Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-17860

Unnecessary SG opening 0.0.0.0/0 on OpenStack

    XMLWordPrintable

Details

    • -
    • Moderate
    • No
    • False
    • Hide

      None

      Show
      None
    • Release Note Not Required

    Description

      Description of problem:

      OpenStack features SG rules opening traffic from `0.0.0.0/0` on NodePorts. This was required for the OVN loadbalancers to work properly as they keep the source IP of the traffic when traffic reaches the LB members. This isn't needed anymore as in 4.14 OSASINFRA-3067 implemented and enabled `manage-security-groups` option on the cloud-provider-openstack, so that it will create and attach the proper SG on its own to make sure only necessary NodePorts are open.
      
      

      Version-Release number of selected component (if applicable):

      
      

      How reproducible:

      Always
      
      

      Steps to Reproduce:

      1. Check for existence of rules opening traffic from 0.0.0.0/0 on the master and worker nodes.
      
      

      Actual results:

      Rules are still there.
      
      

      Expected results:

      Rules are not needed anymore.
      
      

      Additional info:

      
      

      Attachments

        Activity

          People

            mdulko Michał Dulko
            mdulko Michał Dulko
            Itshak Brown Itshak Brown
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: