Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-42142

[GCP] installing into GCP shared VPC with BYO hosted zone failed with error "failed to create the private managed zone"

XMLWordPrintable

    • Important
    • Yes
    • Rejected
    • False
    • Hide

      None

      Show
      None
    • Hide
      * Previously, the installation program attempted to create a private zone for a cluster that needed to be installed on a {gcp-full} shared virtual private network (VPC). This caused the installation of the cluster to fail. With this release, a fix skips the creation of the private zone so that this cluster installation issue no longer exists. (link:https://issues.redhat.com/browse/OCPBUGS-42142[*OCPBUGS-42142*])
      Show
      * Previously, the installation program attempted to create a private zone for a cluster that needed to be installed on a {gcp-full} shared virtual private network (VPC). This caused the installation of the cluster to fail. With this release, a fix skips the creation of the private zone so that this cluster installation issue no longer exists. (link: https://issues.redhat.com/browse/OCPBUGS-42142 [* OCPBUGS-42142 *])
    • Bug Fix
    • Done

      This is a clone of issue OCPBUGS-38966. The following is the description of the original issue:

      Description of problem:

          installing into GCP shared VPC with BYO hosted zone failed with error "failed to create the private managed zone"

      Version-Release number of selected component (if applicable):

          4.17.0-0.nightly-multi-2024-08-26-170521

      How reproducible:

          Always

      Steps to Reproduce:

          1. pre-create the dns private zone in the service project, with the zone's dns name like "<cluster name>.<base domain>" and binding to the shared VPC
    2. activate the service account having minimum permissions, i.e. no permission to bind a private zone to the shared VPC in the host project (see [1])
    3. "create install-config" and then insert the interested settings (e.g. see [2])
    4. "create cluster"    

      Actual results:

          It still tries to create a private zone, which is unexpected.

failed to fetch Cluster: failed to generate asset "Cluster": failed to create cluster: failed provisioning resources after infrastructure ready: failed to create the private managed zone: failed to create private managed zone: googleapi: Error 403: Forbidden, forbidden

      Expected results:

          The installer should use the pre-configured dns private zone, rather than try to create a new one. 

      Additional info:

      The 4.16 epic adding the support: https://issues.redhat.com/browse/CORS-2591

One PROW CI test which succeeded using Terraform installation: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.17-multi-nightly-4.17-upgrade-from-stable-4.17-gcp-ipi-xpn-mini-perm-byo-hosted-zone-arm-f28/1821177143447523328

The PROW CI test which failed: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/logs/periodic-ci-openshift-openshift-tests-private-release-4.17-multi-nightly-gcp-ipi-xpn-mini-perm-byo-hosted-zone-amd-f28-destructive/1828255050678407168

            rh-ee-bbarbach Brent Barbachem
            openshift-crt-jira-prow OpenShift Prow Bot
            Jianli Wei Jianli Wei
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

              Created:
              Updated:
              Resolved: