search

aws-controllers-k8s / community

AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
https://aws-controllers-k8s.github.io/community/
Apache License 2.0
2.37k stars 250 forks source link

The `Cluster` spec incorrectly labels some properties as maps when they should be arrays #2037

Open jcrowthe opened 4 months ago

jcrowthe commented 4 months ago

Describe the bug The Cluster spec incorrectly labels some properties as maps when they should be arrays. This is in both the CRD definition itself and the documentation here: https://aws-controllers-k8s.github.io/community/reference/eks/v1alpha1/cluster/

Steps to reproduce Write the YAML for an EKS Cluster object by first copying the documentation https://aws-controllers-k8s.github.io/community/reference/eks/v1alpha1/cluster/ and then filling in all the fields appropriately. When attempting to then apply that custom resource, you will get the following error:

error: error validating "eks.yaml": error validating data: [
  ValidationError(Cluster.spec.encryptionConfig): invalid type for aws.k8s.services.eks.v1alpha1.Cluster.spec.encryptionConfig: got "map", expected "array", 
  ValidationError(Cluster.spec.resourcesVPCConfig.subnetRefs): invalid type for aws.k8s.services.eks.v1alpha1.Cluster.spec.resourcesVPCConfig.subnetRefs: got "map", expected "array"
  ValidationError(Cluster.spec.resourcesVPCConfig.securityGroupRefs): invalid type for aws.k8s.services.eks.v1alpha1.Cluster.spec.resourcesVPCConfig.securityGroupRefs: got "map", expected "array"
]; if you choose to ignore these errors, turn validation off with --validate=false

The spec listed in the documentation (which is the same as when running kubectl get crd clusters.eks.services.k8s.aws -oyaml) is the following (snipped for brevity)

...
encryptionConfig:
  provider: 
    keyARN: string
    keyRef: 
      from: 
        name: string
  resources:
  - string
...
resourcesVPCConfig: 
  securityGroupRefs:
    from: 
      name: string
...
  subnetRefs:
    from: 
      name: string
...

However, the following example is actually accepted, and allows for a proper Cluster creation.

---
apiVersion: eks.services.k8s.aws/v1alpha1
kind: Cluster
metadata:
  name: prod1-eks
  namespace: prod1
spec:
  encryptionConfig:
    - provider: 
        keyRef: 
          from: 
            name: prod1-encryption-key
      resources:
      - secrets
...
  resourcesVPCConfig: 
    securityGroupRefs:
      - from: 
          name: prod1-eks-security-group
    subnetRefs:
      - from: 
          name: prod1-private-subnet1
      - from: 
          name: prod1-private-subnet2
...

The difference is that objects are listed as what is expected, but then arrays are required instead when you actually apply the yaml for resource creation.

Expected outcome Documentation and CRD definition to accurately reflect what is required.

Environment

a-hilaly commented 4 months ago

Hi @jcrowthe ! Thank you for bringing this issue to our attention. The seems to be an issue with the rendering of our documentation, which incorrectly shows encryptionConfig as a map when it should be represented as an array.

The eks-controller types and CRDs definition correctly defines encryptionConfig as an array field, which aligns with the AWS EKS API specification