azure-cli
azure-cli copied to clipboard
Istio egress gateway cannot be enabled
Describe the bug
I have AKS 1.27.9 with Azure managed Istio 1.20 enabled. I'm trying to enabled the Istio egress gateway using the AZ CLI, but the operation fails. Enabling internal ingress gateway works, though.
Related command
az aks mesh enable-egress-gateway
Errors
$ az aks mesh enable-egress-gateway --subscription subid --resource-group rgname --name aksname
(BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
Issue script & Debug output
File "/home/ToniA/.azure/cliextensions/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/v2024_02_02_preview/operations/_managed_clusters_operations.py", line 1996, in _create_or_update_initial
raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
cli.azure.cli.core.azclierror: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
az_command_data_logger: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
Expected behavior
Istio egress gateway should be enabled
Environment Summary
$ az --version
azure-cli 2.59.0
core 2.59.0
telemetry 1.1.0
Extensions:
account 0.2.5
aks-preview 3.0.0b5
azure-devops 1.0.0
azure-firewall 1.0.1
containerapp 0.3.50
rdbms-connect 1.0.5
storage-preview 1.0.0b1
Dependencies:
msal 1.27.0
azure-mgmt-resource 23.1.0b2
Python location '/opt/az/bin/python3'
Extensions directory '/home/ToniA/.azure/cliextensions'
Python (Linux) 3.11.8 (main, Mar 27 2024, 04:03:26) [GCC 9.4.0]
Legal docs and information: aka.ms/AzureCliLegal
Your CLI is up-to-date.
Additional context
No response
Thank you for opening this issue, we will look into it.
@ToniA - Istio egress is currently not yet released as part of the addon and that's why we have validation errors for the egress part of serviceMeshProfile when it's invoked in the ARM API or in Azure CLI. Having said that, we are currently implementing the introduction of Istio egress as part of the addon. Will share an update here when we have a definitive ETA.
The egress related command under az aks mesh
has been removed from the cli. Once the feature rolls out we will add it. Please update your aks-preview extension to the latest version available.
az extension update --name aks-preview
This has been fixed and the issue should be closed.
@shashankbarsin @german1608 This Issue was closed without sharing a definitive ETA, has istio egress been implemented in the aks istio add-on?