cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

Support customisation of ingressRules for nodeSecurityGroup

Open snehala27 opened this issue 1 year ago • 3 comments

/kind feature

Describe the solution you'd like [A clear and concise description of what you want to happen.] Recently, customisation of ingressRules was added for controlPlaneLB securityGroup. Similarly, node security group also allows all communication over ports 30000-32767 here https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/pkg/cloud/services/securitygroup/securitygroups.go#L545

If we want to have a ingressRules list for this and avoid using 0.0.0.0/0, where is the best place to take custom ingressRule Input? Probable options:

  1. AWSClusterSpec
  2. AWSClusterSpec.NetworkSpec

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

Environment:

  • Cluster-api-provider-aws version: v2.2.1
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):

snehala27 avatar Sep 11 '23 14:09 snehala27