1. Proposed title of this feature request
Expose "Allow access from" option when configure the OpenShift - Registry in Azure
2. What is the nature and description of the request?
When configure the OpenShift Container Platform - Image Registry in Microsoft Azure, the following procedure shall be used:
There is currently no option to restrict Allow access from meaning all available networks can simply access the Blob created. This is why it would be nice to expose something like Allow access from that would allow to specify a allow or deny list of CIDR for the given Blob and thus better control access to it.
Exposing this in configs.imageregistry.operator.openshift.io for azure storage configruation could help improving the OpenShift Container Platform - Image Registry configruation for Security sensitive customers by allowing to specify the CIDR that have access to the respective Blob.
3. Why does the customer need this? (List the business requirements here)
For Security sensitive customers, they wish to restrict all components as best as possible. Currently, no access restrictions can be configured which means the OpenShift Container Platform - Image Registry Blob is open to all networks defined in Azure. So people having access credentials can access it. With Allow access from this could be restrcited and thus would enforce better security for the platform.
4. List any affected packages or components.
Red Hat OpenShift Container Platform - Image Registry