Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure cloud provider only creates rules in the control plane NSG #730

Open
gmlexx opened this issue Dec 9, 2024 · 1 comment · May be fixed by #804
Open

Azure cloud provider only creates rules in the control plane NSG #730

gmlexx opened this issue Dec 9, 2024 · 1 comment · May be fixed by #804
Assignees
@a13x5
Labels
bug Something isn't working

Comments

@gmlexx
Copy link

gmlexx commented Dec 9, 2024
edited
Loading

I have an azure cluster created with the following manifest

apiVersion: hmc.mirantis.com/v1alpha1
kind: ManagedCluster
metadata:
  name: azure-reg1
  namespace: hmc-system
  labels:
    motel: "regional"
spec:
  template: azure-standalone-cp-0-0-3
  credential: azure-cluster-identity-cred
  config:
    controlPlaneNumber: 1
    workersNumber: 3
    location: "westus2"
    subscriptionID: "${AZURE_SUBSCRIPTION_ID}"
    controlPlane:
      vmSize: Standard_A4_v2
    worker:
      vmSize: Standard_A4_v2
    tenantID: "${AZURE_TENANT_ID}"
    clientID: "${AZURE_CLIENT_ID}"
    clientSecret: "${AZURE_CLIENT_SECRET}"
  servicesPriority: 100
  services:
    - template: ingress-nginx-4-11-3
      name: ingress-nginx
      namespace: ingress-nginx
    - name: cert-manager
      namespace: cert-manager
      template: cert-manager-1-16-1
      values: |
        crds:
          enabled: true
    - name: motel-regional
      namespace: motel
      template: motel-regional-0-1-1
      values: |
        victoriametrics:
          vmauth:
            ingress:
              host: reg-1.example.com
            credentials:
              username: motel
              password: motel
        grafana:
          ingress:
            enabled: true
            host: grafana.reg-1.example.com
        cert-manager:
          email: [email protected]

In result a nginx-ingress LB was created

ingress-nginx   ingress-nginx-controller                          LoadBalancer   10.103.165.119   4.155.90.207   80:30999/TCP,443:31409/TCP   75m

But the ingress-nginx-controller cannot receive any requests probably due to misconfiguration of azure-reg1-node-nsg NSG
@a13x5 a13x5 added the bug Something isn't working label Dec 9, 2024
@a13x5
Copy link
Contributor

a13x5 commented Dec 9, 2024

More context.

The correct rule is being created in the control plane SG, instead of node SG
Probably due to default SG in the azure.json
Image

@a13x5 a13x5 changed the title Azure NSG is misconfigured Azure cloud provider only creates rules in the control plane NSG Dec 9, 2024
@a13x5 a13x5 self-assigned this Dec 9, 2024
@a13x5 a13x5 moved this from Todo to In Progress in Project 2A Dec 13, 2024
@a13x5 a13x5 linked a pull request Dec 18, 2024 that will close this issue
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@a13x5 a13x5

Labels
bug Something isn't working
Projects
Project 2A
Status: In Progress
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix azure.json generation: include node-subnet data a13x5/hmc
2 participants
@gmlexx @a13x5