-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
4.21
-
None
-
Quality / Stability / Reliability
-
False
-
-
None
-
Critical
-
None
-
None
-
None
-
Rejected
-
None
-
None
-
None
-
None
-
None
-
None
-
None
-
None
Description of problem:
After set SHARED_INGRESS_AZURE_PIP_IP_TAGS env var for HO, router svc of sharedingress doesn't update the public ip while public ip has been recreated in aro hcp resouregroup. This may caused azure vm created timeout in hcp, the hostedcluster keep in progress status.
Version-Release number of selected component (if applicable):
4.21.0-0.nightly-2025-10-09-210657
How reproducible:
always
Steps to Reproduce:
1.Installed HO in aks cluster
2.Set SHARED_INGRESS_AZURE_PIP_IP_TAGS env for HO deploy
oc set env deploy/operator SHARED_INGRESS_AZURE_PIP_IP_TAGS="RoutingPreference=Internet" -n hypershift
3.Check if the router svc has annotation set and public ip changed
4.Create a hosted cluster
5. Check the hostedcluster and azure machine
Actual results:
3. The annotation has been set in router svc
@@ -1,6 +1,8 @@
apiVersion: v1
kind: Service
metadata:
+ annotations:
+ service.beta.kubernetes.io/azure-pip-ip-tags: RoutingPreference=Internet
creationTimestamp: "2025-10-14T02:44:58Z"
finalizers:
- service.kubernetes.io/load-balancer-cleanup
@@ -8,7 +10,7 @@
app: router
name: router
namespace: hypershift-sharedingress
- resourceVersion: "6565"
+ resourceVersion: "10142"
uid: 81a71a50-db5e-470d-b2d0-2dc220bbe01f
spec:
allocateLoadBalancerNodePorts: true
@@ -41,4 +43,3 @@
ingress:
- ip: 20.242.170.203
ipMode: VIP
-
5.
=====================
hc xiuwang-aks-hc-1011-1 was created before set SHARED_INGRESS_AZURE_PIP_IP_TAGS to HO, it installed successfully. xiuwang-ingress-tag-hc-1011-1 hc was created after set the env
=====================
oc get hc -A
NAMESPACE NAME VERSION KUBECONFIG PROGRESS AVAILABLE PROGRESSING MESSAGE
clusters xiuwang-aks-hc-1011-1 4.21.0-0.nightly-2025-10-09-210657 xiuwang-aks-hc-1011-1-admin-kubeconfig Completed True False The hosted control plane is available
clusters xiuwang-ingress-tag-hc-1011-1 xiuwang-ingress-tag-hc-1011-1-admin-kubeconfig Partial True False The hosted control plane is available
oc get azuremachine -A
NAMESPACE NAME READY SEVERITY REASON STATE AGE
clusters-xiuwang-aks-hc-1011-1 xiuwang-aks-hc-1011-1-4wwlh-2krtt True Succeeded 93m
clusters-xiuwang-aks-hc-1011-1 xiuwang-aks-hc-1011-1-4wwlh-qnh85 True Succeeded 93m
clusters-xiuwang-ingress-tag-hc-1011-1 xiuwang-ingress-tag-hc-1011-1-2bqfs-pmclh True Failed 65m
clusters-xiuwang-ingress-tag-hc-1011-1 xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc True Failed 65m
=====================
the public ip has been recreated with iptags
=====================
AKS_NODE_RG=MC_xiuwang-aks-aks-rg_xiuwang-aks-aks-cluster_eastus
diff -uNr /tmp/d4 /tmp/d3
--- /tmp/d4 2025-10-14 11:01:28
+++ /tmp/d3 2025-10-14 11:01:02
@@ -39,22 +39,23 @@
"ddosSettings": {
"protectionMode": "VirtualNetworkInherited"
},
- "etag": "W/\"924b012a-e1ba-4258-b415-86f96d51789f\"",
+ "etag": "W/\"ba3ddb2a-8515-43fd-97d2-5744ebb3b5d4\"",
"id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/mc_xiuwang-aks-aks-rg_xiuwang-aks-aks-cluster_eastus/providers/Microsoft.Network/publicIPAddresses/kubernetes-a81a71a50db5e470db2d02dc220bbe01",
"idleTimeoutInMinutes": 4,
- "ipAddress": "20.242.170.203",
- "ipConfiguration": {
- "id": "/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/resourceGroups/mc_xiuwang-aks-aks-rg_xiuwang-aks-aks-cluster_eastus/providers/Microsoft.Network/loadBalancers/kubernetes/frontendIPConfigurations/a81a71a50db5e470db2d02dc220bbe01",
- "resourceGroup": "mc_xiuwang-aks-aks-rg_xiuwang-aks-aks-cluster_eastus"
- },
- "ipTags": [],
+ "ipAddress": "40.87.39.61",
+ "ipTags": [
+ {
+ "ipTagType": "RoutingPreference",
+ "tag": "Internet"
+ }
+ ],
"location": "eastus",
"name": "kubernetes-a81a71a50db5e470db2d02dc220bbe01",
"provisioningState": "Succeeded",
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"resourceGroup": "mc_xiuwang-aks-aks-rg_xiuwang-aks-aks-cluster_eastus",
- "resourceGuid": "4fd911dd-fd31-4929-b5d8-8fca629ea901",
+ "resourceGuid": "c5702069-b624-4ad4-9169-63143659c27b",
"sku": {
"name": "Standard",
"tier": "Regional"
@@ -73,4 +74,3 @@
]
}
]
-
=====================
There are error in CAPI pod
=====================
E1011 08:53:41.741966 1 controller.go:347] "Reconciler error" err=<
failed to reconcile AzureMachine: failed to reconcile AzureMachine service virtualmachine: failed to create or update resource xiuwang-ingress-tag-managed-rg/xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc (service: virtualmachine): GET https://management.azure.com/subscriptions/53b8f551-f0fc-4bea-8cba-6d1fefd54c8a/providers/Microsoft.Compute/locations/eastus/operations/1a4d9304-9823-4bcc-aaf0-72b4f17c4da5
--------------------------------------------------------------------------------
RESPONSE 200: 200 OK
ERROR CODE: OSProvisioningTimedOut
--------------------------------------------------------------------------------
{
"startTime": "2025-10-11T08:33:19.1037241+00:00",
"endTime": "2025-10-11T08:53:32.9348151+00:00",
"status": "Failed",
"error": {
"code": "OSProvisioningTimedOut",
"message": "OS Provisioning for VM 'xiuwang-ingress-tag-hc-1011-1-2bqfs-vtkbc' did not finish in the allotted time. The VM may still finish provisioning successfully. Please check provisioning state later. For details on how to check current provisioning state of Windows VMs, refer to https://aka.ms/WindowsVMLifecycle and Linux VMs, refer to https://aka.ms/LinuxVMLifecycle."
},
"name": "1a4d9304-9823-4bcc-aaf0-72b4f17c4da5"
}
--------------------------------------------------------------------------------
Expected results:
Should set the tag for public ip addresses, and create the hosted cluster successfully
Additional info:
Here is the dump log https://drive.google.com/file/d/12h19p9PmA0-i-R2LaKTRulE9anY1tj73/view?usp=drive_link