Description
/kind bug
1. What kops version are you running? The command kops version, will display
this information.
1.29.2
2. What Kubernetes version are you running? kubectl version will print the
version if a cluster is running or provide the Kubernetes version specified as
a kops flag.
1.29.8
3. What cloud provider are you using?
AWS
4. What commands did you run? What is the simplest way to reproduce this issue?
kops edit cluster and add the security groups
5. What happened after the commands executed?
The security groups aren't added
6. What did you expect to happen?
The security groups to be added
7. Please provide your cluster manifest. Execute
kops get --name my.example.com -o yaml to display your cluster manifest.
You may want to remove your cluster name and other sensitive information.
My desired manifest is:
spec:
topology:
bastion:
bastionPublicName: xxx
loadBalancer:
additionalSecurityGroups:
- sg-xxx
- sg-xxxBut the result of kops get cluster includes
topology:
bastion:
bastionPublicName: xxx
loadBalancer: {}8. Please run the commands with most verbose logging by adding the -v 10 flag.
Paste the logs into this report, or in a gist and provide the gist link here.
"topology": {
"bastion": {
"publicName": "xxx",
"loadBalancer": {}
},
"dns": "Public"
},
9. Anything else do we need to know?
The docs describe how to add additional SGs here https://github.com/kubernetes/kops/blob/v1.29.2/docs/bastion.md#additional-security-groups-to-elb
But the code says otherwise:
https://github.com/kubernetes/kops/blob/v1.29.2/pkg/apis/kops/v1alpha2/bastion.go#L28
and
https://github.com/kubernetes/kops/blob/v1.29.2/k8s/crds/kops.k8s.io_clusters.yaml#L6197-L6198
So really this is a documentation error from what I can tell, but it wasted an hour of my time trying to figure out why my security groups weren't applying because I assumed I'd made an error.
Note: I'm linking to v1.29.2 tags here but it's still the same in the main branch and later tags.