You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The "General Requirements" section of the "Configuring a Cluster-wide proxy during installation" is lacking a key, specific parameter for the Endpoints in bullet point three.
You can find the section I am referring to a the following URL:
"You have added the ec2..amazonaws.com, elasticloadbalancing..amazonaws.com, and s3..amazonaws.com endpoints to your virtual private cloud (VPC) endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works on the container level, not the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not sufficient."
However, endpoints can be of at least two types, "Interface" or "Gateway." If you select "Interface", the proxied installation will fail, and if it is an STS cluster, it is very difficult to get an understanding of the problem since the failure occurs early on (when retrieving ignition configs from s3) and logs can be very hard to access.
Mark the issue as fresh by commenting /remove-lifecycle stale.
Stale issues rot after an additional 30d of inactivity and eventually close.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Rotten issues close after an additional 30d of inactivity.
Exclude this issue from closing by commenting /lifecycle frozen.
If this issue is safe to close now please do so with /close.
/lifecycle rotten
/remove-lifecycle stale
openshift-cibot
added
lifecycle/rotten
Denotes an issue or PR that has aged beyond stale and will be auto-closed.
and removed
lifecycle/stale
Denotes an issue or PR has remained open with no activity and has become stale.
labels
Dec 15, 2022
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
Reopen the issue by commenting /reopen.
Mark the issue as fresh by commenting /remove-lifecycle rotten.
Exclude this issue from closing again by commenting /lifecycle frozen.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
Which section(s) is the issue in?
The "General Requirements" section of the "Configuring a Cluster-wide proxy during installation" is lacking a key, specific parameter for the Endpoints in bullet point three.
You can find the section I am referring to a the following URL:
https://docs.openshift.com/rosa/networking/configuring-cluster-wide-proxy.html#cluster-wide-proxy-general-prereqs_cluster-wide-proxy-configuration
What needs fixing?
The bullet point says the follwing:
"You have added the ec2..amazonaws.com, elasticloadbalancing..amazonaws.com, and s3..amazonaws.com endpoints to your virtual private cloud (VPC) endpoint. These endpoints are required to complete requests from the nodes to the AWS EC2 API. Because the proxy works on the container level, not the node level, you must route these requests to the AWS EC2 API through the AWS private network. Adding the public IP address of the EC2 API to your allowlist in your proxy server is not sufficient."
However, endpoints can be of at least two types, "Interface" or "Gateway." If you select "Interface", the proxied installation will fail, and if it is an STS cluster, it is very difficult to get an understanding of the problem since the failure occurs early on (when retrieving ignition configs from s3) and logs can be very hard to access.
There is a knowledgebase on this here:
https://access.redhat.com/solutions/6971842
And I have attached a screenshot of the place the "Gateway" type is selected on the AWS console.
I, unfortunately, don't have time at the moment to create a pull request, but please let me know if you have any questions or need more information.
The text was updated successfully, but these errors were encountered: