Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-2057

[Submariner] - submariner gateway security group in aws not deleted when uninstalling submariner

XMLWordPrintable

    • False
    • None
    • False
    • No

      Description of problem:

      ACM 2.7 / Submariner 0.14.0
      During uninstall process of submariner, submariner gateway security group is not deleted on AWS platform. As a result on redeployment of submariner, cloud prepare step fails as it found duplicate security group.

      ACM hub submariner-addon log during uninstall:

      I1113 13:37:27.330732       1 event.go:285] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"open-cluster-management", Name:"submariner-addon", UID:"4347565f-bdb0-4b35-8bbf-4064b30886db", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'AWSCloudProvider' Deleting Submariner gateway security groupI1113 13:37:27.418744       1 event.go:285] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"open-cluster-management", Name:"submariner-addon", UID:"4347565f-bdb0-4b35-8bbf-4064b30886db", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'AWSCloudProvider' Deleted Submariner gateway security group

      Shows the security group being deleted.
      But during redeployment, fails on duplicate security group existence.

      I1113 14:27:10.003807       1 event.go:285] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"open-cluster-management", Name:"submariner-addon", UID:"4347565f-bdb0-4b35-8bbf-4064b30886db", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Normal' reason: 'AWSCloudProvider' Creating Submariner gateway security groupI1113 14:27:10.210476       1 event.go:285] Event(v1.ObjectReference{Kind:"Deployment", Namespace:"open-cluster-management", Name:"submariner-addon", UID:"4347565f-bdb0-4b35-8bbf-4064b30886db", APIVersion:"apps/v1", ResourceVersion:"", FieldPath:""}): type: 'Warning' reason: 'AWSCloudProvider' Unable to create gateway: error creating AWS security group: operation error EC2: CreateSecurityGroup, https response error StatusCode: 400, RequestID: f20cbe41-3a50-4a5b-b936-b6266373f934, api error InvalidGroup.Duplicate: The security group 'mbabushk-aws-6vk9t-submariner-gw-sg' already exists for VPC 'vpc-07d1117d37f4ea7f9'E1113 14:27:10.225452       1 base_controller.go:270] "SubmarinerAgentController" controller failed to sync "mbabushk-aws/submariner", err: unable to create gateway: error creating AWS security group: operation error EC2: CreateSecurityGroup, https response error StatusCode: 400, RequestID: f20cbe41-3a50-4a5b-b936-b6266373f934, api error InvalidGroup.Duplicate: The security group 'mbabushk-aws-6vk9t-submariner-gw-sg' already exists for VPC 'vpc-07d1117d37f4ea7f9'

      Version-Release number of selected component (if applicable):

      ACM 2.7
      Submariner 0.14.0

      How reproducible:

      Deploy submariner on aws platform, as part of ACM deployment.
      After successful deployment, uninstall submariner from the managed clusters.
      Redeploy submariner on the same managed clusters.
      Deployment on aws platform will fail.

        1. submariner_addon.log
          8.47 MB
        2. openshift-machine-api_machine-controller.log
          435 kB

              mkolesni@redhat.com Michael Kolesnik
              mbabushk@redhat.com Maxim Babushkin
              Maxim Babushkin Maxim Babushkin
              ACM QE Team
              Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated:
                Resolved: