Merge branch 'GoogleCloudPlatform:main' into main

GoogleCloudPlatform · Feb 4, 2025 · 71edd26 · 71edd26
2 parents c6c819a + 917464d
commit 71edd26
Show file tree

Hide file tree

Showing 5 changed files with 58 additions and 23 deletions.
diff --git a/bin/runbook-starter-code-generator b/bin/runbook-starter-code-generator
@@ -5,8 +5,8 @@ import os
 import re
 import subprocess
 import sys
-from datetime import datetime
 import textwrap
+from datetime import datetime
 
 # update pyinstaller/hook-gcpdiag-runbook.py when adding any new modules
 SUPPORTED_PRODUCTS = {

diff --git a/gcpdiag/lint/__init__.py b/gcpdiag/lint/__init__.py
@@ -625,7 +625,7 @@ def run_rules(self, context: models.Context, result: LintResults,
         logging.warning('%s: %s while processing rule: %s',
                         type(err).__name__, err, rule)
         rule_report.add_skipped(None, f'API error: {err}', None)
-      except (RuntimeError, ValueError, KeyError) as err:
+      except (RuntimeError, ValueError, KeyError, TypeError) as err:
         logging.warning('%s: %s while processing rule: %s',
                         type(err).__name__, err, rule)
         rule_report.add_skipped(None, f'Error: {err}', None)

diff --git a/gcpdiag/lint/command.py b/gcpdiag/lint/command.py
@@ -309,8 +309,9 @@ def _parse_args_run_repo(
   if credentials:
     apis.set_credentials(credentials)
 
-  # Allow to change defaults using a hook function.
-  hooks.set_lint_args_hook(args)
+  if args.interface == 'cli':
+    # Allow to change defaults using a hook function.
+    hooks.set_lint_args_hook(args)
   # Initialize configuration
   config.init(vars(args), terminal_output.is_cloud_shell())
   try:
@@ -379,29 +380,45 @@ def _parse_args_run_repo(
   # Verify that we have access and that the CRM API is enabled
   try:
     apis.verify_access(context.project_id)
-  except (utils.GcpApiError, exceptions.GoogleAuthError) as err:
-    raise err
+  except (utils.GcpApiError, exceptions.GoogleAuthError, ValueError) as err:
+    if args.interface == 'api':
+      logger.error('Access verifications failed for API interface: %s', err)
+      result = repo.result.create_rule_report(
+          lint.LintRule(
+              product='',
+              rule_class=lint.LintRuleClass.ERR,
+              rule_id='',
+              short_desc='Access verification failed',
+              long_desc='Access verification failed',
+              keywords=[],
+          ))
+      result.add_skipped(None, f'API Error: {err}', None)
+      result.finish()
+      return repo
+    else:
+      raise err
 
   # Warn end user to fallback on serial logs buffer if project isn't storing in
   # cloud logging
-  if not gce.is_project_serial_port_logging_enabled(context.project_id) and \
-    not config.get('enable_gce_serial_buffer'):
-    # Only print the warning if GCE is enabled in the first place
-    if apis.is_enabled(context.project_id, 'compute'):
-      logger.warning(
-          '''Serial output to cloud logging maybe disabled for certain GCE instances.
-          Fallback on serial output buffers by using flag --enable-gce-serial-buffer \n'''
-      )
+  if args.interface == 'cli':
+    if not gce.is_project_serial_port_logging_enabled(context.project_id) and \
+      not config.get('enable_gce_serial_buffer'):
+      # Only print the warning if GCE is enabled in the first place
+      if apis.is_enabled(context.project_id, 'compute'):
+        logger.warning(
+            '''Serial output to cloud logging maybe disabled for certain GCE instances.
+            Fallback on serial output buffers by using flag --enable-gce-serial-buffer \n'''
+        )
 
