-
Bug
-
Resolution: Done-Errata
-
Undefined
-
4.17, 4.18
-
Important
-
None
-
Installer (PB) Sprint 259
-
1
-
Rejected
-
False
-
-
N/A
-
Release Note Not Required
-
Done
This is a clone of issue OCPBUGS-37506. The following is the description of the original issue:
—
Description of problem:
Install Azure fully private IPI cluster by using CAPI with payload built from cluster bot including openshift/installer#8727,openshift/installer#8732, install-config: ================= platform: azure: region: eastus outboundType: UserDefinedRouting networkResourceGroupName: jima24b-rg virtualNetwork: jima24b-vnet controlPlaneSubnet: jima24b-master-subnet computeSubnet: jima24b-worker-subnet publish: Internal featureSet: TechPreviewNoUpgrade Checked storage account created by installer, its property allowBlobPublicAccess is set to True. $ az storage account list -g jima24b-fwkq8-rg --query "[].[name,allowBlobPublicAccess]" -o tsv jima24bfwkq8sa True This is not consistent with terraform code, https://github.com/openshift/installer/blob/master/data/data/azure/vnet/main.tf#L74 At least, storage account should have no public access for fully private cluster.
Version-Release number of selected component (if applicable):
4.17 nightly build
How reproducible:
Always
Steps to Reproduce:
1. Create fully private cluster 2. Check storage account created by installer 3.
Actual results:
storage account have public access on fully private cluster.
Expected results:
storage account should have no public access on fully private cluster.
Additional info:
- clones
-
OCPBUGS-37506 [CAPI Azure] storage account created by installer has public access on fully private cluster
- Verified
- is blocked by
-
OCPBUGS-37506 [CAPI Azure] storage account created by installer has public access on fully private cluster
- Verified
- links to
-
RHEA-2024:3718 OpenShift Container Platform 4.17.z bug fix update