nodeport-sg: allow all ipv4 and ipv6 nodeport ingress rule

FIXME: we should use the VPC CIDR as the source CIDRs. But the IPv6 cidr
is not yet knowned at install time. We should edit the awscluster after
infraReady to add the VPC IPv6 CIDR as source instead.

Author: tthvo

pkg/asset/manifests/aws/cluster.go

@@ -156,7 +156,8 @@ func GenerateClusterAssets(ic *installconfig.InstallConfig, clusterID *installco
 						IPv6CidrBlocks: sshRuleCidrs.IPv6Nets().String(),
 					},
 				},
-				NodePortIngressRuleCidrBlocks: capiutils.MachineCIDRsFromInstallConfig(ic).String(),
+				// FIXME: Use the configured machine network instead
+				NodePortIngressRuleCidrBlocks: capiutils.AnyWhereCidrBlocks().String(),
 			},
 			S3Bucket: &capa.S3Bucket{
 				Name:                    GetIgnitionBucketName(clusterID.InfraID),

pkg/asset/manifests/capiutils/helpers.go

@@ -31,6 +31,13 @@ func MachineCIDRsFromInstallConfig(ic *installconfig.InstallConfig) ipnet.IPNets
 	return cidrs
 }
 
+// AnyWhereCidrBlocks returns the 0.0.0.0 and ::/0 CIDR blocks.
+func AnyWhereCidrBlocks() ipnet.IPNets {
+	return ipnet.IPNets{
+		*AnyIPv4CidrBlock, *AnyIPv6CidrBlock,
+	}
+}
+
 // IsEnabled returns true if the feature gate is enabled.
 func IsEnabled(installConfig *installconfig.InstallConfig) bool {
 	// TODO(padillon): refactor to remove IsEnabled function.