Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-148

Support adding custom security groups in AWS

XMLWordPrintable

    • BU Product Work
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-848Consistent Ingress/Egress into OpenShift clusters across providers
    • 0% To Do, 0% In Progress, 100% Done
    • 0
    • Program Call

      Feature Overview (aka. Goal Summary)  

      Add support for custom security groups to be attached to control plane and compute nodes at installation time.

      Goals (aka. expected user outcomes)

      Allow the user to provide existing security groups to be attached to the control plane and compute node instances at installation time.

      Requirements (aka. Acceptance Criteria):

      The user will be able to provide a list of existing security groups to the install config manifest that will be used as additional custom security groups to be attached to the control plane and compute node instances at installation time.

      Out of Scope

      The installer won't be responsible of creating any custom security groups, these must be created by the user before the installation starts.

      Background

      We do have users/customers with specific requirements on adding additional network rules to every instance created in AWS. For OpenShift these additional rules need to be added on day-2 manually as the Installer doesn't provide the ability to add custom security groups to be attached to any instance at install time.

      MachineSets already support adding a list of existing custom security groups, so this could be automated already at install time manually editing each MachineSet manifest before starting the installation, but even for these cases the Installer doesn't allow the user to provide this information to add the list of these security groups to the MachineSet manifests.

      Documentation Considerations

      Documentation will be required to explain how this information needs to be provided to the install config manifest as any other supported field.

            mak.redhat.com Marcos Entenza Garcia
            mak.redhat.com Marcos Entenza Garcia
            Jianwei Hou Jianwei Hou
            Stephanie Stout Stephanie Stout
            Dave Mulford Dave Mulford
            Votes:
            1 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: