Configuration for Single Node, single zone IPI Cluster still creates multiple NAT Gateways in AWS - 4.16.44 #9838
Description
When doing an IPI install of Openshift 4.16.44 to create a single node cluster in a single Availability Zone on AWS, the Openshift installer creates a VPC with subnets and NAT gateways in three AZ's, resulting in unnecessary cost. The additional subnets and NAT Gateways are unnecessary for a single node cluster and simply result in wasted cost on NAT Gateways and public IP Addresses along with an increased attack surface.
This is the install-config.yaml
additionalTrustBundlePolicy: Proxyonly
apiVersion: v1
baseDomain: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
compute:
- architecture: amd64
hyperthreading: Enabled
name: worker
platform: {}
replicas: 0
controlPlane:
architecture: amd64
hyperthreading: Enabled
name: master
platform:
aws:
type: c6a.8xlarge
zones:
- eu-west-2a
replicas: 1
metadata:
creationTimestamp: null
name: quay-1
networking:
clusterNetwork:
- cidr: 10.128.0.0/14
hostPrefix: 23
machineNetwork:
- cidr: 10.0.0.0/16
networkType: OVNKubernetes
serviceNetwork:
- 172.30.0.0/16
platform:
aws:
region: eu-west-2
zones:
- eu-west-2a
publish: External
pullSecret: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxExpected behaviour is that the installer would not create resources in availability zones that are not listed in the install-config.yaml. For the install-config.yaml above this would mean a vpc with one public and one private subnet in eu-west-2a, along with a single NAT gateway using a single public IP address in the same zone. What it creates however is this:
