From 12f141a40f863fc7c3ae047a55e251b3b00da79c Mon Sep 17 00:00:00 2001 From: Peter Winter Date: Mon, 27 Oct 2025 20:04:41 +0100 Subject: [PATCH 1/2] add current metrics-server default port 10251 to the recommended security group rules, add TODO note to remove the metrics-server legacy port 4443 on the next breaking change --- node_groups.tf | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/node_groups.tf b/node_groups.tf index 5a1655613e..9900e215ba 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -117,7 +117,7 @@ locals { type = "ingress" self = true } - # metrics-server + # metrics-server, legacy port - TODO: remove this on the next breaking change at v22 ingress_cluster_4443_webhook = { description = "Cluster API to node 4443/tcp webhook" protocol = "tcp" @@ -126,6 +126,15 @@ locals { type = "ingress" source_cluster_security_group = true } + # metrics-server, current EKS default port + ingress_cluster_10251_webhook = { + description = "Cluster API to node 4443/tcp webhook" + protocol = "tcp" + from_port = 10251 + to_port = 10251 + type = "ingress" + source_cluster_security_group = true + } # prometheus-adapter ingress_cluster_6443_webhook = { description = "Cluster API to node 6443/tcp webhook" From 5ed8a13eaed4a06c1b41ae52f9df6a1c4763655e Mon Sep 17 00:00:00 2001 From: Peter Winter Date: Mon, 27 Oct 2025 20:24:53 +0100 Subject: [PATCH 2/2] Update node_groups.tf Co-authored-by: Bryant Biggs --- node_groups.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/node_groups.tf b/node_groups.tf index 9900e215ba..f43a3e325d 100644 --- a/node_groups.tf +++ b/node_groups.tf @@ -128,7 +128,7 @@ locals { } # metrics-server, current EKS default port ingress_cluster_10251_webhook = { - description = "Cluster API to node 4443/tcp webhook" + description = "Cluster API to node 10251/tcp webhook" protocol = "tcp" from_port = 10251 to_port = 10251