Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-5132

[ARO] Locking down OSDisks to be only accessible to local network (rather than public)

XMLWordPrintable

    • False
    • None
    • False
    • Not Selected

      1. Proposed title of this feature request

      ARO customers require VM's disk configuration where the disks are setup for public access as private

      2. What is the nature and description of the request?

      When selecting VM type when creating the cluster, the disks that are created for each ARO node's VM have their networking configuration set as 'Enable public access from all networks'. 
      - For Example, say Resource: Disk x-xxx-xxx-xxxx-xx-xxxx-master-0_OSDisk which is controlled by VM abcdefghijklmnop-master-0 is set to public but customers need it to be private and have no way to do that. 

      3. Why does the customer need this? (List the business requirements here)

      Security necessity and policies enforced by organizations

      4. List any affected packages or components.

      What is the design reason the disks for the ARO VMs are set to public access when deploying a private cluster https://learn.microsoft.com/en-us/azure/openshift/howto-create-private-cluster-4x?

       

       

       

       

        1. disable_disk_network_access_custom.json
          2 kB
          Archith Kadanna Palli
        2. disable_disk_public_network_access_custom.json
          2 kB
          Archith Kadanna Palli
        3. managed_disks_should_disable_public_network_access.json
          2 kB
          Archith Kadanna Palli

            mak.redhat.com Marcos Entenza Garcia
            rhn-support-maupadhy Madhusudan Upadhyay
            Votes:
            0 Vote for this issue
            Watchers:
            10 Start watching this issue

              Created:
              Updated:
              Resolved: