-
Bug
-
Resolution: Done
-
Major
-
maistra-0.11.0
-
None
When you deploy two control planes, the operator can't create the istio-ingressgateway service in the second control plane, due to the NodePort already being used by the first control plane:
$ kubectl -n istio-system2 get servicemeshcontrolplanes.maistra.io multitenant-install -o json | jq .status
{
"conditions": [
{
"lastTransitionTime": "2019-05-29T12:33:49Z",
"message": "Service \"istio-ingressgateway\" is invalid: spec.ports[1].nodePort: Invalid value: 31380: provided port is already allocated",
"reason": "InstallError",
"status": "False",
"type": "Installed"
},
{
"lastTransitionTime": "2019-05-29T12:33:49Z",
"message": "Service \"istio-ingressgateway\" is invalid: spec.ports[1].nodePort: Invalid value: 31380: provided port is already allocated",
"reason": "InstallError",
"status": "False",
"type": "Reconciled"
}
],
"observedGeneration": 1
}
The values for the nodePorts are effectively hard-coded in the operator (in the charts inside the operator) and can't be configured (e.g. in the ServiceMeshControlPlane object).
Actually, on clusters where multitenancy makes sense, using node ports probably won't be allowed at all.
