Constant API calls trying to push rule that already exists into Security Groups on RHOCP Cluster in AWS
Environment
- Red Hat Openshift Container Platform (RHOCP) 4.x
- AWS
Issue
- Red Hat Openshift Container Platform cluster installed on AWS with IPI method was upgraded to version 4.10.39 and after that in AWS logs, seeing API calls trying to push rule that already exists into security group and keeps flooding with errors like below:
the specified rule "peer: 0.0.0.0/0, TCP, from port: 80, to port:80, ALLOW" already exists
the specified rule "peer: 0.0.0.0/0, TCP, from port: 443, to port:443, ALLOW" already exists
Note: The security group is for the load balancer.
Resolution
- Remove the
80 tcp 0.0.0.0/0and443 tcp 0.0.0.0/0records from the security group. Then API will update it and add it back. Which will stop the process of Openshift trying to add it even though it already existed.
This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.
Comments