Bug 1954803

Summary: [4.7] [aws] support byo private hosted zone
Product: OpenShift Container Platform Reporter: Matthew Staebler <mstaeble>
Component: InstallerAssignee: Matthew Staebler <mstaeble>
Installer sub component: openshift-installer QA Contact: Yunfei Jiang <yunjiang>
Status: CLOSED ERRATA Docs Contact:
Severity: urgent    
Priority: urgent CC: aos-install, choag, gpei, pamoedom
Version: 4.8   
Target Milestone: ---   
Target Release: 4.7.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 1954783 Environment:
Last Closed: 2021-05-19 15:17:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 1954783    
Bug Blocks:    

Description Matthew Staebler 2021-04-28 19:11:22 UTC
+++ This bug was initially created as a clone of Bug #1954783 +++

Allow the user to supply a pre-existing private hosted zone to use for the cluster.

See https://issues.redhat.com/browse/CORS-1666

Comment 5 Gaoyun Pei 2021-05-06 06:32:22 UTC
Verified this bug using nightly payload - 4.7.0-0.nightly-2021-05-05-092347.

1. For public cluster:

1.1 Create the VPC and the private hosted zone.

# aws route53 get-hosted-zone --id Z0197489DELWZQPZ0ZOL | jq -r .HostedZone.Name
gpei-bz1954803.qe.devcluster.openshift.com.
 

1.2 Set the private hosted zone Z0197489DELWZQPZ0ZOL in the install-config.yaml, create the cluster.

  [02:35:25] INFO> install-config.yaml:
  ---
  apiVersion: v1
  controlPlane:
    architecture: amd64
    hyperthreading: Enabled
    name: master
    platform: {}
    replicas: 3
  compute:
  - architecture: amd64
    hyperthreading: Enabled
    name: worker
    platform: {}
    replicas: 3
  metadata:
    name: gpei-bz1954803
  platform:
    aws:
      region: us-east-2
      subnets:
      - subnet-0706df2ecca1bdc62
      - subnet-06271fc2256e8bd90
      - subnet-03be7dfd33e6f5d24
      - subnet-0ea5e3f656ac32af9
      hostedZone: Z0197489DELWZQPZ0ZOL
  pullSecret: HIDDEN
  networking:
    clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
    serviceNetwork:
    - 172.30.0.0/16
    machineNetwork:
    - cidr: 10.0.0.0/16
    networkType: OpenShiftSDN
  publish: External
  baseDomain: qe.devcluster.openshift.com
  ...


1.3 Cluster creation finished successfully.

Check the DNS records created in the private hosted zone:
# aws route53 list-resource-record-sets --hosted-zone-id Z0197489DELWZQPZ0ZOL --query 'ResourceRecordSets[?Type == `A`]'| jq -r '.[].Name'
api-int.gpei-bz1954803.qe.devcluster.openshift.com.
api.gpei-bz1954803.qe.devcluster.openshift.com.
\052.apps.gpei-bz1954803.qe.devcluster.openshift.com.

The tag added to the private hosted zone:
# aws route53 list-tags-for-resource --resource-type hostedzone --resource-id Z0197489DELWZQPZ0ZOL --query 'ResourceTagSet.Tags[?Key==`kubernetes.io/cluster/gpei-bz1954803-h9klh`]' | jq -r .[0].Value
shared

The DNS records created in the public hosted zone(qe.devcluster.openshift.com):
# aws route53 list-resource-record-sets --hosted-zone-id Z3B3KOVA3TRCWP --query 'ResourceRecordSets[?contains(Name, `gpei-bz1954803`)]' | jq .[].Name
"api.gpei-bz1954803.qe.devcluster.openshift.com."
"\\052.apps.gpei-bz1954803.qe.devcluster.openshift.com."


1.4 Destroy the clustet.

Check the DNS records in the private hosted zone were removed:
# aws route53 list-resource-record-sets --hosted-zone-id Z0197489DELWZQPZ0ZOL --query 'ResourceRecordSets[?Type == `A`]'| jq -r '.[].Name'

# 

The tag added to the private hosted zone was removed:
# aws route53 list-tags-for-resource --resource-type hostedzone --resource-id Z0197489DELWZQPZ0ZOL --query 'ResourceTagSet.Tags[?Key==`kubernetes.io/cluster/gpei-bz1954803-h9klh`]' | jq -r .[0].Value
null

The DNS records created in the public hosted zone were removed:
# aws route53 list-resource-record-sets --hosted-zone-id Z3B3KOVA3TRCWP --query 'ResourceRecordSets[?contains(Name, `gpei-bz1954803`)]' | jq .[].Name
"api.gpei-bz1954803.qe.devcluster.openshift.com."
"\\052.apps.gpei-bz1954803.qe.devcluster.openshift.com."
The records were NOT removed, filed bug https://bugzilla.redhat.com/show_bug.cgi?id=1957597 for tracking separately.



2. For private cluster:

2.1 Create the VPC and the private hosted zone.

# aws route53 get-hosted-zone --id Z096374623W2SHW4LOTFL | jq -r .HostedZone.Name
gpei-bz1954803p.qe.devcluster.openshift.com.
 

2.2 Set the private hosted zone Z096374623W2SHW4LOTFL in the install-config.yaml, create the cluster.

  [03:38:26] INFO> install-config.yaml:
  ---
  apiVersion: v1
  controlPlane:
    architecture: amd64
    hyperthreading: Enabled
    name: master
    platform: {}
    replicas: 3
  compute:
  - architecture: amd64
    hyperthreading: Enabled
    name: worker
    platform: {}
    replicas: 3
  metadata:
    name: gpei-bz1954803p
  platform:
    aws:
      region: us-east-2
      subnets:
      - subnet-01aa75e81448fecc7
      - subnet-04c50c3c52ba1afb3
      hostedZone: Z096374623W2SHW4LOTFL
  pullSecret: HIDDEN
  networking:
    clusterNetwork:
    - cidr: 10.128.0.0/14
      hostPrefix: 23
    serviceNetwork:
    - 172.30.0.0/16
    machineNetwork:
    - cidr: 10.0.0.0/16
    networkType: OpenShiftSDN
  publish: Internal
  baseDomain: qe.devcluster.openshift.com
  ...


2.3 Cluster creation finished successfully.

Check the DNS records created in the private hosted zone:
# aws route53 list-resource-record-sets --hosted-zone-id Z096374623W2SHW4LOTFL --query 'ResourceRecordSets[?Type == `A`]'| jq -r '.[].Name'
api-int.gpei-bz1954803p.qe.devcluster.openshift.com.
api.gpei-bz1954803p.qe.devcluster.openshift.com.
\052.apps.gpei-bz1954803p.qe.devcluster.openshift.com.

The tag added to the private hosted zone:
# aws route53 list-tags-for-resource --resource-type hostedzone --resource-id Z096374623W2SHW4LOTFL --query 'ResourceTagSet.Tags[?Key==`kubernetes.io/cluster/gpei-bz1954803p-v5lkx`]' | jq -r .[0].Value
shared

No public DNS records created in the public hosted zone(qe.devcluster.openshift.com):
# aws route53 list-resource-record-sets --hosted-zone-id Z3B3KOVA3TRCWP --query 'ResourceRecordSets[?contains(Name, `gpei-bz1954803p`)]' | jq .[].Name
# 


2.4 Destroy the cluster.

Check the DNS records in the private hosted zone were removed:
# aws route53 list-resource-record-sets --hosted-zone-id Z096374623W2SHW4LOTFL --query 'ResourceRecordSets[?Type == `A`]'| jq -r '.[].Name'

# 

The tag added to the private hosted zone was removed:
# aws route53 list-tags-for-resource --resource-type hostedzone --resource-id Z096374623W2SHW4LOTFL --query 'ResourceTagSet.Tags[?Key==`kubernetes.io/cluster/gpei-bz1954803p-v5lkx`]' | jq -r .[0].Value
null


Considering the byo private hosted zone function is already working in 4.7, so move this bug as VERIFIED, will track the DNS being left behind issue in BZ#1957597. Thanks.

Comment 7 Siddharth Sharma 2021-05-10 17:59:49 UTC
This bug will be shipped as part of next z-stream release 4.7.11 on May 19th, as 4.7.10 was dropped due to a blocker https://bugzilla.redhat.com/show_bug.cgi?id=1958518.

Comment 11 errata-xmlrpc 2021-05-19 15:17:01 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.7.11 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2021:1550