Bug 1949880
| Summary: | adding providerParameters.gcp.clientAccess to existing ingresscontroller doesn't work | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | Hongan Li <hongli> |
| Component: | Networking | Assignee: | Stephen Greene <sgreene> |
| Networking sub component: | router | QA Contact: | Hongan Li <hongli> |
| Status: | CLOSED ERRATA | Docs Contact: | |
| Severity: | high | ||
| Priority: | high | CC: | amcdermo, aos-bugs, nchoudhu, sgreene |
| Version: | 4.8 | ||
| Target Milestone: | --- | ||
| Target Release: | 4.8.0 | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | No Doc Update | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2021-07-27 23:00:58 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I've identified a fix for this bug. Turns out, the ingress operator only propagates GCP provider parameter changes to status iff an Ingress Controller was created with some GCP Provider Parameters set. verified with 4.8.0-0.nightly-2021-04-18-101412 and passed.
$ oc -n openshift-ingress-operator get ingresscontroller/default -oyaml
<---snip--->
spec:
endpointPublishingStrategy:
loadBalancer:
providerParameters:
gcp:
clientAccess: Global
type: GCP
scope: Internal
type: LoadBalancerService
<---snip--->
status: endpointPublishingStrategy:
loadBalancer:
providerParameters:
gcp:
clientAccess: Global
type: GCP
scope: Internal
type: LoadBalancerService
$ oc -n openshift-ingress get svc/router-default -oyaml
apiVersion: v1
kind: Service
metadata:
annotations:
cloud.google.com/load-balancer-type: Internal
networking.gke.io/internal-load-balancer-allow-global-access: "true"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438 |
Description of problem: In an upgrade cluster the ingresscontroller spec.endpointPublishingStrategy.loadBalancer doesn't contain providerParameters.gcp.clientAccess option, and adding the option doesn't work, unless recreate the ingresscontroller. Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-04-13-171608 How reproducible: 100% Steps to Reproduce: 1. upgrade private cluster to 4.8 2. adding providerParameters.gcp.clientAccess to the ingresscontroller $ oc -n openshift-ingress-operator edit ingresscontroller/glob spec: endpointPublishingStrategy: loadBalancer: providerParameters: <------- (+) gcp: <------- (+) clientAccess: Global <------- (+) type: GCP <------- (+) scope: Internal type: LoadBalancerService Actual results: 1. the annotation "networking.gke.io/internal-load-balancer-allow-global-access" is not added to internal LB service 2. the ingresscontroller status section doesn't show the new added providerParameters.gcp.clientAccess option. $ oc -n openshift-ingress-operator get ingresscontroller/glob -oyaml status: endpointPublishingStrategy: loadBalancer: scope: Internal type: LoadBalancerService Expected results: adding providerParameters.gcp.clientAccess to endpointPublishingStrategy.loadBalancer should work. Additional info: workaround: delete the existing ingresscontroller then recreate it with the providerParameters.gcp.clientAccess option