CORS-3427: aws: custom security group: limit to 2

[r4f4]

With the Installer move to using CAPI/CAPA for provisioning, there are now 3 security groups created during install. With the limit of 5 per network interface, this leaves only 2 additional security groups.

[openshift-ci-robot]

@r4f4: This pull request references CORS-3427 which is a valid jira issue.

Warning: The referenced jira issue has an invalid target version for the target branch this PR targets: expected the bug to target the "4.16.0" version, but no target version was set.

In response to this:

With the Installer move to using CAPI/CAPA for provisioning, there are now 3 security groups created during install. With the limit of 5 per network interface, this leaves only 2 additional security groups.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the openshift-eng/jira-lifecycle-plugin repository.

[openshift-ci-robot]

[REHEARSALNOTIFIER]
@r4f4: the pj-rehearse plugin accommodates running rehearsal tests for the changes in this PR. Expand 'Interacting with pj-rehearse' for usage details. The following rehearsable tests have been affected by this change:

Test name	Repo	Type	Reason
pull-ci-openshift-installer-master-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-master-altinfra-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.17-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.17-altinfra-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.16-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.16-altinfra-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.15-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
pull-ci-openshift-installer-release-4.15-altinfra-e2e-aws-custom-security-groups	openshift/installer	presubmit	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-multi-nightly-aws-ipi-usertags-custom-sg-fips-amd-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-4.15-upgrade-from-stable-4.14-aws-ipi-usertags-custom-sg-fips-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-nightly-aws-rosa-sts-hcp-advanced-int-full-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-multi-nightly-aws-ipi-usertags-custom-sg-arm-f5	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-stable-aws-ipi-usertags-custom-sg-fips-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-amd64-stable-aws-rosa-sts-hcp-private-link-stage-critical-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-rosa-sts-hcp-private-link-int-full-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-ec-aws-rosa-sts-advanced-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-aws-rosa-sts-advanced-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.15-multi-nightly-aws-ipi-usertags-custom-sg-fips-amd-f9-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-multi-nightly-aws-ipi-usertags-custom-sg-fips-amd-f28-destructive	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-stable-aws-rosa-sts-hcp-advanced-stage-critical-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-stable-aws-rosa-sts-hcp-private-link-stage-critical-f14	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-arm64-nightly-4.16-upgrade-from-stable-4.15-aws-ipi-usertags-custom-sg-f28	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.14-amd64-nightly-aws-rosa-sts-hcp-private-link-stage-full-f7	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-master-rosacli-aws-rosa-sts-advanced-e2e-f3	N/A	periodic	Registry content changed
periodic-ci-openshift-openshift-tests-private-release-4.16-amd64-nightly-aws-rosa-sts-hcp-advanced-int-full-f7	N/A	periodic	Registry content changed

A total of 60 jobs have been affected by this change. The above listing is non-exhaustive and limited to 25 jobs.

A full list of affected jobs can be found here

Interacting with pj-rehearse

Comment: /pj-rehearse to run up to 5 rehearsals
Comment: /pj-rehearse skip to opt-out of rehearsals
Comment: /pj-rehearse {test-name}, with each test separated by a space, to run one or more specific rehearsals
Comment: /pj-rehearse more to run up to 10 rehearsals
Comment: /pj-rehearse max to run up to 25 rehearsals
Comment: /pj-rehearse auto-ack to run up to 5 rehearsals, and add the rehearsals-ack label on success
Comment: /pj-rehearse abort to abort all active rehearsals

Once you are satisfied with the results of the rehearsals, comment: /pj-rehearse ack to unblock merge. When the rehearsals-ack label is present on your PR, merge will no longer be blocked by rehearsals.
If you would like the rehearsals-ack label removed, comment: /pj-rehearse reject to re-block merging.

[r4f4]

/pj-rehearse pull-ci-openshift-installer-master-e2e-aws-custom-security-groups pull-ci-openshift-installer-master-altinfra-e2e-aws-custom-security-groups periodic-ci-openshift-openshift-tests-private-release-4.16-arm64-ec-aws-ipi-usertags-custom-sg-f14

[r4f4]

/pj-rehearse pull-ci-openshift-installer-master-altinfra-e2e-aws-custom-security-groups

[r4f4]

altinfra-e2e-aws-custom-security-groups passed the machines created phase and it's failling because of an issue with shared VPCs in CAPA.

/pj-rehease ack

[r4f4]

/assign @yunjiang29

[r4f4]

/pj-rehearse ack

[patrickdillon]

/lgtm
/approve

[openshift-ci]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: patrickdillon, r4f4

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• ci-operator/step-registry/aws/OWNERS [patrickdillon]
• ci-operator/step-registry/ipi/conf/aws/custom-security-groups/OWNERS [patrickdillon]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[openshift-ci]

@r4f4: The following test failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
ci/rehearse/openshift/installer/master/altinfra-e2e-aws-custom-security-groups	1b22788	link	unknown	/pj-rehearse pull-ci-openshift-installer-master-altinfra-e2e-aws-custom-security-groups

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.