Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
Do not modify ELB security group #49445
Is this a BUG REPORT or FEATURE REQUEST?:
We run Kuberentes on AWS. We are trying out
We use Terraform heavily for managing infrastructure on AWS. As a result we have several shared security groups with "perfect" rules. One of them is supposed to be attached to ELBs so our own IPs, partners, etc are whitelisted. Right now, it seems there isn't a way for Kubernetes to use the security group as is. There are several alternatives:
I want to entertain the idea below:
What you expected to happen:
I can give Kubernetes existing security group(s). Kuberentes just attaches the security group(s) to the managed ELBs without modifying the rules.
How to reproduce it (as minimally and precisely as possible):
Anything else we need to know?:
It may already be possible to achieve this, and I'm not aware of. Or there are other concerns so that Kubernetes didn't choose to implement this feature.
This problem could be really critical if one has the Kubernetes dashboard installed. If for some reasons the
referenced this issue
Apr 18, 2018
For me, I don't add any annotation, I just want to change its security group rule.
Is this by design?
I guess this is part of how the controller works. If you look at #62774 , the PR fixes this problem by allowing you to specify the behaviour you want with an annotation. For the way Kubernetes works, the ELB is owned by Kubernetes and you should never be forced to modify the resource manually, thing that ultimately will not work.
Issues go stale after 90d of inactivity.
If this issue is safe to close now please do so with
Send feedback to sig-testing, kubernetes/test-infra and/or fejta.