ACK RDS controller not adding default fields to DBInstance object leading to false diff when creating from snapshot #2615
Description
Describe the bug
We end up with a permanent diff on some (seemingly) default fields when creating a DBInstance from a snapshot. The behaviour differs between version 1.4.14 and version 1.6.0.
Steps to reproduce
Take the following DBInstance spec:
apiVersion: rds.services.k8s.aws/v1alpha1
kind: DBInstance
metadata:
name: "sonarqube"
spec:
allocatedStorage: 30
backupRetentionPeriod: 3
dbInstanceClass: "db.t4g.small"
dbInstanceIdentifier: "sonarqube-postgres"
dbSnapshotIdentifier: "rds:platform-sonarqube-2025-08-28-08-03"
dbSubnetGroupRef:
from:
name: "sonarqube-db-subnet-group"
enableIAMDatabaseAuthentication: true
engine: "postgres"
engineVersion: "15"
manageMasterUserPassword: true
masterUsername: "master"
multiAZ: false
performanceInsightsEnabled: false
storageEncrypted: true
storageType: "gp3"
vpcSecurityGroupRefs:
- from:
name: "sonarqube-db-security-group"
On 1.4.14 the controller seems to add a lot of (default) values, such as IOPS to the dbInstance object after the resource has been created:
API Version: rds.services.k8s.aws/v1alpha1
Kind: DBInstance
Metadata:
Creation Timestamp: 2025-09-01T08:58:20Z
Finalizers:
finalizers.rds.services.k8s.aws/DBInstance
Generation: 2
Resource Version: 156807219
UID: 3e33438b-b7f1-4949-8383-7dc1fe398cbe
Spec:
Allocated Storage: 30
Auto Minor Version Upgrade: true
Backup Retention Period: 4
Ca Certificate Identifier: rds-ca-rsa2048-g1
Copy Tags To Snapshot: false
Db Instance Class: db.t4g.small
Db Instance Identifier: sonarqube-postgres
Db Name: sonarqube
Db Snapshot Identifier: rds:platform-sonarqube-2025-08-28-08-03
Db Subnet Group Ref:
From:
Name: sonarqube-db-subnet-group
Deletion Protection: false
Enable IAM Database Authentication: true
Engine: postgres
Engine Version: 15
Iops: 3000
Kms Key ID: arn:aws:kms:eu-west-1:$ID:key/$UID
License Model: postgresql-license
Manage Master User Password: true
Master Username: $USER
Monitoring Interval: 0
Multi AZ: false
Performance Insights Enabled: false
Preferred Backup Window: 07:51-08:21
Preferred Maintenance Window: fri:09:20-fri:09:50
Publicly Accessible: false
Storage Encrypted: true
Storage Throughput: 125
Storage Type: gp3
Vpc Security Group Refs:
From:
Name: sonarqube-db-security-group
Expected outcome
1.6.0 should also add these defaults back to the object and not report the following diff inside of the controller:
{"level":"info","ts":"2025-09-01T09:09:13.224Z","logger":"ackrt","msg":"desired resource state has changed","kind":"DBInstance","namespace":"sonarqube","name":"sonarqube","account":"$ACCOUNT","role":"","region":"eu-west-1","is_adopted":false,"generation":1,"diff":[{"Path":{"Parts":["Spec","AutoMinorVersionUpgrade"]},"A":null,"B":true},{"Path":{"Parts":["Spec","BackupRetentionPeriod"]},"A":4,"B":7},{"Path":{"Parts":["Spec","CACertificateIdentifier"]},"A":null,"B":"rds-ca-rsa2048-g1"},{"Path":{"Parts":["Spec","CopyTagsToSnapshot"]},"A":null,"B":false},{"Path":{"Parts":["Spec","DBName"]},"A":null,"B":"sonarqube"},{"Path":{"Parts":["Spec","DeletionProtection"]},"A":null,"B":false},{"Path":{"Parts":["Spec","IOPS"]},"A":null,"B":3000},{"Path":{"Parts":["Spec","KMSKeyID"]},"A":null,"B":"arn:aws:kms:eu-west-1:$ACCOUNT:key/$KEY"},{"Path":{"Parts":["Spec","LicenseModel"]},"A":null,"B":"postgresql-license"},{"Path":{"Parts":["Spec","MonitoringInterval"]},"A":null,"B":0},{"Path":{"Parts":["Spec","PreferredBackupWindow"]},"A":null,"B":"07:51-08:21"},{"Path":{"Parts":["Spec","PreferredMaintenanceWindow"]},"A":null,"B":"fri:09:20-fri:09:50"},{"Path":{"Parts":["Spec","PubliclyAccessible"]},"A":null,"B":false},{"Path":{"Parts":["Spec","StorageThroughput"]},"A":null,"B":125}]}
Environment
- Kubernetes version
1.31 - Using EKS (yes/no), if so version?
yes - AWS service targeted (S3, RDS, etc.)
RDS