Uploaded image for project: 'OCMUI - OpenShift Cluster Manager UI'
  1. OCMUI - OpenShift Cluster Manager UI
  2. OCMUI-1499

[ROSA HCP Wizard] Support Security Group IDs

XMLWordPrintable

    • [ROSA HCP Wizard] Support Security Group IDs
    • Product / Portfolio Work
    • False
    • False
    • Done
    • ROSA-33 - UI HCP Parent for all Post GA Epics
    • 0% To Do, 0% In Progress, 100% Done
    • (10/16) Done

      Description

      Security groups in ROSA can be added to Virtual Private Clouds (VPC).  These security groups can have any name and are set by the user in the AWS environment directly on the VPC. They can be used to define their own security rules within their VPC.

      Prior to this Epic, we have created the ability to add security groups to ROSA classic clusters.  This included day 1 operations when the cluster was created using the UI ROSA wizard and day 2 operations where security groups could be added to new machine pools created for the cluster.

       

      As a user, I would like the ability to also include security groups for Hosted Control Plane (HCP) ROSA clusters both during day 1 creation of the cluster and day 2 adding of node pools.

       

      Acceptance criteria

      • For HCP clusters in Day 1, users can view and add up to 10 security groups to a cluster when using their own VPC 
      • (Day1) Security groups will be provided in an expandable section just like on the classic wizard. Security groups can only be added to worker nodes globally for he initial cluster creation (This is a restriction of the creation process).   
      • For HCP clusters in Day 2, users can view and add up to 10 security groups to new node pools when adding a new node pool to the cluster
      • Security groups can only be added to the nodes at creation of the cluster or creation of a new node pool.  An alert will indicate this limitation

      Mockups/Design

      Figma link

      Out of scope

      No scope restrictions currently.

      Testing implications

      We have plenty of tests for various aspects of security groups but they are all focused on the ROSA classic path.  We will need to either add new tests specific to HCP or broaden the existing tests to  also include testing for the HCP architecture.

       

      Implementation notes

      The current code logic and API calls for security groups are tied to the VPC operations which are not control plane specific, so we can re-use the same functionality.  HCP does use the node pool architecture, but that is already in place and we should not need to alter any of it as the security groups are associated with the VPC

        1. ROSA-Classic-Security-Groups-Day1.mp4
          2.68 MB
        2. ROSA-HCP-Current-Design-no-security-groups-day1.mp4
          3.53 MB
        3. security-groups.png
          security-groups.png
          174 kB
        4. hcp_sg_day1.png
          hcp_sg_day1.png
          163 kB
        5. hcp-mp-1.png
          hcp-mp-1.png
          163 kB
        6. Screenshot From 2025-09-03 13-10-27.png
          Screenshot From 2025-09-03 13-10-27.png
          86 kB
        7. Security_groups_HCP-–-Figma-09-11-2025_10_52_AM.png
          Security_groups_HCP-–-Figma-09-11-2025_10_52_AM.png
          61 kB
        8. Screenshot From 2025-09-25 14-39-44.png
          Screenshot From 2025-09-25 14-39-44.png
          62 kB
        9. Screenshot From 2025-09-25 14-39-16.png
          Screenshot From 2025-09-25 14-39-16.png
          76 kB
        10. Screenshot From 2025-09-25 14-39-26.png
          Screenshot From 2025-09-25 14-39-26.png
          54 kB

              zherman Zac Herman
              dtaylor@redhat.com David Taylor
              Jayakrishnan Mekkattillam Jayakrishnan Mekkattillam
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: