-
Notifications
You must be signed in to change notification settings - Fork 1.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Missing "aws-load-balancer-extra-security-groups" annotation #3679
Comments
Hi @dcodix, thanks for the question! At this time, the AWS Load Balancer Controller does not support this type of annotation. We do have two related annotations to specify the security groups to attach. However, these replace the controller-managed security group, rather than attaching additional security groups.
We are open to a contribution for this annotation :) /kind feature |
Perhaps I can take this :) @andreybutenko |
/assign |
@omerap12 Awesome, thanks for working on this :) Post here if you need anything! |
Thanks to both @omerap12 and @andreybutenko ! I was also writing something, but I had to stop because of work,... I will test this soon, and let you know if it solves my particular problem, but even if it works, it may still be a good idea to be able able to add the extra SG for other use cases ? |
Sorry I clicked to create the PR by accident. |
Hey @dcodix @andreybutenko , |
Is your feature request related to a problem?
It is. We were trying to migrate from the standard controller to the aws-load-balancer-controller and we are hitting a wall right now.
In the other controller there is this annotation "aws-load-balancer-extra-security-groups" that seems to have been dropped here (or I am failing to make it work).
We are using that annotation to attach to all our LBs a pre-created SG which would open the R53 healthchecks. We are doing it this way because we are using the aws managed prefix list, otherwise we could not list all the IPs needed for the r53 healthchecks to work.
With this controller we don't seem to be able to do so. We still want the "main" SG to be controller by the controller, but we need to add the extra SG managed outside of k8s.
Describe the solution you'd like
Just add the functionality for the annotation
aws-load-balancer-extra-security-groups
Describe alternatives you've considered
If we cannot do this we might need either:
The text was updated successfully, but these errors were encountered: