Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

⚠️ ELB uses separate security group #1476

Merged
merged 3 commits into from Jan 24, 2020
Merged

⚠️ ELB uses separate security group #1476

merged 3 commits into from Jan 24, 2020

Conversation

randomvariable
Copy link
Member

Cherry pick of #1456 on release-0.4.

#1456: ELB for API Server to use separate security group

For details on the cherry pick process, see the cherry pick requests page.

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Jan 10, 2020
@randomvariable randomvariable changed the title Automated cherry pick of #1456: ELB for API Server to use separate security group ⚠️ ELB uses separate security group Jan 10, 2020
@randomvariable
Copy link
Member Author

/hold
what's the effect on existing clusters @aaroniscode ?

@k8s-ci-robot k8s-ci-robot added the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 10, 2020
@randomvariable randomvariable force-pushed the automated-cherry-pick-of-#1456-upstream-release-0.4 branch from be2ced0 to 0bb9b79 Compare January 10, 2020 18:53
@randomvariable randomvariable changed the title ⚠️ ELB uses separate security group [held] ⚠️ ELB uses separate security group Jan 10, 2020
@ncdc
Copy link
Contributor

ncdc commented Jan 10, 2020

@randomvariable I'm guessing you'd have the same question for clusters created with 0.4.x that upgrade to 0.5?

@aaroniscode
Copy link
Contributor

/hold
what's the effect on existing clusters @aaroniscode ?

Based on feedback from someone else's test, it appears the new security group is created and rules updated, but if there is an existing ELB, it's not updated with the new LB security group, it's still assigned to the control plane security group that no longer has the right ingress rules. So I think it breaks the cluster.

I have time tomorrow (Monday) to make sure the reconcile loop updates the ELB's security group unless you think we should address it differently?

@vincepri
Copy link
Member

@aaroniscode Let's open a linked issue and keep this PR on hold until the fix is merged to master. This way, we can probably backport both commit at the same time.

@aaroniscode
Copy link
Contributor

@aaroniscode Let's open a linked issue and keep this PR on hold until the fix is merged to master. This way, we can probably backport both commit at the same time.

A fix to update the load balancer to the new security group is in PR #1481

@aaroniscode
Copy link
Contributor

@randomvariable you will probably want to pull in the commit from #1482 once it's merged to master as it probably should have been included in the PR to separate out the ELB security group.

@joonas
Copy link

joonas commented Jan 17, 2020

@randomvariable @aaroniscode Now that #1481 and #1482 are in, can this one move forward?

@aaroniscode
Copy link
Contributor

@randomvariable @aaroniscode Now that #1481 and #1482 are in, can this one move forward?

I think it's ready

@ncdc ncdc added this to the v0.4.x milestone Jan 17, 2020
@randomvariable
Copy link
Member Author

Added #1481 and #1482 into the mix

@randomvariable
Copy link
Member Author

/remove hold

@randomvariable randomvariable changed the title [held] ⚠️ ELB uses separate security group ⚠️ ELB uses separate security group Jan 24, 2020
@randomvariable
Copy link
Member Author

/unhold

@k8s-ci-robot k8s-ci-robot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 24, 2020
@ncdc
Copy link
Contributor

ncdc commented Jan 24, 2020

/lgtm
/assign @detiber (note, this is for 0.4 😄)

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Jan 24, 2020
vincepri
vincepri approved these changes Jan 24, 2020
View reviewed changes
Copy link
Member

@vincepri vincepri left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

/approve

@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: randomvariable, vincepri

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 24, 2020
@k8s-ci-robot k8s-ci-robot merged commit bd456a6 into kubernetes-sigs:release-0.4 Jan 24, 2020
@randomvariable randomvariable deleted the automated-cherry-pick-of-#1456-upstream-release-0.4 branch January 24, 2020 18:44
richardchen-db pushed a commit to databricks/cluster-api-provider-aws-1 that referenced this pull request Jan 14, 2023
@k8s-ci-robot
Merge pull request kubernetes-sigs#1476 from randomvariable/automated…
c746ab0 
…-cherry-pick-of-#1456-upstream-release-0.4

⚠️ ELB uses separate security group
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@vincepri vincepri vincepri approved these changes

@ingvagabund ingvagabund Awaiting requested review from ingvagabund

@justinsb justinsb Awaiting requested review from justinsb

Assignees

@ncdc ncdc

@detiber detiber

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v0.4.x
Development

Successfully merging this pull request may close these issues.

None yet
7 participants
@randomvariable @ncdc @aaroniscode @vincepri @joonas @k8s-ci-robot @detiber