Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-44294

Backwards compatibility for ENI tagging in AWS on HCP ROSA

XMLWordPrintable

    • None
    • False
    • Hide

      None

      Show
      None
    • N/A
    • Release Note Not Required
    • Done

      This is a clone of issue OCPBUGS-44234. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-43921. The following is the description of the original issue:

      This is a clone of issue OCPBUGS-43898. The following is the description of the original issue:

      Description of problem:

      OCP 4.17 requires permissions to tag network interfaces (ENIs) on instance creation in support of the Egress IP feature.
      
      ROSA HCP uses managed IAM policies, which are reviewed and gated by AWS. The current policy AWS has applied does not allow us to tag ENIs out of band, only ones that have 'red-hat-managed: true`, which are going to be tagged during instance creation.
      
      However, in order to support backwards compatibility for existing clusters, we need to roll out a CAPA patch that allows us to call `RunInstances` with or without the ability to tag ENIs.
      
      Once we backport this to the Z streams, upgrade clusters and rollout the updated policy with AWS, we can then go back and revert the backport.
      
      For more information see https://issues.redhat.com/browse/SDE-4496

      Version-Release number of selected component (if applicable):

      4.17

      How reproducible:

          

      Steps to Reproduce:

          1.
          2.
          3.
          

      Actual results:

          

      Expected results:

          

      Additional info:

          

              joelspeed Joel Speed
              openshift-crt-jira-prow OpenShift Prow Bot
              Zhaohua Sun Zhaohua Sun
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: