rosskukulinski
commented
5 years ago @rbankston could you please provide some additional details on how to reproduce this issue
Closed rbankston closed 5 years ago
rosskukulinski
commented
5 years ago @rbankston could you please provide some additional details on how to reproduce this issue
rbankston
commented
5 years ago 1) Launch latest AWS-quickstart template from the Readme.
2) Proceed to fill out fields in the template as normal
3) In Admin Ingress Location enter your ip address. If 1.2.3.4 is your ip address. You would enter 1.2.3.4/32 as the Admin Ingress Location
4) Launch quickstart
5) Wait for failures
During the process the Quickstart will start to launch. It will eventually fail. The failure occurs because of security group restrictions. The Admin ingress location will be set properly to allow your local IP address. The load balancer for the control plane will be set to allow traffic from only 1.2.3.4/32 on ports 6443 and 443 sent to port 6443 of the control plane instance. The external control plane nat ip address isn't allowed to access the load balancer causing the cluster to fail creation.
rosskukulinski
commented
5 years ago @timothysc FYI - low priority, but definitely a bug we should probably fix.
What steps did you take and what happened: Created an AWS Quickstart cluster and utilized the Admin Ingress Location IP address of my local isp to lock down access to the cluster.
The API ELB is locked down to only my admin ingress location but not any nodes for the cluster.
What did you expect to happen: Cluster would be created and function properly without manual intervention.
Anything else you would like to add: Was able to make the api elb work when adding the EIP of the vpc to the api security group.
kubectl version):Kubernetes 1.11.1/etc/os-release): Ubuntu 16.04