1. Proposed title of this feature request
Need additional clarity on adding custom securityGroup for IPI on AWS.
2. What is the nature and description of the request?
With RHOCP 4.14 one can specify existing security groups to the control plane and worker nodes.
Going through the documentation, The customer has raised the following queries.
1. Does the ability to use existing security groups also apply to ingress controllers?
- From looking the OCP 4.14 documentation about ingress controllers, there is mention of how to use existing security groups so there isn't an inbound rule for 0.0.0.0/0 for the ingress controller.
2. Is possible to specify existing security groups when creating a new worker or infrastructure machineset after the cluster is created?
- The documentation [1] shows a "securityGroups:" section in the example yaml, but it doesn't really explain what can be specified for an existing security group it should use.
Additional Queries:
A. Will the installer still add the default security groups along with the pre-existing security groups specified in a MachineSet object to the nodes it builds?
B. The ability to add pre-existing security groups is only applicable for MachineSets?
C. If yes, then is there a way to have the Ingress Controller for the cluster to use a pre-existing security group or create a security group that doesn't contain an inbound rule to allow all traffic from 0.0.0.0/0 in the AWS Classic Load Balancer or AWS Network Load Balancer it can be configured to create?
3. Why does the customer need this? (List the business requirements here)
4. List any affected packages or components.
Installer