oh, this is a lot more heavy-handed than I expected. I do NOT think this should be teh default for non-test, because the default network is "default", and many people launch into an existing project. This PR will totally nuke my project, if I understand it.

ugh, misreading, nevermind

no, I was right - this will delete the default net. Taht would be bad

it'd probably fail to delete the network, assuming there are other things using the network (e.g. firewall rules with a different prefix).

in any case, you're right that this is a bit scary, so I've updated this so we only delete the network by default for test. (I still have this deleting the cluster firewall rules by default)

It won't, typically, because it takes all the dependencies being gone before the default network can be deleted using gcloud (unlike the webconsole, gcloud is just trying to delete this single object). That's not usually going to be the case because default has other fw rules in it to start (the default-allow rules, etc.).

That said, as I commented above, I don't think it should be the default for config-default.sh, simply because it'll usually error.

And I was commenting on a non-refreshed copy, apparently, so this thread looks all jacked up. LGTM.