New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
ibmcloud: Update security groups and rules #5059
ibmcloud: Update security groups and rules #5059
Conversation
/assign @jstuever |
/retest |
0b279c6
to
f3f01fd
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Can you explain the difference between cluster-wide and openshift-network security groups. They feel redundant and can probably be collapsed into one.
Other than this, a few minor adjustments to tighten security a bit.
There is a limitation in IBM Cloud VPC security groups where only 5 remote rules are configurable per security group. With that, I needed to separate it into 2 security groups and tried to organize it in a way that makes the most sense. |
/lgtm |
/retest |
@hasueki: The following tests failed, say
Full PR test history. Your PR dashboard. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jstuever The full list of commands accepted by this bot can be found here. The pull request process is described here
Needs approval from an approver in each of these files:
Approvers can indicate their approval by writing |
Define more IBM Cloud VPC security groups and rules, following the documentation for OCP networking requirements. This also updates the set of security groups to attach to the nodes defined in Terraform and Machine/MachineSet CRs.