Kops: Attach additional security group rules to node security group?

Created on 25 Jan 2017  路  2Comments  路  Source: kubernetes/kops

Is is possible to attach additional security groups to the rules for the node security group? Our use case is that we want to deploy Kubernetes into an existing VPC. The Kubernetes VPC is peered with another VPC that holds things like RDS instances and long-lived EC2 sysstems and want the Kubernetes nodes to be able to communicate with these systems by basically creating an ALLOW ALL set of ingress and egress rules.

pr-available
Source
picture plombardi89
👍4

Most helpful comment

This should work in 1.5.0, there are two new flags in kops create cluster:

      --master-security-groups stringSlice   Add precreated additional security groups to masters.
      --node-security-groups stringSlice     Add precreated additional security groups to nodes.

This populates a new field additionalSecurityGroups on each instance group.

picture justinsb on 5 Feb 2017
👍7

All 2 comments

We have a bunch of issues open on this topic. We here yah. 1.5.x timeframe

chrislovecnm picture chrislovecnm on 27 Jan 2017

This should work in 1.5.0, there are two new flags in kops create cluster:

      --master-security-groups stringSlice   Add precreated additional security groups to masters.
      --node-security-groups stringSlice     Add precreated additional security groups to nodes.

This populates a new field additionalSecurityGroups on each instance group.

justinsb picture justinsb on 5 Feb 2017
👍7
Was this page helpful?
0 / 5 - 0 ratings

Related issues

pluttrell picture pluttrell  路  4Comments
yetanotherchris picture yetanotherchris  路  3Comments
argusua picture argusua  路  5Comments
owenmorgan picture owenmorgan  路  3Comments
olalonde picture olalonde  路  4Comments