azure-cli icon indicating copy to clipboard operation
azure-cli copied to clipboard

Istio egress gateway cannot be enabled

Open ToniA opened this issue 10 months ago • 2 comments

Describe the bug

I have AKS 1.27.9 with Azure managed Istio 1.20 enabled. I'm trying to enabled the Istio egress gateway using the AZ CLI, but the operation fails. Enabling internal ingress gateway works, though.

Related command

az aks mesh enable-egress-gateway

Errors

$ az aks mesh enable-egress-gateway  --subscription subid --resource-group rgname --name aksname
(BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

Issue script & Debug output

  File "/home/ToniA/.azure/cliextensions/aks-preview/azext_aks_preview/vendored_sdks/azure_mgmt_preview_aks/v2024_02_02_preview/operations/_managed_clusters_operations.py", line 1996, in _create_or_update_initial
    raise HttpResponseError(response=response, error_format=ARMErrorFormat)
azure.core.exceptions.HttpResponseError: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

cli.azure.cli.core.azclierror: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.
az_command_data_logger: (BadRequest) Use of Istio egress gateway for Azure Service Mesh is disallowed.
Code: BadRequest
Message: Use of Istio egress gateway for Azure Service Mesh is disallowed.

Expected behavior

Istio egress gateway should be enabled

Environment Summary

$ az --version
azure-cli                         2.59.0

core                              2.59.0
telemetry                          1.1.0

Extensions:
account                            0.2.5
aks-preview                      3.0.0b5
azure-devops                       1.0.0
azure-firewall                     1.0.1
containerapp                      0.3.50
rdbms-connect                      1.0.5
storage-preview                  1.0.0b1

Dependencies:
msal                              1.27.0
azure-mgmt-resource             23.1.0b2

Python location '/opt/az/bin/python3'
Extensions directory '/home/ToniA/.azure/cliextensions'

Python (Linux) 3.11.8 (main, Mar 27 2024, 04:03:26) [GCC 9.4.0]

Legal docs and information: aka.ms/AzureCliLegal


Your CLI is up-to-date.

Additional context

No response

ToniA avatar Apr 23 '24 10:04 ToniA

Thank you for opening this issue, we will look into it.

yonzhan avatar Apr 23 '24 10:04 yonzhan

@ToniA - Istio egress is currently not yet released as part of the addon and that's why we have validation errors for the egress part of serviceMeshProfile when it's invoked in the ARM API or in Azure CLI. Having said that, we are currently implementing the introduction of Istio egress as part of the addon. Will share an update here when we have a definitive ETA.

shashankbarsin avatar May 02 '24 16:05 shashankbarsin

The egress related command under az aks mesh has been removed from the cli. Once the feature rolls out we will add it. Please update your aks-preview extension to the latest version available.

az extension update --name aks-preview

german1608 avatar Jul 18 '24 17:07 german1608

This has been fixed and the issue should be closed.

german1608 avatar Aug 01 '24 17:08 german1608

@shashankbarsin @german1608 This Issue was closed without sharing a definitive ETA, has istio egress been implemented in the aks istio add-on?

jonas-budde avatar Aug 08 '24 13:08 jonas-budde