search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.91k stars 2.88k forks source link

Istio egress gateway cannot be enabled #28809

Open ToniA opened 2 months ago

ToniA commented 2 months ago

Describe the bug

I have AKS 1.27.9 with Azure managed Istio 1.20 enabled. I'm trying to enabled the Istio egress gateway using the AZ CLI, but the operation fails. Enabling internal ingress gateway works, though.

Related command

az aks mesh enable-egress-gateway

Errors

$ az aks mesh enable-egress-gateway  --subscription subid --resource-group rgname --name aksname
(BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

Issue script & Debug output

  File "/home/ToniA/.azure/cliextensions/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/v2024_02_02_preview/operations/_managed_clusters_operations.py", line 1996, in _create_or_update_initial
    raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

cli.azure.cli.core.azclierror: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
az_command_data_logger: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

Expected behavior

Istio egress gateway should be enabled

Environment Summary

$ az --version
azure-cli                         2.59.0

core                              2.59.0
telemetry                          1.1.0

Extensions:
account                            0.2.5
aks-preview                      3.0.0b5
azure-devops                       1.0.0
azure-firewall                     1.0.1
containerapp                      0.3.50
rdbms-connect                      1.0.5
storage-preview                  1.0.0b1

Dependencies:
msal                              1.27.0
azure-mgmt-resource             23.1.0b2

Python location '/opt/az/bin/python3'
Extensions directory '/home/ToniA/.azure/cliextensions'

Python (Linux) 3.11.8 (main, Mar 27 2024, 04:03:26) [GCC 9.4.0]

Legal docs and information: aka.ms/AzureCliLegal

Your CLI is up-to-date.

Additional context

No response

yonzhan commented 2 months ago

Thank you for opening this issue, we will look into it.

shashankbarsin commented 2 months ago

@ToniA - Istio egress is currently not yet released as part of the addon and that's why we have validation errors for the egress part of serviceMeshProfile when it's invoked in the ARM API or in Azure CLI. Having said that, we are currently implementing the introduction of Istio egress as part of the addon. Will share an update here when we have a definitive ETA.