This is a clone of issue OCPBUGS-43898. The following is the description of the original issue:
—
Description of problem:
OCP 4.17 requires permissions to tag network interfaces (ENIs) on instance creation in support of the Egress IP feature. ROSA HCP uses managed IAM policies, which are reviewed and gated by AWS. The current policy AWS has applied does not allow us to tag ENIs out of band, only ones that have 'red-hat-managed: true`, which are going to be tagged during instance creation. However, in order to support backwards compatibility for existing clusters, we need to roll out a CAPA patch that allows us to call `RunInstances` with or without the ability to tag ENIs. Once we backport this to the Z streams, upgrade clusters and rollout the updated policy with AWS, we can then go back and revert the backport. For more information see https://issues.redhat.com/browse/SDE-4496
Version-Release number of selected component (if applicable):
4.17
How reproducible:
Steps to Reproduce:
1. 2. 3.
Actual results:
Expected results:
Additional info:
- blocks
-
OCPBUGS-44234 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Closed
- clones
-
OCPBUGS-43898 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Verified
- is blocked by
-
OCPBUGS-43898 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Verified
- is cloned by
-
OCPBUGS-44234 Backwards compatibility for ENI tagging in AWS on HCP ROSA
- Closed
- links to
-
RHBA-2024:8981 OpenShift Container Platform 4.17.z bug fix update