Update documentation with CP ingress rules

kubernetes-sigs · Jul 12, 2023 · da9142d · da9142d
1 parent 125756e
commit da9142d
Showing 1 changed file with 14 additions and 1 deletion.
diff --git a/docs/book/src/topics/bring-your-own-aws-infrastructure.md b/docs/book/src/topics/bring-your-own-aws-infrastructure.md
@@ -142,7 +142,7 @@ To specify additional security groups for the control plane load balancer for a
 ```yaml
 spec:
   controlPlaneLoadBalancer:
-    AdditionalsecurityGroups:
+    additionalsecurityGroups:
     - sg-0200a3507a5ad2c5c8c3
     - ...
 ```
@@ -175,6 +175,19 @@ spec:
 > 
 >An incorrectly configured Classic ELB can easily lead to a non-functional cluster. We strongly recommend you let Cluster API create the Classic ELB.
 
+### Control Plane ingress rules
+
+It's possible to specify custom ingress rules for the control plane itself. To do so, add this to the AWSCluster specification:
+
+```yaml
+spec:
+  network:
+    additionalControlPlaneIngressRules:
+    - description: "example ingress rule"
+      protocol: "-1" # all
+      fromPort: 7777
+      toPort: 7777
+```
 ### Caveats/Notes
 
 * When both public and private subnets are available in an AZ, CAPI will choose the private subnet in the AZ over the public subnet for placing EC2 instances.