-
Feature Request
-
Resolution: Unresolved
-
Major
-
None
-
OpenShift 4.0
-
None
-
Product / Portfolio Work
-
None
-
False
-
-
None
-
None
-
None
-
-
None
-
None
-
None
-
None
-
None
Problem:
Customer wants an option to specify an additional security group for the Loadbalancers in install-config.yaml.
| lbType: NLB additionalSecurityGroupIDs:
|
Additional day 2 operations required to workaround and resolve the default Load Balancers, which do not have an attached Security Group and is created within the same subnets as the OpenShift clusters.
Customer wants the option to specify per load balancer security group, knowing that IPI automatically creates 3 x Load Balancer for a public cluster and 2 x Load Balancer for a private cluster.
Something like the following within install-config.yaml
platform:
aws:
region: ap-southeast-1
lbType: NLB
vpc:
subnets:
- id: subnet-xxx # public subnet
roles:
- type: BootstrapNode
- type: IngressControllerLB
additionalSecurityGroupIDs:
- sg-xxx
- type: ControlPlaneExternalLB
additionalSecurityGroupIDs:
- sg-xxx
- id: subnet-xxx # private subnet
roles:
- type: ControlPlaneInternalLB
additionalSecurityGroupIDs:
- sg-xxx
- id: subnet-xxx # private subnet
roles:
- type: ClusterNode