   # Run the tests.
   repo.run_rules(context)
   if args.interface == 'cli':
     output.display_footer(repo.result)
-  hooks.post_lint_hook(repo.result.get_rule_statuses())
-  if credentials:
-    apis.set_credentials(None)
-  # Clean up the kubeconfig file generated for gcpdiag
-  kubectl.clean_up()
+    hooks.post_lint_hook(repo.result.get_rule_statuses())
+    if credentials:
+      apis.set_credentials(None)
+    # Clean up the kubeconfig file generated for gcpdiag
+    kubectl.clean_up()
 
   return repo
 

diff --git a/gcpdiag/runbook/gke/snapshots/ip_exhaustion.txt b/gcpdiag/runbook/gke/snapshots/ip_exhaustion.txt
@@ -40,9 +40,18 @@ gke/ip-exhaustion: Troubleshooting ip exhaustion issues on GKE clusters.
      Pod IP exhaustion is detected in the cluster cluster-1
 
      [REMEDIATION]
-     Please follow the below documentation [1] to add ipv4 pod range to a standard cluster to mitgate the issue.
+     Consider leveraging the Class E IPv4 address space (240.0.0.0/4) to support your growth.
+     While these addresses are reserved for future use (see Google VPC network valid IPv4 ranges [1]), they can be used in certain situations.
+
+     The linked documentation [2] addresses common misconceptions about Class E, discusses its benefits and considerations, and provides guidance on planning and using GKE clusters with this address space.
+     It also includes a real-world example of how Class E successfully solved IP exhaustion challenges.
+
+     Additionally, the documentation [3] provides instructions to add ipv4 pod range to a standard cluster to mitgate the issue.
+
+     [1] https://cloud.google.com/vpc/docs/subnets#valid-ranges
+     [2] https://cloud.google.com/blog/products/containers-kubernetes/how-class-e-addresses-solve-for-ip-address-exhaustion-in-gke
+     [3] https://cloud.google.com/kubernetes-engine/docs/how-to/multi-pod-cidr#cluster-add-pod-ipv4-range
 
-     [1] https://cloud.google.com/kubernetes-engine/docs/how-to/multi-pod-cidr#cluster-add-pod-ipv4-range
 
 [END]: Finalize VM external connectivity diagnostics.
 

diff --git a/gcpdiag/runbook/gke/templates/ipexhaustion.jinja b/gcpdiag/runbook/gke/templates/ipexhaustion.jinja
@@ -14,9 +14,18 @@ Please follow the below documentation [1] to add ipv4 range to the autopilot clu
 {% endblock pod_ip_exhaustion_failure_remediation %}
 
 {% block pod_ip_exhaustion_failure_remediation_a1 %}
-Please follow the below documentation [1] to add ipv4 pod range to a standard cluster to mitgate the issue.
+Consider leveraging the Class E IPv4 address space (240.0.0.0/4) to support your growth.
+While these addresses are reserved for future use (see Google VPC network valid IPv4 ranges [1]), they can be used in certain situations.
+
+The linked documentation [2] addresses common misconceptions about Class E, discusses its benefits and considerations, and provides guidance on planning and using GKE clusters with this address space.
+It also includes a real-world example of how Class E successfully solved IP exhaustion challenges.
+
+Additionally, the documentation [3] provides instructions to add ipv4 pod range to a standard cluster to mitgate the issue.
+
+[1] https://cloud.google.com/vpc/docs/subnets#valid-ranges
+[2] https://cloud.google.com/blog/products/containers-kubernetes/how-class-e-addresses-solve-for-ip-address-exhaustion-in-gke
+[3] https://cloud.google.com/kubernetes-engine/docs/how-to/multi-pod-cidr#cluster-add-pod-ipv4-range
 
-[1] https://cloud.google.com/kubernetes-engine/docs/how-to/multi-pod-cidr#cluster-add-pod-ipv4-range
 {% endblock pod_ip_exhaustion_failure_remediation_a1 %}