Description of problem: (copy of https://bugzilla.redhat.com/show_bug.cgi?id=1943175) Version: 4.7.2, also 4.6.something Platform: azure Please specify: * IPI What happened? Customer reports unable to install IPI PRIVATE OpenShift cluster in Azure. This previously worked, but when certain policies were applied to the customer's Azure account, it stopped working. The installer breaks on: Error creating Azure Storage Account "clusterpjacy": - {"name":"[Preview]: Storage account public access should be disallowed" - "policyDefinition":{"name":"Azure Storage should have the minimal TLS version of 1.2... What did you expect to happen? Installer completes successfully. Actual results: Security policies prohibits the storage account created by the image registry. Currently, the image registry creates a Storage Account without setting these newer AccountProperties: - AllowBlobPublicAccess - MinimumTLSVersion Expected results: No policy triggered and successful installation and operation of OpenShift when deploying on Azure. Additional info: Azure provides new storage account properties that are required to be set in order to pass customers policies in Azure: - AllowBlobPublicAccess set to false - MinimumTLSVersion 'TLS12' The work has been done for the Installer managed storage account in the linked Bugzilla.
Hello Etienne, Do we have any further update on this if AllowBlobPublicAccess can be set to false? Regards Pawan Kumar
No progress on this BZ this sprint due to higher severity bugs.
PRs are awaiting review.
Launch cluster from pr. After installation successfully, check the storage account created by image registry in azure webconsole. It has set disallow blob public access and MinimumTLSVersion to 1.2. imageregistrywxjaz7flkqs Blob public access. Disabled Minimum TLS version Version 1.2
In comment #5, I had verified this bug.
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.9.0 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:3759
*** Bug 2016615 has been marked as a duplicate of this bug. ***
Hello All, I can see this bug has been closed with errata on 4.9 version. But I still got same issue in 4.9 version. Can you please update? I attached the new case on this. Regards, Pawan Kumar