Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Migration to v2.1.2: failed to reconcile aws-iam-authenticator #4291

Closed
darkweaver87 opened this issue May 24, 2023 · 4 comments · Fixed by #4292
Closed

Migration to v2.1.2: failed to reconcile aws-iam-authenticator #4291

darkweaver87 opened this issue May 24, 2023 · 4 comments · Fixed by #4292
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.

Comments

@darkweaver87
Copy link

darkweaver87 commented May 24, 2023
edited
Loading

/kind bug

What steps did you take and what happened:
After migrating our clusters from v2.0.2 to v2.1.2, capa controller fails to reconcile.

failed to reconcile aws-iam-authenticator config for AWSManagedControlPlane flux-system/xxxx-cp: failed to get ARN for role : unable to get role: NoSuchEntity: The role with name nodes.cluster-api-provider-aws.sigs.k8s.io cannot be found.

It seems to be broken by #4011 cc @faiq.

What did you expect to happen:
No changes and clusters are reconciled. This role was not mandatory and should be put as a default if none is provided ?

Anything else you would like to add:
Creating the missing role nodes.cluster-api-provider-aws.sigs.k8s.io fixes the issue.

Environment:

  • Cluster-api-provider-aws version: v2.1.2
  • Kubernetes version: (use kubectl version): v1.26.4-eks-0a21954
  • OS (e.g. from /etc/os-release):
# cat /etc/os-release 
NAME="Amazon Linux"
VERSION="2"
ID="amzn"
ID_LIKE="centos rhel fedora"
VERSION_ID="2"
PRETTY_NAME="Amazon Linux 2"
ANSI_COLOR="0;33"
CPE_NAME="cpe:2.3:o:amazon:amazon_linux:2"
HOME_URL="https://amazonlinux.com/"
@k8s-ci-robot k8s-ci-robot added kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels May 24, 2023
@k8s-ci-robot
Copy link
Contributor

This issue is currently awaiting triage.

If CAPA/CAPI contributors determines this is a relevant issue, they will accept it by applying the triage/accepted label and provide further guidance.

The triage/accepted label can be added by org members by writing /triage accepted in a comment.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

@faiq
Copy link
Contributor

faiq commented May 24, 2023
edited
Loading

This was also reported in #4271

I think it makes sense to remove the role and see if the e2e tests pass.

I wrote in the other issue:

The existing behavior before the PR was that this would role would be always be added to the iam authenticator config. The tests and previous users depended on this being there, so I decided not to break it.

@faiq faiq mentioned this issue May 24, 2023
Merged
4 tasks
@faiq
Copy link
Contributor

faiq commented May 24, 2023

I pr'ed a potential fix for the issue 🤞 it works!

@darkweaver87
Copy link
Author

Many thanks for your reply. Let's hope it works 🤞

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. needs-priority needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one.
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: remove set nodes role faiq/cluster-api-provider-aws
3 participants
@darkweaver87 @faiq @k8s-ci-robot