-
Epic
-
Resolution: Unresolved
-
Major
-
None
-
4.19.z, 4.20
-
Add support for internal load-balancers for gateways
-
Quality / Stability / Reliability
-
-
100% To Do, 0% In Progress, 0% Done
-
False
-
-
False
-
Not Selected
-
None
-
None
-
Rejected
Description of problem:
When creating gateway on AWS/Azure/GCP private cluster, the istio always creates External LB for the gateway.
In AWS private cluster, the external LB stuck in pending status and report error:
Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB
In Azure/GCP private cluster, the gateway LB is provisioned but External-IP is unexpected, see example output below:
// Azure
$ oc -n openshift-ingress get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gwapi-openshift-default LoadBalancer 172.30.109.231 172.184.198.232 15021:31954/TCP,80:30486/TCP 40m
router-default LoadBalancer 172.30.51.75 10.0.1.4 80:31985/TCP,443:31807/TCP 6h41m
// GCP
$ oc -n openshift-ingress get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
gwapi-openshift-default LoadBalancer 172.30.170.190 34.72.156.124 15021:30089/TCP,80:31901/TCP 23m
router-default LoadBalancer 172.30.39.227 10.0.128.2 80:32375/TCP,443:31575/TCP 7h17m
Version-Release number of selected component (if applicable):
4.19/4.20
How reproducible:
100%
Steps to Reproduce:
1. setup AWS/Azure/GCP private cluster
2. create gatewayclass
3. create gateway
Actual results:
gateway LB svc stuck in pending $ oc get gatewayclass NAME CONTROLLER ACCEPTED AGE openshift-default openshift.io/gateway-controller/v1 True 13m $ oc -n openshift-ingress get gateway NAME CLASS ADDRESS PROGRAMMED AGE mygateway openshift-default False 11m $ oc -n openshift-ingress get svc NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE istiod-openshift-gateway ClusterIP 172.30.161.38 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 13m mygateway-openshift-default LoadBalancer 172.30.46.124 <pending> 15021:32018/TCP,80:31093/TCP 11m router-default LoadBalancer 172.30.246.32 internal-abc01c3b2acf94290a737ac93d8be680-223623347.ap-northeast-1.elb.amazonaws.com 80:30804/TCP,443:30529/TCP 58m router-internal-default ClusterIP 172.30.39.26 <none> 80/TCP,443/TCP,1936/TCP 58m
Expected results:
gateway should support to create internal LB in private cluster
Additional info:
workaround: adding the annotation to LB service manually
$ oc -n openshift-ingress annotate svc mygateway-openshift-default service.beta.kubernetes.io/aws-load-balancer-internal="true"
service/mygateway-openshift-default annotated
$ oc -n openshift-ingress get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
istiod-openshift-gateway ClusterIP 172.30.161.38 <none> 15010/TCP,15012/TCP,443/TCP,15014/TCP 31m
mygateway-openshift-default LoadBalancer 172.30.123.93 internal-aac85592640ba46ca804c0e60324ce43-1864538304.ap-northeast-1.elb.amazonaws.com 15021:30754/TCP,80:30766/TCP 2m38s
router-default LoadBalancer 172.30.246.32 internal-abc01c3b2acf94290a737ac93d8be680-223623347.ap-northeast-1.elb.amazonaws.com 80:30804/TCP,443:30529/TCP 76m
router-internal-default ClusterIP 172.30.39.26 <none> 80/TCP,443/TCP,1936/TCP 76m
$ oc -n openshift-ingress get gateway
NAME CLASS ADDRESS PROGRAMMED AGE
mygateway openshift-default internal-aac85592640ba46ca804c0e60324ce43-1864538304.ap-northeast-1.elb.amazonaws.com True 30m
Slack thread: https://redhat-internal.slack.com/archives/CBWMXQJKD/p1749719908434459.
- is caused by
-
OCPSTRAT-569 AWS - Allocate Load Balancers (API & Ingress) to Specific Subnets
-
- Closed
-
