Bug 2060650
| Summary: | Azure: Creating an LB with port 6443 always fails | ||
|---|---|---|---|
| Product: | OpenShift Container Platform | Reporter: | aaleman |
| Component: | Cloud Compute | Assignee: | Joel Speed <jspeed> |
| Cloud Compute sub component: | Cloud Controller Manager | QA Contact: | sunzhaohua <zhsun> |
| Status: | CLOSED NOTABUG | Docs Contact: | |
| Severity: | medium | ||
| Priority: | low | CC: | aos-bugs |
| Version: | 4.10 | ||
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-05-24 09:54:41 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
I'm not sure there's a lot we could do here. On Azure, the services all have to have a unique user facing port as the load balancers are shared across all nodes. OpenShift already uses port 6443 for the API internal load balancer, I think all we can say is that customers shouldn't try to use port 6443. Is there a particular reason you are using this port/want to reuse this port multiple times? As this has been stale for almost three months now, I'm going to close this one out. If you need further advice please reopen the issue |
Description of problem: Creating a service type loadbalancer with port: 6443 on an Azure IPI cluster always fails Version-Release number of selected component (if applicable): Server Version: 4.9.15 How reproducible: 100% Steps to Reproduce: Apply a manifest like this onto an Azure cluster: apiVersion: v1 kind: Service metadata: name: test namespace: default spec: ports: - port: 6443 protocol: TCP selector: app: test type: LoadBalancer Actual results: $ k describe svc -n default test Name: test Namespace: default Labels: <none> Annotations: <none> Selector: app=test Type: LoadBalancer IP Family Policy: SingleStack IP Families: IPv4 IP: 172.30.10.94 IPs: 172.30.10.94 LoadBalancer Ingress: 52.191.34.152 Port: <unset> 6443/TCP TargetPort: 6443/TCP NodePort: <unset> 32581/TCP Endpoints: <none> Session Affinity: None External Traffic Policy: Cluster Events: Type Reason Age From Message ---- ------ ---- ---- ------- Normal EnsuredLoadBalancer 2m43s service-controller Ensured load balancer Normal EnsuringLoadBalancer 66s (x6 over 2m55s) service-controller Ensuring load balancer Warning SyncLoadBalancerFailed 66s (x5 over 2m24s) service-controller Error syncing load balancer: failed to ensure load balancer: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 400, RawError: Retriable: false, RetryAfter: 0s, HTTPStatusCode: 400, RawError: { "error": { "code": "RulesUseSameBackendPortProtocolAndPool", "message": "Load balancing rules /subscriptions/89a9ba4b-8b66-446a-813d-a9ed3a129e3d/resourceGroups/alvaro-aleman-azurecl-q6km8-rg/providers/Microsoft.Network/loadBalancers/alvaro-aleman-azurecl-q6km8/loadBalancingRules/api-internal-v4 and /subscriptions/89a9ba4b-8b66-446a-813d-a9ed3a129e3d/resourceGroups/alvaro-aleman-azurecl-q6km8-rg/providers/Microsoft.Network/loadBalancers/alvaro-aleman-azurecl-q6km8/loadBalancingRules/ac99042e055cd47cf8b01e4778aa45bb-TCP-6443 with floating IP disabled use the same protocol Tcp and backend port 6443, and must not be used with the same backend address pool /subscriptions/89a9ba4b-8b66-446a-813d-a9ed3a129e3d/resourceGroups/alvaro-aleman-azurecl-q6km8-rg/providers/Microsoft.Network/loadBalancers/alvaro-aleman-azurecl-q6km8/backendAddressPools/alvaro-aleman-azurecl-q6km8.", "details": [] } } Expected results: A loadbalancer Additional info: