search

gardener / gardener-extension-provider-aws

Gardener extension controller for the AWS cloud provider (https://aws.amazon.com).
https://gardener.cloud
Apache License 2.0
19 stars 97 forks source link

Validate `Shoot` against available AMI configuration in `CloudProfile` #972

Closed timuthy closed 4 months ago

timuthy commented 5 months ago

How to categorize this issue?

/area robustness /area usability /area ops-productivity /kind enhancement /platform aws

What would you like to be added: The AWS admission webhook should deny shoot creations if the shoot to be created has an invalid image configuration, i.e. at least one worker pool uses an Image that is not available in that region.

Example:

Shoot

...
spec:
  region: region: us-east-1
  workers:
  - name: worker-1
     image:
       name: gardenlinux
       version: 1443.5.0
...

CloudProfile

...
spec:
  machineImages:
  - name: gardenlinux
     version: 1443.5.0
...
  providerConfig:
    apiVersion: aws.provider.extensions.gardener.cloud/v1alpha1
    kind: CloudProfileConfig
    machineImages:
   - name: gardenlinux
      versions:
      - regions:
        - ami: ami-000111222333
           name: eu-central-1

The shoot above is created but doesn't succeed during reconciliation due to the missing image configuration. Furthermore, shoot deletion will be blocked for the same reason (MachineClasseses) are re-deployed during deletion.

timuthy commented 5 months ago

/cc @hendrikKahl