Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-20161

HostedCluster with ControlPlaneEndpoint: 443 also exposes on 6443

    XMLWordPrintable

Details

    • No
    • Hypershift Sprint 244
    • 1
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, hosted clusters with `.status.controlPlaneEndpoint.port: 443` would mistakenly expose the port 6443 for public and private routers. With this update, hosted clusters with `.status.controlPlaneEndpoint.port: 443` only expose the port 443. (link:https://issues.redhat.com/browse/OCPBUGS-20161[*OCPBUGS-20161*])
      Show
      * Previously, hosted clusters with `.status.controlPlaneEndpoint.port: 443` would mistakenly expose the port 6443 for public and private routers. With this update, hosted clusters with `.status.controlPlaneEndpoint.port: 443` only expose the port 443. (link: https://issues.redhat.com/browse/OCPBUGS-20161 [* OCPBUGS-20161 *])
    • Bug Fix
    • Done

    Description

      Description of problem:

      HostedClusters with a .status.controlPlaneEndpoint.port: 443 unexepectedly also expose the KAS on port 6443. This causes four security group rules to be consumed per LoadBalancer service (443/6443 for router and 443/6443 for private-router) instead of just two (443 for router and 443 for private-router). This directly impacts the number of HostedClusters on a Management Cluster since there is a hard cap of 200 security group rules per security group.

      Version-Release number of selected component (if applicable):

      4.14.0

      How reproducible:

      100%
      

      Steps to Reproduce:

      1. Create a HostedCluster resulting in its .status.controlPlaneEndpoint.port: 443
      2. Observe that the router/private-router LoadBalancer services expose both ports 6443 and 443 

      Actual results:

      The router/private-router LoadBalancer services expose both ports 6443 and 443 

      Expected results:

      The router/private-router LoadBalancer services exposes only port 443 

      Additional info:

       

      Attachments

        Issue Links

          Activity

            People

              agarcial@redhat.com Alberto Garcia Lamela
              mukrishn@redhat.com Murali Krishnasamy
              Jie Zhao Jie Zhao
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: