Public load balancer automatically recreated by cluster in Private installation.

Solution Verified - Updated -

Environment

  • Red Hat OpenShift Container Platform (RHOCP)
    4.x
  • OpenShift on Azure

Issue

  • In private IPI cluster on Azure, public loadbalancer is getting created automatically and have public IPs attached causing security issues.
  • Even if you delete the public loadbalancer, it will be created again after some time.

Resolution

  • For this particular cluster, the user should be able to annotate the service (nooba-mgmt) to prevent it from creating the public load balancer. [Here is the link[(https://kubernetes.io/docs/concepts/services-networking/service/#internal-load-balancer) for reference.
  • We have an RFE to solve this issue automatically with services, but until then it will be necessary to annotate such services. RFE for reference

Root Cause

  • It is observed that the public loadbalancer is getting created by nooba-mgmt.

Diagnostic Steps

  • Check the Kube-controller manager logs :
 2022-09-06T05:33:43.385047192Z I0906 05:33:43.384967       1 controller.go:400] Ensuring load balancer for service openshift-storage/noobaa-mgmt
> 2022-09-06T05:33:43.385126705Z I0906 05:33:43.385105       1 azure_loadbalancer.go:1098] reconcileLoadBalancer for service(openshift-storage/noobaa-mgmt) - wantLb(true): started
> 2022-09-06T05:33:43.385204219Z I0906 05:33:43.385155       1 event.go:291] "Event occurred" object="openshift-storage/noobaa-mgmt" kind="Service" apiVersion="v1" type="Normal" reason="EnsuringLoadBalancer" message="Ensuring load balancer"
> 2022-09-06T05:33:43.451249508Z I0906 05:33:43.451142       1 azure_backoff.go:285] LoadBalancerClient.List(intcluster-hldmd-rg) success
> 2022-09-06T05:33:43.451249508Z I0906 05:33:43.451204       1 azure_loadbalancer.go:516] get(openshift-storage/noobaa-mgmt): lb(intcluster-hldmd) - found frontend IP config, primary service: true

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.

Comments