Bug 2057518

Summary: Ingresscontroller LB scope change behaviour differs for different values of aws-load-balancer-internal annotation
Product: OpenShift Container Platform Reporter: Ravi Trivedi <travi>
Component: NetworkingAssignee: aos-network-edge-staff <aos-network-edge-staff>
Networking sub component: router QA Contact: Arvind iyengar <aiyengar>
Status: CLOSED ERRATA Docs Contact:
Severity: high    
Priority: high CC: aiyengar, aos-bugs, aos-network-edge-staff, cblecker, hongli, mfisher, mmasters, nmalik, wking
Version: 4.10Keywords: ServiceDeliveryBlocker, Upgrades
Target Milestone: ---   
Target Release: 4.9.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: 2055470 Environment:
Last Closed: 2022-03-29 07:16:22 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 2056928    
Bug Blocks:    

Comment 2 Arvind iyengar 2022-03-01 07:26:27 UTC 
Verified in the latest " 4.9.0-0.ci.test-2022-03-01-061526-ci-ln-cg6j3zb-latest" image launched with the patch via clusterbot and the PR works as expected. After changing the scope to internal and manually changing the annotation value to "0.0.0.0/0", ingress-operator updates the annotation to "true" immediately.
----------------
oc get clusterversion                    
NAME      VERSION                                                  AVAILABLE   PROGRESSING   SINCE   STATUS
version   4.9.0-0.ci.test-2022-03-01-061526-ci-ln-cg6j3zb-latest   True        False         15m     Cluster version is 4.9.0-0.ci.test-2022-03-01-061526-ci-ln-cg6j3zb-latest

oc -n openshift-ingress annotate svc/router-default service.beta.kubernetes.io/aws-load-balancer-internal="0.0.0.0/0" --overwrite
service/router-default annotated

oc -n openshift-ingress get service/router-default -o yaml
apiVersion: v1
kind: Service
metadata:
  annotations:
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-healthy-threshold: "2"
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-interval: "5"
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-timeout: "4"
    service.beta.kubernetes.io/aws-load-balancer-healthcheck-unhealthy-threshold: "2"
    service.beta.kubernetes.io/aws-load-balancer-internal: "true"
    service.beta.kubernetes.io/aws-load-balancer-proxy-protocol: '*'

### logs of ingress-operator

2022-03-01T07:15:04.720Z	INFO	operator.ingress_controller	controller/controller.go:298	reconciling	{"request": "openshift-ingress-operator/default"}
2022-03-01T07:15:04.721Z	INFO	operator.ingress_controller	handler/enqueue_mapped.go:80	queueing ingress	{"name": "default", "related": ""}
2022-03-01T07:15:04.721Z	INFO	operator.ingress_controller	handler/enqueue_mapped.go:80	queueing ingress	{"name": "default", "related": ""}
2022-03-01T07:15:04.773Z	INFO	operator.ingress_controller	ingress/load_balancer_service.go:208	normalized annotation	{"namespace": "openshift-ingress", "name": "router-default", "annotation": "service.beta.kubernetes.io/aws-load-balancer-internal", "old": "0.0.0.0/0", "new": "true"}
2022-03-01T07:15:04.773Z	INFO	operator.ingress_controller	handler/enqueue_mapped.go:80	queueing ingress	{"name": "default", "related": ""}
----------------
Comment 3 Miciah Dashiel Butler Masters 2022-03-02 15:41:57 UTC 
Setting blocker-; this issue shouldn't block the next 4.9.z release.
Comment 8 errata-xmlrpc 2022-03-29 07:16:22 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.9.26 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:1022