Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Bug]: Unable to upgrade KubernetesCluster version #654

Open
1 task done
rbrunan opened this issue Feb 20, 2024 · 4 comments
Open
1 task done

[Bug]: Unable to upgrade KubernetesCluster version #654

rbrunan opened this issue Feb 20, 2024 · 4 comments
Labels
bug Something isn't working needs:triage

Comments

@rbrunan
Copy link

rbrunan commented Feb 20, 2024

Is there an existing issue for this?

  • I have searched the existing issues

Affected Resource(s)

containerservice.azure.upbound.io - KubernetesCluster

Resource MRs required to reproduce the bug

containerservice.azure.upbound.io - KubernetesCluster

Steps to Reproduce

  • Deploy a KubernetesCluster MR with networkProfile.0.networkPlugin: none and wait for the cluster to get ready.
  • Update the field spec.forProvider.kubernetesVersion in the MR to upgrade the cluster version.
  • Check the MR status.

What happened?

The cluster is not upgraded and the MR is falling with a AsyncUpdateFailure.

Relevant Error Output Snippet

Message: async update failed: failed to update the resource: [{0 updating Kubernetes Version for Managed Cluster ( Subscription: "xxxx"
Resource Group Name: "xxxx" Managed Cluster Name: "xxxxx"): managedclusters.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Origin al Error: Code="PropertyChangeNotAllowed" Message="Changing property 'networkProfile.podCIDR' from '10.244.0.0/16' to '' is not allowed." Target="networkProfile.podCIDR"  []}]                                                                                                                                      

Reason:                AsyncUpdateFailure                                                                                                              Status:                False                                                                                                                           
Type:                  LastAsyncOperation

Crossplane Version

1.14.3

Provider Version

0.41.0

Kubernetes Version

v1.27.1

Kubernetes Distribution

AKS

Additional Info

Test MR:


apiVersion: containerservice.azure.upbound.io/v1beta1
kind: KubernetesCluster
metadata:
  name: upgrade-test-2
spec:
  deletionPolicy: Delete
  forProvider:
    defaultNodePool:
    - enableAutoScaling: false
      name: default
      nodeCount: 1
      vmSize: Standard_D2s_v3
      vnetSubnetIdSelector:
        matchLabels:
          account-name: app-1
    identity:
    - type: SystemAssigned
    kubernetesVersion: "1.27"
    location: eastus2
    networkProfile:
    - dnsServiceIp: 10.253.0.10
      networkPlugin: none
      serviceCidr: 10.253.0.0/16
    oidcIssuerEnabled: true
    publicNetworkAccessEnabled: true
    resourceGroupNameSelector:
      matchLabels:
        account-name: app-1
    roleBasedAccessControlEnabled: true
    runCommandEnabled: true
    skuTier: Free
    tags:
      environment: dev
    workloadIdentityEnabled: true
  managementPolicies:
  - '*'

@rbrunan rbrunan added bug Something isn't working needs:triage labels Feb 20, 2024
@rbrunan
Copy link
Author

rbrunan commented Feb 21, 2024

This seems to be related to the fact that the Azure API is returning an empty value for the podCidr if you are using networkPlugin: none:

az aks show --resource-group=$RG --name upgrade-test-li --query "networkProfile"  --subscription=$SUBSID

{
  "dnsServiceIp": "10.253.0.10",
  "ipFamilies": [
    "IPv4"
  ],
  "loadBalancerProfile": {
    "allocatedOutboundPorts": null,
    "effectiveOutboundIPs": [
      {
        "id": "..."
        "resourceGroup": "RG..."
      }
    ],
    "enableMultipleStandardLoadBalancers": null,
    "idleTimeoutInMinutes": null,
    "managedOutboundIPs": {
      "count": 1,
      "countIpv6": null
    },
    "outboundIPs": null,
    "outboundIpPrefixes": null
  },
  "loadBalancerSku": "Standard",
  "natGatewayProfile": null,
  "networkDataplane": null,
  "networkMode": null,
  "networkPlugin": "none",
  "networkPluginMode": null,
  "networkPolicy": null,
  "outboundType": "loadBalancer",
  "podCidr": null,
  "podCidrs": null,
  "serviceCidr": "10.253.0.0/16",
  "serviceCidrs": [
    "10.253.0.0/16"
  ]
}

@rbrunan
Copy link
Author

rbrunan commented Feb 23, 2024

I've seen the same behavior in terraform in versions below v3.90.0. But the current provider version used in this Crossplane provider is v3.57.0 AFAIK.
It's a considerable gap :(

@jeanduplessis
Copy link
Collaborator

@rbrunan FYI #497 (comment)

@rbrunan
Copy link
Author

rbrunan commented Feb 23, 2024

@rbrunan FYI #497 (comment)

Thank you @jeanduplessis, I can't agree more with that comment :)

@turkenf turkenf removed the community label May 7, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working needs:triage
Projects
None yet
Development

No branches or pull requests

3 participants