Azure Integrator Charm

Offer LoadBalancer & Network Permissions & Options

Bug #1896230 reported by Pedro Guimarães on 2020-09-18

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	Azure Integrator Charm	Fix Released	Wishlist	Pedro Guimarães	Azure Integrator Charm 1.19+ck1
	Kubernetes Control Plane Charm	Fix Released	Wishlist	Pedro Guimarães	Kubernetes Control Plane Charm 1.19+ck1

Bug Description

Using latest azure-integrator, I cannot deploy a LB if I have the following:

k8s VMs on Resource Group A (but NICs connected to net B on resource group B)
LB should goes on net B on Resource Group B.

It fails with several permission missing.
I need the following permissions for both resource groups:
Microsoft.Network/networkInterfaces/write
Microsoft.Network/virtualNetworks/read
Microsoft.Network/virtualNetworks/subnets/read
Microsoft.Network/virtualNetworks/subnets/join/action
Microsoft.Network/loadBalancers/write

Revision history for this message

Pedro Guimarães (pguimaraes) wrote on 2020-09-18:

Raised as field critical since this is blocking an ongoing project.

Revision history for this message

Dean Henrichsmeyer (dean) wrote on 2020-09-18:

Sorry, feature requests can't be field critical. Please review the documentation on SLA. We can see what we can do but this doesn't fall under the SLA.

Revision history for this message

Pedro Guimarães (pguimaraes) wrote on 2020-09-18:

{
  "useInstanceMetadata": true,
  "useManagedIdentityExtension": true,
  "subscriptionId": "",
  "resourceGroup": "",
  "location": "",
  "vnetName": "",
  "vnetResourceGroup": "", <<<-------------
  "subnetName": "", <<<-------------
  "securityGroupName": "", <<<-------------
  "loadBalancerSku": ""
}

I can do it if I manually edit the cloud-config.conf (as seen above) to include my custom vnet, subnet and vnet's resource group.
I can also add the roles to the VMs above and the issue gets fixed.

All the pieces are there on Kubernetes & Azure side. The missing bit is only the charm itself, i.e. (1) copy a value from a config and pass that to the cloud-config; and (2) assign the roles that have been described on this bug.

Revision history for this message

Pedro Guimarães (pguimaraes) wrote on 2020-09-18:

There are 3 places to fix this, here they are:

https://github.com/juju-solutions/charm-azure-integrator/pull/26
https://github.com/juju-solutions/interface-azure-integration/pull/5
https://github.com/charmed-kubernetes/charm-kubernetes-master/pull/123

I am still testing them...

George Kraft (cynerva) on 2020-09-18

Changed in charm-azure-integrator:
importance:	Undecided → Wishlist
status:	New → Triaged

Tim Van Steenburgh (tvansteenburgh) on 2020-09-18

Changed in charm-azure-integrator:
assignee:	nobody → Pedro Guimarães (pguimaraes)
milestone:	none → 1.19+ck1

Tim Van Steenburgh (tvansteenburgh) on 2020-09-21

Changed in charm-azure-integrator:
status:	Triaged → In Progress

George Kraft (cynerva) on 2020-09-21

Changed in charm-kubernetes-master:
importance:	Undecided → Wishlist
assignee:	nobody → Pedro Guimarães (pguimaraes)
milestone:	none → 1.19+ck1
status:	New → Fix Committed
Changed in charm-azure-integrator:
status:	In Progress → Fix Committed

Revision history for this message

George Kraft (cynerva) wrote on 2020-09-22:

This is available in edge with cs:~containers/kubernetes-master-895 and cs:~containers/azure-integrator-50

Tim Van Steenburgh (tvansteenburgh) on 2020-11-11

tags:

added: backport-needed

Chris Sanders (chris.sanders) on 2020-11-11

tags:

removed: backport-needed

Tim Van Steenburgh (tvansteenburgh) on 2020-11-20

Changed in charm-azure-integrator:
status:	Fix Committed → Fix Released
Changed in charm-kubernetes-master:
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.