-
Bug
-
Resolution: Unresolved
-
Undefined
-
4.17, 4.18
-
Important
-
None
-
Installer (PB) Sprint 259
-
1
-
Approved
-
False
-
Description of problem:
Install Azure fully private IPI cluster by using CAPI with payload built from cluster bot including openshift/installer#8727,openshift/installer#8732, install-config: ================= platform: azure: region: eastus outboundType: UserDefinedRouting networkResourceGroupName: jima24b-rg virtualNetwork: jima24b-vnet controlPlaneSubnet: jima24b-master-subnet computeSubnet: jima24b-worker-subnet publish: Internal featureSet: TechPreviewNoUpgrade Checked storage account created by installer, its property allowBlobPublicAccess is set to True. $ az storage account list -g jima24b-fwkq8-rg --query "[].[name,allowBlobPublicAccess]" -o tsv jima24bfwkq8sa True This is not consistent with terraform code, https://github.com/openshift/installer/blob/master/data/data/azure/vnet/main.tf#L74 At least, storage account should have no public access for fully private cluster.
Version-Release number of selected component (if applicable):
4.17 nightly build
How reproducible:
Always
Steps to Reproduce:
1. Create fully private cluster
2. Check storage account created by installer
3.
Actual results:
storage account have public access on fully private cluster.
Expected results:
storage account should have no public access on fully private cluster.
Additional info:
