From 77e1cb8243d3434d1bd1d8e69de4fa9ce0a3bea9 Mon Sep 17 00:00:00 2001 From: Jose Armesto Date: Thu, 21 Dec 2023 13:16:41 +0100 Subject: [PATCH] Backport secure VPC default SG change --- ...lplanes.controlplane.cluster.x-k8s.io.yaml | 19 ++++++++----------- ...lplanes.controlplane.cluster.x-k8s.io.yaml | 19 ++++++++----------- ...sters.infrastructure.cluster.x-k8s.io.yaml | 19 ++++++++----------- ...lates.infrastructure.cluster.x-k8s.io.yaml | 19 ++++++++----------- helm/cluster-api-provider-aws/values.yaml | 2 +- 5 files changed, 33 insertions(+), 45 deletions(-) diff --git a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml index fa73b6c6..5f178815 100644 --- a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta1/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml @@ -372,19 +372,13 @@ type: string description: Tags is a collection of tags describing the resource. type: object - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # required: - # - id + required: + - id type: object type: array - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # x-kubernetes-list-map-keys: - # - id - # x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map vpc: description: VPC configuration. properties: @@ -450,6 +444,9 @@ description: PoolID is the IP pool which must be defined in case of BYO IP is defined. Must be specified if CidrBlock is set. Mutually exclusive with IPAMPool. type: string type: object + secureDefaultVPCSecurityGroup: + description: SecureDefaultVPCSecurityGroup specifies whether the default VPC security group ingress and egress rules should be removed. + type: boolean tags: additionalProperties: type: string diff --git a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml index 1fb78427..a5bec8fe 100644 --- a/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/controlplane/patches/versions/v1beta2/awsmanagedcontrolplanes.controlplane.cluster.x-k8s.io.yaml @@ -368,19 +368,13 @@ type: string description: Tags is a collection of tags describing the resource. type: object - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # required: - # - id + required: + - id type: object type: array - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # x-kubernetes-list-map-keys: - # - id - # x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map vpc: description: VPC configuration. properties: @@ -446,6 +440,9 @@ description: PoolID is the IP pool which must be defined in case of BYO IP is defined. Must be specified if CidrBlock is set. Mutually exclusive with IPAMPool. type: string type: object + secureDefaultVPCSecurityGroup: + description: SecureDefaultVPCSecurityGroup specifies whether the default VPC security group ingress and egress rules should be removed. + type: boolean tags: additionalProperties: type: string diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml index 05468f35..363b90ef 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclusters.infrastructure.cluster.x-k8s.io.yaml @@ -356,19 +356,13 @@ type: string description: Tags is a collection of tags describing the resource. type: object - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # required: - # - id + required: + - id type: object type: array - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # x-kubernetes-list-map-keys: - # - id - # x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map vpc: description: VPC configuration. properties: @@ -434,6 +428,9 @@ description: PoolID is the IP pool which must be defined in case of BYO IP is defined. Must be specified if CidrBlock is set. Mutually exclusive with IPAMPool. type: string type: object + secureDefaultVPCSecurityGroup: + description: SecureDefaultVPCSecurityGroup specifies whether the default VPC security group ingress and egress rules should be removed. + type: boolean tags: additionalProperties: type: string diff --git a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml index 6af7b0ec..d442335d 100644 --- a/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml +++ b/helm/cluster-api-provider-aws/files/infrastructure/patches/versions/v1beta2/awsclustertemplates.infrastructure.cluster.x-k8s.io.yaml @@ -375,19 +375,13 @@ type: string description: Tags is a collection of tags describing the resource. type: object - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # required: - # - id + required: + - id type: object type: array - # While we migrate workload clusters to include the subnet `id` field (https://github.com/giantswarm/roadmap/issues/2870), - # this is commented out on purpose in the first step so that reconciliation continues working for old cluster-aws versions. - # --- - # x-kubernetes-list-map-keys: - # - id - # x-kubernetes-list-type: map + x-kubernetes-list-map-keys: + - id + x-kubernetes-list-type: map vpc: description: VPC configuration. properties: @@ -453,6 +447,9 @@ description: PoolID is the IP pool which must be defined in case of BYO IP is defined. Must be specified if CidrBlock is set. Mutually exclusive with IPAMPool. type: string type: object + secureDefaultVPCSecurityGroup: + description: SecureDefaultVPCSecurityGroup specifies whether the default VPC security group ingress and egress rules should be removed. + type: boolean tags: additionalProperties: type: string diff --git a/helm/cluster-api-provider-aws/values.yaml b/helm/cluster-api-provider-aws/values.yaml index fd5fa368..0ec4e22b 100644 --- a/helm/cluster-api-provider-aws/values.yaml +++ b/helm/cluster-api-provider-aws/values.yaml @@ -3,7 +3,7 @@ name: cluster-api-provider-aws # needed. Please read https://github.com/giantswarm/cluster-api-provider-aws/blob/main/README.md on how to create a # release. Please include the short commit SHA in the tag name, such as `v2.0.2-gs-123abcd`. After changing this # tag, please run `make generate` to update CRDs and other manifests. -tag: v2.3.0-gs-378440654 # upstream v2.3.0 + backported features/fixes (https://github.com/giantswarm/cluster-api-provider-aws/pull/576) +tag: v2.3.0-gs-5dac42e49 # upstream v2.3.0 + backported features/fixes (https://github.com/giantswarm/cluster-api-provider-aws/pull/576) infrastructure: image: