Adopting VPC fails because of no default subnet specified #2661
Description
Describe the bug
We would like to adopt a VPC into our stack so that we can then reference it in other resources such as RDS or SecurityGroup. The VPC gets created by a central management account that is provisioning our accounts and we have no control over it, so we need to use it as-is.
For now we can instead of using vpcRef.from.name just specify vpcID.
apiVersion: ec2.services.k8s.aws/v1alpha1
kind: VPC
metadata:
name: shared-vpc
namespace: ack-system
annotations:
services.k8s.aws/adoption-policy: adopt
services.k8s.aws/adoption-fields: |
{"vpcID": "vpc-xxxx"}
But the resource returns following state and is thus not referable in any other resource.
kubectl describe vpc shared-vpc
Name: shared-vpc
Namespace: ack-system
Labels: <none>
Annotations: services.k8s.aws/adoption-fields: {"vpcID": "vpc-xxxx"}
services.k8s.aws/adoption-policy: adopt
API Version: ec2.services.k8s.aws/v1alpha1
Kind: VPC
Metadata:
Creation Timestamp: 2025-10-23T22:12:42Z
Generation: 1
Resource Version: 5594166
UID: 00000000-cbd5-442b-99a3-9d8c0c129c8a
Status:
Ack Resource Metadata:
Owner Account ID: xxxxxx
Region: eu-central-2
Conditions:
Message: default security group not found
Status: True
Type: ACK.Recoverable
Last Transition Time: 2025-10-23T22:34:37Z
Message: Unable to determine if desired resource state matches latest observed state
Reason: default security group not found
Status: Unknown
Type: ACK.ResourceSynced
Vpc ID: vpc-xxxx
Events: <none>
(fields such as Account ID and VPC ID have been redacted)
Steps to reproduce
- Install ACK controller for EC2 using helm
- Deploy K8s manifest with adoption
Expected outcome
I would expect that the VPC at least is reconciled/adopted and can be used as a reference in other resources.
Environment
- Kubernetes version -> 1.33
- Using EKS (yes/no), if so version? -> yes, eks.16
- AWS service targeted (S3, RDS, etc.) -> EC2