Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-15230

Allow installer to use existing Azure NSG during OpenShift IPI install

    • No
    • False
    • Hide

      None

      Show
      None

      This is a clone of issue OCPBUGS-11796. The following is the description of the original issue:

      Description of problem:

      In an install where users bring their networks they also bring their own NSGs. However, the installer still creates NSG. In Azure environments using the rule [1] below, users are prohibited from installing cluster, as the apiserver_in rule has the rule set as 0.0.0.0[2]. Having a rule in place where the users could define this before install would allow them to set this connectivity without having the inbound access 
      
      
      
      [1] - Rule: Network Security Groups shall not allow rule with 0.0.0.0/Any Source/Destination IP Addresses - Custom Deny
      
      [2] - https://github.com/openshift/installer/blob/master/data/data/azure/vnet/nsg.tf#L31
      

              rdossant Rafael Fonseca dos Santos
              openshift-crt-jira-prow OpenShift Prow Bot
              Jinyun Ma Jinyun Ma
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: