search

aws-controllers-k8s / community

AWS Controllers for Kubernetes (ACK) is a project enabling you to manage AWS services from Kubernetes
https://aws-controllers-k8s.github.io/community/
Apache License 2.0
2.39k stars 253 forks source link

Cloudwatch-logs ack controller doesn't support / in log group name #2134

Open swapnachagam opened 1 month ago

swapnachagam commented 1 month ago

Describe the bug I am getting error when i try to create LogGroup with "/" in the name

{"level":"error","ts":"2024-08-13T09:36:19Z","msg":"Error creating or updating resource","controller":"cloudwatchlogforwarder","controllerGroup":"logforwarding.ucp.adskeng.net","controllerKind":"CloudWatchLogForwarder","CloudWatchLogForwarder":{"name":"yolo-c-uw2-log-forwarding","namespace":"dexp-c-aws"},"namespace":"dexp-c-aws","name":"yolo-c-uw2-log-forwarding","reconcileID":"9b348f8a-674f-49dd-a8e5-c1e3b8112fc3","error":"LogGroup.cloudwatchlogs.services.k8s.aws \"aws/test/loggroupepona\" is invalid: metadata.name: Invalid value: \"aws/test/loggroupepona\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is 'a-z0-9?(\.a-z0-9?)')","stacktrace":"ucp.adskeng.net/unified-control-plane/pkg/resources/ackresources.validateCreateOrUpdate\n\tucp.adskeng.net/unified-control-plane/pkg/resources/ackresources/ackresource_util.go:19\nucp.adskeng.net/unified-control-plane/pkg/resources/ackresources.CreateOrUpdateLogGroup\n\tucp.adskeng.net/unified-control-plane/pkg/resources/ackresources/logGroup.go:43\nucp.adskeng.net/unified-control-plane/internal/controller/logforwarding.createOrUpdateAckResource\n\tucp.adskeng.net/unified-control-plane/internal/controller/logforwarding/logforwarder_util.go:268\nucp.adskeng.net/unified-control-plane/internal/controller/logforwarding.(CloudWatchLogForwarderReconciler).Reconcile\n\tucp.adskeng.net/unified-control-plane/internal/controller/logforwarding/cloudwatchlogforwarder_controller.go:111\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Reconcile\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).reconcileHandler\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).processNextWorkItem\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(Controller).Start.func2.2\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:222"}

Steps to reproduce

Gave loggroup name as "/aws/test/loggroupepona" and tried to create logGroup

Expected outcome I would like LogGroup names to contain forward slash(/). This is allowed in AWS and i would like ACK Controller to do the same. This is required because we are migrating some existing resources from terraform to ACK

Environment

{"level":"error","ts":"2024-08-13T09:36:19Z","msg":"Error creating or updating resource","controller":"cloudwatchlogforwarder","controllerGroup":"logforwarding.ucp.adskeng.net","controllerKind":"CloudWatchLogForwarder","CloudWatchLogForwarder":{"name":"yolo-c-uw2-log-forwarding","namespace":"dexp-c-aws"},"namespace":"dexp-c-aws","name":"yolo-c-uw2-log-forwarding","reconcileID":"9b348f8a-674f-49dd-a8e5-c1e3b8112fc3","error":"LogGroup.cloudwatchlogs.services.k8s.aws \"aws/test/loggroupepona\" is invalid: metadata.name: Invalid value: \"aws/test/loggroupepona\": a lowercase RFC 1123 subdomain must consist of lower case alphanumeric characters, '-' or '.', and must start and end with an alphanumeric character (e.g. 'example.com', regex used for validation is '[a-z0-9]([-a-z0-9]*[a-z0-9])?(\\.[a-z0-9]([-a-z0-9]*[a-z0-9])?)*')","stacktrace":"ucp.adskeng.net/unified-control-plane/pkg/resources/ackresources.validateCreateOrUpdate\n\tucp.adskeng.net/unified-control-plane/pkg/resources/ackresources/ackresource_util.go:19\nucp.adskeng.net/unified-control-plane/pkg/resources/ackresources.CreateOrUpdateLogGroup\n\tucp.adskeng.net/unified-control-plane/pkg/resources/ackresources/logGroup.go:43\nucp.adskeng.net/unified-control-plane/internal/controller/logforwarding.createOrUpdateAckResource\n\tucp.adskeng.net/unified-control-plane/internal/controller/logforwarding/logforwarder_util.go:268\nucp.adskeng.net/unified-control-plane/internal/controller/logforwarding.(*CloudWatchLogForwarderReconciler).Reconcile\n\tucp.adskeng.net/unified-control-plane/internal/controller/logforwarding/cloudwatchlogforwarder_controller.go:111\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Reconcile\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:114\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).reconcileHandler\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:311\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).processNextWorkItem\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:261\nsigs.k8s.io/controller-runtime/pkg/internal/controller.(*Controller).Start.func2.2\n\tsigs.k8s.io/controller-runtime@v0.18.2/pkg/internal/controller/controller.go:222"}
a-hilaly commented 1 month ago

Hi @swapnachagam - thank you for reporting this. The issue you're running into is a kubernetes limitation. Currently we do not have any control on how metadata.name is validated - the api-server is responsible of doing that.

On the other hand, you can always set the AWS name with a "/" in the spec.name section: checkout the full definition in here https://aws-controllers-k8s.github.io/community/reference/cloudwatchlogs/v1alpha1/loggroup/