Description of problem

The PerfScale team has been encountering AWS security group rule quota exhaustion errors in recent scale-up tests of HyperShift/HostedCP, and we've determined the cause to be Services of type LoadBalancer that are being unexpectedly created for each instance of klusterlet. In other words, we were expecting X Services to be created per HyperShift hosted/managed cluster, but we're now observing X+1 Services being created, and we've found klusterlets to be the source of the "+1."

This behavior was not observed during earlier scale-up tests, which leads us to believe this could be a bug.

Version-Release number of selected component (if applicable)

quay.io:443/acm-d/config-policy-controller-rhel8@sha256:c5eb971f4d3f8d0a5f27da7a9c78b0235e8a0a0029eac59d9b765ad9ac2639f5

How reproducible

Reliably reproducible

Steps to Reproduce

1.  Create a managed/hosted cluster
2.  Check for unexpected LoadBalancer Services created in the new klusterlet's namespace

Actual results

We're seeing unexpected services like this one

klusterlet-22ov8ftt1us7c1jrq3ge23rqdcgoe3v4                  klusterlet-addon-workmgr                                          LoadBalancer   172.30.133.156   abfcfdb0cfd8f4c12972ec960cfa2a82-1989450843.us-east-2.elb.amazonaws.com             443:32685/TCP                             54m

Expected results

No new services in the klusterlet namespace.

Additional info

See OHSS-19771 and Slack messages following this one for additional context