-
Notifications
You must be signed in to change notification settings - Fork 537
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Unmanaged SecurityGroups should also get tagged for CCM #3481
Comments
As per the slack thread, we would be doing this in Next milestone, is it correct @sedefsavas ? |
Yes, added this under v1beta2 changes. |
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
/milestone v2.0.0 |
I'll pair on this with @dkoshkin. /assign |
/triage accepted |
@dkoshkin and I looked over this today. Here's the plan, roughly:
|
Important: As we agreed to in #3854. CAPA should apply the CCM tag on cluster create, and remove it on cluster delete. |
/milestone v2.1.0 |
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close not-planned |
@k8s-triage-robot: Closing this issue, marking it as "Not Planned". In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
/kind feature
Describe the solution you'd like
When using an unmanaged
SecurityGroup
for[spec.network.securityGroupOverrides.lb](http://spec.network.securitygroupoverrides.lb/)
CAPA should tag it withkubernetes.io/cluster/<cluster-name>
so that CCM can create ELBs forLoadBalancer
Services
without requiring users to tag theSecurityGroup
themselves.Anything else you would like to add:
When an instance has multiple SecurityGroups attached, CCM requires 1 of them to be tagged https://github.com/kubernetes/cloud-provider-aws/blob/8d2f0fd2b1b574bde3239a344bd0a9a4f244cdb0/pkg/providers/v1/aws.go#L4479-L4485
Currently managed
SecurityGroups
are already tagged with the requiredkubernetes.io/cluster
tag. Unmanaged Subnets are also already tagged. It would not be a stretch for CAPA to also tag the SecurityGroup.Originally discussed in Slack.
Environment:
v1.4.1
kubectl version
):v1.22.8
/etc/os-release
):The text was updated successfully, but these errors were encountered: