feat: Add recommended security group rule for port 10251 to match EKS addon for metrics-server (#3562)

* add current metrics-server default port 10251 to the recommended security group rules, add TODO note to remove the metrics-server legacy port 4443 on the next breaking change

* Update node_groups.tf

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>

---------

Co-authored-by: Bryant Biggs <bryantbiggs@gmail.com>

Author: pwntr

node_groups.tf

@@ -117,7 +117,7 @@ locals {
       type        = "ingress"
       self        = true
     }
-    # metrics-server
+    # metrics-server, legacy port - TODO: remove this on the next breaking change at v22
     ingress_cluster_4443_webhook = {
       description                   = "Cluster API to node 4443/tcp webhook"
       protocol                      = "tcp"
@@ -126,6 +126,15 @@ locals {
       type                          = "ingress"
       source_cluster_security_group = true
     }
+    # metrics-server, current EKS default port
+    ingress_cluster_10251_webhook = {
+      description                   = "Cluster API to node 10251/tcp webhook"
+      protocol                      = "tcp"
+      from_port                     = 10251
+      to_port                       = 10251
+      type                          = "ingress"
+      source_cluster_security_group = true
+    }
     # prometheus-adapter
     ingress_cluster_6443_webhook = {
       description                   = "Cluster API to node 6443/tcp webhook"