From dc1569c09c0de8f67f30450c14640cdb7ae19458 Mon Sep 17 00:00:00 2001 From: Ciprian Hacman Date: Sat, 7 Oct 2023 15:56:52 +0300 Subject: [PATCH] aws: Attach security group to NLBs for kops-controller --- pkg/model/awsmodel/api_loadbalancer.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/pkg/model/awsmodel/api_loadbalancer.go b/pkg/model/awsmodel/api_loadbalancer.go index 844b356cc475e..8c707f1cb503c 100644 --- a/pkg/model/awsmodel/api_loadbalancer.go +++ b/pkg/model/awsmodel/api_loadbalancer.go @@ -517,6 +517,17 @@ func (b *APILoadBalancerBuilder) Build(c *fi.CloudupModelBuilderContext) error { SourceGroup: masterGroup.Task, ToPort: fi.PtrTo(int64(4)), }) + if b.Cluster.UsesNoneDNS() { + c.AddTask(&awstasks.SecurityGroupRule{ + Name: fi.PtrTo(fmt.Sprintf("kops-controller-elb-to-master%s", suffix)), + Lifecycle: b.SecurityLifecycle, + FromPort: fi.PtrTo(int64(wellknownports.KopsControllerPort)), + Protocol: fi.PtrTo("tcp"), + SecurityGroup: masterGroup.Task, + ToPort: fi.PtrTo(int64(wellknownports.KopsControllerPort)), + SourceGroup: lbSG, + }) + } } }