-
Notifications
You must be signed in to change notification settings - Fork 258
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
all controllers - races with vpcRefs, subnetRefs and other references. #1898
Comments
Issues go stale after 180d of inactivity. |
/remove-lifecycle stale |
@gecube we have a PR attempting to fix this issue aws-controllers-k8s/eks-controller#128 |
Issue [#1898](aws-controllers-k8s/community#1898) Description of changes: Similarly as the ec2-controller, the ref stored in a struct is being overwritten during create/update. With this fix we ensure the ref would not be discarded. Currently there isn't a way to test this fix, as we can't run two controllers simultaneously and reference subnet names in cluster directly. Instead I will document an example with the fix working in this PR provided: ```yaml apiVersion: eks.services.k8s.aws/v1alpha1 kind: Cluster metadata: name: my-clust spec: name: my-clust roleARN: <removed> version: "1.30" resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: false subnetRefs: - from: name: sub1 - from: name: sub2 ``` Creating .spec and status: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: true publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: arn: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: {} conditions: - lastTransitionTime: "2024-09-18T20:56:50Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T20:56:51Z" status: "False" type: ACK.ResourceSynced createdAt: "2024-09-18T20:56:50Z" health: {} platformVersion: eks.8 status: CREATING ``` Active: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: true publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: data: <removed> conditions: - lastTransitionTime: "2024-09-18T22:00:27Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T22:00:28Z" status: "True" type: ACK.ResourceSynced createdAt: "2024-09-18T20:56:50Z" endpoint: https://DFD284F7337766E87670192E4EB46565.gr7.us-west-2.eks.amazonaws.com health: {} identity: oidc: issuer: https://oidc.eks.us-west-2.amazonaws.com/id/DFD284F7337766E87670192E4EB46565 platformVersion: eks.8 status: ACTIVE ``` Updating: ```yaml spec: accessConfig: authenticationMode: CONFIG_MAP bootstrapClusterCreatorAdminPermissions: true kubernetesNetworkConfig: ipFamily: ipv4 serviceIPv4CIDR: 172.20.0.0/16 logging: clusterLogging: - enabled: false types: - api - audit - authenticator - controllerManager - scheduler name: my-clust resourcesVPCConfig: endpointPrivateAccess: true endpointPublicAccess: false publicAccessCIDRs: - 0.0.0.0/0 subnetRefs: - from: name: sub1 - from: name: sub2 roleARN: <removed> version: "1.30" status: ackResourceMetadata: arn: <removed> ownerAccountID: <removed> region: us-west-2 certificateAuthority: data: <removed> conditions: - lastTransitionTime: "2024-09-18T22:04:38Z" status: "True" type: ACK.ReferencesResolved - lastTransitionTime: "2024-09-18T22:04:38Z" message: Cluster is in 'UPDATING' status status: "False" type: ACK.ResourceSynced - message: cluster in 'UPDATING' state, cannot be modified until 'ACTIVE' status: "True" type: ACK.Recoverable createdAt: "2024-09-18T20:56:50Z" endpoint: https://DFD284F7337766E87670192E4EB46565.gr7.us-west-2.eks.amazonaws.com health: {} identity: oidc: issuer: https://oidc.eks.us-west-2.amazonaws.com/id/DFD284F7337766E87670192E4EB46565 platformVersion: eks.8 status: UPDATING ``` By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
@gecube This is now fixed, in 1.5.0~ |
Please reopen the Github issue if you still see this :) |
Good day!
I am playing with FluxCD GitOps approach and EKS controller.
I tried to create the cluster with the following manifest:
The cluster was created successfully, but now I am observing the next state of the object:
So my idea is that EKS controller (or EC2 - it does not matter at this moment) takes
block from YAML, removes it and add this one:
resolving which subnet by name has which ID.
But on the next reconciliation cycle FluxCD sees that the fields were removed and adds them back.
So finally we are getting in the next status:
It looks like that no controller from ACK library must change the source spec of object, but rather make all such a changes in status field and maintain some internal state of the controller - no idea. What is interesting - the same issue is not observer with VPC, Subnets and other objects. No idea why.
Also once I observed the next yaml:
I wondered too much how I could get it. But possibly it could be linked to incorrect paste of IDs instead of references as well.
The text was updated successfully, but these errors were encountered: