Uploaded image for project: 'OpenShift Bugs'
  1. OpenShift Bugs
  2. OCPBUGS-9404

IPI Azure internal (User Defined Routing) clusters create purposeless standard load balancer

XMLWordPrintable

    • Low
    • None
    • Rejected
    • x86_64
    • Hide
      Previously, if you configured user-defined outbound routing when installing a private Azure cluster, the cluster was incorrectly deployed with the default public load balancer. This behavior occurred when using the installer-provisioned infrastructure to install the cluster. With this update, the installation program no longer creates the public load balancer when user-defined routing is configured. (link:https://issues.redhat.com/browse/OCPBUGS-9404[*OCPBUGS-9404*])
      Show
      Previously, if you configured user-defined outbound routing when installing a private Azure cluster, the cluster was incorrectly deployed with the default public load balancer. This behavior occurred when using the installer-provisioned infrastructure to install the cluster. With this update, the installation program no longer creates the public load balancer when user-defined routing is configured. (link: https://issues.redhat.com/browse/OCPBUGS-9404 [* OCPBUGS-9404 *])
    • Bug Fix
    • Done

      Version:

      $ openshift-install version
      ./openshift-install 4.11.0-0.nightly-2022-07-13-131410
      built from commit cdb9627de7efb43ad7af53e7804ddd3434b0dc58
      release image registry.ci.openshift.org/ocp/release@sha256:c5413c0fdd0335e5b4063f19133328fee532cacbce74105711070398134bb433
      release architecture amd64

      Platform:

      • Azure IPI

      What happened?
      When one creates an IPI Azure cluster with an `internal` publishing method, it creates a standard load balancer with an empty definition. This load balancer doesn't serve a purpose as far as I can tell since the configuration is completely empty. Because it doesn't have a public IP address and backend pools it's not providing any outbound connectivity, and there are no frontend IP configurations for ingress connectivity to the cluster.

      Below is the ARM template that is deployed by the installer (through terraform)

      ```
      {
      "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
      "contentVersion": "1.0.0.0",
      "parameters": {
      "loadBalancers_mgahagan411_7p82n_name":

      { "defaultValue": "mgahagan411-7p82n", "type": "String" }

      },
      "variables": {},
      "resources": [
      {
      "type": "Microsoft.Network/loadBalancers",
      "apiVersion": "2020-11-01",
      "name": "[parameters('loadBalancers_mgahagan411_7p82n_name')]",
      "location": "northcentralus",
      "sku":

      { "name": "Standard", "tier": "Regional" }

      ,
      "properties":

      { "frontendIPConfigurations": [], "backendAddressPools": [], "loadBalancingRules": [], "probes": [], "inboundNatRules": [], "outboundRules": [], "inboundNatPools": [] }

      }
      ]
      }
      ```

      What did you expect to happen?

      • Don't create the standard load balancer on an internal Azure IPI cluster (as it appears to serve no purpose)

      How to reproduce it (as minimally and precisely as possible)?
      1. Create an IPI cluster with the `publish` installation config set to `Internal` and the `outboundType` set to `UserDefinedRouting`.
      ```
      apiVersion: v1
      controlPlane:
      architecture: amd64
      hyperthreading: Enabled
      name: master
      platform:
      azure: {}
      replicas: 3
      compute:

      • architecture: amd64
        hyperthreading: Enabled
        name: worker
        platform:
        azure: {}
        replicas: 3
        metadata:
        name: mgahaganpvt
        platform:
        azure:
        region: northcentralus
        baseDomainResourceGroupName: os4-common
        outboundType: UserDefinedRouting
        networkResourceGroupName: mgahaganpvt-rg
        virtualNetwork: mgahaganpvt-vnet
        controlPlaneSubnet: mgahaganpvt-master-subnet
        computeSubnet: mgahaganpvt-worker-subnet
        pullSecret: HIDDEN
        networking:
        clusterNetwork:
      • cidr: 10.128.0.0/14
        hostPrefix: 23
        serviceNetwork:
      • 172.30.0.0/16
        machineNetwork:
      • cidr: 10.0.0.0/16
        networkType: OpenShiftSDN
        publish: Internal
        proxy:
        httpProxy: http://proxy-user1:password@10.0.0.0:3128
        httpsProxy: http://proxy-user1:password@10.0.0.0:3128
        baseDomain: qe.azure.devcluster.openshift.com
        ```

      2. Show the json content of the standard load balancer is completely empty
      `az network lb show -g myResourceGroup -n myLbName`

      ```
      {
      "name": "mgahagan411-7p82n",
      "id": "/subscriptions/00000000-0000-0000-00000000/resourceGroups/mgahagan411-7p82n-rg/providers/Microsoft.Network/loadBalancers/mgahagan411-7p82n",
      "etag": "W/\"40468fd2-e56b-4429-b582-6852348b6a15\"",
      "type": "Microsoft.Network/loadBalancers",
      "location": "northcentralus",
      "tags": {},
      "properties":

      { "provisioningState": "Succeeded", "resourceGuid": "6fb11ec9-d89f-4c05-b201-a61ea8ed55fe", "frontendIPConfigurations": [], "backendAddressPools": [], "loadBalancingRules": [], "probes": [], "inboundNatRules": [], "inboundNatPools": [] }

      ,
      "sku":

      { "name": "Standard" }

      }
      ```

            rdossant Rafael Fonseca dos Santos
            bvesel@redhat.com Benjamin Vesel
            Jinyun Ma Jinyun Ma
            Mike Pytlak Mike Pytlak (Inactive)
            Red Hat Employee
            Votes:
            0 Vote for this issue
            Watchers:
            11 Start watching this issue

              Created:
              Updated:
              Resolved: