From cefc91338f3e1aca09e6a74f5bfccbf0429078dd Mon Sep 17 00:00:00 2001 From: Patrick Dillon Date: Tue, 28 May 2024 11:25:06 -0400 Subject: [PATCH] docs/user/azure: fix byo vnet security groups Our in-repo docs indicate that the installer will not create security groups, but that is inaccurate. The official docs are correct: https://docs.openshift.com/container-platform/4.15/installing/installing_azure/installing-azure-vnet.html This commit updates the in-repo docs to match the official docs. --- docs/user/azure/customization.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/user/azure/customization.md b/docs/user/azure/customization.md index 0bf4211920..0f5059b819 100644 --- a/docs/user/azure/customization.md +++ b/docs/user/azure/customization.md @@ -44,7 +44,7 @@ The installer can use an existing VNet and subnets when provisioning an OpenShif ### Cluster Isolation -When pre-existing subnets are provided, the installer will not create a network security group (NSG) or alter an existing one attached to the subnet. This restriction means that no security rules are created. If multiple clusters are installed to the same VNet and isolation is desired, it must be enforced through an administrative task after the cluster is installed. +When pre-existing subnets are provided, the installer will not create a network security group (NSG) or alter an existing one attached to the subnet. Because cluster components do not modify the user-provided network security groups, which the Kubernetes controllers update, a pseudo-network security group is created for the Kubernetes controller to modify without impacting the rest of the environment. If multiple clusters are installed to the same VNet and isolation is desired, it must be enforced through an administrative task after the cluster is installed. ## Examples