SecondaryControlPlaneLoadbalancer ingress rules not applied #4865
Description
/kind bug
What steps did you take and what happened:
Ingress rules specified in the secondary load balancer are not applied.
What did you expect to happen:
All ingress rules to be applied.
Anything else you would like to add:
The following cluster spec:
awsCluster := &capa.AWSCluster{
Spec: capa.AWSClusterSpec{
ControlPlaneLoadBalancer: &capa.AWSLoadBalancerSpec{
Name: ptr.To("internal"),
LoadBalancerType: capa.LoadBalancerTypeNLB,
Scheme: &capa.ELBSchemeInternal,
AdditionalListeners: []capa.AdditionalListenerSpec{
{
Port: 22623,
Protocol: capa.ELBProtocolTCP,
},
},
IngressRules: []capa.IngressRule{
{
Description: "Machine Config Server internal traffic from cluster",
Protocol: capa.SecurityGroupProtocolTCP,
FromPort: 22623,
ToPort: 22623,
CidrBlocks: []string{"10.0.0.0/16"},
},
},
},
SecondaryControlPlaneLoadBalancer = &capa.AWSLoadBalancerSpec{
Name: ptr.To("external"),
LoadBalancerType: capa.LoadBalancerTypeNLB,
Scheme: &capa.ELBSchemeInternetFacing,
IngressRules: []capa.IngressRule{
{
Description: "Kubernetes API Server traffic for public access",
Protocol: capa.SecurityGroupProtocolTCP,
FromPort: 6443,
ToPort: 6443,
CidrBlocks: []string{"0.0.0.0/0"},
},
},
},
},
}
The allow-all on 6443 rules won't be applied to the security group.
Environment:
- Cluster-api-provider-aws version: main @ b2bebfb
- Kubernetes version: (use
kubectl version): 1.29 - OS (e.g. from
/etc/os-release): RHCOS