Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

additionalSecurityGroups for bastion ELB is documented but isn't implemented #17250

Open
georgekaz opened this issue Feb 4, 2025 · 0 comments
Open

additionalSecurityGroups for bastion ELB is documented but isn't implemented #17250

georgekaz opened this issue Feb 4, 2025 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug.

Comments

@georgekaz
Copy link

georgekaz commented Feb 4, 2025
edited
Loading

/kind bug

1. What kops version are you running? The command kops version, will display
this information.

1.29.2

2. What Kubernetes version are you running? kubectl version will print the
version if a cluster is running or provide the Kubernetes version specified as
a kops flag.

1.29.8

3. What cloud provider are you using?

AWS

4. What commands did you run? What is the simplest way to reproduce this issue?

kops edit cluster and add the security groups

5. What happened after the commands executed?

The security groups aren't added

6. What did you expect to happen?

The security groups to be added

7. Please provide your cluster manifest. Execute
kops get --name my.example.com -o yaml to display your cluster manifest.
You may want to remove your cluster name and other sensitive information.

My desired manifest is:

spec:
  topology:
    bastion:
      bastionPublicName: xxx
      loadBalancer:
        additionalSecurityGroups:
        - sg-xxx
        - sg-xxx

But the result of kops get cluster includes

  topology:
    bastion:
      bastionPublicName: xxx
      loadBalancer: {}

8. Please run the commands with most verbose logging by adding the -v 10 flag.
Paste the logs into this report, or in a gist and provide the gist link here.

    "topology": {
      "bastion": {
        "publicName": "xxx",
        "loadBalancer": {}
      },
      "dns": "Public"
    },

9. Anything else do we need to know?

The docs describe how to add additional SGs here https://github.com/kubernetes/kops/blob/v1.29.2/docs/bastion.md#additional-security-groups-to-elb

But the code says otherwise:
https://github.com/kubernetes/kops/blob/v1.29.2/pkg/apis/kops/v1alpha2/bastion.go#L28
and
https://github.com/kubernetes/kops/blob/v1.29.2/k8s/crds/kops.k8s.io_clusters.yaml#L6197-L6198

So really this is a documentation error from what I can tell, but it wasted an hour of my time trying to figure out why my security groups weren't applying because I assumed I'd made an error.

Note: I'm linking to v1.29.2 tags here but it's still the same in the main branch and later tags.
@k8s-ci-robot k8s-ci-robot added the kind/bug Categorizes issue or PR as related to a bug. label Feb 4, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@georgekaz @k8s-ci-robot