-
Bug
-
Resolution: Unresolved
-
Undefined
-
4.20, 4.21
-
None
Description of problem:
Setting allowedCIDRBlocks field + with externalDns + publicAndPrivate, the controll-plane failed with error : "failed to update control plane: failed to ensure infrastructure: failed to reconcile API server service: failed to reconcile API server service: Service \"kube-apiserver\" is invalid: spec.LoadBalancerSourceRanges: Forbidden: may only be used when `type` is 'LoadBalancer
Version-Release number of selected component (if applicable):
HyperShift 4.20
How reproducible:
Always
Steps to Reproduce:
1. Create hypershift operator with External DNS Domain:
`./bin/hypershift install --oidc-storage-provider-s3-bucket-name $BUCKET_NAME --oidc-storage-provider-s3-credentials $AWS_CREDS --oidc-storage-provider-s3-region $REGION --enable-defaulting-webhook true --external-dns-credentials $AWS_CREDS --external-dns-provider=aws --external-dns-domain-filter=hypershift-ext.qe.devcluster.openshift.com --private-platform=AWS --platform-monitoring=All --wait-until-available --aws-private-creds $AWS_CREDS --aws-private-region=us-west-2`
2. Create a HostedCluster with External DNS Domain on AWS platform and set endpoint-access as PublicAndPrivate
`./bin/hypershift create cluster aws --name yinzhou-hc-63509n1 --node-pool-replicas=2 --base-domain $BASE_DOMAIN --pull-secret $PULL_SECRET --aws-creds $AWS_CREDS --region $REGION --generate-ssh --external-dns-domain hypershift-ext.qe.devcluster.openshift.com --release-image ${RELEASE_IMAGE} --endpoint-access PublicAndPrivate`
3. Setting allowedCIDRBlocks field in the HostedCluster.
Actual results:
3. The hosted cluster failed to launch with error : "failed to update control plane: failed to ensure infrastructure: failed to reconcile API server service: failed to reconcile API server service: Service \"kube-apiserver\" is invalid: spec.LoadBalancerSourceRanges: Forbidden: may only be used when `type` is 'LoadBalancer
Expected results:
3. no issue.
Additional info: