Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add security group option for network load balancer #1282

Closed
w0aw opened this issue May 8, 2024 · 4 comments 路 Fixed by #1285
Closed

add security group option for network load balancer #1282

w0aw opened this issue May 8, 2024 · 4 comments 路 Fixed by #1285
Assignees
@flostadler
Labels
kind/enhancement Improvements or new features resolution/fixed This issue was fixed size/S Estimated effort to complete (1-2 days).

Comments

@w0aw
Copy link

w0aw commented May 8, 2024

Hello!

  • Vote on this issue by adding a 馃憤 reaction
  • If you want to implement this feature, comment to let us know (we'll work with you on design, scheduling, etc.)

Issue details

i have an k3s cluster running on private subnet. with 2 k3s master nodes behind an NLB and now if i try to join a new worker node using NLB dns then it fails. like the dns resolves to some private ips which are not reachable and curretly i am using a single master node's private ip join new worker nodes. if somehow i can add a security group (that allow all ingress traffic from same vpc) then this issue can be solved.

Affected area/feature

thank you. i hope i am on right place
@w0aw w0aw added kind/enhancement Improvements or new features needs-triage Needs attention from the triage team labels May 8, 2024
@flostadler
Copy link
Contributor

Hey @w0aw, thanks for bringing this up! I assume you're referring to the NetworkLoadBalancer component resource, right?

You're correct that it (and the ALB resource) is lacking a way to configure security groups for the NLB right now. I'm gonna work on prioritizing this.

As a workaround you could use transformations (https://www.pulumi.com/docs/concepts/options/transformations/) to inject the securityGroups parameter on the underlying aws:lb/loadBalancer:LoadBalancer resource while we work on adding exposing the parameter here.

@flostadler flostadler added size/S Estimated effort to complete (1-2 days). and removed needs-triage Needs attention from the triage team labels May 8, 2024
@flostadler flostadler mentioned this issue May 8, 2024
Merged
@flostadler flostadler self-assigned this May 8, 2024
@w0aw
Copy link
Author

w0aw commented May 11, 2024

hi @flostadler, thanks for resolving this issue. can you please confirm how long it will take to get merged and npm release?

flostadler added a commit that referenced this issue May 14, 2024
@flostadler
Add Security Group to NLBs (#1285)
8bcfa31 
Since August 23 NLBs support Security Groups as well now (see [AWS blog
post](https://aws.amazon.com/blogs/containers/network-load-balancers-now-support-security-groups/)).

This change adds the parameter for configuring security groups to the
NLB component. The one notable difference compared to the ALB component
is that I refrained from adding the default security group. For NLBs
security groups cannot be added if none are currently present, and
cannot all be removed once added. Adding a default security group to
NLBs would cause replacements during upgrades.

Fixes #1282

Also re-enabled the LB upgrade tests and re-recorded them. They were
failing because they were using invokes under the hood to get the
default subnet. Invokes are not compatible with upgrade tests because
they don't use the recorded calls and instead reach out to the cloud
instead.
Fixes #1265 &
#1114
@pulumi-bot pulumi-bot added the resolution/fixed This issue was fixed label May 14, 2024
@flostadler
Copy link
Contributor

Hey @w0aw, I just merged this. If all goes according to plan the release should be done by the end of today. I'll give an update here once that's done

@flostadler
Copy link
Contributor

@w0aw this got released just now as part of https://github.com/pulumi/pulumi-awsx/releases/tag/v2.10.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@flostadler flostadler

Labels
kind/enhancement Improvements or new features resolution/fixed This issue was fixed size/S Estimated effort to complete (1-2 days).
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Security Group to NLBs pulumi/pulumi-awsx
3 participants
@flostadler @pulumi-bot @w0aw