Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

allow eks_public_access_cidrs to be optionally set in nebari-config.yaml #2963

Open
wants to merge 6 commits into
base: main
Choose a base branch
from
Open

allow eks_public_access_cidrs to be optionally set in nebari-config.yaml #2963

wants to merge 6 commits into from

Conversation

dcmcand
Copy link
Contributor

@dcmcand dcmcand commented Feb 17, 2025

Reference Issues or PRs

closes #2881

What does this implement/fix?

adds ability to specify aws.eks_public_access_cidr in your nebari-config.yaml

Put a x in the boxes that apply

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds a feature)
  • Breaking change (fix or feature that would cause existing features not to work as expected)
  • Documentation Update
  • Code style update (formatting, renaming)
  • Refactoring (no functional changes, no API changes)
  • Build related changes
  • Other (please describe):

Testing

  • Did you test the pull request locally?
  • Did you add new tests?

How to test this PR?

Deploy to AWS

Go to the EKS console and under the networking tab, check that Public access source allowlist says "0.0.0.0/0"

add eks_public_access_cidrs: ["{YOUR_PUBLIC_IP}/32"] to your config under the AWS object

ex:

amazon_web_services:
  kubernetes_version: '1.31'
  region: us-east-2
  eks_public_access_cidrs: ["12.345.678.910/32"]
  node_groups:
    general:
      instance: m5.2xlarge
      min_nodes: 1
      max_nodes: 1
      gpu: false
      single_subnet: false
      permissions_boundary:
    user:
      instance: m5.xlarge
      min_nodes: 0
      max_nodes: 5
      gpu: false
      single_subnet: false
      permissions_boundary:
    worker:
      instance: m5.xlarge
      min_nodes: 0
      max_nodes: 5
      gpu: false
      single_subnet: false
      permissions_boundary:

Redeploy

Go to the EKS console and check that Public access source allowlist now reflects your configured range

Any other comments?

This is also feature parity for Azure and GCP

@dcmcand dcmcand added provider: AWS area: security 🔐 impact: critical Highest level of impact area: feature parity inconsistencies in features between cloud providers labels Feb 17, 2025
@dcmcand dcmcand added this to the 2025.2.1 Release milestone Feb 17, 2025
@dcmcand dcmcand requested a review from a team as a code owner February 17, 2025 13:19
@dcmcand dcmcand requested review from marcelovilla and viniciusdc and removed request for a team February 17, 2025 13:19
@dcmcand dcmcand added the needs: review 👀 This PR is complete and ready for reviewing label Feb 20, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@marcelovilla marcelovilla Awaiting requested review from marcelovilla marcelovilla is a code owner automatically assigned from nebari-dev/maintenance-team

@viniciusdc viniciusdc Awaiting requested review from viniciusdc viniciusdc is a code owner automatically assigned from nebari-dev/maintenance-team

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
area: feature parity inconsistencies in features between cloud providers area: security 🔐 impact: critical Highest level of impact needs: review 👀 This PR is complete and ready for reviewing provider: AWS
Projects
🪴 Nebari Project Management
Status: New 🚦
Milestone
Nebari Maintenance Team - Backlog
Development

Successfully merging this pull request may close these issues.

Fix code scanning alert - EKS cluster should not have open CIDR range for public access
2 participants
@dcmcand @viniciusdc