-
Bug
-
Resolution: Unresolved
-
Normal
-
4.14
-
Quality / Stability / Reliability
-
False
-
-
None
-
None
-
None
-
None
-
None
-
CLOUD Sprint 275, CLOUD Sprint 276, CLOUD Sprint 277
-
3
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
The public IP address resource in Azure is not getting cleaned up after a load balancer service
Version-Release number of selected component (if applicable):
4.14+ (since the introduction of Azure workload identity integration)
How reproducible:
every time
Steps to Reproduce:
1. Create service of type loadbalancer with public IP address 2. Delete service of type loadbalancer 3. View public IP address that is orphaned 4. View CCM logs that contain Authorization errors
Actual results:
Public IP address is orphaned in OCP
Expected results:
Public IP address is deleted after loadbalancer service deleted
Additional info:
apiVersion: v1 kind: Service metadata: name: my-service spec: selector: app.kubernetes.io/name: MyApp ports: - protocol: TCP port: 80 targetPort: 9376 type: LoadBalancer E0811 20:53:34.562512 1 controller.go:298] error processing service default/my-service (retrying with exponential backoff): failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 403, RawError: {"error":{"code":"AuthorizationFailed","message":"The client '9da1d489-6b30-429d-acc5-8c097f9fb898' with object id '9da1d489-6b30-429d-acc5-8c097f9fb898' does not have authorization to perform action 'Microsoft.Network/publicIPAddresses/delete' over scope '/subscriptions/fe16a035-e540-4ab7-80d9-373fa9a3d6ae/resourceGroups/aro-c6axpif1/providers/Microsoft.Network/publicIPAddresses/sre-shared-miwi-clust-t2hnr-ad1e00fae809141bb95cf324f8c07f2e' or the scope is invalid. If access was recently granted, please refresh your credentials."}}