AWS Load balancer controller deletes security group inbound rules and adds open to internet automatically

[harsha20494]

Describe the bug AWS Load balancer controller deletes security group inbound rules and adds open to internet automatically

Steps to reproduce

1. Add inbound rules to ALB security group.
2. Leave the setup for one month.

Expected outcome

1. We observed the security rules that we added to ALB got removed from AWS load balancer controller user and open to internet got added automatically

Environment

• AWS Load Balancer controller version(latest)
• Kubernetes version(1.22)
• Using EKS (yes) Additional Context:

[M00nF1sh]

@harsha20494 You should not manually modify the securityGroup created by ALB, the rules is automatically managed by the controller, every reconcile(e.g. when node changes) will bring it to the desired state controller expects. You can use annotation https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#inbound-cidrs to customize the inbound CIDR to desired one.

Alternatively, you can use annotation(https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.4/guide/ingress/annotations/#security-groups) to specify a security created by you if you want more flexibility.

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle stale
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue as fresh with /remove-lifecycle rotten
• Close this issue with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[oliviassss]

@harsha20494, I'm closing this issue as for now, please feel free to reach out or reopen if you have any questions. Thanks