Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-2602

Support adding custom security groups in AWS

XMLWordPrintable

    • Support adding custom security groups in AWS
    • False
    • False
    • Green
    • To Do
    • OCPSTRAT-148 - Support adding custom security groups in AWS
    • OCPSTRAT-148Support adding custom security groups in AWS
    • 0% To Do, 0% In Progress, 100% Done
    • Hide

      27/April/2023
      Brent has created all of the cards for the epic and pinged #forum-installer-staff to see if anyone had comments/questions for it. But for now it is ready for Story pointing. Not currently at risk for 4.14.

       

      30/May/2023
      There is a single PR for the installer work here: https://github.com/openshift/installer/pull/7151

       

      31/May/2023

      Mike and I discussed the docs updates required, and that is currently in the works.

       

      05/June/2023
      A PR for the CI work was started, but the work is on the back burner while I work on CI work for AWS Shared VPC. (https://github.com/openshift/release/pull/39935)

      Added https://github.com/openshift/installer/pull/7151 to the merge queue.
       

      08/June/2023

      18th or so on the merge queue list. At the current rate it should still be able to merge before 4.14 end. The only issue is that this may not be ideal for merging the release PR as it requires the installer PR to merge before testing.

       

      20/June/2023 - The PR merged. Moving on to testing the master branch with the new CI test.

      Show
      27/April/2023 Brent has created all of the cards for the epic and pinged #forum-installer-staff to see if anyone had comments/questions for it. But for now it is ready for Story pointing. Not currently at risk for 4.14.   30/May/2023 There is a single PR for the installer work here: https://github.com/openshift/installer/pull/7151   31/May/2023 Mike and I discussed the docs updates required, and that is currently in the works.   05/June/2023 A PR for the CI work was started, but the work is on the back burner while I work on CI work for AWS Shared VPC. ( https://github.com/openshift/release/pull/39935) Added https://github.com/openshift/installer/pull/7151 to the merge queue.   08/June/2023 18th or so on the merge queue list. At the current rate it should still be able to merge before 4.14 end. The only issue is that this may not be ideal for merging the release PR as it requires the installer PR to merge before testing.   20/June/2023 - The PR merged. Moving on to testing the master branch with the new CI test.

      Epic Goal

      • Allow the user to provide existing security groups to be attached to the control plane and compute node instances at installation time.

      Why is this important?

      • We do have users/customers with specific requirements on adding additional network rules to every instance created in AWS. For OpenShift these additional rules need to be added on day-2 manually as the Installer doesn't provide the ability to add custom security groups to be attached to any instance at install time.

        MachineSets already support adding a list of existing custom security groups, so this could be automated already at install time manually editing each MachineSet manifest before starting the installation, but even for these cases the Installer doesn't allow the user to provide this information to add the list of these security groups to the MachineSet manifests.

      Scenarios

      1. The user will be able to provide a list of existing security groups to the install config that will be used as additional custom security groups to be attached to the control plane and compute node instances at installation time.

      Acceptance Criteria

      • CI - MUST be running successfully with tests automated
      • Release Technical Enablement - Provide necessary release enablement details and documents.

      Previous Work (Optional):

      1. Compute Nodes managed by MAPI already support this feature

      Done Checklist

      • CI - CI is running, tests are automated and merged.
      • Release Enablement <link to Feature Enablement Presentation>
      • DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
      • DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
      • DEV - Downstream build attached to advisory: <link to errata>
      • QE - Test plans in Polarion: <link or reference to Polarion>
      • QE - Automated tests merged: <link or reference to automated tests>
      • DOC - Downstream documentation merged: <link to meaningful PR>

            rh-ee-bbarbach Brent Barbachem
            mak.redhat.com Marcos Entenza Garcia
            Gaoyun Pei Gaoyun Pei
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

              Created:
              Updated:
              Resolved: