Just creating this issue to have more eyeballs. I have a neutron policy which doesn't allow normal users to delete floating IPs.
"delete_floatingip": "(rule:admin_only)"
Now with this policy when I try to delete k8s cluster then it stuck in deleting stats because users not allow to delete floating IPs.
Following are capi logs.
I0402 01:50:03.412447 1 recorder.go:104] "events: Failed to delete floating IP 104.xx.xx.70: Request forbidden: [DELETE https://os2.example.com:9696/v2.0/floatingips/492b2c4c-151b-437e-acfc-4778a45cb9bf], error message: {\"NeutronError\": {\"type\": \"PolicyNotAuthorized\", \"message\": \"rule:delete_floatingip is disallowed by policy\", \"detail\": \"\"}}" type="Warning" object={"kind":"OpenStackMachine","namespace":"magnum-system","name":"kube-6aqje-csgft-nkz6s","uid":"97acabe1-e547-4bbc-8406-aebc563212cd","apiVersion":"infrastructure.cluster.x-k8s.io/v1alpha7","resourceVersion":"31170690"} reason="Faileddeletefloatingip"
I think capi or magnum api shouldn't delete floating IP instead release the floating IP to put it back to pool. Does mcapi or clusterapi support releasing IP instead delete?
Just creating this issue to have more eyeballs. I have a neutron policy which doesn't allow normal users to delete floating IPs.
"delete_floatingip": "(rule:admin_only)"Now with this policy when I try to delete k8s cluster then it stuck in deleting stats because users not allow to delete floating IPs.
Following are capi logs.
I0402 01:50:03.412447 1 recorder.go:104] "events: Failed to delete floating IP 104.xx.xx.70: Request forbidden: [DELETE https://os2.example.com:9696/v2.0/floatingips/492b2c4c-151b-437e-acfc-4778a45cb9bf], error message: {\"NeutronError\": {\"type\": \"PolicyNotAuthorized\", \"message\": \"rule:delete_floatingip is disallowed by policy\", \"detail\": \"\"}}" type="Warning" object={"kind":"OpenStackMachine","namespace":"magnum-system","name":"kube-6aqje-csgft-nkz6s","uid":"97acabe1-e547-4bbc-8406-aebc563212cd","apiVersion":"infrastructure.cluster.x-k8s.io/v1alpha7","resourceVersion":"31170690"} reason="Faileddeletefloatingip"I think capi or magnum api shouldn't delete floating IP instead release the floating IP to put it back to pool. Does mcapi or clusterapi support releasing IP instead delete?