Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-2712

[AWS] Understand security groups differences in MAPA/CAPA

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • 3
    • False
    • None
    • False
    • OCPSTRAT-683 - Migrate MAPI to Cluster API for AWS -Phase 1
    • CLOUD Sprint 262, CLOUD Sprint 265

      Background

      When converting CAPI2MAPI, we convert CAPA's `AdditionalSecurityGroups` into the security groups for MAPA. While this looks correct, there are also fields like `SecurityGroupOverrides` which when present currently, would cause an error.

      We need to understand how security groups work today in MAPA, compare that to CAPA, and be certain that we are correctly handling the conversion here.

      Is CAPA doing anything else under the hood? Is it currently applying extra security groups that are standard that would otherwise cause issues?

      Steps

      • Understand how security groups work in CAPA and MAPA
      • Determine if our current conversion of security groups is appropriate and understand the role of securityGroupOverrides
      • Update documentation/make appropriate changes to the security groups conversion based on the above findings.

      Stakeholders

      • Cluster infra

      Definition of Done

      • We are confident that converted machines behave correctly with respect to the security group configuration.
      • Docs
      • <Add docs requirements for this card>
      • Testing
      • <Explain testing that will be added>

              Unassigned Unassigned
              joelspeed Joel Speed
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: