Description of problem: In an upgrade cluster the ingresscontroller spec.endpointPublishingStrategy.loadBalancer doesn't contain providerParameters.gcp.clientAccess option, and adding the option doesn't work, unless recreate the ingresscontroller. Version-Release number of selected component (if applicable): 4.8.0-0.nightly-2021-04-13-171608 How reproducible: 100% Steps to Reproduce: 1. upgrade private cluster to 4.8 2. adding providerParameters.gcp.clientAccess to the ingresscontroller $ oc -n openshift-ingress-operator edit ingresscontroller/glob spec: endpointPublishingStrategy: loadBalancer: providerParameters: <------- (+) gcp: <------- (+) clientAccess: Global <------- (+) type: GCP <------- (+) scope: Internal type: LoadBalancerService Actual results: 1. the annotation "networking.gke.io/internal-load-balancer-allow-global-access" is not added to internal LB service 2. the ingresscontroller status section doesn't show the new added providerParameters.gcp.clientAccess option. $ oc -n openshift-ingress-operator get ingresscontroller/glob -oyaml status: endpointPublishingStrategy: loadBalancer: scope: Internal type: LoadBalancerService Expected results: adding providerParameters.gcp.clientAccess to endpointPublishingStrategy.loadBalancer should work. Additional info: workaround: delete the existing ingresscontroller then recreate it with the providerParameters.gcp.clientAccess option
I've identified a fix for this bug. Turns out, the ingress operator only propagates GCP provider parameter changes to status iff an Ingress Controller was created with some GCP Provider Parameters set.
verified with 4.8.0-0.nightly-2021-04-18-101412 and passed. $ oc -n openshift-ingress-operator get ingresscontroller/default -oyaml <---snip---> spec: endpointPublishingStrategy: loadBalancer: providerParameters: gcp: clientAccess: Global type: GCP scope: Internal type: LoadBalancerService <---snip---> status: endpointPublishingStrategy: loadBalancer: providerParameters: gcp: clientAccess: Global type: GCP scope: Internal type: LoadBalancerService $ oc -n openshift-ingress get svc/router-default -oyaml apiVersion: v1 kind: Service metadata: annotations: cloud.google.com/load-balancer-type: Internal networking.gke.io/internal-load-balancer-allow-global-access: "true"
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (Moderate: OpenShift Container Platform 4.8.2 bug fix and security update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2021:2438