Epic Goal

• Handle retirement of default outbound access, which is a dependency in 4.16 and earlier:

• • New installs using CAPZ (4.17+) get explicit outbound access through an outbound rule
  • Provide a fix for existing clusters that use default outbound access
  • Update all supported versions prior to 4.17 that depend on outbound access

Why is this important?

• Microsoft is planning to  retire default outbound access connectivity for all new virtual machines in Azure. Once this takes effect no Nodes in OCP deployed in Azure will have outbound connectivity unless this is configured explicitely.

This feature will tackle this deprecation notice from Microsoft and plan a long term solution for OpenShift once this new "policy" is applied in Azure

Scenarios

This needs to be solved not only for new OpenShift Clusters but also for existing ones. While existing clusters are not going to be affected straightaway (existing VMs won't loose outbound access) they will get impacted as any new Node added to the cluster won't get outbound access by default.

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>