Feature Overview (aka. Goal Summary)  

Add support to the Installer to disable SNAT for outbound traffic at install time on Azure

Goals (aka. expected user outcomes)

As a user I want to disable SNAT on Azure for outbound traffic so I can scale past the 59 worker node limit on private clusters with a LoadBalancer outbound type

Requirements (aka. Acceptance Criteria):

• Ability to set disableOutboundSNAT in the install-config

• Adding additional IP addresses to the outbound rule rather than using the default

Background

When using SNAT for outbound traffic in OpenShift on Azure there is a point where port exhaustion is reached and additional compute nodes can't be added to the cluster. Removing SNAT usage for outbound traffic will remove this limit.

SNAT is being replaced by NAT Gateways from 4.14 OCPSTRAT-578 but the ARO team still needs this option to disable SNAT and configure LBs for outbound traffic.

Customer Considerations

This feature is mainly to be used for ARO customers

Documentation Considerations

Usual documentation to instruct the user on how to use the feature will be required

Implementation Considerations

Terraform is used for setting up and referencing networking in Azure