Adjust security group to always communicate with the NAT EIP

heptio / aws-quickstart

AWS Kubernetes cluster via CloudFormation and kubeadm

Apache License 2.0

223 stars 134 forks source link

Adjust security group to always communicate with the NAT EIP #245

Closed johnSchnake closed 5 years ago

johnSchnake commented 5 years ago

If the user specifies an admin ingress location then the security group for the LB prevents communication with the NAT of the private subnet breaking the cluster. It should always permit communication to the Elastic IP of the NAT gateway.

Fixes #225

johnSchnake commented 5 years ago

So we want to see green on tests in the default case (no admin ingress set) but you also want to test it works when you set a specific IP as the bug report mentioned. I did this and was able to set up the cluster and get sonobuoy quick to pass.

johnSchnake commented 5 years ago

Problem with Jenkins; just closing and reopening to retrigger build.