Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Move NLB's VPC CIDR security group rule logic into model #10161

Merged
merged 1 commit into from
Nov 3, 2020
Merged

Move NLB's VPC CIDR security group rule logic into model #10161

merged 1 commit into from
Nov 3, 2020

Conversation

rifelpet
Copy link
Member

@rifelpet rifelpet commented Nov 3, 2020
edited
Loading

This way the security group rule task doesn't need to be aware of VPCs, since we should always know the VPC CIDR ahead of time via cluster spec.

This also fixes the terraform and cloudformation rendering of this rule (see the added cidr block in the integration test outputs)

These rules are for NLB's health checks. The AWS docs recommend allowing access from the entire VPC CIDRs
Also add rules for additionalNetworkCIDRs, supporting VPCs with multiple CIDR blocks.

ref: #9011 (comment)

@k8s-ci-robot k8s-ci-robot added cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. size/M Denotes a PR that changes 30-99 lines, ignoring generated files. labels Nov 3, 2020
@k8s-ci-robot
Copy link
Contributor

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: rifelpet

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@k8s-ci-robot k8s-ci-robot added the area/provider/aws Issues or PRs related to aws provider label Nov 3, 2020
@k8s-ci-robot k8s-ci-robot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Nov 3, 2020
@k8s-ci-robot
Copy link
Contributor

k8s-ci-robot commented Nov 3, 2020
edited
Loading

@rifelpet: The following test failed, say /retest to rerun all failed tests:

Test name Commit Details Rerun command
pull-kops-bazel-test b272898 link /test pull-kops-bazel-test

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

@rifelpet
Move NLB's VPC CIDR security group rule logic into model
f082848 
This way the security group rule task doesn't need to be aware of VPCs, since we know the VPC CIDR ahead of time via cluster spec.

This also fixes the terraform and cloudformation rendering of this rule (see the added cidr block in the integration test outputs)

These rules are for NLB's health checks. The AWS docs recommend allowing access from the entire VPC CIDRs
Also add rules for additionalNetworkCIDRs, supporting VPCs with multiple CIDR blocks.
@rifelpet rifelpet mentioned this pull request Nov 3, 2020
Merged
@seh
Copy link
Contributor

seh commented Nov 3, 2020

I tried a build based on commit b272898 and it failed the same way it did before, but now I see we have f082848.

@seh seh mentioned this pull request Nov 3, 2020
Merged
@hakman
Copy link
Member

hakman commented Nov 3, 2020

/lgtm

@k8s-ci-robot k8s-ci-robot added the lgtm "Looks good to me", indicates that a PR is ready to be merged. label Nov 3, 2020
@k8s-ci-robot k8s-ci-robot merged commit 235133d into kubernetes:master Nov 3, 2020
@k8s-ci-robot k8s-ci-robot added this to the v1.20 milestone Nov 3, 2020
@rifelpet rifelpet mentioned this pull request Nov 3, 2020
Merged
k8s-ci-robot added a commit that referenced this pull request Nov 3, 2020
@k8s-ci-robot
Merge pull request #10163 from rifelpet/automated-cherry-pick-of-#10161-
7852019 
#10162-origin-release-1.19

Automated cherry pick of #10161: Move NLB's VPC CIDR security group rule logic into model #10162: Fix additionalSecurityGroups support for NLB
@rifelpet rifelpet deleted the nlb-cidr branch May 5, 2021 13:47
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@hakman hakman hakman left review comments

@mikesplain mikesplain Awaiting requested review from mikesplain

@rdrgmnzs rdrgmnzs Awaiting requested review from rdrgmnzs

Assignees

@hakman hakman

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. area/provider/aws Issues or PRs related to aws provider cncf-cla: yes Indicates the PR's author has signed the CNCF CLA. lgtm "Looks good to me", indicates that a PR is ready to be merged. size/M Denotes a PR that changes 30-99 lines, ignoring generated files.
Projects
None yet
Milestone
v1.20
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@rifelpet @k8s-ci-robot @seh @hakman