In Terraform I have enabled logging in firewall module and created 3 custom firewall rules in GCP and once terraform is applied logconfig is set to true. If I fire gcloud compute firewall-rules list --format="table(name,logConfig)" command my custom firewall rules shows LOG_CONFIG as 'enable': True whereas automatically created GKE cluster and service firewall rules shows as False.
Manually from console/command line I can update to true for GKE cluster and service firewall rules whereas via terraform I couldnt find solution. I have found the documentation on automatically created firewall rules in GCP https://cloud.google.com/kubernetes-engine/docs/concepts/firewall-rules but dint found out enable log config automatically.
Could anyone provide me the solution.
Currently I am using this firewall rule and its enabling logconfig for my custom rules.
resource "google_compute_firewall" "default" {
name = "sample"
network = "sample-network"
project = "sample-project"
enable_logging = "true"
allow {
protocol = var.proto
ports = var.ports
}
log_config {
metadata = "INCLUDE_ALL_METADATA"
}
source_tags = var.sourceTags
source_ranges = var.sourceRanges
target_tags = var.targetTags
}
I think the document you linked has the solution:
https://cloud.google.com/kubernetes-engine/docs/concepts/firewall-rules
If you would like more control over firewall behavior, you can create firewall rules with a higher priority. Firewall rules with a higher priority are applied before automatically created firewall rules.