Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Critical
Fix Version/s: 4.15.0
Affects Version/s: 4.14.0
Component/s: HyperShift
Labels:

Regression:
No
Sprint:
Hypershift Sprint 244
sprint_count:
1
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* Previously, hosted clusters with `.status.controlPlaneEndpoint.port: 443` would mistakenly expose the port 6443 for public and private routers. With this update, hosted clusters with `.status.controlPlaneEndpoint.port: 443` only expose the port 443. (link:https://issues.redhat.com/browse/OCPBUGS-20161[*~~OCPBUGS-20161~~*])

Show
* Previously, hosted clusters with `.status.controlPlaneEndpoint.port: 443` would mistakenly expose the port 6443 for public and private routers. With this update, hosted clusters with `.status.controlPlaneEndpoint.port: 443` only expose the port 443. (link: https://issues.redhat.com/browse/OCPBUGS-20161 [* OCPBUGS-20161 *])
Release Note Type:
Bug Fix
Release Note Status:
Done
Target Version:

4.15.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

HostedClusters with a .status.controlPlaneEndpoint.port: 443 unexepectedly also expose the KAS on port 6443. This causes four security group rules to be consumed per LoadBalancer service (443/6443 for router and 443/6443 for private-router) instead of just two (443 for router and 443 for private-router). This directly impacts the number of HostedClusters on a Management Cluster since there is a hard cap of 200 security group rules per security group.

Version-Release number of selected component (if applicable):

4.14.0

How reproducible:

100%

Steps to Reproduce:

1. Create a HostedCluster resulting in its .status.controlPlaneEndpoint.port: 443
2. Observe that the router/private-router LoadBalancer services expose both ports 6443 and 443

Actual results:

The router/private-router LoadBalancer services expose both ports 6443 and 443

Expected results:

The router/private-router LoadBalancer services exposes only port 443

Additional info:

blocks

OCPBUGS-22898 HostedCluster with ControlPlaneEndpoint: 443 also exposes on 6443

Closed

is cloned by

OCPBUGS-22898 HostedCluster with ControlPlaneEndpoint: 443 also exposes on 6443

Closed

is duplicated by

HOSTEDCP-1268 Staging: HC stuck at installing

Closed

links to

openshift/hypershift#3149: OCPBUGS-20161: Stop exposing kas on 6443 private route service load balancer

RHEA-2023:7198 rpm

mentioned in: Page Loading...

mentioned on

Merge request - Bump IBM integration to our latest prod image.

Merge request - Specify API Server override port as 443

(1 mentioned in, 3 mentioned on)

Assignee:: Alberto Garcia Lamela

Reporter:: Murali Krishnasamy

QA Contact:: Jie Zhao

Votes:: 0 Vote for this issue

Watchers:: 10 Start watching this issue

Created:: 2023/10/05 6:33 PM

Updated:: 2024/04/29 5:00 PM

Resolved:: 2024/02/27 8:51 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates