search

ovh / public-cloud-roadmap

Agile roadmap for OVHcloud Public Cloud services. Discover the features our product teams are working on, comment and influence our backlog.
https://www.ovhcloud.com/en/public-cloud/
187 stars 5 forks source link

Enable or explicitely throw an error for security groups in Baremetal Instances Network #584

Open joelwurtz opened 2 months ago

joelwurtz commented 2 months ago

As an OVHcloud customer using bare metal instance on public cloud I want to create security group on external network port or be informed it does not work when creating a security group on external network port

I was struggling understanding why my bare metal instances were not blocking ingress trafic and it happens it is not possible, i think at least there should be an error on openstack when trying to do this (or allow it).

Also without https://github.com/ovh/public-cloud-roadmap/issues/60 it is impossible to manage ingress rules in public network through api or terraform for public cloud bare metal instance, i end up using a gateway as a work around

DavidDelebecque commented 2 months ago

Thanks for your inputs.

It is a known limit today. To block private ingress traffic, we do not have a solution yet. To block (Public) ingress traffic, a workaround would be to use Edge network firewall.

We'll make it more explicit for the users and take that input into consideration for feature improvements.