Loading...

XML

Word

Printable

Details

Type: Story
Resolution: Done
Priority: Undefined
Fix Version/s: None
Affects Version/s: None
Component/s: None
Labels:
- M3
- sd-hypershift

Blocked:
False
Blocked Reason:
None
Ready:
False
Release Note Text:
at risk for Feb 11 completion

Cost of Delay:
0
WSJF:
0
Risk Score:
0

SFDC Cases Links:
SFDC Cases Counter:

Description

When no security group is specified in a NodePool, create a default security group so that load balancers can be created/deleted properly in the guest cluster. The following will be true:

Only one security group per hostedcluster will be created (associated with the VPC)
The security group will be created once and not be reconciled after creation.
The security group will be named using the hostedcluster's infra ID ([infra-id]-worker-sg)
The security group will be tagged with the k8s tag for the cluster:
`kubernetes.io/cluster/[infra-id]=owned`
The security group will be destroyed when the hostedcluster is deleted.

Attachments

Issue Links

blocks

HOSTEDCP-656 Hosted cluster deletion does not clean up elb security group

Closed

links to

openshift/hypershift#2146: Create default security group for AWS clusters

openshift/managed-cluster-config#1469: Update control-plane-operator policy

Activity

People

Assignee:: Cesar Wong

Reporter:: Cesar Wong

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 8 Start watching this issue

Dates

Due:: 2023/02/11

Created:: 2023/01/31 3:40 PM

Updated:: 2023/03/13 7:41 AM

Resolved:: 2023/02/21 2:20 PM