kubernetes-sigs
diff --git a/‎api/v1beta1/awscluster_conversion.go
Lines changed: 1 addition & 1 deletion b/‎api/v1beta1/awscluster_conversion.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1beta1/zz_generated.conversion.go
Lines changed: 1 addition & 1 deletion b/‎api/v1beta1/zz_generated.conversion.go
Lines changed: 1 addition & 1 deletion
diff --git a/‎api/v1beta2/awscluster_types.go
Lines changed: 2 additions & 3 deletions b/‎api/v1beta2/awscluster_types.go
Lines changed: 2 additions & 3 deletions
diff --git a/‎api/v1beta2/awscluster_webhook.go
Lines changed: 2 additions & 2 deletions b/‎api/v1beta2/awscluster_webhook.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎api/v1beta2/awscluster_webhook_test.go
Lines changed: 10 additions & 10 deletions b/‎api/v1beta2/awscluster_webhook_test.go
Lines changed: 10 additions & 10 deletions
diff --git a/‎api/v1beta2/zz_generated.deepcopy.go
Lines changed: 2 additions & 2 deletions b/‎api/v1beta2/zz_generated.deepcopy.go
Lines changed: 2 additions & 2 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusters.yaml
Lines changed: 37 additions & 39 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsclusters.yaml
Lines changed: 37 additions & 39 deletions
diff --git a/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsclustertemplates.yaml
Lines changed: 39 additions & 41 deletions b/‎config/crd/bases/infrastructure.cluster.x-k8s.io_awsclustertemplates.yaml
Lines changed: 39 additions & 41 deletions
diff --git a/‎docs/book/src/topics/bring-your-own-aws-infrastructure.md
Lines changed: 6 additions & 5 deletions b/‎docs/book/src/topics/bring-your-own-aws-infrastructure.md
Lines changed: 6 additions & 5 deletions
@@ -74,7 +74,7 @@ func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec)
 	dst.LoadBalancerType = restored.LoadBalancerType
 	dst.DisableHostsRewrite = restored.DisableHostsRewrite
 	dst.PreserveClientIP = restored.PreserveClientIP
-	dst.AdditionalIngressRules = restored.AdditionalIngressRules
+	dst.IngressRules = restored.IngressRules
 }
 
 // ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.
 
@@ -208,10 +208,9 @@ type AWSLoadBalancerSpec struct {
 	// +optional
 	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
 
-	// AdditionalIngressRules sets the additional ingress rules for the control plane load balancer. If no source security group ids are specified, the
-	// default control plane security group will be used.
+	// IngressRules sets the ingress rules for the control plane load balancer.
 	// +optional
-	AdditionalIngressRules []IngressRule `json:"additionalIngressRules,omitempty"`
+	IngressRules []IngressRule `json:"ingressRules,omitempty"`
 
 	// LoadBalancerType sets the type for a load balancer. The default type is classic.
 	// +kubebuilder:default=classic
 
@@ -199,9 +199,9 @@ func (r *AWSCluster) validateAdditionalIngressRules() field.ErrorList {
 		return allErrs
 	}
 
-	for _, rule := range r.Spec.ControlPlaneLoadBalancer.AdditionalIngressRules {
+	for _, rule := range r.Spec.ControlPlaneLoadBalancer.IngressRules {
 		if (rule.CidrBlocks != nil || rule.IPv6CidrBlocks != nil) && (rule.SourceSecurityGroupIDs != nil || rule.SourceSecurityGroupRoles != nil) {
-			allErrs = append(allErrs, field.Invalid(field.NewPath("additionalIngressRules"), r.Spec.ControlPlaneLoadBalancer.AdditionalIngressRules, "CIDR blocks and security group IDs or security group roles cannot be used together"))
+			allErrs = append(allErrs, field.Invalid(field.NewPath("additionalIngressRules"), r.Spec.ControlPlaneLoadBalancer.IngressRules, "CIDR blocks and security group IDs or security group roles cannot be used together"))
 		}
 	}
 
 
@@ -252,11 +252,11 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "rejects additional ingress rules with cidr block and source security group id",
+			name: "rejects ingress rules with cidr block and source security group id",
 			cluster: &AWSCluster{
 				Spec: AWSClusterSpec{
 					ControlPlaneLoadBalancer: &AWSLoadBalancerSpec{
-						AdditionalIngressRules: []IngressRule{
+						IngressRules: []IngressRule{
 							{
 								Protocol:               SecurityGroupProtocolTCP,
 								CidrBlocks:             []string{"test"},
@@ -269,11 +269,11 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "rejects additional ingress rules with cidr block and source security group id and role",
+			name: "rejects ingress rules with cidr block and source security group id and role",
 			cluster: &AWSCluster{
 				Spec: AWSClusterSpec{
 					ControlPlaneLoadBalancer: &AWSLoadBalancerSpec{
-						AdditionalIngressRules: []IngressRule{
+						IngressRules: []IngressRule{
 							{
 								Protocol:                 SecurityGroupProtocolTCP,
 								IPv6CidrBlocks:           []string{"test"},
@@ -287,11 +287,11 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			wantErr: true,
 		},
 		{
-			name: "accepts additional ingress rules with cidr block",
+			name: "accepts ingress rules with cidr block",
 			cluster: &AWSCluster{
 				Spec: AWSClusterSpec{
 					ControlPlaneLoadBalancer: &AWSLoadBalancerSpec{
-						AdditionalIngressRules: []IngressRule{
+						IngressRules: []IngressRule{
 							{
 								Protocol:   SecurityGroupProtocolTCP,
 								CidrBlocks: []string{"test"},
@@ -303,11 +303,11 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "accepts additional ingress rules with source security group role",
+			name: "accepts ingress rules with source security group role",
 			cluster: &AWSCluster{
 				Spec: AWSClusterSpec{
 					ControlPlaneLoadBalancer: &AWSLoadBalancerSpec{
-						AdditionalIngressRules: []IngressRule{
+						IngressRules: []IngressRule{
 							{
 								Protocol:                 SecurityGroupProtocolTCP,
 								SourceSecurityGroupRoles: []SecurityGroupRole{SecurityGroupBastion},
@@ -319,11 +319,11 @@ func TestAWSClusterValidateCreate(t *testing.T) {
 			wantErr: false,
 		},
 		{
-			name: "accepts additional ingress rules with source security group id and role",
+			name: "accepts ingress rules with source security group id and role",
 			cluster: &AWSCluster{
 				Spec: AWSClusterSpec{
 					ControlPlaneLoadBalancer: &AWSLoadBalancerSpec{
-						AdditionalIngressRules: []IngressRule{
+						IngressRules: []IngressRule{
 							{
 								Protocol:                 SecurityGroupProtocolTCP,
 								SourceSecurityGroupIDs:   []string{"test"},
 
