Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ManagedNodeGroupOptions doesn't allow SecurityGroup configuration #371

Open
nimakaviani opened this issue Apr 11, 2020 · 9 comments
Open

ManagedNodeGroupOptions doesn't allow SecurityGroup configuration #371

nimakaviani opened this issue Apr 11, 2020 · 9 comments
Labels
kind/enhancement Improvements or new features

Comments

@nimakaviani
Copy link

Problem description

Looking at the code for creating managed node groups, it looks like the arguments for ManagedNodeGroupOptions are derived from NodeGroupArgs here which doesn't allow for configuring SecurityGroups on ManagedNodeGroups or on aws.eks.NodeGroup. is this intentional?

For managed NodeGroups I think it will be helpful to be able to define custom security groups.

Also the behavior seems to be different for eks.NodeGroups since through NodeGroupBaseOptions the security group on the respective nodes can be configured.
@metral
Copy link
Contributor

metral commented Apr 13, 2020
edited
Loading

For managed NodeGroups I think it will be helpful to be able to define custom security groups.

Thanks for opening the issue, Nima.
EKS Managed Node Groups do not currently support setting security groups.

There is an issue tracking this for EKS in the AWS container roadmap: aws/containers-roadmap#609.

Here is more details from AWS:

Also the behavior seems to be different for eks.NodeGroups since through NodeGroupBaseOptions the security group on the respective nodes can be configured.

eks.NodeGroup are self-managed nodegroups, which means that they are configured using a CloudFormation Stack with an autoscaling group -- lending themselves to more configuration options compared to an AWS Managed node group.

Here is more details on the differences between managed node groups and self-managed node groups:

@nimakaviani
Copy link
Author

Thanks @metral for the reply. I was thrown off by sourceSecurityGroupIds for remote access. I will keep an eye on the open issue on aws that you pointed to.

@tonymkhael
Copy link

Hello @metral ,

The referenced dependency issue has been completed a while ago on EKS. Any chance to get this done? Or is there another workaround? (I need to attach custom SGs to nodes to allow private ECR endpoint image pulling..

@better0332
Copy link

aws/containers-roadmap#609 have done, can we support now?

@TapTap21
Copy link

This is a blocking feature for a bunch of stuff. Will this be added?

@milliondreams
Copy link

This is a requirement for Karpenter as it requires to setup additional ingress roles.
Is there any plan or workaround for this?

@s-martinelli
Copy link

Hi - Any updates about this feature?

@lukehoban lukehoban added the kind/enhancement Improvements or new features label Aug 3, 2023
@bradyburke
Copy link

bradyburke commented Aug 28, 2023
edited
Loading

@metral @lukehoban Any updates on this?

@t0yv0 t0yv0 mentioned this issue Apr 3, 2024
Open
@flostadler
Copy link
Contributor

You can set custom security groups via the launchTemplate parameter of the ManagedNodeGroup. This one allows you to set a custom launch template.

That being said, we already added a couple of parameters to modify the launch template (e.g. kubeletExtraArgs, bootstrapExtraArgs). I think adding one for security groups would be a good idea.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement Improvements or new features
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@lukehoban @milliondreams @metral @tonymkhael @flostadler @nimakaviani @better0332 @TapTap21 @s-martinelli @bradyburke