-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
None
-
False
-
None
-
False
-
Not Selected
-
x86_64
-
-
-
-
-
1. Proposed title of this feature request
Create Private access for Azure disks
2. What is the nature and description of the request?
Document on how to create Private access for Azure disks for OCP on Azure and ARO.
- Create Disk Access resource
- Create private endpoint mentioning the subnet of worker nodes
- For new PVs to have access only to worker nodes, create new CSI storageclass with parameters:
networkAccessPolicy: AllowPrivate
diskAccessID: <ARM id of disk access resource created at step 1> - Use this new CSI storage class of azure disk to create new PVs now onwards.
- For existing azure disks created on behalf of PVs provisioned by both in-tree storageclass and currently present CSI storageclass, we can disable the public access manually by updating the disk Networking property to 'Disable public access and enable private access' by setting same disk access created in step 1.
3. Why does the customer need this? (List the business requirements here)
When we create Azure PVs the default they are publicly accessible.
4. List any affected packages or components.
Suggested section for document https://docs.openshift.com/container-platform/4.12/storage/container_storage_interface/persistent-storage-csi-azure.html
- is duplicated by
-
RFE-5132 [ARO] Locking down OSDisks to be only accessible to local network (rather than public)
- Accepted