KCC doesn't follow the operator pattern to retry creating VPCAC #2697
Labels
bug
Something isn't working
Comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Checklist
Bug Description
After using KCC to create VPCAC and IamPolicy to grant networkUser permission on related service account, I understand there is a chance of race condition which causes permission missing error. However, the error should be gone after IAMPolicy is created as the KCC is using operator pattern which should reconcile at least after 1 day
related error:
https://cloud.google.com/knowledge/kb/vpc-access-did-not-have-permission-to-resolve-the-subnet-or-the-provided-subnet-does-not-exist-when-attempting-to-create-a-vpc-connector-000004791
Additional Diagnostic Information
NA
Kubernetes Cluster Version
1.29.7-gke.1104000
Config Connector Version
1.119.0
Config Connector Mode
namespaced mode (default)
Log Output
No response
Steps to reproduce the issue
Write a code snippet to create VPCAC and iampolicy custom resource at the same time. When race condition happens, this error will appear and VPCAC will get stuck in the error state without any recovering/helping from the kcc operator.
YAML snippets
No response
The text was updated successfully, but these errors were encountered: