Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RDS Instance goes into loop of publicly accessible: true/false after setting publiclyAccessible: true in the DBInstance CRD #2086

Open
ferozemohideen opened this issue Jun 12, 2024 · 0 comments
Open

RDS Instance goes into loop of publicly accessible: true/false after setting publiclyAccessible: true in the DBInstance CRD #2086

ferozemohideen opened this issue Jun 12, 2024 · 0 comments
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. service/rds Indicates issues or PRs that are related to rds-controller.

Comments

@ferozemohideen
Copy link

Describe the bug
I am managing an RDS instance using the rds-controller, and I am trying to make it publicly accessible. When I change the publiclyAccessible attribute to true on the DBInstance CRD following this documentation, the db instance goes into modifying state in the AWS console until it reaches available state and publicly accessible appears as true in the console, but then it goes back into modifying and publicly available appears as false in the console. This repeats in a loop.

I have made sure that the VPC in which the rds instance lives has an internet gateway and that the security group also allows for all traffic.

Steps to reproduce
Create a DBInstance CRD matching the following spec:

apiVersion: rds.services.k8s.aws/v1alpha1
kind: DBInstance
metadata:
  annotations:
    services.k8s.aws/deletion-policy: retain
    services.k8s.aws/region: us-east-1
  creationTimestamp: "2024-06-05T15:45:51Z"
  finalizers:
  - finalizers.rds.services.k8s.aws/DBInstance
  generation: 23
  name: test-iam
  namespace: "844966915049"
  resourceVersion: "292621"
  uid: 162e4f79-3395-4aeb-9129-05672fcde802
spec:
  allocatedStorage: 20
  autoMinorVersionUpgrade: true
  backupRetentionPeriod: 14
  caCertificateIdentifier: rds-ca-rsa2048-g1
  copyTagsToSnapshot: false
  dbInstanceClass: db.t4g.micro
  dbInstanceIdentifier: test-iam
  dbSubnetGroupName: test-iam
  deletionProtection: false
  enableIAMDatabaseAuthentication: true
  engine: postgres
  engineVersion: "15.4"
  iops: 3000
  kmsKeyID: arn:aws:kms:us-east-1:844966915049:key/93892898-f2ed-4d0f-a3b1-9f3119b18286
  licenseModel: postgresql-license
  masterUserPassword:
    key: DB_PASS
    name: test-iam-master-password
    namespace: "844966915049"
  masterUsername: postgres
  monitoringInterval: 0
  multiAZ: true
  performanceInsightsEnabled: false
  preferredBackupWindow: 07:29-07:59
  preferredMaintenanceWindow: tue:05:10-tue:05:40
  publiclyAccessible: false
  storageEncrypted: true
  storageThroughput: 125
  storageType: gp3
  vpcSecurityGroupIDs:
  - sg-0d3864b9aab326d26
status:
  ackResourceMetadata:
    arn: arn:aws:rds:us-east-1:844966915049:db:test-iam
    ownerAccountID: "844966915049"
    region: us-east-1
  activityStreamStatus: stopped
  certificateDetails:
    cAIdentifier: rds-ca-rsa2048-g1
    validTill: "2025-06-05T15:48:24Z"
  conditions:
  - lastTransitionTime: "2024-06-05T19:40:13Z"
    status: "False"
    type: ACK.ResourceSynced
  - lastTransitionTime: "2024-06-05T19:40:13Z"
    message: Late initialization successful
    reason: Late initialization successful
    status: "True"
    type: ACK.LateInitialized
  customerOwnedIPEnabled: false
  dbInstancePort: 0
  dbInstanceStatus: modifying
  dbParameterGroups:
  - dbParameterGroupName: default.postgres15
    parameterApplyStatus: in-sync
  dbSubnetGroup:
    dbSubnetGroupDescription: test-iam
    dbSubnetGroupName: test-iam
    subnetGroupStatus: Complete
    subnets:
    - subnetAvailabilityZone:
        name: us-east-1c
      subnetIdentifier: subnet-04f3d46ce6dac8927
      subnetOutpost: {}
      subnetStatus: Active
    - subnetAvailabilityZone:
        name: us-east-1a
      subnetIdentifier: subnet-0faa637fa206fe3f1
      subnetOutpost: {}
      subnetStatus: Active
    - subnetAvailabilityZone:
        name: us-east-1b
      subnetIdentifier: subnet-0dcfc47539c67aa6c
      subnetOutpost: {}
      subnetStatus: Active
    vpcID: vpc-00efa82eb9297e198
  dbiResourceID: db-JYHYBXMBCELQ3ITFWMOXOGDBT4
  endpoint:
    address: test-iam.cqstwvvgbnee.us-east-1.rds.amazonaws.com
    hostedZoneID: Z2R2ITUGPM61AM
    port: 5432
  iamDatabaseAuthenticationEnabled: true
  instanceCreateTime: "2024-06-05T15:49:15Z"
  latestRestorableTime: "2024-06-05T19:34:09Z"
  optionGroupMemberships:
  - optionGroupName: default:postgres-15
    status: in-sync
  pendingModifiedValues: {}
  secondaryAvailabilityZone: us-east-1a
  vpcSecurityGroups:
  - status: active
    vpcSecurityGroupID: sg-0d3864b9aab326d26

Set the publiclyAccessible attribute to true.
Expected outcome
A concise description of what you expected to happen.
The publiclyAccessible attribute should remain static
Environment

  • Kubernetes version
  • Using EKS (yes/no), if so version?
  • AWS service targeted (S3, RDS, etc.)
  • RDS
@a-hilaly a-hilaly added kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. service/rds Indicates issues or PRs that are related to rds-controller. labels Jun 17, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/bug Categorizes issue or PR as related to a bug. priority/critical-urgent Highest priority. Must be actively worked on as someone's top priority right now. service/rds Indicates issues or PRs that are related to rds-controller.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@a-hilaly @ferozemohideen