-
Bug
-
Resolution: Unresolved
-
Normal
-
None
-
4.19
-
None
-
False
-
Description of problem:
byo-kms instlal failed with CAPI
Version-Release number of selected component (if applicable):
4.19.0-0.nightly-2024-12-24-213048
How reproducible:
always
Steps to Reproduce:
1.create a key
2.use the key in install-config.yaml
publish: External
featureSet: CustomNoUpgrade
featureGates: ["ClusterAPIInstall=true"]
baseDomain: ibmcloud.qe.devcluster.openshift.com
credentialsMode: Manual
platform:
ibmcloud:
region: jp-tok
networkResourceGroupName: ci-op-7hcfbzfy-142dd-rg
vpcName: ci-op-7hcfbzfy-142dd-vpc
controlPlaneSubnets:
- ci-op-7hcfbzfy-142dd-control-plane-jp-tok-3-0
- ci-op-7hcfbzfy-142dd-control-plane-jp-tok-2-0
- ci-op-7hcfbzfy-142dd-control-plane-jp-tok-1-0
computeSubnets:
- ci-op-7hcfbzfy-142dd-compute-jp-tok-3-0
- ci-op-7hcfbzfy-142dd-compute-jp-tok-2-0
- ci-op-7hcfbzfy-142dd-compute-jp-tok-1-0
resourceGroupName: ci-op-7hcfbzfy-142dd
defaultMachinePlatform:
bootVolume:
encryptionKey: "crn:v1:bluemix:public:kms:jp-tok:a/fdc2e14cf8bc4d53a67f972dc2e2c861:4a6c67ca-7708-44c0-87fe-9eff2c111c00:key:4cf691f0-9cb1-4011-80b5-02aed0bbae60"
or
publish: External
featureSet: CustomNoUpgrade
featureGates: ["ClusterAPIInstall=true"]
baseDomain: XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
credentialsMode: Manual
platform:
ibmcloud:
region: jp-tok
networkResourceGroupName: ci-op-3py46711-142dd-rg
vpcName: ci-op-3py46711-142dd-vpc
controlPlaneSubnets:
- ci-op-3py46711-142dd-control-plane-jp-tok-3-0
- ci-op-3py46711-142dd-control-plane-jp-tok-2-0
- ci-op-3py46711-142dd-control-plane-jp-tok-1-0
computeSubnets:
- ci-op-3py46711-142dd-compute-jp-tok-3-0
- ci-op-3py46711-142dd-compute-jp-tok-2-0
- ci-op-3py46711-142dd-compute-jp-tok-1-0
resourceGroupName: ci-op-3py46711-142dd
controlPlane:
name: master
platform:
ibmcloud:
type: bx2-4x16
zones: [jp-tok-1, jp-tok-2, jp-tok-3]
bootVolume:
encryptionKey: "crn:v1:bluemix:public:kms:jp-tok:a/fdc2e14cf8bc4d53a67f972dc2e2c861:2aa5aefd-1168-4191-a525-c9dce0da520e:key:a95a2abe-c566-43f9-b523-b06698465601"
replicas: 3
compute:
- name: worker
platform:
ibmcloud:
type: bx2-4x16
zones: [jp-tok-1, jp-tok-2, jp-tok-3]
bootVolume:
encryptionKey: "crn:v1:bluemix:public:kms:jp-tok:a/fdc2e14cf8bc4d53a67f972dc2e2c861:95afa81f-7486-49ce-a84f-f7b491d85c8c:key:2efdff99-4fdf-46ab-b424-b30f171094df"
replicas: 3
3.install cluster with CAPI
Actual results:
install failed.
in kube-apiserver.log
rejected by webhook "vibmvpcmachine.kb.io": &errors.StatusError{ErrStatus:v1.Status{TypeMeta:v1.TypeMeta{Kind:"", APIVersion:""}, ListMeta:v1.ListMeta{SelfLink:"", ResourceVersion:"", Continue:"", RemainingItemCount:(*int64)(nil)}, Status:"Failure", Message:"admission webhook \"vibmvpcmachine.kb.io\" denied the request: IBMVPCMachine.infrastructure.cluster.x-k8s.io \"ci-op-7hcfbzfy-142dd-8vxvb-bootstrap\" is invalid: spec.bootVolume.sizeGiB: Invalid value: v1beta2.IBMVPCMachineSpec{Name:\"ci-op-7hcfbzfy-142dd-8vxvb-master-0\", CatalogOffering:(*v1beta2.IBMCloudCatalogOffering)(nil), PlacementTarget:(*v1beta2.VPCMachinePlacementTarget)(nil), Image:(*v1beta2.IBMVPCResourceReference)(0xc000d8a2c0), LoadBalancerPoolMembers:[]v1beta2.VPCLoadBalancerBackendPoolMember{v1beta2.VPCLoadBalancerBackendPoolMember{LoadBalancer:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a2e0)}, Pool:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a2f0)}, Port:6443, Weight:(*int64)(nil)}, v1beta2.VPCLoadBalancerBackendPoolMember{LoadBalancer:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a300)}, Pool:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a310)}, Port:22623, Weight:(*int64)(nil)}, v1beta2.VPCLoadBalancerBackendPoolMember{LoadBalancer:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a320)}, Pool:v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a330)}, Port:6443, Weight:(*int64)(nil)}}, Zone:\"jp-tok-1\", Profile:\"bx2-4x16\", BootVolume:(*v1beta2.VPCVolume)(0xc0014f20f0), ProviderID:(*string)(nil), PrimaryNetworkInterface:v1beta2.NetworkInterface{SecurityGroups:[]v1beta2.VPCResource{v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a340)}, v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a350)}, v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a360)}, v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a370)}, v1beta2.VPCResource{ID:(*string)(nil), Name:(*string)(0xc000d8a380)}}, Subnet:\"ci-op-7hcfbzfy-142dd-control-plane-jp-tok-1-0\"}, SSHKeys:[]*v1beta2.IBMVPCResourceReference(nil)}: valid Boot VPCVolume size is 10 - 250 GB", Reason:"Invalid", Details:(*v1.StatusDetails)(0xc0044719e0), Code:422}}
Expected results:
install succeed with CAPI using byo-kms
Additional info:
ref: https://qe-private-deck-ci.apps.ci.l2s4.p1.openshiftapps.com/view/gs/qe-private-deck/pr-logs/pull/openshift_release/59392/rehearse-59392-periodic-ci-openshift-verification-tests-master-installer-rehearse-4.19-cucushift-installer-rehearse-ibmcloud-ipi-byo-kms-capi/1871830778820694016