@@ -966,11 +966,43 @@ spec:
                 description: ControlPlaneLoadBalancer is optional configuration for
                   customizing control plane behavior.
                 properties:
-                  additionalIngressRules:
-                    description: AdditionalIngressRules sets the additional ingress
-                      rules for the control plane load balancer. If no source security
-                      group ids are specified, the default control plane security
-                      group will be used.
+                  additionalSecurityGroups:
+                    description: AdditionalSecurityGroups sets the security groups
+                      used by the load balancer. Expected to be security group IDs
+                      This is optional - if not provided new security groups will
+                      be created for the load balancer
+                    items:
+                      type: string
+                    type: array
+                  crossZoneLoadBalancing:
+                    description: "CrossZoneLoadBalancing enables the classic ELB cross
+                      availability zone balancing. \n With cross-zone load balancing,
+                      each load balancer node for your Classic Load Balancer distributes
+                      requests evenly across the registered instances in all enabled
+                      Availability Zones. If cross-zone load balancing is disabled,
+                      each load balancer node distributes requests evenly across the
+                      registered instances in its Availability Zone only. \n Defaults
+                      to false."
+                    type: boolean
+                  disableHostsRewrite:
+                    description: DisableHostsRewrite disabled the hair pinning issue
+                      solution that adds the NLB's address as 127.0.0.1 to the hosts
+                      file of each instance. This is by default, false.
+                    type: boolean
+                  healthCheckProtocol:
+                    description: HealthCheckProtocol sets the protocol type for ELB
+                      health check target default value is ELBProtocolSSL
+                    enum:
+                    - TCP
+                    - SSL
+                    - HTTP
+                    - HTTPS
+                    - TLS
+                    - UDP
+                    type: string
+                  ingressRules:
+                    description: IngressRules sets the ingress rules for the control
+                      plane load balancer.
                     items:
                       description: IngressRule defines an AWS ingress rule for security
                         groups.
@@ -1040,40 +1072,6 @@ spec:
                       - toPort
                       type: object
                     type: array
-                  additionalSecurityGroups:
-                    description: AdditionalSecurityGroups sets the security groups
-                      used by the load balancer. Expected to be security group IDs
-                      This is optional - if not provided new security groups will
-                      be created for the load balancer
-                    items:
-                      type: string
-                    type: array
-                  crossZoneLoadBalancing:
-                    description: "CrossZoneLoadBalancing enables the classic ELB cross
-                      availability zone balancing. \n With cross-zone load balancing,
-                      each load balancer node for your Classic Load Balancer distributes
-                      requests evenly across the registered instances in all enabled
-                      Availability Zones. If cross-zone load balancing is disabled,
-                      each load balancer node distributes requests evenly across the
-                      registered instances in its Availability Zone only. \n Defaults
-                      to false."
-                    type: boolean
-                  disableHostsRewrite:
-                    description: DisableHostsRewrite disabled the hair pinning issue
-                      solution that adds the NLB's address as 127.0.0.1 to the hosts
-                      file of each instance. This is by default, false.
-                    type: boolean
-                  healthCheckProtocol:
-                    description: HealthCheckProtocol sets the protocol type for ELB
-                      health check target default value is ELBProtocolSSL
-                    enum:
-                    - TCP
-                    - SSL
-                    - HTTP
-                    - HTTPS
-                    - TLS
-                    - UDP
-                    type: string
                   loadBalancerType:
                     default: classic
                     description: LoadBalancerType sets the type for a load balancer.
 
@@ -559,11 +559,45 @@ spec:
                         description: ControlPlaneLoadBalancer is optional configuration
                           for customizing control plane behavior.
                         properties:
-                          additionalIngressRules:
-                            description: AdditionalIngressRules sets the additional
-                              ingress rules for the control plane load balancer. If
-                              no source security group ids are specified, the default
-                              control plane security group will be used.
+                          additionalSecurityGroups:
+                            description: AdditionalSecurityGroups sets the security
+                              groups used by the load balancer. Expected to be security
+                              group IDs This is optional - if not provided new security
+                              groups will be created for the load balancer
+                            items:
+                              type: string
+                            type: array
+                          crossZoneLoadBalancing:
+                            description: "CrossZoneLoadBalancing enables the classic
+                              ELB cross availability zone balancing. \n With cross-zone
+                              load balancing, each load balancer node for your Classic
+                              Load Balancer distributes requests evenly across the
+                              registered instances in all enabled Availability Zones.
+                              If cross-zone load balancing is disabled, each load
+                              balancer node distributes requests evenly across the
+                              registered instances in its Availability Zone only.
+                              \n Defaults to false."
+                            type: boolean
+                          disableHostsRewrite:
+                            description: DisableHostsRewrite disabled the hair pinning
+                              issue solution that adds the NLB's address as 127.0.0.1
+                              to the hosts file of each instance. This is by default,
+                              false.
+                            type: boolean
+                          healthCheckProtocol:
+                            description: HealthCheckProtocol sets the protocol type
+                              for ELB health check target default value is ELBProtocolSSL
+                            enum:
+                            - TCP
+                            - SSL
+                            - HTTP
+                            - HTTPS
+                            - TLS
+                            - UDP
+                            type: string
+                          ingressRules:
+                            description: IngressRules sets the ingress rules for the
+                              control plane load balancer.
                             items:
                               description: IngressRule defines an AWS ingress rule
                                 for security groups.
@@ -634,42 +668,6 @@ spec:
                               - toPort
                               type: object
                             type: array
-                          additionalSecurityGroups:
-                            description: AdditionalSecurityGroups sets the security
-                              groups used by the load balancer. Expected to be security
-                              group IDs This is optional - if not provided new security
-                              groups will be created for the load balancer
-                            items:
-                              type: string
-                            type: array
-                          crossZoneLoadBalancing:
-                            description: "CrossZoneLoadBalancing enables the classic
-                              ELB cross availability zone balancing. \n With cross-zone
-                              load balancing, each load balancer node for your Classic
-                              Load Balancer distributes requests evenly across the
-                              registered instances in all enabled Availability Zones.
-                              If cross-zone load balancing is disabled, each load
-                              balancer node distributes requests evenly across the
-                              registered instances in its Availability Zone only.
-                              \n Defaults to false."
-                            type: boolean
-                          disableHostsRewrite:
-                            description: DisableHostsRewrite disabled the hair pinning
-                              issue solution that adds the NLB's address as 127.0.0.1
-                              to the hosts file of each instance. This is by default,
-                              false.
-                            type: boolean
-                          healthCheckProtocol:
-                            description: HealthCheckProtocol sets the protocol type
-                              for ELB health check target default value is ELBProtocolSSL
-                            enum:
-                            - TCP
-                            - SSL
-                            - HTTP
-                            - HTTPS
-                            - TLS
-                            - UDP
-                            type: string
                           loadBalancerType:
                             default: classic
                             description: LoadBalancerType sets the type for a load
 
