Skip to content

PCP-4205: 🐛 fix: separate control plane logging and vpc config updates #954

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 2 commits into from
Mar 30, 2025
Merged

PCP-4205: 🐛 fix: separate control plane logging and vpc config updates #954

merged 2 commits into from
Mar 30, 2025

Conversation

@pavansokkenagaraj
Copy link

@pavansokkenagaraj pavansokkenagaraj commented Mar 18, 2025
edited
Loading

ref:
kubernetes-sigs#3553 (comment)
kubernetes-sigs#4918 (comment)
kubernetes-sigs#5441
kubernetes-sigs#5442

What type of PR is this?
/kind bug

What this PR does / why we need it:
What this PR does / why we need it:

EKS does not allow for both a VPC config update and a logging update in the same API call. If both of these changes are applied to the spec at once, then the AWSManagedControlPlane will fail to reconcile.

Addresses the restriction in the EKS API by separating logging and vpc config updates into two separate steps.

Try updating EKS cluster's logging config and vpc config at a time.
EKS doesn't allow multiple types of updates at once and this would fail
aws eks update-cluster-config --name --resources-vpc-config '{"endpointPrivateAccess":true}' --logging '{"clusterLogging":[{"types":["authenticator"],"enabled":true}]}'

An error occurred (InvalidParameterException) when calling the UpdateClusterConfig operation: Only one type of update can be allowed.

Observed when CAPA reconciles private endpoints when EKS deployed with endpoint access: private

271] [capa-controller-manager-694c8f6879-wxg8q] 1 controller.go:326] "msg"="Reconciler error" "error"="failed to reconcile control plane for AWSManagedControlPlane cluster-67bdf4503897e994b608c9f3/dustin-eks-privatetest-cp: failed reconciling cluster config: failed to update EKS cluster: InvalidParameterException: Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [52.35.163.177/32, 44.233.247.65/32, 18.144.153.171/32, 52.6.49.233/32, 54.80.29.137/32, 13.52.68.206/32, 54.158.209.13/32, 44.232.106.120/32]\n{\n RespMetadata: {\n StatusCode: 400,\n RequestID: \"10163f97-d89b-44c1-bee1-75a3c476b980\"\n },\n ClusterName: \"dustin-eks-privatetest\",\n Message_: \"Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [52.35.163.177/32, 44.233.247.65/32, 18.144.153.171/32, 52.6.49.233/32, 54.80.29.137/32, 13.52.68.206/32, 54.158.209.13/32, 44.232.106.120/32]\"\n}" "AWSManagedControlPlane"={"name":"dustin-eks-privatetest-cp","namespace":"cluster-67bdf4503897e994b608c9f3"} "controller"="awsmanagedcontrolplane" "controllerGroup"="controlplane.cluster.x-k8s.io" "controllerKind"="AWSManagedControlPlane" "name"="dustin-eks-privatetest-cp" "namespace"="cluster-67bdf4503897e994b608c9f3" "reconcileID"="81216a1c-47f8-4059-b3b4-4f9664c3806f"

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Checklist:

  • squashed commits
  • includes documentation
  • includes emoji in title
  • adds unit tests
  • adds or updates e2e tests

Release note:

AmitSahastra
AmitSahastra approved these changes Mar 18, 2025
View reviewed changes
Copy link

@AmitSahastra AmitSahastra left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@AmitSahastra AmitSahastra self-requested a review March 18, 2025 13:12
@AmitSahastra
Copy link

AmitSahastra commented Mar 18, 2025

Please help add description to PR

@pavansokkenagaraj pavansokkenagaraj marked this pull request as draft March 18, 2025 15:33
@pavansokkenagaraj pavansokkenagaraj marked this pull request as ready for review March 25, 2025 01:57
AmitSahastra
AmitSahastra reviewed Mar 28, 2025
View reviewed changes
@AmitSahastra AmitSahastra self-requested a review March 28, 2025 05:25
@spectro-prow
Copy link

spectro-prow commented Mar 28, 2025

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: AmitSahastra, pavansokkenagaraj
To complete the pull request process, please assign after the PR has been reviewed.
You can assign the PR to them by writing /assign in a comment when ready.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@pavansokkenagaraj pavansokkenagaraj merged commit 25b8d6a into spectro-master Mar 30, 2025
1 check passed
@pavansokkenagaraj pavansokkenagaraj deleted the pa1/pcp-4205 branch March 30, 2025 02:28
AmitSahastra pushed a commit that referenced this pull request May 2, 2025
@pavansokkenagaraj @AmitSahastra
PCP-4205: 🐛 fix: separate control plane logging and vpc config updates (
625fd4d 
#954)

* fix: separate control plane logging and vpc config updates

* fix: set PublicCIDRs to [] when private only EP
@pavansokkenagaraj pavansokkenagaraj mentioned this pull request Aug 1, 2025
Open
5 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@AmitSahastra AmitSahastra AmitSahastra approved these changes

Assignees

No one assigned

Labels

size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pavansokkenagaraj @AmitSahastra @spectro-prow