New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

The Azure Cloud Controller Manager was unable to create an Internet exposed Load Balancer #71789

Closed
marc-sensenich opened this Issue Dec 6, 2018 · 1 comment

Comments

Projects
None yet
3 participants
@marc-sensenich
Contributor

marc-sensenich commented Dec 6, 2018

What happened:
The Azure Cloud Controller Manager was unable to create an Internet exposed Load Balancer with type: LoadBalancer without any additional source addresses

Error encountered

E1205 22:27:36.049674       1 azure_backoff.go:348] processHTTPRetryResponse: backoff failure, will retry, err=network.SecurityGroupsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Origina
l Error: Code="SecurityRuleParameterContainsUnsupportedValue" Message="Security rule parameter SourceAddressPrefix for rule with Id /subscriptions/sub-id/resourceGroups/my-resource-group/providers/Microsoft.Network/networkSecurityGroups/my-nsg/securityRules/abc123-TCP-80 cannot specify existin
g VIRTUALNETWORK, INTERNET, AZURELOADBALANCER, '*' or system tags. Unsupported value used: Internet." Details=[]

What you expected to happen:
The Azure Cloud Controller Manager should create an Internet exposed Load Balancer with type: LoadBalancer

How to reproduce it (as minimally and precisely as possible):

In an Azure enabled cluster run the following: kubectl apply -f nginx.yaml

nginx.yaml

apiVersion: apps/v1
kind: Deployment
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  replicas: 1
  selector:
    matchLabels:
      app: nginx
  template:
    metadata:
      labels:
        app: nginx
    spec:
      containers:
      - image: nginx
        name: nginx
        resources: {}
---
apiVersion: v1
kind: Service
metadata:
  labels:
    app: nginx
  name: nginx
spec:
  ports:
  - name: "80"
    port: 80
    protocol: TCP
    targetPort: 80
  selector:
    app: nginx
  type: LoadBalancer

Anything else we need to know?:

My initial guess is that it is related to sending sourceAddressPrefixes: [ "Internet" ] as a list with only the value Internet instead of sending sourceAddressPrefix: "Internet" based on https://docs.microsoft.com/en-us/rest/api/virtualnetwork/securityrules/createorupdate#request-body.

Lines of code:

Environment:

  • Kubernetes version (use kubectl version):
Client Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.2", GitCommit:"17c77c7898218073f14c8d573582e8d2313dc740", GitTreeState:"clean", BuildDate:"2018-10-24T06:54:59Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"12", GitVersion:"v1.12.2", GitCommit:"17c77c7898218073f14c8d573582e8d2313dc740", GitTreeState:"clean", BuildDate:"2018-10-24T06:43:59Z", GoVersion:"go1.10.4", Compiler:"gc", Platform:"linux/amd64"}
  • Cloud provider or hardware configuration: Azure
  • OS (e.g. from /etc/os-release):
  • Kernel (e.g. uname -a):
  • Install tools:
  • Others:

Cloud Controller Manager is running at commit https://github.com/kubernetes/kubernetes/tree/809eaa7025 due to #71736

/kind bug
/sig azure

@marc-sensenich marc-sensenich changed the title from The Azure Cloud Controller Manager was unable to create an Internet exposed Load Balance to The Azure Cloud Controller Manager was unable to create an Internet exposed Load Balancer Dec 6, 2018

@feiskyer

This comment has been minimized.

Member

feiskyer commented Dec 10, 2018

Sorry, didn't notice 'Internet' is not supported within the sourceAddressPrefixes field. The error is introduced in #71484. Let me file another PR to fix it.

/kind bug
/priority critical-urgent
/assign

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment