클라이언트 애플리케이션에 Apigee Hybrid에 대한 API 호출의 응답으로 제한 시간 오류가 발생합니다.
하이브리드 설치 중에 클러스터에 구성(overrides.yaml)을 적용하는 동안 Error from server (invalid) 또는 The Job
"apigee-resources-install" is invalid와 같은 오류가 관찰됩니다.
오류 메시지
다음 오류 중 하나가 관찰될 수 있습니다.
API 호출에 대한 오류 응답
Apigee Hybrid에 대한 API 요청이 다음 오류 메시지와 함께 실패할 수 있습니다.
* Connection failed
* connect to 34.84.67.39 port 443 failed: Operation timed out
* Failed to connect to example.apis.com port 443: Operation timed out
* Closing connection 0
curl: (7) Failed to connect to example.apis.com port 443: Operation timed out
클러스터에 구성(overrides.yaml)을 적용할 때 관찰되는 오류
설치 중 클러스터에 구성(overrides.yaml 파일)을 적용할 때 다음 오류 중 하나가 관찰될 수 있습니다.
istio-ingressgateway 서비스는 istio-operator.yaml 파일에서 유형별로 표시된 부하 분산기로 구성됩니다. ASM 설치 중 부하 분산기는 구성된 IP 주소로 생성되고 istio-
ingressgateway 서비스와 통신하도록 연결됩니다. 따라서 구성된 IP 주소가 올바르고 부하 분산기에 대해 예약되어 있어야 합니다.
네트워크팀에 연락하여 loadBalancerIP에 대해 구성된 IP 주소가 올바른지 확인합니다. 올바르지 않으면 부하 분산기 서비스가 IP 주소에 바인딩할 수 없습니다. 이렇게 하면 istio-ingressgateway 서비스가 영구적으로 pending 상태가 됩니다.
해결 방법
네트워크 팀과 협력하여 istio-
operator.yaml 파일에서 올바른 IP 주소를 구성합니다.
[[["이해하기 쉬움","easyToUnderstand","thumb-up"],["문제가 해결됨","solvedMyProblem","thumb-up"],["기타","otherUp","thumb-up"]],[["이해하기 어려움","hardToUnderstand","thumb-down"],["잘못된 정보 또는 샘플 코드","incorrectInformationOrSampleCode","thumb-down"],["필요한 정보/샘플이 없음","missingTheInformationSamplesINeed","thumb-down"],["번역 문제","translationIssue","thumb-down"],["기타","otherDown","thumb-down"]],["최종 업데이트: 2025-08-21(UTC)"],[[["\u003cp\u003eThis document addresses issues where Apigee hybrid API calls time out or configuration applications to the cluster fail.\u003c/p\u003e\n"],["\u003cp\u003eThe primary symptoms of these issues include timeout errors for client applications and specific errors during the application of \u003ccode\u003eoverrides.yaml\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe root cause of these symptoms is often the \u003ccode\u003eistio-ingressgateway\u003c/code\u003e service being in a \u003ccode\u003epending\u003c/code\u003e state and unable to bind to an external IP address.\u003c/p\u003e\n"],["\u003cp\u003eSolutions involve checking and resolving incomplete or erroneous jobs in the \u003ccode\u003eistio-system\u003c/code\u003e or \u003ccode\u003eapigee-system\u003c/code\u003e namespaces and ensuring the correct IP address range is configured for the external load balancer.\u003c/p\u003e\n"],["\u003cp\u003eIf the problem persists, diagnostic information such as logs, service lists, project IDs, and configuration files should be collected for Google Cloud Customer Care assistance.\u003c/p\u003e\n"]]],[],null,["# API calls fail with timeout errors\n\n*You're viewing **Apigee** and **Apigee hybrid** documentation.\nView [Apigee Edge](https://docs.apigee.com/api-platform/troubleshoot/404-support-d) documentation.*\n| **Note:** This document is applicable for Apigee hybrid users only.\n\nSymptom\n-------\n\n\nYou may observe one of the following symptoms:\n\n1. The client applications get timeout errors as a response for API calls on Apigee hybrid.\n2. You observe errors such as `Error from server (invalid)` or `The Job\n \"apigee-resources-install\" is invalid` while applying configuration (`overrides.yaml`) to the cluster during hybrid installation.\n\nError messages\n--------------\n\n\nYou may observe one of the following errors:\n\n### Error response to API calls\n\n\nThe API requests on Apigee hybrid may fail with the following error message: \n\n```scdoc\n* Connection failed\n* connect to 34.84.67.39 port 443 failed: Operation timed out\n* Failed to connect to example.apis.com port 443: Operation timed out\n* Closing connection 0\ncurl: (7) Failed to connect to example.apis.com port 443: Operation timed out\n```\n\n### Errors observed while applying configuration (overrides.yaml) to clusters\n\n\nYou may observe one of the following errors while applying configuration\n(`overrides.yaml` file) to clusters during the installation: \n\n### Error #1\n\n```\nhelm upgrade operator apigee-operator/ \\\n --install \\\n --create-namespace \\\n --namespace APIGEE_NAMESPACE \\\n --atomic \\\n -f OVERRIDES_FILE\n```\n\n\u003cbr /\u003e\n\n```text\n...\n...\nError from server (Invalid): error when applying patch:\nto:\nResource: \"batch/v1, Resource=jobs\", GroupVersionKind: \"batch/v1, Kind=Job\"\nName: \"istio-init-crd-10-1.4.6\", Namespace: \"istio-system\"\nto:\nResource: \"batch/v1, Resource=jobs\", GroupVersionKind: \"batch/v1, Kind=Job\"\nName: \"istio-init-crd-11-1.4.6\", Namespace: \"istio-system\"\nto:\nResource: \"batch/v1, Resource=jobs\", GroupVersionKind: \"batch/v1, Kind=Job\"\nName: \"istio-init-crd-14-1.4.6\", Namespace: \"istio-system\"\n```\n\n### Error #2\n\n```\nhelm upgrade operator apigee-operator/ \\\n--install \\\n--create-namespace \\\n--namespace APIGEE_NAMESPACE \\\n--atomic \\\n-f OVERRIDES_FILE\n```\n\n\u003cbr /\u003e\n\n```carbon\n...\n...\nThe Job \"apigee-resources-install\" is invalid: spec.template: Invalid value:\ncore.PodTemplateSpec{ObjectMeta:v1.ObjectMeta{Name:\"apigee-resources-install\",\nGenerateName:\"\", Namespace:\"\", SelfLink:\"\", UID:\"\", ResourceVersion:\"\",\nGeneration:0,\n```\n\nPossible causes\n---------------\n\n\nThese errors can happen if the `istio-ingressgateway` service is in a\n`pending` state and unable to bind to an external IP address as shown below: \n\n```\nkubectl get services -n istio-system\nNAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE\nistio-ingressgateway LoadBalancer 10.198.5.104 \u003cpending\u003e 15020:31927/TCP, 12h\n 80:31381/TCP,\n 443:31391/TCP,\n 31400:31401/TCP,\n 15443:32623/TCP\n```\n\n\nThe possible causes for the `istio-ingressgateway` service to be in a\n`pending` state are as follows:\n\nCause: Jobs in istio-system namespace in erroneous/pending state\n----------------------------------------------------------------\n\n### Diagnosis\n\n1. Check the status of the jobs in the `istio-system` namespace using the following command: \n\n ```\n kubectl get jobs -n istio-system\n ```\n2. The status of the jobs must be `complete`. If the status of the jobs is in an `erroneous/pending` state, then that's the cause of this problem.\n\n### Resolution\n\n1. If any of the jobs are in the `pending` or `erroneous` state, delete them using the following command: \n\n ```\n kubectl -n istio-system delete job JOB_NAME_FROM_STEP_1\n ```\n2. Re-run the installation by applying the `overrides.yaml` file:\n\n\n Update the `apigee-serving-cert` using\n [Helm](/apigee/docs/hybrid/latest/helm-reference): \n\n ```\n helm install operator apigee-operator/\n --namespace APIGEE_NAMESPACE \\\n --atomic \\\n -f OVERRIDES_FILE \\\n --dry-run=server\n ```\n\n Make sure to include all of the settings shown, including `--atomic`\n so that the action rolls back on failure.\n\n Install the chart: \n\n ```\n helm upgrade operator apigee-operator/\n --namespace APIGEE_NAMESPACE \\\n --atomic \\\n -f OVERRIDES_FILE\n ```\n\nCause: apigee-resources-install job in the apigee-system namespace may be in erroneous state\n--------------------------------------------------------------------------------------------\n\n| **Note:** The `apigee-resources-install` job is not part of hybrid versions 1.13 and later.\n\n### Diagnosis\n\n1. Check the status of the jobs in the `apigee-system` namespace using the following command: \n\n ```\n kubectl get jobs -n apigee-system\n ```\n2. The status of the jobs must be `complete`. If the status of the jobs is in an `erroneous/pending` state, then that's the cause of this problem. The following sample output shows that the job `apigee-resources-install `is successfully completed. \n\n ```\n kubectl get jobs -n apigee-system\n NAME COMPLETIONS DURATION AGE\n apigee-resources-install 1/1 23s 16d\n ```\n\n### Resolution\n\n1. If the jobs are in the `pending` or `erroneous` state, delete them using the following command: \n\n ```\n kubectl -n apigee-system delete job JOB_NAME_FROM_STEP_1\n ```\n2. Re-run the installation by applying the `overrides.yaml` file: \n\n ```\n apigeectl apply -f overrides.yaml\n ```\n\nCause: Incorrect IP address range assigned to external load balancer\n--------------------------------------------------------------------\n\n### Diagnosis\n\n1. Check the IP address configured for the load balancer in the `istio-\n operator.yaml` file. For example, the following snippet shows the location in the `istio-operator.yaml` file where the IP address is configured: \n\n ```gdscript\n -name: istio-ingressgateway\n enabled: true\n k8s:\n service:\n type: LoadBalancer\n loadBalancerIP: 10.195.24.23\n ```\n2. The `istio-ingressgateway` service is configured as a load balancer (indicated by type) in the `istio-operator.yaml` file. During the ASM installation, a load balancer is created with the configured IP address and wired to communicate with the `istio-\n ingressgateway` service. Therefore, the IP address configured should be correct and reserved for the load balancer.\n3. Engage your network team and verify that the IP address configured for `loadBalancerIP` is correct. If it is incorrect, then the load balancer service will not be able to bind to the IP address. This causes the `istio-ingressgateway` service to be in the `pending` state forever.\n\n### Resolution\n\n1. Work with your network team and configure the correct IP address in the `istio-\n operator.yaml` file.\n2. Re-run the installation for the [Apigee ingress gateway](/apigee/docs/hybrid/latest/managing-ingress) and apply the `overrides.yaml` file: \n\n ```\n helm upgrade $ORG_NAME apigee-org/ \\\n --install \\\n --namespace APIGEE_NAMESPACE \\\n --atomic \\\n -f OVERRIDES_FILE\n ```\n\nMust gather diagnostic information\n----------------------------------\n\n\nIf the problem persists even after following the above instructions, gather the following\ndiagnostic information and then contact [Google Cloud Customer Care](https://cloud.google.com/support-hub/):\n\n1. The Google Cloud Project ID\n2. The name of the Apigee hybrid organization\n3. Kubernetes Cluster name\n4. Google Cloud project name if kubernetes cluster resides in different Google Cloud project\n5. The `overrides.yaml` file\n6. The `Istio-operator .yaml` file used during the ASM installation.\n7. Collect the logs from each `istio-ingressgateway` pod in the `istio-system` namespace: \n\n ```\n kubectl logs NAME_OF_ISTIO_INGRESSGATEWAY_POD -n istio-system \u003e /tmp/NAME_OF_ISTIO_INGRESSGATEWAY_POD.log\n ```\n8. Collect the description of the each pod in the `istio-system` namespace: \n\n ```\n kubectl describe pod NAME_OF_ISTIO_INGRESSGATEWAY_POD -n istio-system \u003e /tmp/NAME_OF_ISTIO_INGRESSGATEWAY_POD.yaml\n ```\n9. Collect the list of services in the `istio-system` namespace: \n\n ```\n kubectl get svc -n istio-system\n ```"]]
