Loading...

XML

Word

Printable

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: None
Affects Version/s: 4.21
Component/s: HyperShift / ARO
Labels:
None

Activity Type:
Quality / Stability / Reliability
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Story Points:
None
Severity:
Critical
Regression:
None

Target Backport Versions:
None
Target Version:
None
Release Blocker:
Rejected
Sprint:
None

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

PX Impact Score:

Release Note Status:
None
Release Note Type:
None
Release Note Text:
None

Escape Reason:
None
Escape Impact:
None
Corrective Measures:
None
SDLC stage when should've been found:
None

Description of problem:

After set SHARED_INGRESS_AZURE_PIP_IP_TAGS env var for HO, failed to create azure vm, the hostedcluster keep in progress status

Version-Release number of selected component (if applicable):

4.21.0-0.nightly-2025-10-09-210657

How reproducible:

always

Steps to Reproduce:

    1.Installed HO in aks cluster
    2.Set SHARED_INGRESS_AZURE_PIP_IP_TAGS env for HO deploy
oc set env deploy/operator SHARED_INGRESS_AZURE_PIP_IP_TAGS="RoutingPreference=Internet" -n hypershift
    3.Check if the router svc has annotation set
    4.Create the hosted cluster
    5. Check the hostedcluster and azure machine

Actual results:

3. The annotation has been set in router svc
oc get svc router -n hypershift-sharedingress -ojsonpath='{..metadata.annotations}'  | jq -r
{
  "service.beta.kubernetes.io/azure-pip-ip-tags": "RoutingPreference=Internet"
}
5.
=====================
 hc xiuwang-aks-hc-1011-1  was created before set SHARED_INGRESS_AZURE_PIP_IP_TAGS to HO, it installed successfully. xiuwang-ingress-tag-hc-1011-1  hc was created after set the env
=====================
oc get hc -A
NAMESPACE   NAME                            VERSION                              KUBECONFIG                                       PROGRESS    AVAILABLE   PROGRESSING   MESSAGE
clusters    xiuwang-aks-hc-1011-1           4.21.0-0.nightly-2025-10-09-210657   xiuwang-aks-hc-1011-1-admin-kubeconfig           Completed   True        False         The hosted control plane is available
clusters    xiuwang-ingress-tag-hc-1011-1                                        xiuwang-ingress-tag-hc-1011-1-admin-kubeconfig   Partial     True        False         The hosted control plane is available

oc get azuremachine  -A
NAMESPACE                                NAME                                        READY   SEVERITY   REASON   STATE       AGE
clusters-xiuwang-aks-hc-1011-1           xiuwang-aks-hc-1011-1-4wwlh-2krtt           True                        Succeeded   93m
clusters-xiuwang-aks-hc-1011-1           xiuwang-aks-hc-1011-1-4wwlh-qnh85           True                        Succeeded   93m
clusters-xiuwang-ingress-tag-hc-1011-1   xiuwang-ingress-tag-hc-1011-1-2bqfs-pmclh   True                        Failed      65m
clusters-xiuwang-ingress-tag-hc-1011-1   xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc   True                        Failed      65m

=====================
there are no tags created for the public ip addresses
=====================

az network public-ip list --resource-group $MANAGED_RG_NAME
[
  {
    "ddosSettings": {
      "protectionMode": "VirtualNetworkInherited"
    },
    "etag": "W/\"baac0bb5-f552-440b-ac62-cf2027b5cfc2\"",
    "id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/xiuwang-ingress-tag-managed-rg/providers/Microsoft.Network/publicIPAddresses/xiuwang-ingress-tag-h-lz7k7",
    "idleTimeoutInMinutes": 4,
    "ipAddress": "172.172.226.153",
    "ipConfiguration": {
      "id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/xiuwang-ingress-tag-managed-rg/providers/Microsoft.Network/loadBalancers/xiuwang-ingress-tag-h-lz7k7/frontendIPConfigurations/xiuwang-ingress-tag-h-lz7k7",
      "resourceGroup": "xiuwang-ingress-tag-managed-rg"
    },
    "ipTags": [],
    "location": "eastus",
    "name": "xiuwang-ingress-tag-h-lz7k7",
    "provisioningState": "Succeeded",
    "publicIPAddressVersion": "IPv4",
    "publicIPAllocationMethod": "Static",
    "resourceGroup": "xiuwang-ingress-tag-managed-rg",
    "resourceGuid": "e49e1942-665f-4271-9532-77fad9e6b98d",
    "sku": {
      "name": "Standard",
      "tier": "Regional"
    },
    "type": "Microsoft.Network/publicIPAddresses"
  },
  {
    "ddosSettings": {
      "protectionMode": "VirtualNetworkInherited"
    },
    "etag": "W/\"5670100b-2975-4c9d-933d-1556d999a73c\"",
    "id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/xiuwang-ingress-tag-managed-rg/providers/Microsoft.Network/publicIPAddresses/xiuwang-ingress-tag-h-lz7k7-a9ddd8633efca4c929beaf423a844ba8",
    "idleTimeoutInMinutes": 4,
    "ipAddress": "4.255.12.143",
    "ipConfiguration": {
      "id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/xiuwang-ingress-tag-managed-rg/providers/Microsoft.Network/loadBalancers/xiuwang-ingress-tag-h-lz7k7/frontendIPConfigurations/a9ddd8633efca4c929beaf423a844ba8",
      "resourceGroup": "xiuwang-ingress-tag-managed-rg"
    },
    "ipTags": [],
    "location": "eastus",
    "name": "xiuwang-ingress-tag-h-lz7k7-a9ddd8633efca4c929beaf423a844ba8",
    "provisioningState": "Succeeded",
    "publicIPAddressVersion": "IPv4",
    "publicIPAllocationMethod": "Static",
    "resourceGroup": "xiuwang-ingress-tag-managed-rg",
    "resourceGuid": "5d34fe8f-b328-41af-989d-d80905b185f9",
    "sku": {
      "name": "Standard",
      "tier": "Regional"
    },
    "tags": {
      "k8s-azure-cluster-name": "xiuwang-ingress-tag-h-lz7k7",
      "k8s-azure-service": "openshift-ingress/router-default"
    },
    "type": "Microsoft.Network/publicIPAddresses",
    "zones": [
      "2",
      "3",
      "1"
    ]
  }
]
=====================
There are error in CAPI pod
=====================
E1011 08:53:41.741966       1 controller.go:347] "Reconciler error" err=<
        failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create or update resource xiuwang-ingress-tag-managed-rg/xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc (service: virtualmachine): GET https://management.azure.com/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/providers/Microsoft.Compute/locations/eastus/operations/1a4d9304-9823-4bcc-aaf0-72b4f17c4da5
        --------------------------------------------------------------------------------
        RESPONSE 200: 200 OK
        ERROR CODE: OSProvisioningTimedOut
        --------------------------------------------------------------------------------
        {
          "startTime": "2025-10-11T08:33:19.1037241+00:00",
          "endTime": "2025-10-11T08:53:32.9348151+00:00",
          "status": "Failed",
          "error": {
            "code": "OSProvisioningTimedOut",
            "message": "OS Provisioning for VM 'xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc' did not finish in the allotted time. The VM may still finish provisioning successfully. Please check provisioning state later. For details on how to check current provisioning state of Windows VMs, refer to https://aka.ms/WindowsVMLifecycle and Linux VMs, refer to https://aka.ms/LinuxVMLifecycle."
          },
          "name": "1a4d9304-9823-4bcc-aaf0-72b4f17c4da5"
        }
        --------------------------------------------------------------------------------

Expected results:

Should set the tag for public ip addresses, and create the hosted cluster successfully

Additional info:

Here is the dump log https://drive.google.com/file/d/12h19p9PmA0-i-R2LaKTRulE9anY1tj73/view?usp=drive_link

Assignee:: Unassigned

Reporter:: XiuJuan Wang

Need Info From:: None

Contributors:: None

QA Contact:: XiuJuan Wang

Doc Contact:: None

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/10/11 9:48 AM

Updated:: 2025/10/13 12:13 PM

Details

Description

Attachments

Easy Agile Planning Poker

Activity

People

Dates

Hide