Description of problem:
OCP 4.17 requires permissions to tag network interfaces (ENIs) on instance creation in support of the Egress IP feature. ROSA HCP uses managed IAM policies, which are reviewed and gated by AWS. The current policy AWS has applied does not allow us to tag ENIs out of band, only ones that have 'red-hat-managed: true`, which are going to be tagged during instance creation. However, in order to support backwards compatibility for existing clusters, we need to roll out a CAPA patch that allows us to call `RunInstances` with or without the ability to tag ENIs. Once we backport this to the Z streams, upgrade clusters and rollout the updated policy with AWS, we can then go back and revert the backport. For more information see https://issues.redhat.com/browse/SDE-4496
Version-Release number of selected component (if applicable):
4.17
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info:
- blocks
-
OCPBUGS-43921 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Closed
- is cloned by
-
OCPBUGS-43921 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Closed
- links to
-
RHEA-2024:6122 OpenShift Container Platform 4.18.z bug fix update