-
Notifications
You must be signed in to change notification settings - Fork 308
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Don't create an additional SecurityGroups if it's already defined by aws-load-balancer-security-groups annotation #65
Comments
More over, it never cleans that security groups leaving it orphaned clattering your account and eventually hitting a limit. |
Ran into this while trying to create an ELB with a whitelist only open to a 3rd party. Our intention was to make the whitelisted security-group a terraform managed resource used by multiple load balancers.
|
Just use additional annotation annotations:
service.beta.kubernetes.io/load-balancer-source-ranges: ["x.x.x.x/xx","x.x.x.x/xx"] And you will get rules dedicated to your IPs. |
@yevhen-kalyna Thanks for your suggestion. |
The fix has been prepared and merged into Kubernetes master branch kubernetes/kubernetes#83446 |
OCPBUGS-25662: ecr-credential-provider RPM CI builds
What happened:
AWS Cloud provider creates an additional AWS Security Group per LoadBalancer defined in Kubernetes Service configuration in case if it's already defined by
service.beta.kubernetes.io/aws-load-balancer-security-groups
annotationWhat you expected to happen:
Don't create an additional SG and don't rewrite rules on SG provided by
aws-load-balancer-security-groups
annotationHow to reproduce it (as minimally and precisely as possible):
service.beta.kubernetes.io/aws-load-balancer-security-groups
andType: LoadBalancer
For example,
Anything else we need to know?:
Creates SG by cloud provider:
My custom SG after several seconds after service creation:
Environment:
kubectl version
):v1.14.8-eks-b7174d
AWS
/kind bug
The text was updated successfully, but these errors were encountered: