Bug: Missing `additionalNodeIngressRules` field in the actual CRD but present in documentation

[aviral-agarwal]

/kind bug

What steps did you take and what happened:
in the CRD's documentation https://cluster-api-aws.sigs.k8s.io/crd/#infrastructure.cluster.x-k8s.io/v1beta2.NetworkSpec
I see additionalNodeIngressRules to add ingress rules to the Security Group for all nodes

But when I check the installed CRD for AWSCluster, I do not see it

❯ kubectl get crd awsclusters.infrastructure.cluster.x-k8s.io -o jsonpath='{.spec.versions[*].name}'
v1beta1 v1beta2

❯ kubectl get crd awsclusters.infrastructure.cluster.x-k8s.io -o yaml | grep -nA2 -B2 additionalNodeIngressRules


❯ kubectl -n capa-system get deploy -l cluster.x-k8s.io/provider=infrastructure-aws -o jsonpath='{..image}'
registry.k8s.io/cluster-api-aws/cluster-api-aws-controller:v2.8.4

❯ kubectl explain awscluster.spec.network.additionalNodeIngressRules
GROUP:      infrastructure.cluster.x-k8s.io
KIND:       AWSCluster
VERSION:    v1beta2

error: field "additionalNodeIngressRules" does not exist

I do see spec.network.additionalControlPlaneIngressRules in AWSCluster

❯ kubectl explain awscluster.spec.network.additionalControlPlaneIngressRules
GROUP:      infrastructure.cluster.x-k8s.io
KIND:       AWSCluster
VERSION:    v1beta2

FIELD: additionalControlPlaneIngressRules <[]Object>


DESCRIPTION:
    AdditionalControlPlaneIngressRules is an optional set of ingress rules to
    add to the control plane
    IngressRule defines an AWS ingress rule for security groups.
.
.
.

when using Cilium CNI in ENI mode, Security Group ingress rules can become very important to configure

I installed using clusterctl init

What did you expect to happen:
the field spec.network.additionalNodeIngressRules should exist as per the CRD documentation

Anything else you would like to add:

• Maybe a related issue Support configuring custom k8s node port range in security groups #5617
• definitely a related conversation in the slack channel, https://kubernetes.slack.com/archives/CD6U2V71N/p1753375843557799?thread_ts=1753369517.853449&cid=CD6U2V71N
• GitHub code search also shows the field should be there
  https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/main/api/v1beta2/network_types.go#L363-L365

Environment:
on kind cluster

• Cluster-api-provider-aws version: 2.8.4
• Kubernetes version: (use kubectl version):

❯ kubectl version
Client Version: v1.33.4
Kustomize Version: v5.6.0
Server Version: v1.33.1

• OS (e.g. from /etc/os-release): Ubuntu 24.04.3 LTS

[k8s-ci-robot]

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository.

[aviral-agarwal]

Hi, can anyone help me with this please? are we expecting this field to come in the CRD?