Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-718

Inefficient use of SG rules when creating Service LBs leads to scale issues

XMLWordPrintable

    • Moderate
    • None
    • Proposed
    • False
    • Hide

      None

      Show
      None

      Description of problem:

      Each LB created for a Service type LoadBalancer results in 1 client rule and <# of public subnets> health rules being created.  The rules per SG quota in AWS is quite small; 60 by default, and 200 hard max.  OCP has about 40 rules OOTB. Assuming an HA cluster in 3 AZs, that is 4 rules per LB.  With default AWS quota, only ~5 LBs can be create and with the hard max of 200, only ~40 LBs can be created.

      Version-Release number of selected component (if applicable):

      4.12

      How reproducible:

      Always

      Steps to Reproduce:

      1.  Create Service type LoadBalancer and observe increase in master-sg and worker-sg rules sets
2.
3.

      Actual results:

      4 rules are created

      Expected results:

      1 rules is created when the client rule is a superset of the per-subnet health rules

      Additional info:

      This ~4x the number of Services of type LoadBalancer.  This is required for Hypershift.

        1. image-2022-09-29-09-31-17-013.png
          image-2022-09-29-09-31-17-013.png
          39 kB
        2. image-2022-09-29-09-32-45-163.png
          image-2022-09-29-09-32-45-163.png
          41 kB

              sjenning Seth Jennings
              sjenning Seth Jennings
              Milind Yadav Milind Yadav
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

                Created:
                Updated:
                Resolved: