Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict VPC.SecurityGroup egress rules validations to self-managed nodes #7883

Merged
merged 1 commit into from
Jul 12, 2024
Merged

Restrict VPC.SecurityGroup egress rules validations to self-managed nodes #7883

merged 1 commit into from
Jul 12, 2024

Conversation

TiberiuGC
Copy link
Collaborator

@TiberiuGC TiberiuGC commented Jul 11, 2024
edited
Loading

Description

In the context of creating nodegroups on non-eksctl created clusters, eksctl currently requires that the VPC SG does not contain any outbound rules. This is due to the fact that eksctl adds the ingress and egress rules to the VPC SG using CloudFormation (rules are needed to facilitate communication between self-managed nodes and cluster control plane). In turn, CloudFormation is treated as the only source of truth for SG rules, hence removing any pre-existing rules, leaving users with non-functional clusters due to this undesired behaviour.

Moreover, this validation is currently applied also when creating EKS-managed nodegroups, despite the fact that eksctl does not add any rules for those. This PR restricts the validation to be applied only when creating self-managed nodegroups, as eksctl does not alter any SG rules when creating EKS-managed nodegroups.

Part of #7176

Checklist

  • Added tests that cover your change (if possible)
  • Added/modified documentation as required (such as the README.md, or the userdocs directory)
  • Manually tested
  • Made sure the title of the PR is a good description that can go into the release notes
  • (Core team) Added labels for change area (e.g. area/nodegroup) and kind (e.g. kind/improvement)

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

  • Backfilled missing tests for code in same general area 🎉
  • Refactored something and made the world a better place 🌟

@TiberiuGC TiberiuGC added kind/bug area/managed-nodegroup EKS Managed Nodegroups labels Jul 11, 2024
@TiberiuGC TiberiuGC marked this pull request as ready for review July 11, 2024 14:13
@TiberiuGC TiberiuGC enabled auto-merge (squash) July 12, 2024 14:02
@TiberiuGC TiberiuGC merged commit ebc9920 into eksctl-io:main Jul 12, 2024
9 checks passed
This was referenced Jul 12, 2024
Merged
Merged
TiberiuGC added a commit to TiberiuGC/eksctl that referenced this pull request Jul 22, 2024
@TiberiuGC
Restrict VPC.SecurityGroup egress rules validations to self-managed…
c69c705 
… nodes (eksctl-io#7883)

Restrict VPC.SecurityGroup egress rules validations to self-managed nodes
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cPu1 cPu1 cPu1 approved these changes

Assignees
No one assigned
Labels
area/managed-nodegroup EKS Managed Nodegroups kind/bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@TiberiuGC @cPu1