oracle
CCM config `loadBalancer.securityListManagementMode` ignored
I am having an issue with the CCM LB Controller. Out of the possible values for the cloud-provider.yaml, loadBalancer.securityListManagementMode, the controller always reads None:
2025-06-05T15:14:03.894Z INFO oci/load_balancer_security_lists.go:95 Security list management mode: "None". Not managing security lists. {"component": "cloud-controller-manager"}
2025-06-05T15:14:03.895Z WARN oci/util.go:175 oke resource tracking system tags are not present in cloud-config.yaml {"component": "cloud-controller-manager", "loadBalancerName": "********-test/echoserver/2fa3eb61-6507-47a0-a4d7-6b3ac132f4ca", "serviceName": "echoserver", "loadBalancerType": "nlb", "serviceUid": "2fa3eb61-6507-47a0-a4d7-6b3ac132f4ca", "loadBalancerID": "ocid1.networkloadbalancer.oc1.iad..ddyq", "loadBalancerType": "nlb"}
If I set it to an invalid value, the LBC crashes (as expected):
F0605 15:13:01.878708 1 main.go:82] Cloud provider could not be initialized: could not init cloud provider "oci": loadBalancer.securityListManagementMode: Invalid value: "Donkey": invalid security list management mode
So I know it's reading my config secret properly.
Is there anything that would cause it not manage any of the security groups even though we set loadBalancer.securityListManagementMode: Frontend? The LoadBalancer is created ok but there is no security group attached so it doesn't pass traffic.
Note that if i add the annotation oci-network-load-balancer.oraclecloud.com/security-list-management-mode: "Frontend" I see in the CCM logs that this recognised for this specific instance of the LB, and the LB now passes traffic. However the OCI console for the LB still doesn't show any LB.
Should it be possible to set the default securityListManagementMode via the CCM config?
When you set loadBalancer.securityListManagementMode: Frontend are you perhaps not specifying loadbalancer.subnet1: ocid1.subnet.oc1.iad.aaaaaa in your provider-config.yaml (CCM config)?
