LoadBalancerMember cannot be reconciled

[hidekazuna]

/kind bug

What steps did you take and what happened:

I tried to create workload cluster using external-cloud-provider flavor. When creating loadbalancer member, subnet not found error occurred.

E0209 05:29:39.724528       1 openstackmachine_controller.go:396] controllers/OpenStackMachine "msg"="LoadBalancerMember cannot be reconciled: error create lbmember: Bad request with: [POST http://controller.hidekazuna.test:9876/v2.0/lbaas/pools/1e48273e-55c3-4815-bf10-257fa7ef2949/members], error message: {\"faultcode\": \"Client\", \"faultstring\": \"Subnet 6a85b569-8b3a-44e6-83cd-d61545e9af57 not found.\", \"debuginfo\": null}" "error"="UpdateError" "cluster"="external" "machine"="external-control-plane-rg7h2" "namespace"="default" "openStackCluster"="external" "openStackMachine"="external-control-plane-qhnbq"

What did you expect to happen:

loadbalancer members are created successfully.

Anything else you would like to add:

Environment:

• Cluster API Provider OpenStack version (Or git rev-parse HEAD if manually built): 0.3.3
• Cluster-API version: 0.3.12
• OpenStack version: Stein
• Minikube/KIND version: kind version 0.7.0
• Kubernetes version (use kubectl version):

  Client Version: version.Info{Major:"1", Minor:"18", GitVersion:"v1.18.9", GitCommit:"94f372e501c973a7fa9eb40ec9ebd2fe7ca69848", GitTreeState:"clean", BuildDate:"2020-09-16T13:56:40Z", GoVersion:"go1.13.15", Compiler:"gc", Platform:"linux/amd64"}
  Server Version: version.Info{Major:"1", Minor:"19", GitVersion:"v1.19.1", GitCommit:"206bcadf021e76c27513500ca24182692aabd17e", GitTreeState:"clean", BuildDate:"2020-09-14T07:30:52Z", GoVersion:"go1.15", Compiler:"gc", Platform:"linux/amd64"}

• OS (e.g. from /etc/os-release):

  NAME="Ubuntu"
  VERSION="18.04.5 LTS (Bionic Beaver)"
  ID=ubuntu
  ID_LIKE=debian
  PRETTY_NAME="Ubuntu 18.04.5 LTS"
  VERSION_ID="18.04"
  HOME_URL="https://www.ubuntu.com/"
  SUPPORT_URL="https://help.ubuntu.com/"
  BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
  PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
  VERSION_CODENAME=bionic
  UBUNTU_CODENAME=bionic

[hidekazuna]

Few days ago I updated Octavia ubuntu package and Validate resource access when creating loadbalancer or member was introduced. Now octavia checks if new subnet can be seen from octavia context. Then subnet not found error occurred.

This commit was backported to rokcy, stein, and train. So releases newer than or equal to rocky should all result in error.

We can avoid the error by add the following setting in octavia.conf.

[networking]
...
allow_invisible_resource_usage = True