Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-1540

[OCP 4.11] Inefficient use of SG rules when creating Service LBs leads to scale issues

XMLWordPrintable

    • Moderate
    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Each LB created for a Service type LoadBalancer results in 1 client rule and <# of public subnets> health rules being created.  The rules per SG quota in AWS is quite small; 60 by default, and 200 hard max.  OCP has about 40 rules OOTB. Assuming an HA cluster in 3 AZs, that is 4 rules per LB.  With default AWS quota, only ~5 LBs can be create and with the hard max of 200, only ~40 LBs can be created.

      Version-Release number of selected component (if applicable):

      4.12

      How reproducible:

      Always

      Steps to Reproduce:

      1.  Create Service type LoadBalancer and observe increase in master-sg and worker-sg rules sets
2.
3.

      Actual results:

      4 rules are created

      Expected results:

      1 rules is created when the client rule is a superset of the per-subnet health rules

      Additional info:

      This ~4x the number of Services of type LoadBalancer.  This is required for Hypershift.

            sjenning Seth Jennings
            sjenning Seth Jennings
            Milind Yadav Milind Yadav
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Created:
              Updated:
              Resolved: