provider-aws
provider-aws copied to clipboard
crossplane-contrib
If composition and managed resource are created on top of an existing resource, they will not become "Ready"
What happened?
Managed resource:
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/composition-resource-name: bucket
crossplane.io/external-name: example-com-dev10-pg-backup
creationTimestamp: "2023-05-23T10:25:27Z"
finalizers:
- finalizer.managedresource.crossplane.io
generateName: pg-backup-97hcs-
generation: 5
labels:
crossplane.io/claim-name: pg-backup
crossplane.io/claim-namespace: example-com-dev10
crossplane.io/composite: pg-backup-97hcs
name: example-com-dev10-pg-backup
ownerReferences:
- apiVersion: s3.aws.example.com/v1alpha1
blockOwnerDeletion: true
controller: true
kind: CompositeCrossplaneS3Bucket
name: pg-backup-97hcs
uid: 4d1722ce-1572-4ce0-9645-c9f05bf254df
resourceVersion: "4005796615"
uid: a38fbd68-91ed-4caf-ac24-b519f1ecead9
spec:
deletionPolicy: Delete
forProvider:
accelerateConfiguration:
status: Enabled
acl: private
locationConstraint: eu-central-1
publicAccessBlockConfiguration:
blockPublicAcls: true
blockPublicPolicy: true
ignorePublicAcls: true
restrictPublicBuckets: true
serverSideEncryptionConfiguration:
rules:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
tagging:
tagSet:
- key: owner
value: example-com-dev10
- key: environment
value: cluster12
- key: role
value: client
- key: crossplane-monitoring
value: "false"
- key: test-key
value: test-value
providerConfigRef:
name: crossplane-aws
writeConnectionSecretToRef:
name: example-com-dev10-pg-backup-connection
namespace: example-com-dev10
status:
atProvider:
arn: arn:aws:s3:::example-com-dev10-pg-backup
conditions:
- lastTransitionTime: "2023-05-23T10:25:27Z"
reason: ReconcileSuccess
status: "True"
type: Synced
Bucket with name example-com-dev10-pg-backup exists in AWS.
$ kubectl get bucket.s3.aws.crossplane.io example-com-dev10-pg-backup
NAME READY SYNCED AGE
example-com-dev10-pg-backup True 46m
^ I expect here Ready: True
Composition:
apiVersion: s3.aws.example.com/v1alpha1
kind: CompositeCrossplaneS3Bucket
metadata:
creationTimestamp: "2023-05-23T10:25:27Z"
finalizers:
- composite.apiextensions.crossplane.io
generateName: pg-backup-
generation: 4
labels:
app.kubernetes.io/instance: s3
crossplane.io/claim-name: pg-backup
crossplane.io/claim-namespace: example-com-dev10
crossplane.io/composite: pg-backup-97hcs
velero.io/backup-name: fullbackup-sched-20230522023057
velero.io/restore-name: restore-example-com-dev10
name: pg-backup-97hcs
resourceVersion: "4005422986"
uid: 4d1722ce-1572-4ce0-9645-c9f05bf254df
spec:
claimRef:
apiVersion: s3.aws.example.com/v1alpha1
kind: CrossplaneS3Bucket
name: pg-backup
namespace: example-com-dev10
compositionRef:
name: compositecrossplanes3buckets.s3.aws.example.com
compositionUpdatePolicy: Automatic
parameters:
accelerateConfiguration:
status: Enabled
resourceRefs:
- apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
name: example-com-dev10-pg-backup
- apiVersion: iam.aws.crossplane.io/v1beta1
kind: User
name: example-com-dev10-pg-backup-iamuser
- apiVersion: iam.aws.crossplane.io/v1beta1
kind: AccessKey
name: example-com-dev10-pg-backup-iamuser-accesskey
- apiVersion: s3.aws.crossplane.io/v1alpha3
kind: BucketPolicy
name: example-com-dev10-pg-backup-bucketpolicy
status:
bucketArn: arn:aws:s3:::example-com-dev10-pg-backup
bucketName: example-com-dev10-pg-backup
conditions:
- lastTransitionTime: "2023-05-23T10:25:27Z"
reason: ReconcileSuccess
status: "True"
type: Synced
- lastTransitionTime: "2023-05-23T10:25:27Z"
reason: Creating
status: "False"
type: Ready
logs:
2023-05-23T11:12:22.705548399Z 1.6848403427054923e+09 DEBUG provider-aws Reconciling {"controller": "managed/bucket.s3.aws.crossplane.io", "request": "/example-com-dev10-pg-backup"}
2023-05-23T11:12:22.954169926Z 1.6848403429541256e+09 DEBUG provider-aws Successfully requested update of external resource {"controller": "managed/bucket.s3.aws.crossplane.io", "request": "/example-com-dev10-pg-backup", "uid": "a38fbd68-91ed-4caf-ac24-b519f1ecead9", "version": "4005845255", "external-name": "example-com-dev10-pg-backup", "requeue-after": 1684840522.954124}
2023-05-23T11:12:22.954252285Z 1.6848403429542272e+09 DEBUG events Normal {"object": {"kind":"Bucket","name":"example-com-dev10-pg-backup","uid":"a38fbd68-91ed-4caf-ac24-b519f1ecead9","apiVersion":"s3.aws.crossplane.io/v1beta1","resourceVersion":"4005845255"}, "reason": "UpdatedExternalResource", "message": "Successfully requested update of external resource"}
How can we reproduce it?
- Create s3 bucket using Crossplane
- Change
deletionPolicytoOrphanin managed resource - Delete resources (claim -> composite -> managed)
- Create again
What environment did it happen in?
Crossplane version: v1.10.1
- Kubernetes version (use
kubectl version) v1.23.8 - Kubernetes distribution (e.g. Tectonic, GKE, OpenShift) OpenShift
Just some data point on this. When I imported a s3 bucket and it had different configuration compared to composite I have seen this behavior. If you undo Change deletionPolicy to Orphan in managed resource it will become ready in my scenario. You should be able to make changes once it becomes ready.
Also have this issue and just want to add that by using the annotation crossplane.io/external-name results in the same behaviour. It is not possible to reconcile the object correctly.
I just tested the MR above with v0.43.0 and I can't reproduce this bug. Can you try and debug the provider yourselves?
We have the same issue. After reconciliation, s3 buckets are not getting ready:
➜ k get buckets.s3.aws.crossplane.io foo
NAME. READY SYNCED AGE
my-super-own-bucket-foo True 12d
Status:
At Provider:
Arn: arn:aws:s3:::my-super-own-bucket-foo
Conditions:
Last Transition Time: 2023-11-22T10:43:55Z
Reason: ReconcileSuccess
Status: True
Type: Synced
We are running crossplane aws provider v0.44.2. No errors on logs:
2023-12-04T12:13:05.233Z DEBUG events Successfully requested update of external resource {"type": "Normal", "object": {"kind":"Bucket","name":"my-super-own-bucket-foo","uid":"f16bf1db-2da6-43ac-9c64-5cc7f3e6fad1","apiVersion":"s3.aws.crossplane.io/v1beta1","resourceVersion":"40851091"}, "reason": "UpdatedExternalResource"}
2023-12-04T12:14:05.242Z DEBUG provider-aws Reconciling {"controller": "managed/bucket.s3.aws.crossplane.io", "request": {"name":"my-super-own-bucket-foo"}}
2023-12-04T12:14:05.681Z DEBUG provider-aws Successfully requested update of external resource {"controller": "managed/bucket.s3.aws.crossplane.io", "request": {"name":"my-super-own-bucket-foo"}, "uid": "f16bf1db-2da6-43ac-9c64-5cc7f3e6fad1", "version": "40851091", "external-name": "my-super-own-bucket-foo", "requeue-after": "2023-12-04T12:15:05.681Z"}
@xoanmi can you post the YAML of your bucket?
You can reproduce it with a very simple example:
- Create the S3 with
deletionPolicy=Orphan - Delete it from kubernetes
- Create it again with exactly the same settings
@xoanmi I am unable to reproduce this with a standard bucket or the MR posted above. Can you give me the YAML that you are using?
@xoanmi I am unable to reproduce this with a standard bucket or the MR posted above. Can you give me the YAML that you are using?
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
annotations:
crossplane.io/external-name: my-own-s3-bucket
name: my-own-s3-bucket
spec:
deletionPolicy: Orphan
forProvider:
acl: private
locationConstraint: eu-central-1
objectOwnership: BucketOwnerPreferred
paymentConfiguration:
payer: BucketOwner
versioningConfiguration:
status: Enabled
managementPolicies:
- '*'
We are creating the MR from a composition. Could be this related to the issue?
We are creating the MR from a composition. Could be this related to the issue?
Probably, if you are overwriting fields in the composition.
I have done some tests it's a problem in the reconciliation loop:
Steps to reproduce it:
- Step 1: Create a Bucket:
apiVersion: s3.aws.crossplane.io/v1beta1
kind: Bucket
metadata:
name: test33
annotations:
crossplane.io/external-name: test33
spec:
deletionPolicy: Orphan
forProvider:
acl: private
objectOwnership: BucketOwnerPreferred
locationConstraint: us-east-1
paymentConfiguration:
payer: BucketOwner
versioningConfiguration:
status: Enabled
-
Step 2 ( Remove MR ):
kubectl delete buckets.s3.aws.crossplane.io test33 -
Step 3: Repeat step 1.
-
Final Output:
But if you include the Encryption configuration, the bucket reconciles :
serverSideEncryptionConfiguration:
rules:
- applyServerSideEncryptionByDefault:
sseAlgorithm: AES256
Crossplane does not currently have enough maintainers to address every issue and pull request. This issue has been automatically marked as stale because it has had no activity in the last 90 days. It will be closed in 14 days if no further activity occurs. Leaving a comment starting with /fresh will mark this issue as not stale.
![github-actions[bot] avatar](https://avatars.githubusercontent.com/in/15368?v=4 "Published by a pub.dev verified publisher"){kind=small}