Trigger a Network Validation error during cluster creation - RedHatInsights/uhc-portal GitHub Wiki

These instructions trigger a network validation error on OSD/ROSA cluster creation process by using a DNS firewall to block a required endpoint (quay.io) for network verifier testing.

Goal

Setup a network verifier test environment that intentionally breaks a cluster install. Use these steps to block an essential endpoint, quay.io, which is essential to cluster provisioning.

Create VPC (ROSA documentation)

1. Goto https://your-region.console.aws.amazon.com/vpc/home
2. Click “Create VPC” On the VPC settings, we could set the parameters as follows:
   • Resources to create: 'VPC and more'
   • Name: vpc-in-error
   • Number of availability zones: 1
   • Number of public subnets: 1
   • Number of private subnets: 1
   • Nat gateways: in 1 AZ
   • VPC endpoints: none
   • Enable DNS hostnames
   • Enable DNS resolution
3. Click on 'Create VPC'

Block endpoint using DNS Firewall

1. Goto VPC -> DNS Firewall -> Rule groups -> Add rule group
   • Name: block-quay
2. Hit create a new domain list
   • Enter one domain per line: quay.io
   • Action
     • BLOCK
     • NXDOMAIN
3. Associate the DNS blocking rule with the VPC you created in the first step:
   • Goto: VPC -> DNS Firewall -> Rule Groups -> Associated VPCs -> Associate the rule with the VPC 'vpc-in-error' you created previously

Create Cluster, trigger network validation error

1. Create a OSD or Rosa cluster, select 'Install into existing VPC' and select the 'vpc-in-error' VPC.
2. Continue thru the cluster creation wizard and click [Create cluster].
3. You should eventually see the network validation error with the ability to 'rerun' the network validation test: