search

aws-controllers-k8s / community

AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
https://aws-controllers-k8s.github.io/community/
Apache License 2.0
2.41k stars 254 forks source link

apigatewayv2-controller. Reconciling error for API Custom Resource #1687

Closed Khuman2 closed 1 year ago

Khuman2 commented 1 year ago

Describe the bug We tried to use the AWS API gateway with a Private link and private ALB inside our private subnet. Our goal is to manage by API Gateway's route and integrations by apigatewayv2-controller During implementation, we got an error from apigatewayv2-controller:

2023-02-09T14:21:15.337Z    ERROR   controller.api  Reconciler error    {"reconciler group": "apigatewayv2.services.k8s.aws", "reconciler kind": "API", "name": "test-api-gateway-http-vpc-links", "namespace": "awesome-namespace", "error": "SerializationError: failed to unmarshal response error\n\tstatus code: 404, request id: \ncaused by: UnmarshalError: error message missing"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:266
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2
    /go/pkg/mod/sigs.k8s.io/controller-runtime@v0.11.0/pkg/internal/controller/controller.go:227
2023-02-09T14:26:43.083Z    ERROR   controller.api  Reconciler error    {"reconciler group": "apigatewayv2.services.k8s.aws", "reconciler kind": "API", "name": "test-api-gateway-http-vpc-links", "namespace": "awesome-namespace", "error": "SerializationError: failed to unmarshal response error\n\tstatus code: 404, request id: \ncaused by: UnmarshalError: error message missing"}
sigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem

Steps to reproduce Create HTTP API Gateway in AWS like in the picture: Screenshot 2023-02-10 at 11 23 27 Integrations look like this: Screenshot 2023-02-10 at 11 28 30

Deploy apigatewayv2-controller v1.0.0 by the helm with values:

deployment:
  aws:
    region: "eu-central-1"

Apply manifests:

apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: API
metadata:
  name: "test-api-gateway-http-vpc-links"
  namespace: awesome-namespace
spec:
  name: "test-api-gateway-http-vpc-links"
  protocolType: HTTP

Expected outcome I can't imagine the outcome, to be honest. But error, I guess isn't the positive result ;)

Environment

jaypipes commented 1 year ago

@Khuman2 It looks like you pre-created the API using the AWS Console for API Gateway v2, yes? If that is the case, and you want to have ACK take over the management of that API, you need to use the AdoptedResource functionality. You can read about that here: https://aws-controllers-k8s.github.io/community/docs/user-docs/adopted-resource/

Alternately, you can use the ACK apigatewayv2-controller to create API Gateways (and Routes, Integrations, etc) entirely from scratch using YAML manifests for all of those subobjects. You can read about how to do that in this tutorial: https://aws-controllers-k8s.github.io/community/docs/tutorials/apigatewayv2-reference-example/

I think the bug shown in this particular issue is due to the API already existing in the AWS APIGatewayV2 service and the controller not properly handling the Duplicate key error.

a-hilaly commented 1 year ago

@jaypipes the serialization error is a little bit weird, normally we should throw a NotManagedError (resource already exist but is not managed by ACK...)

Khuman2 commented 1 year ago

@jaypipes, I would like to know the best practice on how to use the apigateway controller. Let me share my use case. Actually, I need to realize approach that described in the article I manage my infrastructure by terraform. In a private subnet, behind internal ALB my services are located. My idea was to create API gateway, and attach certificates from ACM and private VPC link by terraform. In the service's git I want to store manifest files per service for handling service APIGateway integrations, k8s services, ingresses for ALB etc. I've tried to use Integration and Route from the operator, but it doesn't find API. 

---
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: Integration
metadata:
  name: "awesome-service-integration"
  namespace: "service-namespace"
spec:
  apiRef:
    from:
      name: "test-api-gateway-http-vpc-links"
  integrationType: HTTP_PROXY
  integrationURI: "arn:aws:elasticloadbalancing:region:profile_id:listener/my_ALB_internal_listener_path"
  integrationMethod: ANY
  payloadFormatVersion: "1.0"

---
apiVersion: apigatewayv2.services.k8s.aws/v1alpha1
kind: Route
metadata:
  name: "awesome-service-route"
  namespace: "service-namespace"
spec:
  apiRef:
    from:
      name: "test-api-gateway-http-vpc-links"
  routeKey: "ANY /ack-route-key"
  targetRef:
    from:
      name: "awesome-service-integration"

But I got an error: "can't find API" So, my question is my use case have chance for been alive, or have I got something wrong? Thanks for the advice!

Khuman2 commented 1 year ago

I've reused AdoptedResource for my API Gateway. It works fine.

ack-bot commented 1 year ago

Issues go stale after 90d of inactivity. Mark the issue as fresh with /remove-lifecycle stale. Stale issues rot after an additional 30d of inactivity and eventually close. If this issue is safe to close now please do so with /close. Provide feedback via https://github.com/aws-controllers-k8s/community. /lifecycle stale

jljaco commented 1 year ago

Resolving this -- please reopen if there are any further concerns.