-
Bug
-
Resolution: Done-Errata
-
Normal
-
4.14.0
-
-
-
Moderate
-
No
-
False
-
-
Release Note Not Required
Description of problem:
OpenStack features SG rules opening traffic from `0.0.0.0/0` on NodePorts. This was required for the OVN loadbalancers to work properly as they keep the source IP of the traffic when traffic reaches the LB members. This isn't needed anymore as in 4.14 OSASINFRA-3067 implemented and enabled `manage-security-groups` option on the cloud-provider-openstack, so that it will create and attach the proper SG on its own to make sure only necessary NodePorts are open.
Version-Release number of selected component (if applicable):
How reproducible:
Always
Steps to Reproduce:
1. Check for existence of rules opening traffic from 0.0.0.0/0 on the master and worker nodes.
Actual results:
Rules are still there.
Expected results:
Rules are not needed anymore.
Additional info: