Loading...

XML

Word

Printable

Type: Bug
Resolution: Done-Errata
Priority: Major
Fix Version/s: None
Affects Version/s: 4.17.0, 4.18.0
Component/s: Installer / openshift-installer
Labels:
- pre-merge

Severity:
Important
Regression:
Yes
Release Blocker:
Rejected
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Release Note Text:

Hide
* An installation can succeed when installing a cluster on a {gcp-full} shared virtual private network (VPC) using the minimum permissions and without specifying the`controlPlane.platform.gcp.serviceAccount` in the `install-config.yaml` file. Firewall rules in Kubernetes (K8s) are created in the shared VPC, but destroying the cluster will not delete these firewall rules in K8s because the host project lacks the permissions. (link:https://issues.redhat.com/browse/OCPBUGS-38689[*~~OCPBUGS-38689~~*])

Show
* An installation can succeed when installing a cluster on a {gcp-full} shared virtual private network (VPC) using the minimum permissions and without specifying the`controlPlane.platform.gcp.serviceAccount` in the `install-config.yaml` file. Firewall rules in Kubernetes (K8s) are created in the shared VPC, but destroying the cluster will not delete these firewall rules in K8s because the host project lacks the permissions. (link: https://issues.redhat.com/browse/OCPBUGS-38689 [* OCPBUGS-38689 *])
Release Note Type:
Known Issue
Release Note Status:
Proposed
Target Version:

4.18.0
Target Backport Versions:

4.17.0

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Description of problem:

Uninstalling failed to delete k8s firewall-rules for a Shared VPC installation using minimum permissions.

Version-Release number of selected component (if applicable):

4.18.0-0.nightly-2024-08-19-002129

How reproducible:

Always

Steps to Reproduce:

1. "create install-config", and then insert the interested settings (see [1])
2. activate the service account having the minimum required permissions for Shared VPC installation (see [2])
3. "create cluster" and make sure it succeed (see [3])
4. "destroy cluster" (see [4])

Actual results:

"destroy cluster" keeps telling warnings on lack of permissions deleting k8s firewall-rules in the host project

Expected results:

"destroy cluster" should not complain about lack of permissions deleting k8s firewall-rules in the host project

Additional info:

FYI https://issues.redhat.com/browse/OCPBUGS-38152?focusedId=25382865&page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#comment-25382865

relates to

OCPBUGS-38152 [GCP CAPI install] Shared VPC installation using service account having all required permissions failed due to cluster operator ingress degraded

Closed

links to

openshift/openshift-docs#83469: OCPBUGS-38689: Add section for xpn deletion permissions

openshift/openshift-docs#84297: [enterprise-4.17] OCPBUGS-38689: Add section for xpn deletion permissions

openshift/openshift-docs#84298: [enterprise-4.18] OCPBUGS-38689: Add section for xpn deletion permissions

RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update

Assignee:: Brent Barbachem

Reporter:: Jianli Wei

QA Contact:: Jianli Wei

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Created:: 2024/08/20 4:29 AM

Updated:: 2025/02/25 4:49 AM

Resolved:: 2025/02/25 4:49 AM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates