Hi! We are using IstioOperator and istioctl to setup Istio in our AWS EKS Kubernetes cluster.
We use the service definition in the IstioOperator to define our Kubernetes service like so:
service:
ports:
- name: status-port
port: 15021
targetPort: 15021
- name: http2
port: 80
targetPort: 8080
- name: https
port: 443
targetPort: 8443
- name: tls
port: 15443
targetPort: 15443
This creates automatically an AWS Security Group for our load balancer, with inbound rules for ports 80, 443, 15021, 15443.
Problem: We want to not have ports 15021 and 15443 added to our Security Group inbound rules (because of AWS Security Hub issue EC2.18). Is it possible to achieve this with IstioOperator configuration?