Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-1535

cluster-ingress-controller: Allow router to pod to exclude landing on the masters

    XMLWordPrintable

Details

    • False
    • False
    • 0
    • 0% 0%
    • Undefined

    Description

      1. Proposed title of this feature request

      Allow router to pod to exclude landing on the masters

       

      2. What is the nature and description of the request?

      This is coming from a customer in OSD on GCP.  When the router LB service is created, an NLB is created and it applies Security Groups rules to both master and worker nodes.  This SG rule opens port 80 and 443 to 0.0.0.0/0 on both the masters and the worker nodes.

       

      The customer would like an option to disable the master from getting these SG's applied.  The customer has no intention of running the router on the master (in OSD it shouldn't happen), so there is no need for the SG rule to be applied.

      3. Why does the customer need this? (List the business requirements here)

       

      This is for security best practices.

      4. List any affected packages or components.

       

      cluster-ingress-operator, load balancer

      Attachments

        Activity

          People

            mcurry@redhat.com Marc Curry
            mwoodson.openshift Matt Woodson (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: