aws-application-networking-k8s icon indicating copy to clipboard operation
aws-application-networking-k8s copied to clipboard
verified publisher icon aws

Unable to Configure Gateway API with AWS VPC Lattice Using gateway-api-controller

Open sarvadnyaJawale opened this issue 1 year ago • 2 comments

I am facing issues configuring the gateway-api-controller to work with AWS VPC Lattice for my Kubernetes Gateway API setup. Specifically, the Gateway resource is stuck in a Programmed: False state, with the following message in the status

VPC Lattice Service Network not found I have followed the setup as outlined in the documentation, but the Gateway is unable to connect to the VPC Lattice Service Network. Below is a detailed description of the configuration and the issues encountered.

image image image

2. The Gateway is created but remains unprogrammed.

kubectl describe gateway portfolio-gateway output:

status: Conditions: Last Transition Time: 2024-09-20T13:06:24Z Message: VPC Lattice Service Network not found Observed Generation: 1 Reason: Pending Status: False Type: Programmed

3. Logs from the controller:

{"level":"info","ts":"2024-09-19T12:00:41.253Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:140","msg":"No custom-domain-name for route portfolio-http-route-aws-application-networking-system"} {"level":"info","ts":"2024-09-19T12:00:41.843Z","logger":"controller.route","caller":"controllers/route_controller.go:155","msg":"reconcile error","name":"portfolio-http-route","message":"error during service synthesis failed ServiceManager.Upsert portfolio-http-route-aws-application-ne due to not found, Service network portfolio-gateway"}

Expected Behavior: The Gateway should be Programmed: True and route traffic to the backend service via the VPC Lattice.

Observed Behavior: The Gateway remains in a Programmed: False state with the error message "VPC Lattice Service Network not found."

Troubleshooting Steps Taken:

  1. Verified that the VPC Lattice Service Network exists and is accessible.
  2. Confirmed the gateway-api-controller is running and has the correct permissions.
  3. Followed the documentation for configuring Gateway API with AWS VPC Lattice.
  4. The IAM permissions seem correct, but the controller is unable to synthesize or connect to the VPC Lattice Service Network.

Environment:

  1. Kubernetes version: v1.30
  2. Gateway API version: v1beta1
  3. AWS environment with VPC Lattice
  4. gateway-api-controller used as per AWS documentation

Additional Information: Please let me know if there is any additional configuration or debugging steps I should follow to resolve this issue. Your help is greatly appreciated!

image image

sarvadnyaJawale avatar Sep 20 '24 13:09 sarvadnyaJawale

I would be curious to find a solution on this as well as I believe I am running into the exact same problem.

stephenbawks avatar Sep 23 '24 15:09 stephenbawks

Hi @sarvadnyaJawale, sorry to hear you're having some challenges getting started. Thanks for including such a detailed report!

From the looks of the error, the code is looking for a VPC Lattice service network with name portfolio-gateway. If you run aws vpc-lattice list-service-networks in your region, the controller wants one with "name": "portfolio-gateway". Based on the error, there shouldn't be one with that name at the moment, but we can fix that.

If you set the DEFAULT_SERVICE_NETWORK environment variable to portfolio-gateway, the controller will automatically create the service network and associate that service network with the VPC of your cluster. Alternatively, you can create the service network with the portfolio-gateway name manually, and your HTTPRoute will be added to the service network as a Lattice service.

From https://www.gateway-api-controller.eks.aws.dev/latest/guides/getstarted/#__tabbed_1_2 you can see the commands to create the service network and associate it with your VPC. Just be sure to use --name portfolio-gateway

Hope this helps!

erikfuller avatar Oct 04 '24 22:10 erikfuller

Resolving this, but please feel free to reopen if this does not address your issue.

erikfuller avatar Oct 15 '24 18:10 erikfuller

Solution: gateway and lattice network have to have the same name

andreyvbobrov avatar Dec 04 '24 13:12 andreyvbobrov

@andreyvbobrov thank you so much! It is so confusing... 🤦

makzzz1986 avatar Jan 06 '25 15:01 makzzz1986

Solution: gateway and lattice network have to have the same name

That is great! Why non of the examples state that clearly! @erikfuller

ptomaszi avatar Feb 18 '25 12:02 ptomaszi

@erikfuller yes what is the path forward here? it's clearly an issue, since it's not documented nor have I seen any PR with the fix. furthermore you closed the issue without addressing the core issue. What is the proper way to submit this issue as an actual FIX IT issue?

garunski avatar Mar 24 '25 23:03 garunski

gateway and lattice network have to have the same name

There may be good reasons not to do this, but a solution that definitely comes to mind anyway:

if a Lattice Service Network of the same name doesn't exist, the Controller should create it and associate it with the cluster VPC. So it's completely set-up. Then it would never be missing. In k8s you hope to define a few kubernetes resources, and everything is automatic after that.

sdarwin avatar Mar 27 '25 10:03 sdarwin