Bootstrap failure with UPI on IBM Cloud VPC with NLB

Issue

• Due to internal requirements, we've explored using IBM Cloud VPC's NLB (network load balancer) as the load balancer among the Openshift leader nodes in an UPI installation. We understand this is not an officially supported configuration and am just looking for some guidance on where things are going wrong.

• The bootstrap process never completes and we'd like some help understanding why. From what we gather, the core issue is that the SDN never fully initializes (cluster is 4.10 using openshift-sdn) at least in part because of some Kubernetes secrets that are missing and required for pods to start. We don't understand where those secrets are supposed to come from and why they are missing.

• We'd like to point out that one flaw with this setup is that the NLB VIP isn't reachable from a backend if the NLB uses the same backend to service the request (i.e, bootstrap:6443 -> NLB:6443 -> bootstrap:6443 hangs indefinitely due to how the NLB works). If this is the problem preventing bootstrap, we'd like to understand clearly which part of bootstrap requires this to work so we can relay this information back. It'd be great to point to a log line in one of the attached logs and clearly mark that as being caused by this communication not working.