Bug 1908758
Summary: | AWS: NLB timeout value is rejected by AWS cloud provider after 1.20 rebase | ||
---|---|---|---|
Product: | OpenShift Container Platform | Reporter: | Stephen Greene <sgreene> |
Component: | Networking | Assignee: | Stephen Greene <sgreene> |
Networking sub component: | router | QA Contact: | Arvind iyengar <aiyengar> |
Status: | CLOSED ERRATA | Docs Contact: | |
Severity: | urgent | ||
Priority: | urgent | CC: | aiyengar, aos-bugs, hongli |
Version: | 4.7 | ||
Target Milestone: | --- | ||
Target Release: | 4.7.0 | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: |
Cause:
Create an ingress controller on AWS that uses an NLB.
Consequence:
The NLB fails to provision since a health check interval of 5 seconds is not permitted for NLBs.
Fix:
Change the ingress operator to use a default NLB health check interval of 10s instead, as this value is supported by aws.
Result:
Ingress Controllers on AWS that specify the use of an NLB can be created on OCP 4.7 (with kube 1.20).
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2021-02-24 15:46:26 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Stephen Greene
2020-12-17 14:41:40 UTC
Verified in "4.7.0-0.nightly-2020-12-18-031435" release which has the PR merge. It is noted that the error no more occurs with ingresscontrollers having the NLB configuration in place: ----- $ oc -n openshift-ingress-operator get ingresscontroller internalapps -o yaml spec: domain: internalapps.aiyengar-oc47-1908758.qe.devcluster.openshift.com endpointPublishingStrategy: loadBalancer: providerParameters: aws: type: NLB type: AWS scope: External type: LoadBalancerService $ oc get route oc NAME HOST/PORT PATH SERVICES PORT TERMINATION WILDCARD service-unsecure service-unsecure-test1.internalapps.aiyengar-oc47-1908758.qe.devcluster.openshift.com ... 1 more service-unsecure http None $ curl service-unsecure-test1.internalapps.aiyengar-oc47-1908758.qe.devcluster.openshift.com -I HTTP/1.1 200 OK Accept-Ranges: bytes Content-Length: 28 Content-Type: text/html; charset=utf-8 Last-Modified: Tue, 27 Feb 2018 02:43:29 GMT Server: Caddy Date: Fri, 18 Dec 2020 09:07:03 GMT Set-Cookie: e96c07fa08f2609cadf847f019750244=444143347c5a402b2f6cd7ba774d8b6e; path=/; HttpOnly Cache-control: private ------ In non-patched version the route goes unreachable. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.7.0 security, bug fix, and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2020:5633 |