Uploaded image for project: 'OpenShift Container Platform (OCP) Strategy'
  1. OpenShift Container Platform (OCP) Strategy
  2. OCPSTRAT-593

GCP - Put the bootstrap node behind a LoadBalancer

XMLWordPrintable

    • Icon: Feature Feature
    • Resolution: Won't Do
    • Icon: Minor Minor
    • None
    • None
    • Install
    • False
    • Hide

      None

      Show
      None
    • False
    • OCPSTRAT-10Install and update OpenShift on Infrastructure Providers
    • 100
    • 100% 100%
    • 0
    • 0

      Feature Overview (aka. Goal Summary)  

      For OpenShift on GCP, put the bootstrap node behind a LoadBalancer to protect from the vmExternalIpAccess constraint

      Goals (aka. expected user outcomes)

      Have the bootstrap node to be behind a LoadBalancer so that the customer doesn't need to change the org policy constraints in their GCP organization

      Requirements (aka. Acceptance Criteria):

      While deploying OpenShift on GCP prevent any instances that are part of the OpenShift cluster or used during the Cluster bootstrap process to be associated with public IPs. Instead, during the installation, the bootstrap node should be fronted by a  Loadbalancer which should honor the customer's security policies.

      Background

      The security teams on customers have concerns over vmExternalIpAccess constraint. Their enterprise root policy constraints that get inherited at all projects mandate the disabling of External IP address in VMs

            mak.redhat.com Marcos Entenza Garcia
            mak.redhat.com Marcos Entenza Garcia
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: