2218867 – [Backport to 4.13.z]OCS Provider Server service comes up on public subnets

Bug 2218867 - [Backport to 4.13.z]OCS Provider Server service comes up on public subnets

Summary: [Backport to 4.13.z]OCS Provider Server service comes up on public subnets

Keywords:
Status:	CLOSED DUPLICATE of bug 2218863
Alias:	None
Product:	Red Hat OpenShift Data Foundation
Classification:	Red Hat Storage
Component:	ocs-operator
Sub Component:
Version:	4.13
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Target Release:	---
Assignee:	Mudit Agarwal
QA Contact:	Elad
Docs Contact:
URL:
Whiteboard:
Depends On:	2212773
Blocks:	2213114 2213117 2218863
TreeView+	depends on / blocked

Reported:	2023-06-30 10:29 UTC by Rewant
Modified:	2023-08-09 17:00 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:	2212773
Environment:
Last Closed:	2023-06-30 10:30:25 UTC
Embargoed:

Attachments	(Terms of Use)

Description Rewant 2023-06-30 10:29:02 UTC

+++ This bug was initially created as a clone of Bug #2212773 +++

Description of problem (please be detailed as possible and provide log
snippests):

While using both private link and non private link clusters, the ocs-provider-server service tries to come up on the  non private subnets of the VPC. This would mean that the endpoint will be exposed and from outside the subnets we can ping the endpoint.

The AWS ELB created is of type Classic which doesn't support private link clusters.
So we need to move to Network Load Balancer and use a internal facing load balancer so that it's only accessible from within the VPC.

We need to add annotations to the service as aws controller looks at the annotation to reconcile the service.

More info: https://docs.google.com/document/d/10J-J8EuDm8Q-ZMtY0A3mtmHOx8Xvhn-i28faxfWZwts/edit?usp=sharing

Version of all relevant components (if applicable):


Does this issue impact your ability to continue to work with the product
(please explain in detail what is the user impact)?


Is there any workaround available to the best of your knowledge?


Rate from 1 - 5 the complexity of the scenario you performed that caused this
bug (1 - very simple, 5 - very complex)?


Can this issue reproducible?


Can this issue reproduce from the UI?


If this is a regression, please provide more details to justify this:


Steps to Reproduce:
1.
2.
3.


Actual results:
ocs provider server should be deployed on private subnets

Expected results:
ocs provider server is deployed on public subnets

Additional info:

--- Additional comment from RHEL Program Management on 2023-06-06 10:12:39 UTC ---

This bug having no release flag set previously, is now set with release flag 'odf‑4.13.0' to '?', and so is being proposed to be fixed at the ODF 4.13.0 release. Note that the 3 Acks (pm_ack, devel_ack, qa_ack), if any previously set while release flag was missing, have now been reset since the Acks are to be set against a release flag.

--- Additional comment from Rewant on 2023-06-19 05:33:46 UTC ---

The ocs-operator should not be responsible for adding annotations based on the cloud provider, instead the loadbalancer should be created externally based on the cloud provider and the type of network (private/public), hence adding a new field in StorageCluster CR to toggle between the service type.

Comment 2 Rewant 2023-06-30 10:30:25 UTC


*** This bug has been marked as a duplicate of bug 2218863 ***

Note You need to log in before you can comment on or make changes to this bug.