-
Notifications
You must be signed in to change notification settings - Fork 631
Open
@aviral-agarwal
Description
/kind bug
What steps did you take and what happened:
in the CRD's documentation https://cluster-api-aws.sigs.k8s.io/crd/#infrastructure.cluster.x-k8s.io/v1beta2.NetworkSpec
I see additionalNodeIngressRules to add ingress rules to the Security Group for all nodes
But when I check the installed CRD for AWSCluster, I do not see it
❯ kubectl get crd awsclusters.infrastructure.cluster.x-k8s.io -o jsonpath='{.spec.versions[*].name}'
v1beta1 v1beta2
❯ kubectl get crd awsclusters.infrastructure.cluster.x-k8s.io -o yaml | grep -nA2 -B2 additionalNodeIngressRules
❯ kubectl -n capa-system get deploy -l cluster.x-k8s.io/provider=infrastructure-aws -o jsonpath='{..image}'
registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.8.4
❯ kubectl explain awscluster.spec.network.additionalNodeIngressRules
GROUP: infrastructure.cluster.x-k8s.io
KIND: AWSCluster
VERSION: v1beta2
error: field "additionalNodeIngressRules" does not exist
I do see spec.network.additionalControlPlaneIngressRules in AWSCluster
❯ kubectl explain awscluster.spec.network.additionalControlPlaneIngressRules
GROUP: infrastructure.cluster.x-k8s.io
KIND: AWSCluster
VERSION: v1beta2
FIELD: additionalControlPlaneIngressRules <[]Object>
DESCRIPTION:
AdditionalControlPlaneIngressRules is an optional set of ingress rules to
add to the control plane
IngressRule defines an AWS ingress rule for security groups.
.
.
.
when using Cilium CNI in ENI mode, Security Group ingress rules can become very important to configure
I installed using clusterctl init
What did you expect to happen:
the field spec.network.additionalNodeIngressRules should exist as per the CRD documentation
Anything else you would like to add:
- Maybe a related issue Support configuring custom k8s node port range in security groups #5617
- definitely a related conversation in the slack channel, https://kubernetes.slack.com/archives/CD6U2V71N/p1753375843557799?thread_ts=1753369517.853449&cid=CD6U2V71N
- GitHub code search also shows the field should be there
https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/api/v1beta2/network_types.go#L363-L365
Environment:
on kind cluster
- Cluster-api-provider-aws version: 2.8.4
- Kubernetes version: (use
kubectl version):
❯ kubectl version
Client Version: v1.33.4
Kustomize Version: v5.6.0
Server Version: v1.33.1
- OS (e.g. from
/etc/os-release): Ubuntu 24.04.3 LTS