-
Bug
-
Resolution: Cannot Reproduce
-
Major
-
None
-
4.13.z
-
No
-
3
-
NE Sprint 260
-
1
-
Rejected
-
False
-
-
-
-
10/10 Discussed at bug-triage sp259; wait for resp from support. One support case w/no comment from Cu since 3-11; asked support to confirmation that cu still cares; there is no TAM. PX Score -2000. New status for 209+ days. Suggest closing.
-
Description of problem:
Due to AWS Loadbalancer Operator, the other AWS resources outside the cluster are also getting deleted if the cluster destroy command is executed.
Version-Release number of selected component (if applicable):
RHOCP v4.13
How reproducible:
Frequently
Steps to Reproduce:
1. Following this steps: https://docs.openshift.com/container-platform/4.13/networking/aws_load_balancer_operator/installing-albo-sts-cluster.html 2. Two IAM roles were created from the steps provided in the above document. One is for AWS Load Balancer Operator and another for AWS Load Balancer Controller. 3. We ran openshift-install destroy cluster on that cluster
Actual results:
Iterated over a page of v1 and v2 load balancers in the VPC and attempted to delete all load balancers. The only load balancers spared were those that had deletion protection enabled.
Expected results:
Destroying of the clusters and its related resources only
Additional info:
Customer's Conclusion: I suspected that because the credential requests for AWS Load Balancer Controller had its policy to allow a lot of elb actions including elasticloadbalancing:DeleteLoadBalancer with its Resource defined as a wildcard meaning that it has enough privilege to manipulate all elb in the VPC. Somehow the cluster will use any service tokens found within the cluster when running "openshift-install destroy cluster" command, or using all the IAM roles it can assumed, thus giving it this amount of elevated rights to impact all resources within the VPC. This seems like a big issue in design as it impacts all resources in AWS and not just openshift-related.