Allow AWS Prefix Lists for sshAccess and kubernetesApiAccess #12925
Labels
help wanted
Denotes an issue that needs help from a contributor. Must meet "help wanted" guidelines.
kind/feature
Categorizes issue or PR as related to a new feature.
/kind feature
1. Describe IN DETAIL the feature/behavior/change you would like to see.
AWS provides prefix lists as a mechanism for managing security group rules and route tables. These prefix lists can be used in security group rules in place of a CIDR and AWS will automatically handle all CIDRs in the list with only one security group rule.
We would like to be able to utilize these prefix lists for sshAccess and kubernetesApiAccess in our cluster spec to simplify security group management and avoid hitting AWS' hard limit on the number of security group rules.
2. Feel free to provide a design supporting your feature request.
From a user interface standpoint we would simply like to see kops allow the prefix list id (name would also be acceptable, but that might be more complicated to implement) in the pertinent parts of the cluster spec and then create the inbound security group rules with the prefix list instead of the CIDR.
The text was updated successfully, but these errors were encountered: