Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Default VPC security group has inbound rule to allow all ipv4 #964

Closed
dharaneeshvrd opened this issue Nov 17, 2022 · 1 comment · Fixed by #1166
Closed

Default VPC security group has inbound rule to allow all ipv4 #964

dharaneeshvrd opened this issue Nov 17, 2022 · 1 comment · Fixed by #1166
Assignees
@Prajyot-Parab
Labels
area/provider/ibmcloud Issues or PRs related to ibmcloud provider kind/bug Categorizes issue or PR as related to a bug.
Milestone
v0.5

Comments

@dharaneeshvrd
Copy link
Contributor

/kind bug
/area provider/ibmcloud

What steps did you take and what happened:
[A clear and concise description of what the bug is.]

Currently I can see default security group of VPC has inbound rule to allow all ipv4.
Its being updated from here https://github.com/kubernetes-sigs/cluster-api-provider-ibmcloud/blob/main/cloud/scope/cluster.go#L159

Is there any specific reason for this?

What did you expect to happen:

Ideally we should have inbound rule to allow whatever port we required to access the cluster.

Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]

Environment:

  • Cluster-api version:
  • Minikube/KIND version:
  • Kubernetes version: (use kubectl version):
  • OS (e.g. from /etc/os-release):
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. area/provider/ibmcloud Issues or PRs related to ibmcloud provider labels Nov 17, 2022
@dharaneeshvrd
Copy link
Contributor Author

@mkumatag
Is this an expected behaviour?
Ideally we should not open all inbound traffic right?

Btw, I would like to work on this. Let me know your opinion on this.

cc @Prajyot-Parab

@mkumatag mkumatag added this to the Next milestone Jan 13, 2023
@mkumatag mkumatag modified the milestones: Next, v0.5 Mar 10, 2023
@Prajyot-Parab Prajyot-Parab mentioned this issue Mar 21, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Prajyot-Parab Prajyot-Parab

Labels
area/provider/ibmcloud Issues or PRs related to ibmcloud provider kind/bug Categorizes issue or PR as related to a bug.
Projects
None yet
Milestone
v0.5
Development

Successfully merging a pull request may close this issue.

Fix inbound rule to allow only APIServerPort Prajyot-Parab/cluster-api-provider-ibmcloud
4 participants
@mkumatag @dharaneeshvrd @k8s-ci-robot @Prajyot-Parab