bacongobbler
commented
8 years ago After fetching the workflow chart via helmc fetch deis/workflow-v2.0.0 you can make modifications to the router by editing the chart via helmc edit workflow-v2.0.0, at which point you can add these annotations to the chart. If it's already deployed, just use kubectl --namespace=deis edit rc deis-router and apply the annotations.
Let me know if you need more help with this. :)
The AWS Kubernetes team pointed me to this...I wanted to share in case anyone else was attempting something similar.
We wanted to restrict access to Workflow to a limited range of addresses. By default K8S/AWS creates load balancers that are open to the world. Changes to the security group after the load balancer is created just get reverted a short time later.
Kubernetes has an annotation that supports narrowing the security group.
https://github.com/kubernetes/kubernetes/blob/dae5ac482861382e18b1e7b2943b1b7f333c6a2a/pkg/api/service/annotations.go
Just provide this in deis-router-service.yaml before creating the service.