Uploaded image for project: 'OpenShift Cloud'
  1. OpenShift Cloud
  2. OCPCLOUD-1310

Remove Egress IP check from Cluster Machine Approver

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Unresolved
    • Icon: Major Major
    • openshift-4.11
    • None
    • None
    • False
    • False

      User Story

      As a developer of OpenShift I want the cluster machine approver to be certain of IP address associations so that only valid kubelet CSRs are signed by the approver

      Background

      In https://github.com/openshift/cluster-machine-approver/pull/137  __  we added a check to allow Egress IPs to influence the decision of the cluster machine approver. This was introduced because of an issue with the in-tree vSphere cloud provider and how it reported Node IPs.

      Once the CCM is GA, only IPs registered in the cloud provider (vCenter) will be picked up by the Kubelet and therefore this bug goes away.

      We should revert the PR to return the CMA to its previous approval logic.

      Steps

      Stakeholders

      • Cluster Machine Approver owners
      • vSphere UPI customers

      Definition of Done

      • Egress IP checks are no longer part of the CMA approval process.
      • Docs
      • A note should be added that this has been removed and the reasons why
      • Testing
      • Ensure egress IP additions do not create CSRs on vSphere UPI clusters

              Unassigned Unassigned
              joelspeed Joel Speed
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated: