Troubleshoot Envoy Gateway on Anyscale on Azure

View Markdown

Troubleshoot Envoy Gateway on Anyscale on Azure

The Envoy Gateway quickstart for Anyscale on Azure installs the Kubernetes Gateway API CRDs, the Envoy Gateway controller, an EnvoyProxy resource, a GatewayClass, and a Gateway. Errors during this sequence usually trace back to missing CRDs or a misconfigured operator. This page covers the two failure modes that field engineering has seen most often.

For the full Envoy Gateway setup procedure, see Step 3 of the Anyscale on Azure quickstart.

kubectl apply -f gatewayclass.yaml fails with no matches for kind "GatewayClass"

The Kubernetes Gateway API CRDs aren't bundled with the Envoy Gateway Helm chart. If you installed Envoy Gateway without installing the CRDs first, GatewayClass, Gateway, and HTTPRoute resources fail to apply with no matches for kind.

The current quickstart Step 3b installs both the CRDs and Envoy Gateway in the correct order. If you started from an older copy of the quickstart that helm-installed Envoy Gateway without the CRDs, install the CRDs now and retry. Envoy Gateway v1.7 requires Gateway API v1.4.1:

kubectl apply -f https://github.com/kubernetes-sigs/gateway-api/releases/download/v1.4.1/standard-install.yaml

Then re-apply your gatewayclass.yaml, gateway.yaml, and any HTTPRoute resources.

kubectl get gateway returns no resources or no address

After the Anyscale operator is configured with gateway settings, it expects a Gateway resource referencing the Envoy GatewayClass in the operator namespace. Run kubectl get gateway -n anyscale-operator and kubectl -n anyscale-operator describe gateway. If neither returns a resource with an address, work through the following diagnostic checks.

Confirm that the operator extension has networking.gateway.enabled set to true. The Anyscale operator on Azure is installed as an AKS extension; use az k8s-extension show to inspect its current configuration:

az k8s-extension show \
  --cluster-name <cluster-name> \
  --resource-group <resource-group> \
  --cluster-type managedClusters \
  --name anyscaleoperator \
  --query "configurationSettings"

Confirm the following keys appear and match your setup:

• networking.gateway.enabled is true.
• networking.gateway.namespace matches the namespace where you installed the operator. The quickstart uses anyscale-operator.
• networking.gateway.className matches your GatewayClass name, such as eg.

Confirm the GatewayClass exists in the cluster:

kubectl get gatewayclass

If the GatewayClass is missing, re-apply the gatewayclass.yaml from the quickstart. If the operator configuration is missing keys, re-run the operator update from Step 3f.

Once the operator reconciles, the Gateway resource appears in the operator namespace, and the Azure Load Balancer assigns it an address.

Related Azure docs

• Quickstart Step 3: Install the Envoy Gateway controller is the canonical Envoy setup procedure.
• Networking describes the load balancer model and the egress domains the gateway routes traffic to.
• Envoy Gateway documentation covers Envoy Gateway-specific resources, version compatibility, and the EnvoyProxy configuration model.
• Kubernetes Gateway API is the upstream specification for GatewayClass, Gateway, and HTTPRoute resources.