You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
- To enable managing backend security group rules, apply an additional annotation to Ingress and Service resources.
- For Ingress resources, set the `alb.ingress.kubernetes.io/manage-backend-security-group-rules` annotation to `true`.
- For Service resources, set the `service.beta.kubernetes.io/aws-load-balancer-manage-backend-security-group-rules` annotation to `true`.
To make things consistent we either need to document that the annotation defaults to false or make the default actually true. Making it true by default is probably the desired path for most setups.
The text was updated successfully, but these errors were encountered:
Ok I see the issue now, it's true by default if aws-load-balancer-security-groups is not set. If aws-load-balancer-security-groups is set, then you must specifically opt in. I'll update the docs to make this more clear.
In the annotations docs it says that
aws-load-balancer-manage-backend-security-group-rules
defaults to true:https://github.com/kubernetes-sigs/aws-load-balancer-controller/blame/main/docs/guide/service/annotations.md#L52
However in the security docs the writing implies that it needs to be explicitly set:
https://github.com/kubernetes-sigs/aws-load-balancer-controller/blame/main/docs/deploy/security_groups.md#L64
To make things consistent we either need to document that the annotation defaults to
false
or make the default actuallytrue
. Making ittrue
by default is probably the desired path for most setups.The text was updated successfully, but these errors were encountered: