Uploaded image for project: 'OpenShift Specialist Platform Team'
  1. OpenShift Specialist Platform Team
  2. SPLAT-2439

Validate feature for TP: NLB Security Groups for ROSA Classic clusters (enforced CCCMO)

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • None
    • None
    • Product / Portfolio Work
    • False
    • Hide

      None

      Show
      None
    • False
    • 8
    • None
    • None
    • None

      User Story

      As a ROSA Classic cluster administrator, I want the option to enable Security Groups on the default ingress NLB so that I can improve the security posture of my cluster with restricted network access.

      Description

      Implement opt-in support for Security Groups on NLB for default ingress in ROSA Classic clusters, leveraging the foundational work while ensuring compatibility with ROSA Classic architecture.

      Acceptance Criteria

      ROSA Classic Integration

      • [ ] ROSA Classic installation supports opt-in NLB Security Groups configuration
      • [ ] Integration with ROSA Classic cluster provisioning workflows
      • [ ] Proper handling of ROSA Classic service-managed components
      • [ ] Configuration options available through ROSA CLI and console
      • [ ] Compatibility with existing ROSA Classic networking features

      Security Group Management

      • [ ] Service-managed Security Groups created in customer account
      • [ ] Security Group rules configured for worker node subnet CIDRs
      • [ ] Proper IAM permissions for Security Group management by ROSA service
      • [ ] Integration with ROSA Classic resource tagging and lifecycle management
      • [ ] Cleanup procedures for Security Groups during cluster deletion

      Service Integration

      • [ ] Integration with ROSA Classic provisioning service
      • [ ] Proper error handling and status reporting in ROSA workflows
      • [ ] Support for Security Group configuration in cluster templates
      • [ ] Integration with ROSA Classic monitoring and alerting
      • [ ] Compatibility with ROSA Classic upgrade procedures

      Customer Experience

      • [ ] Clear documentation for enabling NLB Security Groups in ROSA Classic
      • [ ] Configuration validation and helpful error messages
      • [ ] Integration with ROSA Classic support and troubleshooting tools
      • [ ] Proper billing and cost attribution for Security Group resources
      • [ ] Customer notifications for Security Group-related changes

      Testing and Validation

      • [ ] ROSA Classic clusters with NLB Security Groups deploy successfully
      • [ ] Network connectivity validated with Security Group restrictions
      • [ ] Integration with ROSA Classic operational procedures verified
      • [ ] Multiple configuration scenarios tested
      • [ ] Upgrade and lifecycle management validated

      Definition of Done

      • ROSA Classic supports opt-in NLB Security Groups for default ingress
      • Feature properly integrated with ROSA Classic service architecture
      • Customer experience is seamless and well-documented
      • All testing validates functionality and integration

              Unassigned Unassigned
              rhn-support-rvanderp Richard Vanderpool
              None
              None
              Aadarsh Raj Aadarsh Raj
              None
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: