Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix behaviour of aws-load-balancer-security-groups annotation #88693

Closed
wants to merge 1 commit into from
Closed

fix behaviour of aws-load-balancer-security-groups annotation #88693

wants to merge 1 commit into from

Conversation

Elias481
Copy link
Contributor

@Elias481 Elias481 commented Feb 29, 2020
edited
Loading

What type of PR is this?
/kind bug

What this PR does / why we need it:
The intention of users utilizing the specified by aws-load-balancer-security-groups annotation is typically, that they want to assign an externally managed security to the load balancer and do not want Kubernetes to modify the group.
(Also see summary/fixed issues)

Which issue(s) this PR fixes:
Ensures that Security Group specified by aws-load-balancer-security-groups is not modified on setup of Load Balancer anymore.
Fixes #79723, kubernetes/cloud-provider-aws/issues/65
Redesign implementation from PR #62774
Also addresses #49445, #79279

Special notes for your reviewer:
Backport/Cherry-Pick #83446 for release 1.17
I decided for now to not go back to my pre-merge-conflict-resolve version of that PR but take over the getSGListFromAnnotation function from @bhagwat070919 #84265 without cherry picking that full PR (so only use it within buildELBSecurityGroupList changed with this PR) - if that is not fine for You I can do other way (backport/cherry-pick whoul #84265 or inline the functioanlity of getSGListFromAnnotation)

Release Note

Fix handling of aws-load-balancer-security-groups annotation. Security-Groups assigned with this annotation are no longer modified by kubernetes which is the expected behaviour of most users. Also no unnecessary Security-Groups are created anymore if this annotation is used.

@Elias481
fix behaviour of aws-load-balancer-security-groups annotation
f95336c 
Conflicts:
	staging/src/k8s.io/legacy-cloud-providers/aws/aws.go
	staging/src/k8s.io/legacy-cloud-providers/aws/aws_test.go
@k8s-ci-robot k8s-ci-robot added release-note-none Denotes a PR that doesn't merit a release note. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. labels Feb 29, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.14 milestone Feb 29, 2020
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Feb 29, 2020
@k8s-ci-robot
Copy link
Contributor

@Elias481: This cherry pick PR is for a release branch and has not yet been approved by the Patch Release Team.
Adding the do-not-merge/cherry-pick-not-approved label.

To merge this cherry pick, please ping the kubernetes/patch-release-team in a comment, after it has been approved by the relevant OWNERS.
For details on the patch release process and schedule, see the Patch Releases page.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. labels Feb 29, 2020
@k8s-ci-robot
Copy link
Contributor

Hi @Elias481. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: Elias481
To complete the pull request process, please assign gnufied
You can assign the PR to them by writing /assign @gnufied in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. and removed needs-sig Indicates an issue or PR lacks a `sig/foo` label and requires one. labels Feb 29, 2020
@Elias481
Copy link
Contributor Author

/assign @gnufied

@Elias481
Copy link
Contributor Author

ping @bhagwat070919

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. and removed release-note-none Denotes a PR that doesn't merit a release note. labels Feb 29, 2020
@jsafrane
Copy link
Member

jsafrane commented Mar 2, 2020

I don't think we support 1.14

https://kubernetes.io/docs/setup/release/version-skew-policy/

The Kubernetes project maintains release branches for the most recent three minor releases.

@nckturner
Copy link
Contributor

/close

@k8s-ci-robot
Copy link
Contributor

@nckturner: Closed this PR.

In response to this:

/close

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@micahhausler micahhausler Awaiting requested review from micahhausler

@nckturner nckturner Awaiting requested review from nckturner

Assignees

@gnufied gnufied

Labels
cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. do-not-merge/cherry-pick-not-approved Indicates that a PR is not yet approved to merge into a release branch. kind/bug Categorizes issue or PR as related to a bug. needs-ok-to-test Indicates a PR that requires an org member to verify it is safe to test. needs-priority Indicates a PR lacks a `priority/foo` label and requires one. release-note Denotes a PR that will be considered when it comes time to generate release notes. sig/cloud-provider Categorizes an issue or PR as relevant to SIG Cloud Provider. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.14
Development

Successfully merging this pull request may close these issues.
5 participants
@Elias481 @k8s-ci-robot @jsafrane @nckturner @gnufied