cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

FargateService failed to create fargate profile

Open ymgyt opened this issue 1 year ago • 3 comments
trafficstars

/kind bug

What steps did you take and what happened: [A clear and concise description of what the bug is.]

The following creation of AWS Fargate Profile failed.

apiVersion: infrastructure.cluster.x-k8s.io/v1beta2
kind: AWSFargateProfile
metadata:
  name: my-fargate
  namespace: fargete-namespace
spec:
  clusterName: "cluster-foo"
  profileName: "default"
  selectors:
  - namespace: "fargate-default"

What did you expect to happen:

Fargate profile created

Anything else you would like to add: [Miscellaneous information that will assist in solving the issue.]

When no subnetIDs is provided SubnetSpec.ID is used for subnetIDs https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/2562a8bc41a9b76a25dd6b4f6ba9252a033f5ba1/api/v1beta2/network_types.go#L358

https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/2562a8bc41a9b76a25dd6b4f6ba9252a033f5ba1/pkg/cloud/services/eks/fargate.go#L230

It's not certain, but shouldn't we use the ResourceID? https://github.com/kubernetes-sigs/cluster-api-provider-aws/blob/2562a8bc41a9b76a25dd6b4f6ba9252a033f5ba1/api/v1beta2/network_types.go#L363

When I described the AWSManagedControlPlane, the ID and ResourceID did not match.

API Version:  controlplane.cluster.x-k8s.io/v1beta2
Kind:         AWSManagedControlPlane
Spec:
  Associate OIDC Provider:  false
  Network:
    Cni:
    Subnets:
      Availability Zone:  ap-northeast-1a
      Cidr Block:         10.0.0.0/20
      Id:                 <cluster-name>-subnet-public-ap-northeast-1a
      Is Public:          true
      Resource ID:        subnet-0eb401a1111111111

The log for the capa-controller-manager Pod is follows.

Logs 

E0122 12:58:16.700795       1 controller.go:324] "Reconciler error" err=<
        failed to reconcile fargate profile for AWSFargateProfile workload/my-fargate: failed to create profile: failed to create fargate profile: InvalidRequestException: The subnet ID '<cluster-name>-private-ap-northeast-1c' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnetID.NotFound; Request ID: 4c4bdd09-7739-4657-95f8-818b69bd0c36; Proxy: null)
        {
          RespMetadata: {
            StatusCode: 400,
            RequestID: "034b451b-3c40-47e2-b1de-02b3a832eec7"
          },
          ClusterName: "<cluster-name>",
          Message_: "The subnet ID '<cluster-name>-subnet-private-ap-northeast-1c' does not exist (Service: AmazonEC2; Status Code: 400; Error Code: InvalidSubnetID.NotFound; Request ID: 4c4bdd09-7739-4657-95f8-818b69bd0c36; Proxy: null)"
        }
 > controller="awsfargateprofile" controllerGroup="infrastructure.cluster.x-k8s.io" controllerKind="AWSFargateProfile" AWSFargateProfile="workload/my-fargate" namespace="workload" name="my-fargate" reconcileID="32ff2c9a-b2e4-4e61-9cc7-94486ba9ee62"

(subnet subnet-0eb401a1111111111 exists)

Environment:

  • Cluster-api-provider-aws version: v2.3.0
  • Kubernetes version: (use kubectl version): v1.28.4
  • OS (e.g. from /etc/os-release):

ymgyt avatar Jan 22 '24 13:01 ymgyt

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

k8s-ci-robot avatar Jan 22 '24 13:01 k8s-ci-robot

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Apr 24 '24 04:04 k8s-triage-robot

/remove-lifecycle stale

ymgyt avatar Apr 24 '24 08:04 ymgyt

The Kubernetes project currently lacks enough contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle stale
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

k8s-triage-robot avatar Jul 23 '24 09:07 k8s-triage-robot

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.

This bot triages un-triaged issues according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue as fresh with /remove-lifecycle rotten
  • Close this issue with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

k8s-triage-robot avatar Aug 22 '24 09:08 k8s-triage-robot

/remove-lifecycle rotten

ymgyt avatar Aug 22 '24 09:08 ymgyt