Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-66067

Setting allowedCIDRBlocks field + with externalDns + publicAndPrivate will hit error

XMLWordPrintable

    • Quality / Stability / Reliability
    • False
    • Hide

      None

      Show
      None
    • None
    • None
    • None
    • None
    • None
    • In Progress
    • Bug Fix
    • Hide
      *Cause*: When a HyperShift HostedCluster uses external DNS domains and endpoint access with PublicAndPrivate, the `allowedCIDRBlocks` parameters were wrongly applied , the controll plane opeator run with error.
      *Consequence*: The controll plane opeator run with error.
      *Fix*: when hc.spec.allowedCIDRBlocks is set, only set LoadBalancerSourceRanges filed on KAS service when service is of type LoadBalancer.
      *Result*: The controll-plane operator run well.
      Show
      *Cause*: When a HyperShift HostedCluster uses external DNS domains and endpoint access with PublicAndPrivate, the `allowedCIDRBlocks` parameters were wrongly applied , the controll plane opeator run with error. *Consequence*: The controll plane opeator run with error. *Fix*: when hc.spec.allowedCIDRBlocks is set, only set LoadBalancerSourceRanges filed on KAS service when service is of type LoadBalancer. *Result*: The controll-plane operator run well.
    • None
    • None
    • None
    • None

      Description of problem:

      Setting allowedCIDRBlocks field + with externalDns + publicAndPrivate, the controll-plane failed with error :

"failed to update control plane: failed to ensure infrastructure: failed to reconcile API server service: failed to reconcile API server service: Service \"kube-apiserver\" is invalid: spec.LoadBalancerSourceRanges: Forbidden: may only be used when `type` is 'LoadBalancer

      Version-Release number of selected component (if applicable):

          HyperShift 4.20

      How reproducible:

          Always

      Steps to Reproduce:

      1. Create hypershift operator with  External DNS Domain:

 `./bin/hypershift install  --oidc-storage-provider-s3-bucket-name $BUCKET_NAME   --oidc-storage-provider-s3-credentials $AWS_CREDS   --oidc-storage-provider-s3-region $REGION   --enable-defaulting-webhook true --external-dns-credentials $AWS_CREDS --external-dns-provider=aws --external-dns-domain-filter=hypershift-ext.qe.devcluster.openshift.com --private-platform=AWS --platform-monitoring=All --wait-until-available  --aws-private-creds $AWS_CREDS  --aws-private-region=us-west-2`  


2. Create a HostedCluster with External DNS Domain on AWS platform and set endpoint-access as PublicAndPrivate

  `./bin/hypershift create cluster aws --name yinzhou-hc-63509n1  --node-pool-replicas=2   --base-domain $BASE_DOMAIN   --pull-secret $PULL_SECRET   --aws-creds $AWS_CREDS   --region $REGION   --generate-ssh   --external-dns-domain hypershift-ext.qe.devcluster.openshift.com   --release-image ${RELEASE_IMAGE}  --endpoint-access PublicAndPrivate`

  
3. Setting  allowedCIDRBlocks field in the HostedCluster.

      Actual results:

      3. The hosted cluster failed to launch with error : 
"failed to update control plane: failed to ensure infrastructure: failed to reconcile API server service: failed to reconcile API server service: Service \"kube-apiserver\" is invalid: spec.LoadBalancerSourceRanges: Forbidden: may only be used when `type` is 'LoadBalancer

      Expected results:

      3. no issue.

      Additional info:

       

              rh-ee-mraee Mulham Raee
              yinzhou@redhat.com Ying Zhou
              None
              None
              Ying Zhou Ying Zhou
              None
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated: