Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Port ranges for ELB SG or allow for main SG to be managed #79279

Closed
ac-hibbert opened this issue Jun 21, 2019 · 9 comments
Closed

Port ranges for ELB SG or allow for main SG to be managed #79279

ac-hibbert opened this issue Jun 21, 2019 · 9 comments
Labels
area/provider/aws Issues or PRs related to aws provider kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider.

Comments

@ac-hibbert
Copy link

What would you like to be added:

One of either:-

  • Allow a port range
  • Allow SG to be created and managed outside of k8s and added in, some sort of annotation like service.beta.kubernetes.io/aws-load-balancer-extra-security-groups

Why is this needed:

You can end up running into security group rule limits, due to K8S managing the SG for the ELB and adding rules for each specific port

@ac-hibbert ac-hibbert added the kind/feature Categorizes issue or PR as related to a new feature. label Jun 21, 2019
@k8s-ci-robot k8s-ci-robot added the needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. label Jun 21, 2019
@ac-hibbert
Copy link
Author

/sig aws

@k8s-ci-robot k8s-ci-robot added sig/aws and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Jun 21, 2019
@justinsb
Copy link
Member

k8s services themselves don't currently support port ranges (I believe), but I think the ask here is for using a single security group per ELB, regardless of the number of ports?

We talked about this in sig-aws, and @randomvariable suggested that you were asking that we combine contiguous port range to reduce the number of security group rules - is that correct?

@ac-hibbert
Copy link
Author

I think I've found what I wanted here - to allow the SG to be created and managed outside k8s - #62774. I didn't know about that at the time, I'm yet to test it.

@ac-hibbert
Copy link
Author

That doesn't work. Logged #79723 for this

@k8s-ci-robot k8s-ci-robot added area/provider/aws Issues or PRs related to aws provider needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. and removed sig/aws labels Aug 6, 2019
@nikhita
Copy link
Member

nikhita commented Aug 6, 2019

/sig cloud-provider

@k8s-ci-robot k8s-ci-robot added sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Aug 6, 2019
@fejta-bot
Copy link

Issues go stale after 90d of inactivity.
Mark the issue as fresh with /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 4, 2019
@fejta-bot
Copy link

Stale issues rot after 30d of inactivity.
Mark the issue as fresh with /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.

If this issue is safe to close now please do so with /close.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/lifecycle rotten

@k8s-ci-robot k8s-ci-robot added lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. and removed lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. labels Dec 4, 2019
@fejta-bot
Copy link

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

@k8s-ci-robot
Copy link
Contributor

@fejta-bot: Closing this issue.

In response to this:

Rotten issues close after 30d of inactivity.
Reopen the issue with /reopen.
Mark the issue as fresh with /remove-lifecycle rotten.

Send feedback to sig-testing, kubernetes/test-infra and/or fejta.
/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/provider/aws Issues or PRs related to aws provider kind/feature Categorizes issue or PR as related to a new feature. lifecycle/rotten Denotes an issue or PR that has aged beyond stale and will be auto-closed. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider.
Projects
None yet
Development

No branches or pull requests

5 participants