Bug: ACK ElastiCache - Security Group Updates Not Applied #2455
Description
Describe the bug
The ACK ElastiCache controller does not correctly apply updates to the securityGroupIDs field of a CacheCluster resource after the cluster has been initially created. Changes, whether adding or removing Security Group IDs from the manifest, are not reflected on the corresponding AWS ElastiCache cluster.
Steps to reproduce
-
Apply a CacheCluster manifest without the securityGroupIDs field defined to create an ElastiCache cluster.
-
After the cluster is created successfully, update the CacheCluster manifest to include one or more securityGroupIDs. Apply the updated manifest. Observe that the Security Group is not added to the ElastiCache cluster in AWS.
-
Alternatively, apply a CacheCluster manifest with the securityGroupIDs field defined to initially create the cluster with Security Groups.
-
After the cluster is created successfully, update the CacheCluster manifest to remove the securityGroupIDs field. Apply the updated manifest. Observe that the Security Group(s) remain associated with the ElastiCache cluster in AWS.
Expected outcome
When the securityGroupIDs field in the CacheCluster manifest is updated (either by adding, removing, or changing IDs) and the manifest is applied, the ElastiCache ACK controller should reconcile this change and update the associated AWS ElastiCache cluster to match the desired state specified in the manifest. This includes adding Security Groups if they are added to the manifest, and removing them if they are removed from the manifest.
Environment
Kubernetes version: 1.32
Using EKS (yes/no), if so version?: yes, eks.9
AWS service targeted (S3, RDS, etc.): ElastiCache
ElastiCache ACK version: 0.2.4