Details
-
Bug
-
Resolution: Done
-
Critical
-
None
-
None
-
None
-
False
-
None
-
False
-
This is a big issue for the OCM and OSD FM team.
-
Hypershift Sprint 21, Hypershift Sprint 22, Hypershift Sprint 23
-
0
-
0
-
0
Description
After a cluster is deleted, the ingress LB is properly removed from the guest aws account, but a security group remains.
The group has a description of "Security group for Kubernetes ELB a3092ad64a8dc42aa86fb208097658a9 (openshift-ingress/router-default)" and the following tags:
api.openshift.com/name sda-it-t6m5 red-hat-clustertype rosa kubernetes.io/cluster/205pnjgn4c3kh22e2umthb9brandvdd7 owned api.openshift.com/id 205pnjgn4c3kh22e2umthb9brandvdd7 api.openshift.com/legal-entity-id 1HfHhu0eGT7HtPtFtHByhuZqI85 red-hat-managed true api.openshift.com/environment staging
And a matching inbound rule on the VPC default security group, meaning the limit of rules per security group quota will be hit after enough clusters are created and deleted.
Attachments
Issue Links
- duplicates
-
HOSTEDCP-652 Uninstalling through the ROSA CLI leaves orphaned resources
- Closed
- is blocked by
-
HOSTEDCP-789 AWS: create default security group when no security group is specified in a nodepool
- Closed
- is related to
-
HOSTEDCP-486 Clean up in-cluster cloud resources on hostedcluster deletion
- Closed