all controllers - races with vpcRefs, subnetRefs and other references. #1898
Labels
kind/bug
Categorizes issue or PR as related to a bug.
service/ec2
Indicates issues or PRs that are related to ec2-controller.
service/eks
Indicates issues or PRs that are related to eks-controller.
Comments
a-hilaly
added
kind/bug
|
Issues go stale after 180d of inactivity. |
ack-prow
bot
added
the
lifecycle/stale
|
/remove-lifecycle stale |
ack-prow
bot
removed
the
lifecycle/stale
|
@gecube we have a PR attempting to fix this issue aws-controllers-k8s/eks-controller#128 |
ack-prow bot
pushed a commit
to aws-controllers-k8s/eks-controller
that referenced
this issue
Sep 19, 2024
Issue [#1898](aws-controllers-k8s/community#1898) Description of changes: Similarly as the ec2-controller, the ref stored in a struct is being overwritten during create/update. With this fix we ensure the ref would not be discarded. Currently there isn't a way to test this fix, as we can't run two controllers simultaneously and reference subnet names in cluster directly. Instead I will document an example with the fix working in this PR provided: ```yaml apiVersion: eks.services.k8s.aws/v1alpha1 kind: Cluster metadata: name: my-clust spec: name: my-clust roleARN: <removed> version: "1.30" resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: false subnetRefs: - from: name: sub1 - from: name: sub2 ``` Creating .spec and status: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: true publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: arn: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: {} conditions: - lastTransitionTime: "2024-09-18T20:56:50Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T20:56:51Z" status: "False" type: ACK.ResourceSynced createdAt: "2024-09-18T20:56:50Z" health: {} platformVersion: eks.8 status: CREATING ``` Active: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: true publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: data: <removed> conditions: - lastTransitionTime: "2024-09-18T22:00:27Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T22:00:28Z" status: "True" type: ACK.ResourceSynced createdAt: "2024-09-18T20:56:50Z" endpoint: https://DFD284F7337766E87670192E4EB46565.gr7.us-west-2.eks.amazonaws.com health: {} identity: oidc: issuer: https://oidc.eks.us-west-2.amazonaws.com/id/DFD284F7337766E87670192E4EB46565 platformVersion: eks.8 status: ACTIVE ``` Updating: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: false publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: arn: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: data: <removed> conditions: - lastTransitionTime: "2024-09-18T22:04:38Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T22:04:38Z" message: Cluster is in 'UPDATING' status status: "False" type: ACK.ResourceSynced - message: cluster in 'UPDATING' state, cannot be modified until 'ACTIVE' status: "True" type: ACK.Recoverable createdAt: "2024-09-18T20:56:50Z" endpoint: https://DFD284F7337766E87670192E4EB46565.gr7.us-west-2.eks.amazonaws.com health: {} identity: oidc: issuer: https://oidc.eks.us-west-2.amazonaws.com/id/DFD284F7337766E87670192E4EB46565 platformVersion: eks.8 status: UPDATING ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
|
@gecube This is now fixed, in 1.5.0~ |
|
Please reopen the Github issue if you still see this :) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Good day!
I am playing with FluxCD GitOps approach and EKS controller.
I tried to create the cluster with the following manifest:
The cluster was created successfully, but now I am observing the next state of the object:
So my idea is that EKS controller (or EC2 - it does not matter at this moment) takes
block from YAML, removes it and add this one:
resolving which subnet by name has which ID.
But on the next reconciliation cycle FluxCD sees that the fields were removed and adds them back.
So finally we are getting in the next status:
It looks like that no controller from ACK library must change the source spec of object, but rather make all such a changes in status field and maintain some internal state of the controller - no idea. What is interesting - the same issue is not observer with VPC, Subnets and other objects. No idea why.
Also once I observed the next yaml:
I wondered too much how I could get it. But possibly it could be linked to incorrect paste of IDs instead of references as well.
The text was updated successfully, but these errors were encountered: