-
Bug
-
Resolution: Unresolved
-
Major
-
None
-
4.18.z
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
While creating HCP cluster, one can define service publishing strategy for services such as
* Apiserver
* Oauth
* Ignition
* OIDC
* Konnectivity
Now it is clear that for Apiserver LB can be configured. However for the other services such as ignition/oauth the default is route and if needed nodePort type can also be configured.
Let's say if someone doesn't want to make use of these type of service and want to use publishing strategy as LB.
To Check, I tested a few combinations locally.
I tried setting the LB as type for first ignition service and then for oauth.
Both time the installation fails.
For ignition service set as LB, I observed error in hypershift operator logs:
~~~
{"level":"info","ts":"2025-02-13T05:57:44Z","msg":"hostedcluster does not use isolated request serving components, nothing to do","controller":"DedicatedServingComponentScheduler","controllerGroup":"hypershift.openshift.io","controllerKind":"HostedCluster","HostedCluster":{"name":"hcpagent","namespace":"hcpagent"},"namespace":"hcpagent","name":"hcpagent","reconcileID":"6d12702a-4702-45b6-a164-e2f74ff6e5f5","hostedcluster":"hcpagent/hcpagent"}
{"level":"info","ts":"2025-02-13T05:57:44Z","msg":"Reconciling","controller":"nodepool","controllerGroup":"hypershift.openshift.io","controllerKind":"NodePool","NodePool":{"name":"nodepool-hcpagent-1","namespace":"hcpagent"},"namespace":"hcpagent","name":"nodepool-hcpagent-1","reconcileID":"8c7e8996-12b5-4997-9aef-b2733900fd25"}
{"level":"error","ts":"2025-02-13T05:57:44Z","msg":"","controller":"hostedcluster","controllerGroup":"hypershift.openshift.io","controllerKind":"HostedCluster","HostedCluster":{"name":"hcpagent","namespace":"hcpagent"},"namespace":"hcpagent","name":"hcpagent","reconcileID":"e5176f91-d18d-4fc8-9c2f-3dee18c7f787","error":"unknown service strategy type for ignition service: LoadBalancer","stacktrace":"github.com/openshift/hypershift/hypershift-operator/controllers/hostedcluster.(*HostedClusterReconciler).reconcile\n\t/remote-source/app/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go:926\ngithub.com/openshift/hypershift/hypershift-operator/controllers/hostedcluster.(*HostedClusterReconciler).Reconcile\n\t/remote-source/app/hypershift-operator/controllers/hostedcluster/hostedcluster_controller.go:314\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/remote-source/app/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:222"}
{"level":"info","ts":"2025-02-13T05:57:44Z","msg":"reconciling","controller":"hostedcluster","controllerGroup":"hypershift.openshift.io","controllerKind":"HostedCluster","HostedCluster":{"name":"hcpagent","namespace":"hcpagent"},"namespace":"hcpagent","name":"hcpagent","reconcileID":"fd2cdf47-52d3-496d-a15b-1f87f65438dc"}
~~~
In the next attempt, I set back ignition service to route and change oauth to LB.
I did this because unless the hypershift operator reconciles ignition service correctly, the control plane operator pod will not get deployed in hosted cluster installation namespace.
There in control plane operator pod I observed reconcile error to oauth service .
~~~
{"level":"error","ts":"2025-02-13T06:20:35Z","msg":"Reconciler error","controller":"hostedcontrolplane","controllerGroup":"hypershift.openshift.io","controllerKind":"HostedControlPlane","HostedControlPlane":{"name":"hcpagent","namespace":"hcpagent-hcpagent"},"namespace":"hcpagent-hcpagent","name":"hcpagent","reconcileID":"a400485a-9d06-4d2d-998a-d887bf3997fd","error":"failed to update control plane: failed to ensure infrastructure: failed to reconcile OAuth server service: failed to reconcile OAuth service: invalid publishing strategy for OAuth service: LoadBalancer","stacktrace":"sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:324\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\t/hypershift/vendor/sigs.k8s.io/controller-runtime/pkg/internal/controller/controller.go:222"}
~~~
It looks to me that LB configuration cannot be set for other services than K8 API.
Version-Release number of selected component (if applicable):
4.17.z
How reproducible:
100%
Steps to Reproduce:
1. Create cluster using HCP CLI or from ACM UI
2. update the hosted cluster CR to set ignition/oauth service type as LB
3. check the hypershift operator logs/ control plane operator logs
Actual results:
HCP deployment fails
Expected results:{code:none}
HCP deployment should succceed
Additional info:{code:none}