GKE: Investigate possible firewall issue blocking traffic between control plane and workers

[pst]

I encountered two issues that may indicate a network connectivity issue:

1. kubeseal CLI times out trying to encrypt a secret - under the hood it seems to do a port-forward to talk to the controller to get the cert (workaround is to kubectl get the secret, store the cert locally and use that with kubeseal --cert manually)
2. nginx ingress admission controller times out after the default 10s deadline when applying ingress resources

These issues may or may not be related. And they may or may not be caused by GKE networking settings.

[pst]

https://cloud.google.com/kubernetes-engine/docs/how-to/private-clusters#add_firewall_rules

[elieser1101]

I found a problem that could be related to this. While trying to implement OPA Gatekeeper the admission controller is not able to reach the webhook. It seems to be a known issue. And the fix described here suggests adding a new firewall rule.

Would be great if we could add these firewall rules trough kbst

[zpiazza-combocurve]

Bump. Following the kubstack setup guide, NGINX validation webhook fails due to the missing firewall rule.