Public IP of Ingress-Nginx is not accessible only for CAPZ in v1.29.x

[Kun483]

Thanks in advance!!

What happened:

After cluster is launched using clusterctl, I used helm to install Ingress-Nginx. After Ingress-Nginx service is ready, I put Public IP into the browser, it showed:

What you expected to happen:

How to reproduce it (as minimally and precisely as possible):

Follow the Clusterctl quick-start to launch a cluster

kind create cluster
export AZURE_SUBSCRIPTION_ID="<SubscriptionId>"
export AZURE_TENANT_ID="<Tenant>"
export AZURE_CLIENT_ID="<AppId>"
export AZURE_CLIENT_SECRET="<Password>"
export AZURE_SUBSCRIPTION_ID_B64="$(echo -n "$AZURE_SUBSCRIPTION_ID" | base64 | tr -d '\n')"
export AZURE_TENANT_ID_B64="$(echo -n "$AZURE_TENANT_ID" | base64 | tr -d '\n')"
export AZURE_CLIENT_ID_B64="$(echo -n "$AZURE_CLIENT_ID" | base64 | tr -d '\n')"
export AZURE_CLIENT_SECRET_B64="$(echo -n "$AZURE_CLIENT_SECRET" | base64 | tr -d '\n')"
export AZURE_CLUSTER_IDENTITY_SECRET_NAME="cluster-identity-secret"
export CLUSTER_IDENTITY_NAME="cluster-identity"
export AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE="default"
kubectl create secret generic "${AZURE_CLUSTER_IDENTITY_SECRET_NAME}" --from-literal=clientSecret="${AZURE_CLIENT_SECRET}" --namespace "${AZURE_CLUSTER_IDENTITY_SECRET_NAMESPACE}"
clusterctl init --infrastructure azure
export AZURE_LOCATION="eastus"
export AZURE_CONTROL_PLANE_MACHINE_TYPE="Standard_D2s_v3"
export AZURE_NODE_MACHINE_TYPE="Standard_D2s_v3"
export AZURE_RESOURCE_GROUP="<ResourceGroupName>"
clusterctl generate cluster capi-quickstart \
  --kubernetes-version v1.29.1 \
  --control-plane-machine-count=1 \
  --worker-machine-count=1 \
  > capi-quickstart.yaml
kubectl apply -f capi-quickstart.yaml
clusterctl get kubeconfig capi-quickstart > capi-quickstart.kubeconfig

Then in workload cluster

helm install --kubeconfig=./capi-quickstart.kubeconfig --repo https://raw.githubusercontent.com/kubernetes-sigs/cloud-provider-azure/master/helm/repo cloud-provider-azure --generate-name --set infra.clusterName=capi-quickstart --set cloudControllerManager.clusterCIDR="192.168.0.0/16"

Install Calico as CNI

kubectl --kubeconfig=./capi-quickstart.kubeconfig \
  apply -f https://raw.githubusercontent.com/projectcalico/calico/v3.26.1/manifests/calico.yaml

Install Ingress-Nginx using helm

helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo update
helm install ingress-nginx ingress-nginx/ingress-nginx --namespace nginx --create-namespace

Anything else we need to know?:

Environment:

• Kubernetes version (use kubectl version): Server Version: v1.29.1
• Cloud provider or hardware configuration: Azure IaaS
• OS (e.g: cat /etc/os-release): Ubuntu 22.04
• Kernel (e.g. uname -a): Linux nginx-ingress-nginx-controller-6c4d694fd9-chmst 6.2.0-1019-azure #19~22.04.1-Ubuntu SMP Wed Jan 10 22:57:03 UTC 2024 x86_64 Linux
• Install tools: kubeadm
• Network plugin and version (if this is a network-related bug): Nginx-Ingress

  NGINX Ingress controller
  Release:       v1.10.1
  Build:         4fb5aac1dd3669daa3a14d9de3e3cdb371b4c518
  Repository:    https://github.com/kubernetes/ingress-nginx
  nginx version: nginx/1.25.3

• Others:

[nilo19]

This is not a question to cloud provider azure as you mentioned the service is ready, which means cloud-provider-azure finishes its job.