-
Story
-
Resolution: Unresolved
-
Undefined
-
None
-
None
-
None
-
Product / Portfolio Work
-
False
-
-
False
-
1
-
2
-
None
-
Installer Sprint 274, Installer Sprint 275, Installer Sprint 276, Installer Sprint 277, Installer Sprint 278, Installer Sprint 279, Installer Sprint 280
User Story:
As a (user persona), I want to be able to SSH into a bastion host (if enabled) over IPv6 when the cluster is IPv6-enabled.
Currently, the bastion security group (SG) is only configured to allow IPv4 CIDRs.
Acceptance Criteria:
Description of criteria:
- Allowed IPv6 CIDRs for bastion SSH should be configurable.
- Allowed IPv6 CIDRs for bastion SSH should default to ::/0 if unset.
- Allowed IPv6 CIDRs for bastion SSH should be added to bastion SG.
(optional) Out of Scope:
Detail about what is specifically not being delivered in the story
Engineering Details:
- Bastion type definition: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/517ae6c7662baa564b37b48c1d38de8d4aac991f/api/v1beta2/awscluster_types.go#L156
- Bastion SG configuration: https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/4e912b4e4d1f855abf9b5194acaf9f31b5763c57/pkg/cloud/services/securitygroup/securitygroups.go#L596-L604
- We can either define a new field or extend the existing one awscluster.spec.bastion.allowedCIDRBlocks to accept IPv6 CIDRs.
This requires/does not require a design proposal.
This requires/does not require a feature gate.