-
Feature Request
-
Resolution: Done
-
Undefined
-
None
-
False
-
False
-
Undefined
-
1. Proposed title of this feature request
Allow router to pod to exclude landing on the masters
2. What is the nature and description of the request?
This is coming from a customer in OSD on GCP. When the router LB service is created, an NLB is created and it applies Security Groups rules to both master and worker nodes. This SG rule opens port 80 and 443 to 0.0.0.0/0 on both the masters and the worker nodes.
The customer would like an option to disable the master from getting these SG's applied. The customer has no intention of running the router on the master (in OSD it shouldn't happen), so there is no need for the SG rule to be applied.
3. Why does the customer need this? (List the business requirements here)
This is for security best practices.
4. List any affected packages or components.
cluster-ingress-operator, load balancer