AWS Additional Security Group Spec

The AWS additional security group customization allows the user to specify security groups to the created machines. The customization can be applied to both control plane and nodepool machines. This customization will be available when the provider-specific cluster configuration patch is included in the ClusterClass.

Example

To specify addiitonal security groups for all control plane and nodepools, use the following configuration:

apiVersion: cluster.x-k8s.io/v1beta1
kind: Cluster
metadata:
  name: <NAME>
spec:
  topology:
    variables:
      - name: clusterConfig
        value:
          controlPlane:
            aws:
              additionalSecurityGroups:
              - id: "sg-0fcfece738d3211b8"
      - name: workerConfig
        value:
          aws:
            additionalSecurityGroups:
            - id: "sg-0fcfece738d3211b8"

We can further customize individual MachineDeployments by using the overrides field with the following configuration:

spec:
  topology:
    # ...
    workers:
      machineDeployments:
        - class: default-worker
          name: md-0
          variables:
            overrides:
              - name: workerConfig
                value:
                  aws:
                    additionalSecurityGroups:
                    - id: "sg-0fcfece738d3211b8"

Applying this configuration will result in the following value being set:

control-plane AWSMachineTemplate:

spec:
  template:
    spec:
      additionalSecurityGroups:
      - id: sg-0fcfece738d3211b8

worker AWSMachineTemplate:

spec:
  template:
    spec:
      additionalSecurityGroups:
      - id: sg-0fcfece738d3211b8

Feedback

Was this page helpful?

Glad to hear it! Please tell us how we can improve.

Sorry to hear that. Please tell us how we can improve.

Last modified September 12, 2024: fix: Do not use digests for Cilium images (#901) (10ea179)