Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-36968

[aws capi] unnecessary revoke-authorize ingress rules loop

XMLWordPrintable

    • Low
    • No
    • Installer Sprint 256, Installer Sprint 257
    • 2
    • Proposed
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the Load Balancer ingress rules were continuously revoked and authorized, causing unnecessary Amazon Web Services (AWS) Application Programming Interface (API) calls and cluster provision delays. With this release, the Load Balancer checks for ingress rules that need to be applied and the issue is resolved. (link:https://issues.redhat.com/browse/OCPBUGS-36968[*OCPBUGS-36968*])
      ____________
      What: unnecessary revoke and authorize of Load Balancer ingress rules.
      Fix: fixed check for ingress rules that need to be applied
      Result: no unneeded revokes during cluster provisioning.
      Show
      * Previously, the Load Balancer ingress rules were continuously revoked and authorized, causing unnecessary Amazon Web Services (AWS) Application Programming Interface (API) calls and cluster provision delays. With this release, the Load Balancer checks for ingress rules that need to be applied and the issue is resolved. (link: https://issues.redhat.com/browse/OCPBUGS-36968 [* OCPBUGS-36968 *]) ____________ What: unnecessary revoke and authorize of Load Balancer ingress rules. Fix: fixed check for ingress rules that need to be applied Result: no unneeded revokes during cluster provisioning.
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-35440. The following is the description of the original issue:

      Description of problem:

      Because of a bug in upstream CAPA, the Load Balancer ingress rules are continuously revoked and then authorized, causing unnecessary AWS API calls and cluster provision delays.

      Version-Release number of selected component (if applicable):

      4.16+

      How reproducible:

      always

      Steps to Reproduce:

      1.
2.
3.

      Actual results:

      A constant loop of revoke-authorize of ingress rules.

      Expected results:

      Rules should be revoked only when needed (for example, when the installer removes the allow-all ssh rule). In the other cases, rules should be authorized only once.

      Additional info:

      Upstream issue created: https://github.com/kubernetes-sigs/cluster-api-provider-aws/issues/5023
PR submitted upstream: https://github.com/kubernetes-sigs/cluster-api-provider-aws/pull/5024

              rdossant Rafael Fonseca dos Santos
              openshift-crt-jira-prow OpenShift Prow Bot
              Yunfei Jiang Yunfei Jiang
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: