Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.17.0, 4.18.0
Component/s: Installer / openshift-installer
Labels:
- pre-merge

Severity:
Important
Regression:
Yes
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
When installing OpenShift cluster into GCP shared VPC using the minimum permissions, and without specifying controlPlane.platform.gcp.serviceAccount in install-config, installation can succeed along with k8s firewall-rules being created in the shared VPC, but destroying the cluster will fail to delete these k8s firewall-rules due to lack of permissions in the host project.

Show
When installing OpenShift cluster into GCP shared VPC using the minimum permissions, and without specifying controlPlane.platform.gcp.serviceAccount in install-config, installation can succeed along with k8s firewall-rules being created in the shared VPC, but destroying the cluster will fail to delete these k8s firewall-rules due to lack of permissions in the host project.
Release Note Type:
Known Issue
Release Note Status:
In Progress
Target Version:

4.18.0
Target Backport Versions:

4.17.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Uninstalling failed to delete k8s firewall-rules for a Shared VPC installation using minimum permissions.

Version-Release number of selected component (if applicable):

4.18.0-0.nightly-2024-08-19-002129

How reproducible:

Always

Steps to Reproduce:

1. "create install-config", and then insert the interested settings (see [1])
2. activate the service account having the minimum required permissions for Shared VPC installation (see [2])
3. "create cluster" and make sure it succeed (see [3])
4. "destroy cluster" (see [4])

Actual results:

"destroy cluster" keeps telling warnings on lack of permissions deleting k8s firewall-rules in the host project

Expected results:

"destroy cluster" should not complain about lack of permissions deleting k8s firewall-rules in the host project

Additional info:

FYI https://issues.redhat.com/browse/OCPBUGS-38152?focusedId=25382865&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-25382865

relates to

OCPBUGS-38152 [GCP CAPI install] Shared VPC installation using service account having all required permissions failed due to cluster operator ingress degraded

Verified

links to

openshift/openshift-docs#83469: OCPBUGS-38689: Add section for xpn deletion permissions

openshift/openshift-docs#84297: [enterprise-4.17] OCPBUGS-38689: Add section for xpn deletion permissions

openshift/openshift-docs#84298: [enterprise-4.18] OCPBUGS-38689: Add section for xpn deletion permissions

Assignee:: Brent Barbachem

Reporter:: Jianli Wei

QA Contact:: Jianli Wei

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024/08/20 4:29 AM

Updated:: 2024/11/01 9:43 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates