Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Major
Fix Version/s: None
Affects Version/s: 4.19.z
Component/s: Networking / router
Labels:
- gateway-api
- ne-triaged

Work Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Important
Regression:
No

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

    When creating gateway on AWS/Azure/GCP private cluster, the istio always creates External LB for the gateway. In AWS private cluster, the external LB stuck in pending status and report error:

Error syncing load balancer: failed to ensure load balancer: could not find any suitable subnets for creating the ELB

Version-Release number of selected component (if applicable):

    4.19/4.20

How reproducible:

    100%

Steps to Reproduce:

    1. setup AWS private cluster
    2. create gatewayclass
    3. create gateway

Actual results:

gateway LB svc stuck in pending

$ oc get gatewayclass
NAME                CONTROLLER                           ACCEPTED   AGE
openshift-default   openshift.io/gateway-controller/v1   True       13m

$ oc -n openshift-ingress get gateway
NAME        CLASS               ADDRESS   PROGRAMMED   AGE
mygateway   openshift-default             False        11m

$ oc -n openshift-ingress get svc
NAME                          TYPE           CLUSTER-IP      EXTERNAL-IP                                                                            PORT(S)                                 AGE
istiod-openshift-gateway      ClusterIP      172.30.161.38   <none>                                                                                 15010/TCP,15012/TCP,443/TCP,15014/TCP   13m
mygateway-openshift-default   LoadBalancer   172.30.46.124   <pending>                                                                              15021:32018/TCP,80:31093/TCP            11m
router-default                LoadBalancer   172.30.246.32   internal-abc01c3b2acf94290a737ac93d8be680-223623347.ap-northeast-1.elb.amazonaws.com   80:30804/TCP,443:30529/TCP              58m
router-internal-default       ClusterIP      172.30.39.26    <none>                                                                                 80/TCP,443/TCP,1936/TCP                 58m

Expected results:

    gateway should support to create internal LB in private cluster

Additional info:

    workaround: adding the annotation to LB service manually

$ oc -n openshift-ingress annotate svc mygateway-openshift-default service.beta.kubernetes.io/aws-load-balancer-internal="true" 
service/mygateway-openshift-default annotated

$ oc -n openshift-ingress get svc 
NAME                          TYPE           CLUSTER-IP      EXTERNAL-IP                                                                             PORT(S)                                 AGE
istiod-openshift-gateway      ClusterIP      172.30.161.38   <none>                                                                                  15010/TCP,15012/TCP,443/TCP,15014/TCP   31m
mygateway-openshift-default   LoadBalancer   172.30.123.93   internal-aac85592640ba46ca804c0e60324ce43-1864538304.ap-northeast-1.elb.amazonaws.com   15021:30754/TCP,80:30766/TCP            2m38s
router-default                LoadBalancer   172.30.246.32   internal-abc01c3b2acf94290a737ac93d8be680-223623347.ap-northeast-1.elb.amazonaws.com    80:30804/TCP,443:30529/TCP              76m
router-internal-default       ClusterIP      172.30.39.26    <none>                                                                                  80/TCP,443/TCP,1936/TCP                 76m

$ oc -n openshift-ingress get gateway
NAME        CLASS               ADDRESS                                                                                 PROGRAMMED   AGE
mygateway   openshift-default   internal-aac85592640ba46ca804c0e60324ce43-1864538304.ap-northeast-1.elb.amazonaws.com   True         30m

Assignee:: NID Team Bot

Reporter:: Hongan Li

Need Info From:: None

Contributors:: None

QA Contact:: Ishmam Amin

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2025/06/13 8:27 AM

Updated:: 2025/07/12 1:15 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates