search

GoogleCloudPlatform / k8s-config-connector

GCP Config Connector, a Kubernetes add-on for managing GCP resources
https://cloud.google.com/config-connector/docs/overview
Apache License 2.0
879 stars 215 forks source link

unable to provision regional managed proxy #678

Open lienegotliba opened 2 years ago

lienegotliba commented 2 years ago

Checklist

Bug Description

When trying to provision subnetwork with purpose "REGIONAL_MANAGED_PROXY" an error is returned "Invalid field set in subnetwork with purpose REGIONAL_MANAGED_PROXY"

Additional Diagnostic Information

similar issues have been reported on cloud foundation fabric https://github.com/GoogleCloudPlatform/cloud-foundation-fabric/issues/633

Kubernetes Cluster Version

v1.21.12-gke.1500

Config Connector Version

1.69.0

Config Connector Mode

cluster mode

Log Output

Update call failed: error applying desired state: summary: Error creating Subnetwork: googleapi: Error 400: Invalid value for field 'resource.logConfig': '{ "enable": false}'. Invalid field set in subnetwork with purpose REGIONAL_MANAGED_PROXY., invalid

Steps to reproduce the issue

attempt to create subnetwork with purpose REGIONAL_MANAGED_PROXY, receive error "Invalid field set in subnetwork with purpose REGIONAL_MANAGED_PROXY"

YAML snippets

apiVersion: compute.cnrm.cloud.google.com/v1beta1
kind: ComputeSubnetwork
metadata:
  annotations:
    cnrm.cloud.google.com/project-id: <project-id>
  name: proxy-only-subnet
spec:
  description: regional managed proxy for cluster loadbalancing
  ipCidrRange: 10.129.0.0/23
  networkRef:
    external: <network-self-link>
  purpose: REGIONAL_MANAGED_PROXY
  region: us-east4
  role: ACTIVE
jcanseco commented 2 years ago

Hi @lienegotliba, perhaps I am missing something, but it doesn't seem like REGIONAL_MANAGED_PROXY is a valid value for purpose?

From the API documentation:

This field can be either PRIVATE_RFC_1918 or INTERNAL_HTTPS_LOAD_BALANCER.
lienegotliba commented 2 years ago

Hi @jcanseco, it looks like the documentation is not up to date, because the REGIONAL_MANAGED_PROXY is a valid value for API. I have been using it with API and it works without any issue. For reference see this documentation on proxy only subnet provisioning:

https://cloud.google.com/load-balancing/docs/https/setting-up-reg-ext-https-lb#configuring_the_proxy-only_subnet

POST https://compute.googleapis.com/compute/v1/projects//regions/us-west1/subnetworks { "name": "proxy-only-subnet", "ipCidrRange": "10.129.0.0/23", "network": "projects//global/networks/lb-network", "region": "projects//regions/us-west1", "purpose": "REGIONAL_MANAGED_PROXY", "role": "ACTIVE" }

philip-harvey commented 1 year ago

Any news on this? I'm having a similar issue, it seems that the documentation is incorrect and it's not obvious what the issue is

diviner524 commented 1 year ago

@philip-harvey It is difficult to tell from the limited info in this thread. One thing I did notice is logConfig is not part of the YAML config.

Can you first upgrade to the latest Config Connector version, and then try setting the state-into-spec annotation as absent? See more details here:

https://cloud.google.com/config-connector/docs/concepts/ignore-unspecified-fields#skip_populating_unspecified_fields_into_spec

philip-harvey commented 1 year ago

In my case (Terraform) I found I had to not have any logconfig blocks, and that resolved the issue. I also created a support case for the API documentation being incorrect for the purpose field in the API