Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15230

Allow installer to use existing Azure NSG during OpenShift IPI install

XMLWordPrintable

    • No
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-11796. The following is the description of the original issue:

      Description of problem:

      In an install where users bring their networks they also bring their own NSGs. However, the installer still creates NSG. In Azure environments using the rule [1] below, users are prohibited from installing cluster, as the apiserver_in rule has the rule set as 0.0.0.0[2]. Having a rule in place where the users could define this before install would allow them to set this connectivity without having the inbound access 



[1] - Rule: Network Security Groups shall not allow rule with 0.0.0.0/Any Source/Destination IP Addresses - Custom Deny

[2] - https://github.com/openshift/installer/blob/master/data/data/azure/vnet/nsg.tf#L31

            rdossant Rafael Fonseca dos Santos
            openshift-crt-jira-prow OpenShift Prow Bot
            Jinyun Ma Jinyun Ma
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: