aravindsagar
commented
4 months ago /kind bug
Open cparadal opened 4 months ago
aravindsagar
commented
4 months ago /kind bug
k8s-triage-robot
commented
1 month ago The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle stale/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
k8s-triage-robot
commented
2 weeks ago The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
lifecycle/stale is appliedlifecycle/stale was applied, lifecycle/rotten is appliedlifecycle/rotten was applied, the issue is closedYou can:
/remove-lifecycle rotten/closePlease send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
Describe the bug The AWS Load Balancer Controller admission webhook seems to be blocking deletion of any Ingress resource that is associated with an Ingress Class that has already been deleted.
We have a series of ArgoCD applications on which we perform selective resource deletion, based on a number of requirements. During this resource deletion, ingress classes can get removed before the actual ingress resources referencing them. The removed ingress classes are not related to the AWS Load Balancer Controller.
This wasn't an issue with versions < 2.6.0, as the behaviour of this webhook seems to have changed with this commit
kube-controller-manager-ip-xxxxxxx kube-controller-manager E0509 14:16:52.686392 1 garbagecollector.go:392] error syncing item &garbagecollector.node{identity:garbagecollector.objectReference{OwnerReference:v1.OwnerReference{APIVersion:"networking.k8s.io/v1", Kind:"Ingress", Name:"xxxxxx", UID:"xxxxxxxx", Controller:(*bool)(nil), BlockOwnerDeletion:(*bool)(nil)}, Namespace:"xxxxxxxxx"}, dependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:1}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, dependents:map[*garbagecollector.node]struct {}{}, deletingDependents:true, deletingDependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, beingDeleted:true, beingDeletedLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, virtual:false, virtualLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, owners:[]v1.OwnerReference(nil)}: admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: IngressClass.networking.k8s.io "xxxxxxxx" not foundSteps to reproduce From ArgoCD, deploy an application which contains an ingress class and an ingress resource referencing it. Trigger a deletion of both IngressClass and Ingress, making sure that the Ingress Class is removed first. This could potentially be reproduced without ArgoCD.
Expected outcome The AWS Load Balancer Controller webhook doesn't randomly block ingress resource deletion within the cluster.
Environment
AWS Load Balancer controller version v2.7.2 (but bug occurs on >= v2.6.0)
Kubernetes version v1.28.9
Using EKS (yes/no), if so version? No - kubeadm based cluster running on AWS
Additional Context: