Uploaded image for project: 'OpenShift Installer'
  1. OpenShift Installer
  2. CORS-3427

[CI] [bug] altinfra-e2e-aws-custom-security-jobs is permafailing

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • None
    • None
    • None
    • None

      The default limit for security groups in a network interface is 5 AWS docs

      CAPI creates 4 security groups and attaches 3 of those to the ENI (-lb, -apiserver-lb, and -controlplane). This means we can attach 2 additional SGs but the CI step is attaching 3, thus causing the install to fail with:

      E0319 21:13:33.438804 367 controller.go:329] "Reconciler error" err=<
failed to modify network interfaces on instance "i-01a31905bf1b670ac": failed to modify interface "eni-0a7298c44685f71f4" to have security groups [sg-0f8ccecdc182b9408 sg-030e67d81c72abdb9 sg-096d9c4615d3da2b9 sg-0acb9f0eb99d02dc9 sg-091272b8c5904ad8f sg-0b54d63990c2ae482]: SecurityGroupsPerInterfaceLimitExceeded: The maximum number of security groups per interface has been reached.
status code: 400, request id: 3ef35c9a-96fe-44ae-a917-496c07a44f90
> controller="awsmachine" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="AWSMachine" AWSMachine="openshift-cluster-api-guests/ci-op-szvcpy8b-dc0d2-698lv-master-2" namespace="openshift-cluster-api-guests" name="ci-op-szvcpy8b-dc0d2-698lv-master-2" reconcileID="ae7dd968-4770-4908-8a78-c1c67700a75c"

      We need to update the CI step.

            rdossant Rafael Fonseca dos Santos
            rdossant Rafael Fonseca dos Santos
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: