SREP-2895: Add TargetGroupAttributes permissions to HCP CCM policy

[MitaliBhalla]

Add elasticloadbalancing:DescribeTargetGroupAttributes and elasticloadbalancing:ModifyTargetGroupAttributes for NLB hairpin support.

Reference: OCPBUGS-65885, SREP-2895

What type of PR is this?

feature

What this PR does / why we need it?

Adds two missing AWS IAM permissions to the HCP kube controller manager (CCM) policy:
elasticloadbalancing:DescribeTargetGroupAttributes
elasticloadbalancing:ModifyTargetGroupAttributes
These permissions are required for the Cloud Controller Manager to support NLB hairpin traffic on private load balancers. Without them, LoadBalancer services with the preserve_client_ip.enabled=false target group attribute fail to provision.

Which Jira/Github issue(s) this PR fixes?

OCPBUGS-65885, SREP-2895
Reference : openshift/hypershift#7339

Fixes #
OCPBUGS-65885

Special notes for your reviewer:

Pre-checks (if applicable):

• Tested latest changes against a cluster

• Included documentation changes with PR

• If this is a new object that is not intended for the FedRAMP environment (if unsure, please reach out to team FedRAMP), please exclude it with:

  matchExpressions:
  - key: api.openshift.com/fedramp
    operator: NotIn
    values: ["true"]

[openshift-ci-robot]

@MitaliBhalla: This pull request references SREP-2895 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the story to target the "4.22.0" version, but no target version was set.

Details

In response to this:

Add elasticloadbalancing:DescribeTargetGroupAttributes and elasticloadbalancing:ModifyTargetGroupAttributes for NLB hairpin support.

Reference: OCPBUGS-65885, SREP-2895

What type of PR is this?

feature

What this PR does / why we need it?

Adds two missing AWS IAM permissions to the HCP kube controller manager (CCM) policy:
elasticloadbalancing:DescribeTargetGroupAttributes
elasticloadbalancing:ModifyTargetGroupAttributes
These permissions are required for the Cloud Controller Manager to support NLB hairpin traffic on private load balancers. Without them, LoadBalancer services with the preserve_client_ip.enabled=false target group attribute fail to provision.

Which Jira/Github issue(s) this PR fixes?

OCPBUGS-65885, SREP-2895
Reference : openshift/hypershift#7339

Fixes #
OCPBUGS-65885

Special notes for your reviewer:

Pre-checks (if applicable):

• Tested latest changes against a cluster

• Included documentation changes with PR

• If this is a new object that is not intended for the FedRAMP environment (if unsure, please reach out to team FedRAMP), please exclude it with:

  matchExpressions:
  - key: api.openshift.com/fedramp
    operator: NotIn
    values: ["true"]

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[bmeng]

/lgtm

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: bmeng, MitaliBhalla

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Details

Needs approval from an approver in each of these files:

• resources/sts/OWNERS [bmeng]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@MitaliBhalla: all tests passed!

Full PR test history. Your PR dashboard.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. I understand the commands that are listed here.