After upgrading to TKGI 1.21, users may encounter failures when creating a Kubernetes service that uses the same port for both TCP and UDP protocols. Specifically, services of type LoadBalancer are not assigned an external IP as NCP (NSX Container Plugin) fails to realize the service on NSX.

Example service.yaml

apiVersion: v1
kind: Service
metadata:
  name: test-dns
  namespace: test-ns 
spec:
  ports:
    - name: dns-udp
      port: 53
      protocol: UDP 
      targetPort: 30000
    - name: dns-tcp
      port: 53
      targetPort: 30000
  selector:
    app.kubernetes.io/component: dns 
  type: LoadBalancer

After Creation Service annotations show:

ncp/error.loadbalancer: SERVICE_LOADBALANCER_UNREALIZED
ncp/error.loadbalancer.unrealized_ports: 53, 53

TKGI 1.21/NCP 4.2.1.1

This issue is caused by a bug in NCP version 4.2.1.1. The root cause is an unhandled keyword argument (tenant) in the L4 load balancer service logic as showed in ncp logs

[errorCode="NCP05025"] nsx_ujo.ncp.k8s.service_lb_controller Failed to process L4 Lb service ('test-ns', 'test-dns'): LbLayer4Service.update_lb_virtual_server_attributes() got an unexpected keyword argument 'tenant'

This issue has been identified and resolved in NCP version 4.2.2. The fix is expected to be included in a future TKGI release.