Closed r4f4 closed 3 weeks ago
Hi @r4f4. Thanks for your PR.
I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test
on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.
Once the patch is verified, the new status will be reflected by the ok-to-test
label.
I understand the commands that are listed here.
Openshift e2e results for the public cloud are good (no breakage): https://github.com/openshift/installer/pull/8636
I'm trying to get this changed tested on a secret region.
/ok-to-test
/test ?
@r4f4: The following commands are available to trigger required jobs:
/test pull-cluster-api-provider-aws-build
/test pull-cluster-api-provider-aws-build-docker
/test pull-cluster-api-provider-aws-test
/test pull-cluster-api-provider-aws-verify
The following commands are available to trigger optional jobs:
/test pull-cluster-api-provider-aws-apidiff-main
/test pull-cluster-api-provider-aws-e2e
/test pull-cluster-api-provider-aws-e2e-blocking
/test pull-cluster-api-provider-aws-e2e-clusterclass
/test pull-cluster-api-provider-aws-e2e-conformance
/test pull-cluster-api-provider-aws-e2e-conformance-with-ci-artifacts
/test pull-cluster-api-provider-aws-e2e-eks
/test pull-cluster-api-provider-aws-e2e-eks-gc
/test pull-cluster-api-provider-aws-e2e-eks-testing
Use /test all
to run the following jobs that were automatically triggered:
pull-cluster-api-provider-aws-apidiff-main
pull-cluster-api-provider-aws-build
pull-cluster-api-provider-aws-build-docker
pull-cluster-api-provider-aws-test
pull-cluster-api-provider-aws-verify
Update:
loadbalancer.go:1799: Pre-existing NLB %s without security groups, cannot reconcile security groups
might be confusing on those cases./test pull-cluster-api-provider-aws-e2e-blocking
I'm an OCP SSA supporting the customers who use the us-iso and us-isob regions. In earlier testing of the new CAPA changes I discovered that, while AWS commercial supports NLBs with security groups, the us-iso and us-isob regions do not. If the openshift-installer attempts to add security groups to an NLB in the iso regions it will fail and error out. I tested this proposed code change in the us-iso regions and found that the openshift-installer successfully provisions the NLBs without security groups.
Now that we've tested it in a secret cloud: /assign @richardcase
/assign @richardcase @nrb Would you mind stamping you approval here? TY
/approve
[APPROVALNOTIFIER] This PR is APPROVED
This pull-request has been approved by: nrb
The full list of commands accepted by this bot can be found here.
The pull request process is described here
Secret regions don't yet support security groups for NLBs.
What type of PR is this?
/kind bug
What this PR does / why we need it:
C2S/SC2S regions do not support security groups on Network load balancers.
Which issue(s) this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)
format, will close the issue(s) when PR gets merged): Fixes #5029Special notes for your reviewer:
Checklist:
Release note: