Details
-
Bug
-
Resolution: Duplicate
-
Normal
-
None
-
4.9
-
Moderate
-
3
-
Sprint 211, Sprint 228, Sprint 235
-
3
-
Rejected
-
Unspecified
-
If docs needed, set a value
Description
Version:
4.9.6
❯ ./openshift-install version
./openshift-install 4.9.6
built from commit 1c538b8949f3a0e5b993e1ae33b9cd799806fa93
release image quay.io/openshift-release-dev/ocp-release@sha256:c9f58ccb8a9085df4eeb23e21ca201d4c7d39bc434786d58a55381e13215a199
release architecture amd64
Platform: AWS
Please specify:
- IPI (Private)
What happened?
Hello Team, one of the customers deployed the private cluster over AWS by setting “publish: Internal” and passing 3 private as well as 3 public subnets. Cluster was deployed successfully but not sure why the default ingress classic load balancer was associated with 1 public and 2 private subnets instead of only 3 private subnets. I know in the case of a private cluster only the private subnets should be specified in the install-config.yaml file but the customer’s point here is why this is happening when the installer is already able to determine which subnet is private and public.
I was able to reproduce the same on my side by specifying 3 public and 3 private subnets.
~~~
platform:
aws:
region: us-east-1
subnets:
- subnet-0412098ce7fd40896
- subnet-0b784c86d57195e83
- subnet-065625bbab0f0ec06
- subnet-0ae3fd2191d96fcc9
- subnet-020021a037bf32e06
- subnet-0ef22dedfb3599897
publish: Internal
~~~
In the “terraform.cluster.tfstate” file generated by the installer, the entries for subnets that are private and public are present as well and that’s correct.
~~~
“private_subnet_ids”: {
“value”: [
“subnet-0412098ce7fd40896”,
“subnet-0b784c86d57195e83",
“subnet-065625bbab0f0ec06”
],
“public_subnet_ids”: {
“value”: [
“subnet-0ae3fd2191d96fcc9",
“subnet-020021a037bf32e06”,
“subnet-0ef22dedfb3599897"
],
~~~
What did you expect to happen?
When the installer itself is able to figure out which subnet is private and public then the ingress classic-load-balancer must be associated with the private subnets only in case of a private cluster.
How to reproduce it (as minimally and precisely as possible)?
--> Everytime
Anything else we need to know?
I am attaching the screenshot of LB as well from my test environment. So need information on the same why the default ingress LB is using one of a public subnet. Basically, the customer is curious about this installation or ingress behaviour why this is happening (customer agrees that passing the public subnets along with private subnets in the install-config.yaml file is wrong when the cluster is private).