mierea opened a new issue, #8178:
URL: https://github.com/apache/cloudstack/issues/8178
<!--
Verify first that your issue/request is not already reported on GitHub.
Also test if the latest release and main branch are affected too.
Always add information AFTER of these HTML comments, but no need to delete
the comments.
-->
##### ISSUE TYPE
<!-- Pick one below and delete the rest -->
* Bug Report
##### COMPONENT NAME
<!--
Categorize the issue, e.g. API, VR, VPN, UI, etc.
-->
~~~
Kubernetes - VPC - Firewall - CCM
~~~
##### CLOUDSTACK VERSION
<!--
New line separated list of affected versions, commit ID for issues on main
branch.
-->
~~~
4.18.1
~~~
##### CONFIGURATION
<!--
Information about the configuration if relevant, e.g. basic network,
advanced networking, etc. N/A otherwise
-->
* Advanced networking
* Kubernetes Cluster deployed in a VPC network
##### OS / ENVIRONMENT
<!--
Information about the environment if relevant, N/A otherwise
-->
* Ubuntu 22.04 kvm nodes
##### SUMMARY
<!-- Explain the problem/feature briefly -->
I am creating a kubernetes cluster inside a VPC.
I am deploying ingres-nginx on this cluster.
All goes well except that the CCM (cloud container manager) is not able to
reserve an external IP address for the loadbalancer ingress.
This seems to be because the CCM expects the network Firewall service to be
available but VPC work with Network ACLs instead
(workaround was to manually assign a public ip and do loadbalancing towards
the ingress nginx ports)
##### STEPS TO REPRODUCE
<!--
For bugs, show exactly how to reproduce the problem, using a minimal
test-case. Use Screenshots if accurate.
For new features, show how the feature would be used.
-->
<!-- Paste example playbooks or commands between quotes below -->
~~~
* create VPC
* create isolated network inside the VPC
* create a kubernetes cluster in that vpc network
* deploy ingress-nginx
* check cloud-container-manager logs or svc status to see that an external
ip is not getting assigned
~~~
<!-- You can also paste gist.github.com links for larger files -->
##### EXPECTED RESULTS
<!-- What did you expect to happen when running the steps above? -->
~~~
Expecting that CCM can assign an external IP.
~~~
##### ACTUAL RESULTS
<!-- What actually happened? -->
<!-- Paste verbatim command output between quotes below -->
~~~
The CCM cannot assign an external IP and it seems it is because it expects
the Firewall service to be available in the VPC.
error processing service ingress-nginx/ingress-nginx-controller (will
retry): failed to ensure load balancer: error creating new firewall rule for
public IP 57eb71b2-283f-4ab7-a5b8-ff227817f7f0, proto tcp-proxy, port 80,
allowed [0.0.0.0/0]: CloudStack API error 431 (CSExceptionErrorCode: 9999):
There is no new provider for IP X.X.X.X of service Firewall!
~~~
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
