Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.14.z, 4.15.z
Component/s: Cloud Compute / Cloud Controller Manager
Labels:
- aws
- outposts

Regression:
No
Blocked:
False
Blocked Reason:

Hide

None

Show
None

SFDC Cases Counter:
SFDC Cases Links:

Description

Description of problem:

The CCM is selecting AWS Outposts subnets when creating service LoadBalancers on OpenShift clusters installed in existing VPC using subnets which AWS Outpost rack is not attached to.

For example: A cluster installed using subnets only in Zone B and C, and Outpost rack attached to Zone A, all with public subnets created, when creating a service LoadBalancer the CCM will select one subnet by zone, including the Outposts, which does not support network-based load balancers (CLB or NLB), failing to provision the CLB (or NLB) Load Balancer

To workaround, the subnet tag "kubernetes.io/cluster/unmanaged:true" ha been added to the Outpost subnets to prevent CCM selecting the Outpost subnets when creating the service LB.

Version-Release number of selected component (if applicable):

4.15

How reproducible:

always

Steps to Reproduce:

1. create an OCP cluster using zones different than Outpost rack is attached
2. create OP subnets, public and private, attaching it to respective route tables (for private subnets it can be attached to any private route table used in the region)
3. create a service LB with default configuration

Actual results:

    $ oc describe svc $SVC_NAME_CLB_SB -n ${APP_NAME} | grep ^Events -A20
Events:
  Type     Reason                  Age    From                Message
  ----     ------                  ----   ----                -------
  Warning  SyncLoadBalancerFailed  4m56s  service-controller  Error syncing load balancer: failed to ensure load balancer: ValidationError: You cannot use Outposts subnets for load balancers of type 'classic'
           status code: 400, request id: 875a7b34-7d34-42e2-88c6-e52c74e85d33
  x4
  Normal   EnsuringLoadBalancer    2m18s (x6 over 4m57s)  service-controller  Ensuring load balancer
  Warning  SyncLoadBalancerFailed  2m17s                  service-controller  Error syncing load balancer: failed to ensure load balancer: ValidationError: You cannot use Outposts subnets for load balancers of type 'classic'
           status code: 400, request id: 936eb787-5d7f-4db0-9572-0b7bdf410674

Expected results:

    Service LoadBalancer created using only Availability Zones' subnets - CCM ignoring the Outpost subnets as network-based load balancers (CLB/NLB) is not currently supported by AWS Ouposts infrastructures (from Features[1]/network/Load Balancer):
> You can provision an Application Load Balancer (ALB) to automatically distribute incoming HTTP(S) traffic across multiple targets on your Outposts rack, such as Amazon EC2 instances, containers, and IP addresses. ALB on Outposts is fully managed, operates in a single subnet, and scales automatically up to the capacity available on the Outposts rack to meet varying levels of application load without manual intervention.

[1] https://aws.amazon.com/outposts/rack/features/

Additional info:

- Similar issue/limitation on AWS Local Zones: https://github.com/kubernetes/cloud-provider-aws/pull/499
- Slack conversation about that theme on Outpost documentation review: 
https://redhat-internal.slack.com/archives/C06K5PQSJ2H/p1708534439499289?thread_ts=1708146721.968889&cid=C06K5PQSJ2H
https://redhat-internal.slack.com/archives/C06K5PQSJ2H/p1708962252415709?thread_ts=1708628189.022069&cid=C06K5PQSJ2H

Attachments

Issue Links

is triggered by

RFE-4923 Support for OpenShift Container Platform 4 deployment across different VPC (AWS Outpost)

Rejected

Activity

People

Assignee:: Theo Barber-Bany

Reporter:: Marco Braga

QA Contact:: Zhaohua Sun

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Dates

Created:: 2024/02/28 3:05 PM

Updated:: 2024/03/15 1:28 PM