Kops: Allow extra security groups

👍

We need to determine if we able to edit, create, update, delete sec groups.

Another use-case:
Some entreprises insist that the IT will create all the AWS components like SG and the DevOps need to use them.

Another use case: we run stateful pods that we expose via HostPort. You might argue that we're bending the rules of what k8s is supposed to do, but it works well when set up manually. With kops we have an extra manual step where we need to open up those ports on the node instances with application of another security group.

I would like to prepare the pull request for this.

I thought of two parameters for create additional-node-sg-ids and additional-master-sg-ids which allows to add extra security groups which will be attached to masters/nodes.

To allow vendrov's use case i would prepare a third command line parameter --skip-create-sg which would skip creation/attaching of default security groups.

It would be great if you can specify desired SG(s) as parameter of InstanceGroup, so that you can have different set of SGs per different InstanceGroup.

I believe this is addressed by #1444 - please comment if not!

Closing - please reopen if needed

What about creating additional security groups directly in kops? I use kafka to stream a lot of data from iot devices. The best way to receive that data is through host port as kafka takes care of load balancing itself.

It would be lovely to be able to define a portrange/port to be open on the InstanceGroup kafka-nodes