-
Notifications
You must be signed in to change notification settings - Fork 121
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[Bug]: PodIdentityAssociation errors with ResourceInUseException: Association already exists #1437
Open
1 task done
Labels
Comments
haarchri
added
is:triaged
Indicates that an issue has been reviewed.
and removed
needs:triage
labels
Aug 13, 2024
After updating EKS Provider to v1.11.0, I've yet to reproduce this issue as well. |
After several days of testing, ran into this issue again while using v1.11.0.
|
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
Is there an existing issue for this?
Affected Resource(s)
PodIdentityAssociation.eks.aws.upbound.io/v1beta1
Resource MRs required to reproduce the bug
No response
Steps to Reproduce
This issue appear to randomly affect newly created PodIdentityAssociations.
What happened?
New
PodIdentityAssociation
is applied and confirm creation in AWS EKS console. ButPodIdentityAssociation
Synced and Ready states immediately turn toFalse
and the following conditions are returned.One observation with these failed PodIdentityAssociations is, the
status.atProvider.associationId
, iea-stubassocid123456
, is set to a value that does not correspond to any Identity Associations with the AWS console or within any provider-aws-eks Pod logs. Also, when I have more than one failedPodIdentityAssociation
, thestatus.atProvider.associationId
all match,a-stubassocid123456
.Searching the codebase, this value only appears in one location:
provider-upjet-aws/config/externalname.go
Line 3171 in 779097a
If I delete the Identity Association within the AWS console, the resource is eventually reconciled, recreated within the console, but PodIdentityAssociation enters the same failed Synced and Ready states. Only after deleting the Identity Association from AWS console and
PodIdentityAssociation
from Kubernetes, Composite Resource creates a newPodIdentityAssociation
managed resource, the Identity Association is created in AWS console andPodIdentityAssociation
enters a Synced and Ready state ofTrue
.Relevant Error Output Snippet
Crossplane Version
1.16.0
Provider Version
1.10.0
Kubernetes Version
No response
Kubernetes Distribution
EKS
Additional Info
No response
The text was updated successfully, but these errors were encountered: