Is your feature request related to a problem? Please describe:
There are security concerns in Security Groups created by TiDB and Grafana Service LoadBalancers where by default it creates a 0.0.0.0/0 inbound rule.
These ingress/inbound rules should instead be limited to allowed access only
Describe alternatives you've considered:
We can directly edit Kubernetes Services but that can be overwritten anytime.
Enabling this would enable better config management.
Feature Request
Is your feature request related to a problem? Please describe: There are security concerns in Security Groups created by TiDB and Grafana Service LoadBalancers where by default it creates a 0.0.0.0/0 inbound rule. These ingress/inbound rules should instead be limited to allowed access only
Describe the feature you'd like: Enable Limiting of Source IP Ranges in Service LoadBalancers(
spec.loadBalancerSourceRanges
) https://kubernetes.io/docs/concepts/services-networking/service/#aws-nlb-supportDescribe alternatives you've considered: We can directly edit Kubernetes Services but that can be overwritten anytime. Enabling this would enable better config management.
Teachability, Documentation, Adoption, Migration Strategy: If this is enabled user will only have to set the allowed access ips here: https://github.com/pingcap/tidb-operator/blob/v1.0.6/deploy/modules/aws/tidb-cluster/values/default.yaml#L10