cluster-api-provider-aws icon indicating copy to clipboard operation
cluster-api-provider-aws copied to clipboard

Published 20 hours ago verified publisher icon kubernetes-sigs

fix: 🐛 Reconciler error when updating AWSMCP publicCIDRs to empty list with endpointPrivateAccess: true and endpointPublicAccess: false

Open pavansokkenagaraj opened this issue 7 months ago • 5 comments
trafficstars

What type of PR is this? /kind bug

What this PR does / why we need it: fix

CAPA EKS reconciler errors when an EKS cluster is deployed with:

  • endpointPrivateAccess: true
  • endpointPublicAccess: false

...and later, the AWSManagedControlPlane (AWSMCP) resource is updated to change publicCIDRs from a list of IPs to an empty list.

This results in a Reconciler error:

271] [capa-controller-manager-694c8f6879-wxg8q] 1 controller.go:326] "msg"="Reconciler error" "error"="failed to reconcile control plane for AWSManagedControlPlane cluster-67bdf4503897e994b608c9f3/alias-eks-privatetest-cp: failed reconciling cluster config: failed to update EKS cluster: InvalidParameterException: Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [42.35.163.177/32, 34.23.247.65/32, 98.11.13.11/32, 52.6.49.73/32, 94.80.29.17/32, 13.52.68.26/32, 34.158.209.13/32, 34.22.106.120/32]\n{\n RespMetadata: {\n StatusCode: 400,\n RequestID: \"10163f97-d89b-44c1-bee1-75a3c476b980\"\n },\n ClusterName: \"alias-eks-privatetest\",\n Message_: \"Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [42.35.163.177/32, 34.23.247.65/32, 98.11.13.11/32, 52.6.49.73/32, 94.80.29.17/32, 13.52.68.26/32, 34.158.209.13/32, 34.22.106.120/32]\"\n}" "AWSManagedControlPlane"={"name":"alias-eks-privatetest-cp","namespace":"cluster-67bdf4503897e994b608c9f3"} "controller"="awsmanagedcontrolplane" "controllerGroup"="controlplane.cluster.x-k8s.io" "controllerKind"="AWSManagedControlPlane" "name"="alias-eks-privatetest-cp" "namespace"="cluster-67bdf4503897e994b608c9f3" "reconcileID"="81216a1c-47f8-4059-b3b4-4f9664c3806f"

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged): Fixes #5441

Special notes for your reviewer:

Checklist:

  • [ ] squashed commits
  • [ ] includes documentation
  • [x] includes emoji in title
  • [ ] adds unit tests
  • [ ] adds or updates e2e tests

Release note:

pavansokkenagaraj avatar Mar 25 '25 02:03 pavansokkenagaraj