Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(eks): KubectlProvider creates un-necessary security group #13178

Merged
merged 8 commits into from
Feb 21, 2021

Conversation

iliapolo
Copy link
Contributor

Following #10200, our KubectlProvider functions are now provisioned inside a VPC when applicable. A somewhat unintended side effect is that the provider framework will create and use a dedicated security group for its functions.

This can violate organizational policies that don't allow CDK to create security groups. We can easily avoid this by simply reusing the kubectlSecurityGroup, which must be defined in this case, and passing it to the provider.

Fixes #12952


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

@gitpod-io
Copy link

gitpod-io bot commented Feb 21, 2021

@github-actions github-actions bot added the @aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service label Feb 21, 2021
@mergify mergify bot added the contribution/core This is a PR that came from AWS. label Feb 21, 2021
@iliapolo iliapolo requested a review from eladb February 21, 2021 13:16
@eladb eladb added the pr/do-not-merge This PR should not be merged at this time. label Feb 21, 2021
@eladb eladb removed the pr/do-not-merge This PR should not be merged at this time. label Feb 21, 2021
@mergify
Copy link
Contributor

mergify bot commented Feb 21, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@aws-cdk-automation
Copy link
Collaborator

AWS CodeBuild CI Report

  • CodeBuild project: AutoBuildProject89A8053A-LhjRyN9kxr8o
  • Commit ID: ee48d60
  • Result: SUCCEEDED
  • Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

@mergify
Copy link
Contributor

mergify bot commented Feb 21, 2021

Thank you for contributing! Your pull request will be updated from master and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

@mergify mergify bot merged commit c5e8b6d into master Feb 21, 2021
@mergify mergify bot deleted the epolon/eks-reuse-cluster-sg branch February 21, 2021 15:45
eladb pushed a commit that referenced this pull request Feb 22, 2021
Following #10200, our `KubectlProvider` functions are now provisioned inside a VPC when applicable. A somewhat unintended side effect is that the provider framework will **create** and use a dedicated security group for its functions. 

This can violate organizational policies that don't allow CDK to create security groups. We can easily avoid this by simply reusing the `kubectlSecurityGroup`, which must be defined in this case, and passing it to the provider. 

Fixes #12952

----

*By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
@aws-cdk/aws-eks Related to Amazon Elastic Kubernetes Service contribution/core This is a PR that came from AWS.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

(eks): KubectlProvider creates un-necessary security group for the provider function
3 participants