Check if a given service has an IP address allocated for it if the Kubernetes LoadBalancer services in the NMNLB, HMNLB, CMN, CHN, or CAN address pools are not accessible from outside the cluster.
Regain access to Kubernetes LoadBalancer services from outside the cluster.
This procedure requires administrative privileges.
Check the status of the services with the kubectl command to see the External-IP of the service.
If <pending> appears in this column, the service is having a problem getting an IP address assigned from MetalLB.
kubectl get service -A | grep Load
Example output:
ims cray-ims-b9cdea70-223f-4968-a0f4-589518c89a80-service LoadBalancer 10.17.97.66 <pending> 22:32678/TCP 2d9h
ims cray-ims-eca49ecd-5434-46b2-9a3c-f4f0467f8ecb-service LoadBalancer 10.18.171.14 <pending> 22:30821/TCP 2d5h
istio-system istio-ingressgateway LoadBalancer 10.26.49.253 10.92.100.50 80:30517/TCP,443:30754/TCP 3d5h
istio-system istio-ingressgateway-cmn LoadBalancer 10.28.192.172 <pending> 80:30708/TCP,443:31430/TCP 3d5h
istio-system istio-ingressgateway-hmn LoadBalancer 10.17.46.139 10.94.100.1 80:32444/TCP 3d5h
Check which user network is configured.
Get a token from the NMNLB API gateway using the instructions at Retrieve an Authentication Token.
Query SLS for the configured user network.
curl -s -k -H "Authorization: Bearer ${TOKEN}" https://api.nmnlb.SYSTEM_DOMAIN_NAME/apis/sls/v1/dumpstate | jq -r '.Networks.BICAN.ExtraProperties.SystemDefaultRoute'
If the user network is CHN, then the CAN network is not configured and you can expect to see <pending> for any of the CAN services (e.g. istio-ingressgateway-can) and you can skip the rest of the checks.
If the user network is CAN, then the CHN network is not configured and you can expect to see <pending> for any of the CHN services (e.g. istio-ingressgateway-chn) and you can skip the rest of the checks.
Check that the address pool in the annotation for the service matches one of the address pools in the MetalLB ConfigMap.
To view information on the service:
kubectl -n istio-system describe service istio-ingressgateway-cmn
Example output:
Name: istio-ingressgateway-cmn
Namespace: istio-system
Labels: app=istio-ingressgateway-customer-admin
app.kubernetes.io/instance=cray-istio-ingress
app.kubernetes.io/managed-by=Helm
app.kubernetes.io/name=istio-ingressgateway
app.kubernetes.io/part-of=istio
app.kubernetes.io/version=1.26.0
helm.sh/chart=cray-istio-ingress-4.0.0
install.operator.istio.io/owning-resource=unknown
istio=ingressgateway-customer-admin
istio.io/rev=default
operator.istio.io/component=IngressGateways
peerauthentication=ingressgateway
release=cray-istio-ingress
Annotations: external-dns.alpha.kubernetes.io/hostname: api.cmn.SYSTEM_DOMAIN_NAME,auth.cmn.SYSTEM_DOMAIN_NAME,nexus.cmn.SYSTEM_DOMAIN_NAME
meta.helm.sh/release-name: cray-istio-ingress
meta.helm.sh/release-namespace: istio-system
** metallb.universe.tf/address-pool: customer-management**
Selector: app=istio-ingressgateway-customer-admin,istio=ingressgateway-customer-admin
Type: LoadBalancer
IP Family Policy: SingleStack
IP Families: IPv4
IP: 10.16.148.118
IPs: 10.16.148.118
Port: http2 80/TCP
TargetPort: 8080/TCP
NodePort: http2 32458/TCP
Endpoints: 10.32.3.74:8080,10.32.1.197:8080,10.32.5.106:8080
Port: https 443/TCP
TargetPort: 8443/TCP
NodePort: https 32076/TCP
Endpoints: 10.32.3.74:8443,10.32.1.197:8443,10.32.5.106:8443
Session Affinity: None
External Traffic Policy: Cluster
Internal Traffic Policy: Cluster
Events: <none>
Run the following command to view the ConfigMap. There is no customer-management address pool in the example below, indicating it has not been added yet. This is why the external IP address value is <pending>.
kubectl -n metallb-system get cm metallb -o yaml
Example output:
apiVersion: v1
data:
config: |
**address-pools:**
- name: node-management
protocol: layer2
addresses:
- 10.92.100.0/24
- name: hardware-management
protocol: layer2
addresses:
- 10.94.100.0/24
- name: customer-high-speed
protocol: layer2
addresses:
- 169.0.100.16/28
kind: ConfigMap
metadata:
annotations:
kubectl.kubernetes.io/last-applied-configuration: |
{"apiVersion":"v1","data":{"config":"address-pools:\n- name: node-management\n protocol: layer2\n addresses:\n - 10.92.100.0/24\n- name: hardware-management\n protocol: layer2\n addresses:\n - 10.94.100.0/24\n- name: customer-high-speed\n protocol: layer2\n addresses:\n - 169.0.100.16/28\n"},"kind":"ConfigMap","metadata":{"annotations":{},"name":"config","namespace":"metallb-system"}}
creationTimestamp: "2020-01-09T20:33:25Z"
name: config
namespace: metallb-system
resourceVersion: "1645"
selfLink: /api/v1/namespaces/metallb-system/configmaps/config
uid: 49967541-331f-11ea-9421-b42e993a2608