Uploaded image for project: 'Red Hat Advanced Cluster Management'
  1. Red Hat Advanced Cluster Management
  2. ACM-2318

Submariner gateway node: Error updating load balancer with new hosts map

    XMLWordPrintable

Details

    • Critical

    Description

      Description of problem:

      Installing Submariner 0.12.2 within ACM 2.5.5 failed to create the Gateway on AWS:

      Error updating load balancer with new hosts map

      Version-Release number of selected component (if applicable):

      ACM 2.5.5

      Submariner 0.12.2

      Cloud platform: Amazon

      OCP version: 4.10.44

      kubernetes 1.23.12

       

      ### lighthouse-agent-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:33
name=rhacm2/lighthouse-agent-rhel8
release=10
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/lighthouse-agent-rhel8/images/v0.12.2-10 
version=v0.12.2

### lighthouse-coredns-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:22
name=rhacm2/lighthouse-coredns-rhel8
release=10
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/lighthouse-coredns-rhel8/images/v0.12.2-10 
version=v0.12.2

### submariner-gateway-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:32
name=rhacm2/submariner-gateway-rhel8
release=9
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-gateway-rhel8/images/v0.12.2-9 
version=v0.12.2

### submariner-globalnet-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:29
name=rhacm2/submariner-globalnet-rhel8
release=9
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-globalnet-rhel8/images/v0.12.2-9 
version=v0.12.2

### submariner-networkplugin-syncer-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:26
name=rhacm2/submariner-networkplugin-syncer-rhel8
release=9
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-networkplugin-syncer-rhel8/images/v0.12.2-9 
version=v0.12.2

### submariner-operator-bundle:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:34:59
name=rhacm2/submariner-operator-bundle
release=9
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-operator-bundle/images/v0.12.2-9 
version=v0.12.2

### submariner-rhel8-operator:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:40
name=rhacm2/submariner-rhel8-operator
release=8
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-rhel8-operator/images/v0.12.2-8 
version=v0.12.2

### submariner-route-agent-rhel8:v0.12 Image-Stream tag ###
build-date=2022-12-02T07:08:26
name=rhacm2/submariner-route-agent-rhel8
release=9
url =https://access.redhat.com/containers/#/registry.access.redhat.com/rhacm2/submariner-route-agent-rhel8/images/v0.12.2-9 
version=v0.12.2

       

      How reproducible:

      ?

      Steps to Reproduce:

      Install ACM 2.5.5 with Submariner 0.12.2 on AWS:

      https://qe-jenkins-csb-skynet.apps.ocp-c1.prod.psi.redhat.com/view/ACM%202.5/job/ACM-2.5.5-Submariner-0.12.2-AWS-OSP-Globalnet/64/Test-Report/

      Actual results:

      Name:         submariner
Namespace:    acm-aws-nmanos-a2
Labels:       <none>
Annotations:  <none>
API Version:  submarineraddon.open-cluster-management.io/v1alpha1
Kind:         SubmarinerConfig
Metadata:
  Creation Timestamp:  2022-12-06T06:03:55Z
  Finalizers:
    submarineraddon.open-cluster-management.io/config-cleanup
  Generation:  2
  Managed Fields:
    API Version:  submarineraddon.open-cluster-management.io/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:kubectl.kubernetes.io/last-applied-configuration:
      f:spec:
        .:
        f:IPSecIKEPort:
        f:IPSecNATTPort:
        f:NATTDiscoveryPort:
        f:NATTEnable:
        f:cableDriver:
        f:credentialsSecret:
          .:
          f:name:
        f:gatewayConfig:
          .:
          f:aws:
            .:
            f:instanceType:
          f:gateways:
        f:imagePullSpecs:
        f:loadBalancerEnable:
        f:subscriptionConfig:
          .:
          f:channel:
          f:source:
          f:sourceNamespace:
          f:startingCSV:
    Manager:      kubectl-client-side-apply
    Operation:    Update
    Time:         2022-12-06T06:03:55Z
    API Version:  submarineraddon.open-cluster-management.io/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:finalizers:
          .:
          v:"submarineraddon.open-cluster-management.io/config-cleanup":
      f:spec:
        f:gatewayConfig:
          f:azure:
            .:
            f:instanceType:
          f:gcp:
            .:
            f:instanceType:
          f:rhos:
            .:
            f:instanceType:
    Manager:      submariner
    Operation:    Update
    Time:         2022-12-06T06:03:55Z
    API Version:  submarineraddon.open-cluster-management.io/v1alpha1
    Fields Type:  FieldsV1
    fieldsV1:
      f:status:
        .:
        f:conditions:
        f:managedClusterInfo:
          .:
          f:clusterName:
          f:infraId:
          f:platform:
          f:region:
          f:vendor:
    Manager:         submariner
    Operation:       Update
    Subresource:     status
    Time:            2022-12-06T06:04:00Z
  Resource Version:  112556
  UID:               80e4f944-e3ef-45a1-ab5c-37a37dc4d72c
Spec:
  IP Sec IKE Port:      502
  IP Sec NATT Port:     4502
  NATT Discovery Port:  4900
  NATT Enable:          true
  Cable Driver:         libreswan
  Credentials Secret:
    Name:  acm-aws-nmanos-a2-aws-creds
  Gateway Config:
    Aws:
      Instance Type:  c5d.large
    Azure:
      Instance Type:  Standard_D4s_v3
    Gateways:         1
    Gcp:
      Instance Type:  n1-standard-4
    Rhos:
      Instance Type:  PnTAE.CPU_16_Memory_32768_Disk_80
  Image Pull Specs:
  Load Balancer Enable:  false
  Subscription Config:
    Channel:           stable-0.12
    Source:            submariner-stable-0-12-catalog
    Source Namespace:  submariner-operator
    Starting CSV:      submariner.v0.12
Status:
  Conditions:
    Last Transition Time:  2022-12-06T06:04:00Z
    Message:               Submariner cluster environment was prepared
    Reason:                SubmarinerClusterEnvPrepared
    Status:                True
    Type:                  SubmarinerClusterEnvironmentPrepared
    Last Transition Time:  2022-12-06T06:04:01Z
    Message:               SubmarinerConfig was applied
    Reason:                SubmarinerConfigApplied
    Status:                True
    Type:                  SubmarinerConfigApplied
    Last Transition Time:  2022-12-06T06:08:02Z
    Message:               1 node(s) ("ip-10-166-10-129.us-west-1.compute.internal") are labeled as gateways
    Reason:                Success
    Status:                True
    Type:                  SubmarinerGatewaysLabeled
  Managed Cluster Info:
    Cluster Name:  acm-aws-nmanos-a2
    Infra Id:      aws-nmanos-a2-h79vd
    Platform:      AWS
    Region:        us-west-1
    Vendor:        OpenShift
Events:            <none>

       

      $ oc  get nodes -l node-role.kubernetes.io/worker -o wide 

      NAME                                           STATUS   ROLES    AGE    VERSION            INTERNAL-IP      EXTERNAL-IP     OS-IMAGE                                                        KERNEL-VERSION                 CONTAINER-RUNTIME
ip-10-166-10-129.us-west-1.compute.internal    Ready    worker   21m    v1.23.12+8a6bfe4   10.166.10.129    18.144.167.96   Red Hat Enterprise Linux CoreOS 410.84.202211282118-0 (Ootpa)   4.18.0-305.65.1.el8_4.x86_64   cri-o://1.23.3-20.rhaos4.10.git89344de.el8
ip-10-166-154-70.us-west-1.compute.internal    Ready    worker   161m   v1.23.12+8a6bfe4   10.166.154.70    <none>          Red Hat Enterprise Linux CoreOS 410.84.202211282118-0 (Ootpa)   4.18.0-305.65.1.el8_4.x86_64   cri-o://1.23.3-20.rhaos4.10.git89344de.el8
ip-10-166-180-183.us-west-1.compute.internal   Ready    worker   164m   v1.23.12+8a6bfe4   10.166.180.183   <none>          Red Hat Enterprise Linux CoreOS 410.84.202211282118-0 (Ootpa)   4.18.0-305.65.1.el8_4.x86_64   cri-o://1.23.3-20.rhaos4.10.git89344de.el8
ip-10-166-255-43.us-west-1.compute.internal    Ready    worker   161m   v1.23.12+8a6bfe4   10.166.255.43    <none>          Red Hat Enterprise Linux CoreOS 410.84.202211282118-0 (Ootpa)   4.18.0-305.65.1.el8_4.x86_64   cri-o://1.23.3-20.rhaos4.10.git89344de.el8

      $ oc  describe Gateway -n submariner-operator 

      No resources found in submariner-operator namespace.

       

      OC logs shows:

      00:33:56 2022-12-06T06:08:39Z   2022-12-06T06:08:39Z   1        machineconfigdaemon                                                                                                                                 Normal    NodeDone                                           Setting node ip-10-166-10-129.us-west-1.compute.internal, currentConfig rendered-worker-f46d0369e1183ea8248aec9bf8950b43 to Done
00:33:56 2022-12-06T06:08:43Z   2022-12-06T06:08:43Z   1        kubelet                                                                                                                                             Normal    NodeReady                                          Node ip-10-166-10-129.us-west-1.compute.internal status is now: NodeReady
00:33:56 2022-12-06T06:08:44Z   2022-12-06T06:33:32Z   16       service-controller                                                                                                                                  Warning   
      UpdateLoadBalancerFailed                           Error updating load balancer with new hosts map[ip-10-166-10-129.us-west-1.compute.internal:{} ip-10-166-129-205.us-west-1.compute.internal:{} ip-10-166-150-70.us-west-1.compute.internal:{} ip-10-166-154-70.us-west-1.compute.internal:{} ip-10-166-180-183.us-west-1.compute.internal:{} ip-10-166-198-122.us-west-1.compute.internal:{} ip-10-166-255-43.us-west-1.compute.internal:{}]: Multiple tagged security groups found for instance i-0e722eeedf0d69eeb; ensure only the k8s security group is tagged; the tagged groups were sg-07f460ad239364d9b(aws-nmanos-a2-h79vd-submariner-gw-sg) sg-0f8d89b4202126713(terraform-20221206033036145600000002)

      Expected results:

      Gateway should be created on the AWS node with the external IP.

      Additional info:

      More logs including Submariner gather logs in build artifacts.

      Attachments

        Activity

          People

            skitt@redhat.com Stephen Kitt
            nmanos@redhat.com Noam Manos
            Noam Manos Noam Manos
            ACM QE Team
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: