Open rgs1 opened 5 months ago
Ok I see the issue now, it's true
by default if aws-load-balancer-security-groups
is not set. If aws-load-balancer-security-groups
is set, then you must specifically opt in. I'll update the docs to make this more clear.
@rgs1, yes your understanding is correct. If the user specifies the self-managed SG through aws-load-balancer-security-groups
annotation, the controller by default won't manage the backend sg rules. You can also check here for more details
https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/deploy/security_groups/
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle stale
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale
is appliedlifecycle/stale
was applied, lifecycle/rotten
is appliedlifecycle/rotten
was applied, the issue is closedYou can:
/remove-lifecycle rotten
/close
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
In the annotations docs it says that
aws-load-balancer-manage-backend-security-group-rules
defaults to true:https://github.com/kubernetes-sigs/aws-load-balancer-controller/blame/main/docs/guide/service/annotations.md#L52
However in the security docs the writing implies that it needs to be explicitly set:
https://github.com/kubernetes-sigs/aws-load-balancer-controller/blame/main/docs/deploy/security_groups.md#L64
To make things consistent we either need to document that the annotation defaults to
false
or make the default actuallytrue
. Making ittrue
by default is probably the desired path for most setups.