feat: Add recommended security group rule for port 10251 to match E…

…KS addon for `metrics-server` (#3562) * add current metrics-server default port 10251 to the recommended security group rules, add TODO note to remove the metrics-server legacy port 4443 on the next breaking change * Update node_groups.tf Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com> --------- Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>
SCT-Engineering · Oct 27, 2025 · de8c550 · de8c550
1 parent 96dbaa0
commit de8c550
Showing 1 changed file with 10 additions and 1 deletion.
diff --git a/node_groups.tf b/node_groups.tf
@@ -117,7 +117,7 @@ locals {
       type        = "ingress"
       self        = true
     }
-    # metrics-server
+    # metrics-server, legacy port - TODO: remove this on the next breaking change at v22
     ingress_cluster_4443_webhook = {
       description                   = "Cluster API to node 4443/tcp webhook"
       protocol                      = "tcp"
@@ -126,6 +126,15 @@ locals {
       type                          = "ingress"
       source_cluster_security_group = true
     }
+    # metrics-server, current EKS default port
+    ingress_cluster_10251_webhook = {
+      description                   = "Cluster API to node 10251/tcp webhook"
+      protocol                      = "tcp"
+      from_port                     = 10251
+      to_port                       = 10251
+      type                          = "ingress"
+      source_cluster_security_group = true
+    }
     # prometheus-adapter
     ingress_cluster_6443_webhook = {
       description                   = "Cluster API to node 6443/tcp webhook"