kubernetes
diff --git a/‎k8s/crds/kops.k8s.io_clusters.yaml
Lines changed: 0 additions & 1 deletion b/‎k8s/crds/kops.k8s.io_clusters.yaml
Lines changed: 0 additions & 1 deletion
diff --git a/‎pkg/apis/kops/bastion.go
Lines changed: 1 addition & 0 deletions b/‎pkg/apis/kops/bastion.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/apis/kops/v1alpha2/bastion.go
Lines changed: 0 additions & 2 deletions b/‎pkg/apis/kops/v1alpha2/bastion.go
Lines changed: 0 additions & 2 deletions
diff --git a/‎pkg/apis/kops/v1alpha2/zz_generated.conversion.go
Lines changed: 2 additions & 1 deletion b/‎pkg/apis/kops/v1alpha2/zz_generated.conversion.go
Lines changed: 2 additions & 1 deletion
diff --git a/‎pkg/apis/kops/v1alpha3/bastion.go
Lines changed: 1 addition & 0 deletions b/‎pkg/apis/kops/v1alpha3/bastion.go
Lines changed: 1 addition & 0 deletions
diff --git a/‎pkg/apis/kops/v1alpha3/zz_generated.conversion.go
Lines changed: 2 additions & 0 deletions b/‎pkg/apis/kops/v1alpha3/zz_generated.conversion.go
Lines changed: 2 additions & 0 deletions
diff --git a/‎pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
Lines changed: 6 additions & 1 deletion b/‎pkg/apis/kops/v1alpha3/zz_generated.deepcopy.go
Lines changed: 6 additions & 1 deletion
diff --git a/‎pkg/apis/kops/zz_generated.deepcopy.go
Lines changed: 6 additions & 1 deletion b/‎pkg/apis/kops/zz_generated.deepcopy.go
Lines changed: 6 additions & 1 deletion
diff --git a/‎pkg/model/awsmodel/bastion.go
Lines changed: 14 additions & 0 deletions b/‎pkg/model/awsmodel/bastion.go
Lines changed: 14 additions & 0 deletions
diff --git a/‎tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content
Lines changed: 3 additions & 1 deletion b/‎tests/integration/update_cluster/bastionadditional_user-data/data/aws_s3_object_cluster-completed.spec_content
Lines changed: 3 additions & 1 deletion
@@ -6386,7 +6386,6 @@ spec:
                       loadBalancer:
                         properties:
                           additionalSecurityGroups:
-                            description: AdditionalSecurityGroups is unused
                             items:
                               type: string
                             type: array
 
@@ -24,6 +24,7 @@ type BastionSpec struct {
 }
 
 type BastionLoadBalancerSpec struct {
+	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
 	// Type of load balancer to create, it can be Public or Internal.
 	Type LoadBalancerType `json:"type,omitempty"`
 }
@@ -25,8 +25,6 @@ type BastionSpec struct {
 }
 
 type BastionLoadBalancerSpec struct {
-	// AdditionalSecurityGroups is unused
-	// +k8s:conversion-gen=false
 	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
 	// Type of load balancer to create, it can be Public or Internal.
 	Type LoadBalancerType `json:"type,omitempty"`
 
@@ -24,6 +24,7 @@ type BastionSpec struct {
 }
 
 type BastionLoadBalancerSpec struct {
+	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
 	// Type of load balancer to create, it can be Public or Internal.
 	Type LoadBalancerType `json:"type,omitempty"`
 }
@@ -393,6 +393,20 @@ func (b *BastionModelBuilder) Build(c *fi.CloudupModelBuilderContext) error {
 
 		c.AddTask(tg)
 
+		// Add additional security groups to the NLB
+		if b.Cluster.Spec.Networking.Topology != nil && b.Cluster.Spec.Networking.Topology.Bastion != nil && b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer != nil && b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer.AdditionalSecurityGroups != nil {
+			for _, id := range b.Cluster.Spec.Networking.Topology.Bastion.LoadBalancer.AdditionalSecurityGroups {
+				t := &awstasks.SecurityGroup{
+					Name:      fi.PtrTo(id),
+					Lifecycle: b.SecurityLifecycle,
+					ID:        fi.PtrTo(id),
+					Shared:    fi.PtrTo(true),
+				}
+				c.EnsureTask(t)
+				nlb.SecurityGroups = append(nlb.SecurityGroups, t)
+			}
+		}
+
 		c.AddTask(nlb)
 	}
 
 
@@ -209,6 +209,8 @@ spec:
     zone: us-test-1a
   topology:
     bastion:
-      loadBalancer: {}
+      loadBalancer:
+        additionalSecurityGroups:
+        - sg-exampleid
     dns:
       type: Public
Original file line number	Diff line number	Diff line change
`@@ -24,6 +24,7 @@ type BastionSpec struct {`
`24`	`24`	`}`
`25`	`25`
`26`	`26`	`type BastionLoadBalancerSpec struct {`
	`27`	+ AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
`27`	`28`	`// Type of load balancer to create, it can be Public or Internal.`
`28`	`29`	Type LoadBalancerType `json:"type,omitempty"`
`29`	`30`	`}`
Original file line number	Diff line number	Diff line change
`@@ -25,8 +25,6 @@ type BastionSpec struct {`
`25`	`25`	`}`
`26`	`26`
`27`	`27`	`type BastionLoadBalancerSpec struct {`
`28`		`- // AdditionalSecurityGroups is unused`
`29`		`- // +k8s:conversion-gen=false`
`30`	`28`	AdditionalSecurityGroups []string `json:"additionalSecurityGroups,omitempty"`
`31`	`29`	`// Type of load balancer to create, it can be Public or Internal.`
`32`	`30`	Type LoadBalancerType `json:"type,omitempty"`