@@ -163,11 +163,12 @@ It's also possible to specify custom ingress rules for the control plane load ba
 
 ```yaml
 spec:
-  additionalIngressRules:
-    - description: "example ingress rule"
-      protocol: "-1" # all
-      fromPort: 7777
-      toPort: 7777
+  controlPlaneLoadBalancer:
+    ingressRules:
+      - description: "example ingress rule"
+        protocol: "-1" # all
+        fromPort: 7777
+        toPort: 7777
 ```
 
 > **WARNING:** Using an existing Classic ELB is an advanced feature. **If you use an existing Classic ELB, you must correctly configure it, and attach subnets to it.**
Original file line number	Diff line number	Diff line change
`@@ -74,7 +74,7 @@ func restoreControlPlaneLoadBalancer(restored, dst *infrav2.AWSLoadBalancerSpec)`
`74`	`74`	`dst.LoadBalancerType = restored.LoadBalancerType`
`75`	`75`	`dst.DisableHostsRewrite = restored.DisableHostsRewrite`
`76`	`76`	`dst.PreserveClientIP = restored.PreserveClientIP`
`77`		`- dst.AdditionalIngressRules = restored.AdditionalIngressRules`
	`77`	`+ dst.IngressRules = restored.IngressRules`
`78`	`78`	`}`
`79`	`79`
`80`	`80`	`// ConvertFrom converts the v1beta1 AWSCluster receiver to a v1beta1 AWSCluster.`
Original file line number	Diff line number	Diff line change
`@@ -199,9 +199,9 @@ func (r *AWSCluster) validateAdditionalIngressRules() field.ErrorList {`
`199`	`199`	`return allErrs`
`200`	`200`	`}`
`201`	`201`
`202`		`- for _, rule := range r.Spec.ControlPlaneLoadBalancer.AdditionalIngressRules {`
	`202`	`+ for _, rule := range r.Spec.ControlPlaneLoadBalancer.IngressRules {`
`203`	`203`	`if (rule.CidrBlocks != nil \|\| rule.IPv6CidrBlocks != nil) && (rule.SourceSecurityGroupIDs != nil \|\| rule.SourceSecurityGroupRoles != nil) {`
`204`		`- allErrs = append(allErrs, field.Invalid(field.NewPath("additionalIngressRules"), r.Spec.ControlPlaneLoadBalancer.AdditionalIngressRules, "CIDR blocks and security group IDs or security group roles cannot be used together"))`
	`204`	`+ allErrs = append(allErrs, field.Invalid(field.NewPath("additionalIngressRules"), r.Spec.ControlPlaneLoadBalancer.IngressRules, "CIDR blocks and security group IDs or security group roles cannot be used together"))`
`205`	`205`	`}`
`206`	`206`	`}`
`207`	`207`