You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When creating a private CAPA WC using a different AWSClusterRoleIdentity (AWS Account) to that of the MC the workload clusters api-server never seems to come up. The first control plane instance is created and seems to boot ok but the api server never becomes available and the nodeName is never set on the Machine CR.
Designed behavior
Private CAPA clusters should be able to be created in isolated AWS accounts just like non-private WCs can be.
Run the capa private E2E test (E.g. E2E_KUBECONFIG=~/.kube/clusters/e2e.yaml ginkgo --timeout 4h -v -r ./providers/capa/private) and the cluster standup step should timeout.
Bug description
When creating a private CAPA WC using a different
AWSClusterRoleIdentity
(AWS Account) to that of the MC the workload clusters api-server never seems to come up. The first control plane instance is created and seems to boot ok but the api server never becomes available and the nodeName is never set on theMachine
CR.Designed behavior
Private CAPA clusters should be able to be created in isolated AWS accounts just like non-private WCs can be.
Reproduction Steps
Add the following to the cluster values of the capa private E2E test
Run the capa private E2E test (E.g.
E2E_KUBECONFIG=~/.kube/clusters/e2e.yaml ginkgo --timeout 4h -v -r ./providers/capa/private
) and the cluster standup step should timeout.Technical information
Related PR which discovered this issue: giantswarm/cluster-test-suites#444
Use case for wanting isolated aws account: https://github.com/giantswarm/giantswarm/issues/29815
The text was updated successfully, but these errors were encountered: