Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.21
Component/s: Installer / openshift-installer
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Moderate
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
None
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

During testing PR https://github.com/openshift/installer/pull/9773 and https://github.com/openshift/installer/pull/10059 , new network nsg rule "alllow_ssh" for port 22 is created and never deleted after installation.

$ az network nsg rule list --nsg-name jima05subnetd-n5jjr-nsg -g jima05subnetd-n5jjr-rg -otable
Name                                                      ResourceGroup           Priority    SourcePortRanges    SourceAddressPrefixes    SourceASG    Access    Protocol    Direction    DestinationPortRanges    DestinationAddressPrefixes    DestinationASG
--------------------------------------------------------  ----------------------  ----------  ------------------  -----------------------  -----------  --------  ----------  -----------  -----------------------  ----------------------------  ----------------
apiserver_in                                              jima05subnetd-n5jjr-rg  101         *                   *                        None         Allow     Tcp         Inbound      6443                     *                             None
k8s-azure-lb_allow_IPv4_556f7044ec033071ec0dfcf7cd85bc93  jima05subnetd-n5jjr-rg  500         *                   Internet                 None         Allow     Tcp         Inbound      443 80                   20.225.5.134                  None
allow_ssh                                                 jima05subnetd-n5jjr-rg  2200        *                   *                        None         Allow     Tcp         Inbound      22                       *                             None

Version-Release number of selected component (if applicable):

    4.21

How reproducible:

    Always

Steps to Reproduce:

    1. Build image with PR installer#10059
    2. create cluster
    3.

Actual results:

    nsg rule "allow_ssh" for port 22 is created

Expected results:

    nsg rule "allow_ssh" for port 22 should not be created

Additional info:

    slack thread: https://redhat-internal.slack.com/archives/C01V1DP387R/p1762344654245479

Assignee:: Sandhya Dasu

Reporter:: Jinyun Ma

Need Info From:: None

Contributors:: None

QA Contact:: Jinyun Ma

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/11/07 7:08 AM

Updated:: 2025/11/07 5:08 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide