Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-3794

Document how to create Private access for Azure disks

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected
    • x86_64

      1. Proposed title of this feature request

      Create Private access for Azure disks

      2. What is the nature and description of the request?

      Document on how to create Private access for Azure disks for OCP on Azure and ARO.

      • Create Disk Access resource
      • Create private endpoint mentioning the subnet of worker nodes
      • For new PVs to have access only to worker nodes, create new CSI storageclass with parameters:
        networkAccessPolicy: AllowPrivate
        diskAccessID: <ARM id of disk access resource created at step 1>
      • Use this new CSI storage class of azure disk to create new PVs now onwards.
      • For existing azure disks created on behalf of PVs provisioned by both in-tree storageclass and currently present CSI storageclass, we can disable the public access manually by updating the disk Networking property to 'Disable public access and enable private access' by setting same disk access created in step 1.

      3. Why does the customer need this? (List the business requirements here)

      When we create Azure PVs the default they are publicly accessible. 

      4. List any affected packages or components. 

      Suggested section for document https://docs.openshift.com/container-platform/4.12/storage/container_storage_interface/persistent-storage-csi-azure.html

            okashi1@redhat.com Oren Kashi
            rhn-support-nchoudhu Novonil Choudhuri
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: