elbv2: rule not resolving target group references #2641
Description
Describe the bug
I have a listener rule that is referencing a target group via targetGroupRef. The referenced target group exists and has been successfully created, but the controller does not resolve the reference within the listener rule and submits the CreateRule request without a TargetGroupArn, which is an error.
Steps to reproduce
Create a listener rule referencing a target group also managed by the controller
(some irrelevant information removed or obfuscated)
target group:
apiVersion: elbv2.services.k8s.aws/v1alpha1
kind: TargetGroup
metadata:
annotations:
services.k8s.aws/adoption-fields: |
{
"name": "example-targetgroup"
}
services.k8s.aws/adoption-policy: adopt-or-create
name: example-targetgroup
namespace: example-namespace
spec:
name: example-targetgroup
targetType: lambda
targets:
- id: >-
arn:aws:lambda:us-west-2:012345678901:function:example-function:defaultrule:
apiVersion: elbv2.services.k8s.aws/v1alpha1
kind: Rule
metadata:
annotations:
services.k8s.aws/adoption-fields: |
{
"listenerARN": "arn:aws:elasticloadbalancing:us-west-2:012345678901:listener/app/example-loadbalancer/6e4d555f3032f59f/c6b3223f0b856f70"
}
services.k8s.aws/adoption-policy: adopt-or-create
name: example-rule
namespace: example-namespace
spec:
actions:
- forwardConfig:
targetGroups:
- targetGroupRef:
from:
name: example-targetgroup
weight: 1
type: forward
conditions:
- field: host-header
hostHeaderConfig:
values:
- subdomain.example.com
listenerARN: >-
arn:aws:elasticloadbalancing:us-west-2:012345678901:listener/app/example-loadbalancer/6e4d555f3032f59f/c6b3223f0b856f70
priority: 19082Expected outcome
The controller should successfully resolve the ARN of the referenced target group. If the ARN can't be resolved, it should write a status condition indicating why (referenced target group object doesn't exist, target group has not been successfully created yet, etc).
Environment
- Kubernetes version: 1.32
- Using EKS: yes
- AWS service targeted: ELBv2
- Controller version: 1.1.1
Additional Information
Other resources appear to have a ACK.ReferencesResolved status condition, I am not seeing that on the rule. Here is the full status field of both objects:
target group:
status:
ackResourceMetadata:
arn: >-
arn:aws:elasticloadbalancing:us-west-2:012345678901:targetgroup/example-targetgroup/3c43b82b3a13d25e
ownerAccountID: '012345678901'
region: us-west-2
conditions:
- lastTransitionTime: '2025-09-24T01:24:43Z'
message: Resource synced successfully
reason: ''
status: 'True'
type: ACK.ResourceSyncedrule:
status:
ackResourceMetadata:
ownerAccountID: '012345678901'
region: us-west-2
conditions:
- message: >-
api error ValidationError: You must specify a target group ARN for each
entry in the target groups list
status: 'True'
type: ACK.Recoverable
- lastTransitionTime: '2025-09-24T01:30:13Z'
message: >-
Unable to determine if desired resource state matches latest observed
state
reason: >-
operation error Elastic Load Balancing v2: CreateRule, https response
error StatusCode: 400, RequestID: 5180eaae-da72-44cc-b0f0-4166b5f62d63,
api error ValidationError: You must specify a target group ARN for each
entry in the target groups list
status: Unknown
type: ACK.ResourceSyncedHere are the request parameters for the CreateRule API request as shown in CloudTrail:
"requestParameters": {
"listenerArn": "arn:aws:elasticloadbalancing:us-west-2:012345678901:listener/app/example-loadbalancer/6e4d555f3032f59f/c6b3223f0b856f70",
"conditions": [
{
"field": "host-header",
"hostHeaderConfig": {
"values": [
"subdomain.example.com"
]
}
}
],
"priority": 19082,
"actions": [
{
"type": "forward",
"forwardConfig": {
"targetGroups": [
{
"weight": 1
}
]
}
}
]
},