Open
Description
/kind bug
What steps did you take and what happened:
CAPA EKS reconciler errors when an EKS cluster is deployed with:
endpointPrivateAccess: true
endpointPublicAccess: false
...and later, the AWSManagedControlPlane (AWSMCP) resource is updated to change publicCIDRs
from a list of IPs to an empty list.
This results in a Reconciler error
:
271] [capa-controller-manager-694c8f6879-wxg8q] 1 controller.go:326] "msg"="Reconciler error" "error"="failed to reconcile control plane for AWSManagedControlPlane cluster-67bdf4503897e994b608c9f3/alias-eks-privatetest-cp: failed reconciling cluster config: failed to update EKS cluster: InvalidParameterException: Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [42.35.163.177/32, 34.23.247.65/32, 98.11.13.11/32, 52.6.49.73/32, 94.80.29.17/32, 13.52.68.26/32, 34.158.209.13/32, 34.22.106.120/32]\n{\n RespMetadata: {\n StatusCode: 400,\n RequestID: \"10163f97-d89b-44c1-bee1-75a3c476b980\"\n },\n ClusterName: \"alias-eks-privatetest\",\n Message_: \"Cluster is already at the desired configuration with endpointPrivateAccess: true , endpointPublicAccess: false, and Public Endpoint Restrictions: [42.35.163.177/32, 34.23.247.65/32, 98.11.13.11/32, 52.6.49.73/32, 94.80.29.17/32, 13.52.68.26/32, 34.158.209.13/32, 34.22.106.120/32]\"\n}" "AWSManagedControlPlane"={"name":"alias-eks-privatetest-cp","namespace":"cluster-67bdf4503897e994b608c9f3"} "controller"="awsmanagedcontrolplane" "controllerGroup"="controlplane.cluster.x-k8s.io" "controllerKind"="AWSManagedControlPlane" "name"="alias-eks-privatetest-cp" "namespace"="cluster-67bdf4503897e994b608c9f3" "reconcileID"="81216a1c-47f8-4059-b3b4-4f9664c3806f"
What steps did you take and what happened:
[A clear and concise description of what the bug is.]
Update EKS AWSMCP PublicCIDRS to empty for a private access cluster
What did you expect to happen:
EKS Cluster updated with PublicAccessCIDRS to empty list
Anything else you would like to add:
[Miscellaneous information that will assist in solving the issue.]
Environment:
- Cluster-api-provider-aws version:
- Kubernetes version: (use
kubectl version
): - OS (e.g. from
/etc/os-release
):