Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-54623

Associated Security group rule entry is not deleted from EC2 instance on deleting LoadBalancer service

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • Rejected
    • CLOUD Sprint 270, CLOUD Sprint 271, CLOUD Sprint 272, CLOUD Sprint 273, CLOUD Sprint 274, CLOUD Sprint 275, CLOUD Sprint 276, CLOUD Sprint 277, CLOUD Sprint 278
    • 9
    • None
    • None
    • None
    • None
    • None
    • None
    • None

      Description of problem:

      Associated Security group rule entry is not deleted from EC2 instance on deleting LoadBalancer service

      Version-Release number of selected component (if applicable):

      4.17.z, 4.18.z

      How reproducible:

      Always

      Steps to Reproduce:

      When an OpenShift Service of type LoadBalancer is created on a cluster running on AWS, an Elastic Load Balancer (ELB) is automatically provisioned.
      AWS creates a dedicated security group for this ELB, and that group is configured to allow inbound traffic (e.g., TCP/443).AWS modifies the security group of EC2 instances (i.e., the OpenShift nodes) by adding an inbound rule that allows traffic from the ELB security group.
      When the LoadBalancer service is deleted, AWS:
      - Automatically deletes the ELB.
      - Deletes the ELB's security group.
      - However, AWS does not automatically clean up the inbound rule in the OCP node’s security group that referenced the ELB's security group (even though that group no longer exists).     

      Actual results:

          

      Expected results:

          

      Additional info:

          

              rhn-gps-mbooth Matthew Booth
              rhn-support-disharma Diksha Sharma
              Diksha Sharma
              None
              Zhaohua Sun Zhaohua Sun
              None
              Votes:
              0 Vote for this issue
              Watchers:
              8 Start watching this issue

                Created:
                Updated:
                Resolved: