Skip to content

✨ Support additional security group ingress rules for all nodes #5224

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Apr 23, 2025
Merged

✨ Support additional security group ingress rules for all nodes #5224

merged 1 commit into from
Apr 23, 2025

Conversation

@AndiDog
Copy link
Contributor

@AndiDog AndiDog commented Nov 22, 2024

What type of PR is this?

/kind feature

What this PR does / why we need it:

It was already possible to add rules for control plane nodes, but not for all nodes. Example use case: pod network is deployed on separate VPC/ENIs (e.g. via Cilium AWS ENI allocator) and therefore doesn't have the node security group which allows access to the kubelet API for metrics-server's scraping – that can now easily be allowed with custom rules.

Checklist:

  • squashed commits
  • includes documentation
  • includes emojis
  • adds unit tests
  • adds or updates e2e tests

Release note:

Support additional security group ingress rules for all nodes

@k8s-ci-robot k8s-ci-robot added release-note Denotes a PR that will be considered when it comes time to generate release notes. kind/feature Categorizes issue or PR as related to a new feature. labels Nov 22, 2024
@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. needs-priority size/L Denotes a PR that changes 100-499 lines, ignoring generated files. labels Nov 22, 2024
@Ankitasw
Copy link
Member

Ankitasw commented Jan 3, 2025

/test pull-cluster-api-provider-aws-e2e

1 similar comment
@AndiDog
Copy link
Contributor Author

AndiDog commented Jan 3, 2025

/test pull-cluster-api-provider-aws-e2e

@AndiDog AndiDog force-pushed the additional-node-sg-ingress-rules branch from f852a0b to e223ac7 Compare January 22, 2025 16:38
@AndiDog
Copy link
Contributor Author

AndiDog commented Jan 22, 2025

Rebased onto main.

/test pull-cluster-api-provider-aws-e2e

@AndiDog
Copy link
Contributor Author

AndiDog commented Jan 24, 2025

/test pull-cluster-api-provider-aws-e2e

fiunchinho
fiunchinho approved these changes Jan 28, 2025
View reviewed changes
Copy link
Contributor

@fiunchinho fiunchinho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 28, 2025
@richardcase
Copy link
Member

/test pull-cluster-api-provider-aws-e2e-eks

@richardcase
Copy link
Member

Feel free to unhold when the eks e2e passes:

/hold

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 23, 2025
@richardcase
Copy link
Member

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: richardcase

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Apr 23, 2025
@fiunchinho
Copy link
Contributor

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Apr 23, 2025
@k8s-ci-robot k8s-ci-robot merged commit 5e56bbc into kubernetes-sigs:main Apr 23, 2025
20 checks passed
yongs2 pushed a commit to yongs2/cluster-api-provider-aws that referenced this pull request Jul 21, 2025
@k8s-ci-robot @yongs2
Merge pull request kubernetes-sigs#5224 from AndiDog/additional-node-…
5f7822b 
…sg-ingress-rules

✨ Support additional security group ingress rules for all nodes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@Ankitasw Ankitasw Awaiting requested review from Ankitasw

@damdo damdo Awaiting requested review from damdo

1 more reviewer

@fiunchinho fiunchinho fiunchinho approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

@fiunchinho fiunchinho

Labels

approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. kind/feature Categorizes issue or PR as related to a new feature. lgtm "Looks good to me", indicates that a PR is ready to be merged. needs-priority release-note Denotes a PR that will be considered when it comes time to generate release notes. size/L Denotes a PR that changes 100-499 lines, ignoring generated files.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@AndiDog @Ankitasw @richardcase @k8s-ci-robot @fiunchinho