Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9036

Ingress ELB gets associated with public subnet when creating private cluster over AWS

    XMLWordPrintable

Details

    • Moderate
    • 3
    • Sprint 211, Sprint 228, Sprint 235
    • 3
    • Rejected
    • Unspecified
    • If docs needed, set a value

    Description

      Version:
      4.9.6

      ❯ ./openshift-install version
      ./openshift-install 4.9.6
      built from commit 1c538b8949f3a0e5b993e1ae33b9cd799806fa93
      release image quay.io/openshift-release-dev/ocp-release@sha256:c9f58ccb8a9085df4eeb23e21ca201d4c7d39bc434786d58a55381e13215a199
      release architecture amd64

      Platform: AWS

      Please specify:

      • IPI (Private)

      What happened?

      Hello Team, one of the customers deployed the private cluster over AWS by setting “publish: Internal” and passing 3 private as well as 3 public subnets. Cluster was deployed successfully but not sure why the default ingress classic load balancer was associated with 1 public and 2 private subnets instead of only 3 private subnets. I know in the case of a private cluster only the private subnets should be specified in the install-config.yaml file but the customer’s point here is why this is happening when the installer is already able to determine which subnet is private and public.

      I was able to reproduce the same on my side by specifying 3 public and 3 private subnets.
      ~~~
      platform:
      aws:
      region: us-east-1
      subnets:

      • subnet-0412098ce7fd40896
      • subnet-0b784c86d57195e83
      • subnet-065625bbab0f0ec06
      • subnet-0ae3fd2191d96fcc9
      • subnet-020021a037bf32e06
      • subnet-0ef22dedfb3599897
        publish: Internal
        ~~~

      In the “terraform.cluster.tfstate” file generated by the installer, the entries for subnets that are private and public are present as well and that’s correct.
      ~~~
      “private_subnet_ids”: {
      “value”: [
      “subnet-0412098ce7fd40896”,
      “subnet-0b784c86d57195e83",
      “subnet-065625bbab0f0ec06”
      ],
      “public_subnet_ids”: {
      “value”: [
      “subnet-0ae3fd2191d96fcc9",
      “subnet-020021a037bf32e06”,
      “subnet-0ef22dedfb3599897"
      ],
      ~~~

      What did you expect to happen?
      When the installer itself is able to figure out which subnet is private and public then the ingress classic-load-balancer must be associated with the private subnets only in case of a private cluster.

      How to reproduce it (as minimally and precisely as possible)?
      --> Everytime

      Anything else we need to know?
      I am attaching the screenshot of LB as well from my test environment. So need information on the same why the default ingress LB is using one of a public subnet. Basically, the customer is curious about this installation or ingress behaviour why this is happening (customer agrees that passing the public subnets along with private subnets in the install-config.yaml file is wrong when the cluster is private).

      Attachments

        Activity

          People

            mmasters1@redhat.com Miciah Masters
            rhn-support-aygarg Ayush Garg
            Hongan Li Hongan Li
            Red Hat Employee
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: