Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement arbitrary additional ingress rules to support CAPRKE2 #5511

Open
amsuggs37 opened this issue Mar 25, 2025 · 2 comments · May be fixed by #5525
Open

Implement arbitrary additional ingress rules to support CAPRKE2 #5511

amsuggs37 opened this issue Mar 25, 2025 · 2 comments · May be fixed by #5525
Assignees
@Danil-Grigorev
Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Milestone
v1.20

Comments

@amsuggs37
Copy link

/kind feature

Describe the solution you'd like
It appears that CAPZ does not support CAPRKE2 as the RKE2 controlplane/bootstrap providers require additional ingress rules on the cluster loadbalancer for cluster nodes to join the cluster.
CAPZ only listens on port 6443 in the cluster loadbalancer which is not sufficient for the RKE2 nodes.

CAPZ should implement the ability to add an arbitrary number of additional ingress rules on the control plane loadbalancer yaml resource in order to support the CAPRKE2 controlplane/bootstrap providers.

Anything else you would like to add:
See required ports for rke2.
See the example AWS deployment in the CAPRKE2 project for reference.
The CAPRKE2 providers are adopted and documented in the upstream CAPI provider list

Environment:

  • cluster-api-provider-azure version: latest
  • Kubernetes version: (use kubectl version): 1.30
  • OS (e.g. from /etc/os-release): rocky/rhel 9
@k8s-ci-robot k8s-ci-robot added the kind/feature Categorizes issue or PR as related to a new feature. label Mar 25, 2025
@nawazkh nawazkh added the priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release. label Mar 25, 2025
@Danil-Grigorev Danil-Grigorev linked a pull request Mar 28, 2025 that will close this issue
Open
4 tasks
@Danil-Grigorev
Copy link
Member

Danil-Grigorev commented Mar 28, 2025
edited
Loading

Hey, I opened a small PR - #5525, to improve UX for this use-case. Would be glad to get a review, and opinions if this change of defaulting behavior for securityRules is acceptable in this case, also fine to change it to a new field (something like additionalSecurityRules) if this is needed.

@Danil-Grigorev Danil-Grigorev moved this to PR to be reviewed in CAPI / Turtles Apr 4, 2025
@Danil-Grigorev
Copy link
Member

/assign

@nawazkh nawazkh added this to the v1.20 milestone Apr 10, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Danil-Grigorev Danil-Grigorev

Labels
kind/feature Categorizes issue or PR as related to a new feature. priority/important-soon Must be staffed and worked on either currently, or very soon, ideally in time for the next release.
Projects
CAPZ Planning
Status: Todo
Milestone
v1.20
4 participants
@k8s-ci-robot @nawazkh @Danil-Grigorev @amsuggs37