-
Bug
-
Resolution: Done
-
Major
-
None
-
4.16.0
-
Important
-
No
-
Rejected
-
False
-
Description of problem:
After installing an AWS cluster with CAPI for the latest 4.16, checked the TCP/22 port configured in the master or worker's SG, the source was limited to the "<cluster_id>-node" and "<cluster_id>-controlplane" SGs. { "FromPort": 22, "IpProtocol": "tcp", "IpRanges": [], "Ipv6Ranges": [], "PrefixListIds": [], "ToPort": 22, "UserIdGroupPairs": [ { "Description": "Port 22 (TCP)", "GroupId": "sg-062320796a693e265", "UserId": "301721915996" }, { "Description": "Port 22 (TCP)", "GroupId": "sg-045d04f22471f849f", "UserId": "301721915996" } ] }, While in a Terraform install, the source of this is configured with the VPC CIDR { "FromPort": 22, "IpProtocol": "tcp", "IpRanges": [ { "CidrIp": "10.0.0.0/16", "Description": "Created By OpenShift Installer" } ], "Ipv6Ranges": [], "PrefixListIds": [], "ToPort": 22, "UserIdGroupPairs": [] }, So the current configuration in CAPI will block the SSH connection from any other machine(such as a bastion) not associated the matched SG inside this VPC to master and node.
Version-Release number of selected component (if applicable):
4.16.0-0.nightly-2024-05-16-092402
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info: