Unable to Configure Gateway API with AWS VPC Lattice Using gateway-api-controller

[sarvadnyaJawale]

I am facing issues configuring the gateway-api-controller to work with AWS VPC Lattice for my Kubernetes Gateway API setup. Specifically, the Gateway resource is stuck in a Programmed: False state, with the following message in the status

VPC Lattice Service Network not found I have followed the setup as outlined in the documentation, but the Gateway is unable to connect to the VPC Lattice Service Network. Below is a detailed description of the configuration and the issues encountered.

2. The Gateway is created but remains unprogrammed.

kubectl describe gateway portfolio-gateway output:

status: Conditions: Last Transition Time: 2024-09-20T13:06:24Z Message: VPC Lattice Service Network not found Observed Generation: 1 Reason: Pending Status: False Type: Programmed

3. Logs from the controller:

{"level":"info","ts":"2024-09-19T12:00:41.253Z","logger":"controller.route","caller":"gateway/model_build_lattice_service.go:140","msg":"No custom-domain-name for route portfolio-http-route-aws-application-networking-system"} {"level":"info","ts":"2024-09-19T12:00:41.843Z","logger":"controller.route","caller":"controllers/route_controller.go:155","msg":"reconcile error","name":"portfolio-http-route","message":"error during service synthesis failed ServiceManager.Upsert portfolio-http-route-aws-application-ne due to not found, Service network portfolio-gateway"}

Expected Behavior: The Gateway should be Programmed: True and route traffic to the backend service via the VPC Lattice.

Observed Behavior: The Gateway remains in a Programmed: False state with the error message "VPC Lattice Service Network not found."

Troubleshooting Steps Taken:

1. Verified that the VPC Lattice Service Network exists and is accessible.
2. Confirmed the gateway-api-controller is running and has the correct permissions.
3. Followed the documentation for configuring Gateway API with AWS VPC Lattice.
4. The IAM permissions seem correct, but the controller is unable to synthesize or connect to the VPC Lattice Service Network.

Environment:

1. Kubernetes version: v1.30
2. Gateway API version: v1beta1
3. AWS environment with VPC Lattice
4. gateway-api-controller used as per AWS documentation

Additional Information: Please let me know if there is any additional configuration or debugging steps I should follow to resolve this issue. Your help is greatly appreciated!

[stephenbawks]

I would be curious to find a solution on this as well as I believe I am running into the exact same problem.

[erikfuller]

Hi @sarvadnyaJawale, sorry to hear you're having some challenges getting started. Thanks for including such a detailed report!

From the looks of the error, the code is looking for a VPC Lattice service network with name portfolio-gateway. If you run aws vpc-lattice list-service-networks in your region, the controller wants one with "name": "portfolio-gateway". Based on the error, there shouldn't be one with that name at the moment, but we can fix that.

If you set the DEFAULT_SERVICE_NETWORK environment variable to portfolio-gateway, the controller will automatically create the service network and associate that service network with the VPC of your cluster. Alternatively, you can create the service network with the portfolio-gateway name manually, and your HTTPRoute will be added to the service network as a Lattice service.

From https://www.gateway-api-controller.eks.aws.dev/latest/guides/getstarted/#__tabbed_1_2 you can see the commands to create the service network and associate it with your VPC. Just be sure to use --name portfolio-gateway

Hope this helps!

[erikfuller]

Resolving this, but please feel free to reopen if this does not address your issue.