Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ProviderRevision failing and Provider is Unhealthy #1325

Closed
anfoxtrot opened this issue May 26, 2022 · 7 comments
Closed

ProviderRevision failing and Provider is Unhealthy #1325

anfoxtrot opened this issue May 26, 2022 · 7 comments
Labels
bug Something isn't working

Comments

@anfoxtrot
Copy link

What happened?

After applying

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-aws
spec:
  package: crossplane/provider-aws:v0.27.0
  controllerConfigRef:
    name: aws-config

A ProviderRevision was created

Name:         provider-aws-866abfbb37fc
Namespace:
Labels:       pkg.crossplane.io/package=provider-aws
Annotations:  company: Crossplane
              description:
                The Amazon Web Services (AWS) Crossplane provider adds support for
                managing AWS resources in Kubernetes.
              descriptionShort:
                The AWS Crossplane provider enables infrastructure management for Amazon
                Web Services.
              friendly-group-name.meta.crossplane.io/acm.aws.crossplane.io: Certificate Manager
              friendly-group-name.meta.crossplane.io/acmpca.aws.crossplane.io: Private CA
              friendly-group-name.meta.crossplane.io/apigatewayv2.aws.crossplane.io: API Gateway
              friendly-group-name.meta.crossplane.io/cache.aws.crossplane.io: ElastiCache
              friendly-group-name.meta.crossplane.io/database.aws.crossplane.io: Databases
              friendly-group-name.meta.crossplane.io/dynamodb.aws.crossplane.io: DynamoDB
              friendly-group-name.meta.crossplane.io/ec2.aws.crossplane.io: Elastic Compute
              friendly-group-name.meta.crossplane.io/ecr.aws.crossplane.io: Elastic Container Registry
              friendly-group-name.meta.crossplane.io/efs.aws.crossplane.io: Elastic Filesystem
              friendly-group-name.meta.crossplane.io/eks.aws.crossplane.io: Elastic Kubernetes
              friendly-group-name.meta.crossplane.io/elasticloadbalancing.aws.crossplane.io: Elastic Load Balancing
              friendly-group-name.meta.crossplane.io/iam.aws.crossplane.io: IAM
              friendly-group-name.meta.crossplane.io/kms.aws.crossplane.io: Key Managment Service
              friendly-group-name.meta.crossplane.io/notification.aws.crossplane.io: SNS
              friendly-group-name.meta.crossplane.io/rds.aws.crossplane.io: RDS
              friendly-group-name.meta.crossplane.io/redshift.aws.crossplane.io: Redshift
              friendly-group-name.meta.crossplane.io/route53.aws.crossplane.io: Route 53
              friendly-group-name.meta.crossplane.io/s3.aws.crossplane.io: S3
              friendly-group-name.meta.crossplane.io/secretsmanager.aws.crossplane.io: Secrets Manager
              friendly-group-name.meta.crossplane.io/sfn.aws.crossplane.io: Step Functions
              friendly-group-name.meta.crossplane.io/sqs.aws.crossplane.io: SQS
              friendly-kind-name.meta.crossplane.io/activity.sfn.aws.crossplane.io: Activity
              friendly-kind-name.meta.crossplane.io/address.ec2.aws.crossplane.io: Address
              friendly-kind-name.meta.crossplane.io/api.apigatewayv2.aws.crossplane.io: API
              friendly-kind-name.meta.crossplane.io/apimapping.apigatewayv2.aws.crossplane.io: API Mapping
              friendly-kind-name.meta.crossplane.io/authorizer.apigatewayv2.aws.crossplane.io: Authorizer
              friendly-kind-name.meta.crossplane.io/backup.dynamodb.aws.crossplane.io: Backup
              friendly-kind-name.meta.crossplane.io/bucket.s3.aws.crossplane.io: Bucket
              friendly-kind-name.meta.crossplane.io/bucketpolicy.s3.aws.crossplane.io: Bucket Policy
              friendly-kind-name.meta.crossplane.io/cachecluster.cache.aws.crossplane.io: Cache Cluster
              friendly-kind-name.meta.crossplane.io/cachesubnetgroup.cache.aws.crossplane.io: Cache Subnet Group
              friendly-kind-name.meta.crossplane.io/certificate.acm.aws.crossplane.io: Certificate
              friendly-kind-name.meta.crossplane.io/certificateauthority.acmpca.aws.crossplane.io: CA
              friendly-kind-name.meta.crossplane.io/certificateauthoritypermission.acmpca.aws.crossplane.io: CA Permission
              friendly-kind-name.meta.crossplane.io/cluster.eks.aws.crossplane.io: EKS Cluster
              friendly-kind-name.meta.crossplane.io/cluster.redshift.aws.crossplane.io: Redshift Cluster
              friendly-kind-name.meta.crossplane.io/dbcluster.rds.aws.crossplane.io: Database Cluster
              friendly-kind-name.meta.crossplane.io/dbparametergroup.rds.aws.crossplane.io: Database Parameter Group
              friendly-kind-name.meta.crossplane.io/dbsubnetgroup.database.aws.crossplane.io: Database Subnet Group
              friendly-kind-name.meta.crossplane.io/deployment.apigatewayv2.aws.crossplane.io: Deployment
              friendly-kind-name.meta.crossplane.io/domainname.apigatewayv2.aws.crossplane.io: Domain Name
              friendly-kind-name.meta.crossplane.io/elb.elasticloadbalancing.aws.crossplane.io: Elastic Load Balancer
              friendly-kind-name.meta.crossplane.io/elbattachment.elasticloadbalancing.aws.crossplane.io: ELB Attachment
              friendly-kind-name.meta.crossplane.io/fargateprofile.eks.aws.crossplane.io: Fargate Profile
              friendly-kind-name.meta.crossplane.io/filesystem.efs.aws.crossplane.io: Filesystem
              friendly-kind-name.meta.crossplane.io/globaltable.dynamodb.aws.crossplane.io: Global Table
              friendly-kind-name.meta.crossplane.io/hostedzone.route53.aws.crossplane.io: Hosted Zone
              friendly-kind-name.meta.crossplane.io/iamaccesskey.iam.aws.crossplane.io: IAM Access Key
              friendly-kind-name.meta.crossplane.io/iamgroup.iam.aws.crossplane.io: IAM Group
              friendly-kind-name.meta.crossplane.io/iamgrouppolicyattachment.iam.aws.crossplane.io: IAM Group Policy Attachment
              friendly-kind-name.meta.crossplane.io/iamgroupusermembership.iam.aws.crossplane.io: IAM Group User Membership
              friendly-kind-name.meta.crossplane.io/iampolicy.iam.aws.crossplane.io: IAM Policy
              friendly-kind-name.meta.crossplane.io/iamrole.iam.aws.crossplane.io: IAM Role
              friendly-kind-name.meta.crossplane.io/iamrolepolicyattachment.iam.aws.crossplane.io: IAM Role Policy Attachment
              friendly-kind-name.meta.crossplane.io/iamuser.iam.aws.crossplane.io: IAM User
              friendly-kind-name.meta.crossplane.io/iamuserpolicyattachment.iam.aws.crossplane.io: IAM User Policy Attachment
              friendly-kind-name.meta.crossplane.io/integration.apigatewayv2.aws.crossplane.io: Integration
              friendly-kind-name.meta.crossplane.io/integrationresponse.apigatewayv2.aws.crossplane.io: Integration Response
              friendly-kind-name.meta.crossplane.io/internetgateway.ec2.aws.crossplane.io: Internet Gateway
              friendly-kind-name.meta.crossplane.io/key.kms.aws.crossplane.io: Key
              friendly-kind-name.meta.crossplane.io/model.apigatewayv2.aws.crossplane.io: Model
              friendly-kind-name.meta.crossplane.io/natgateway.ec2.aws.crossplane.io: NAT Gateway
              friendly-kind-name.meta.crossplane.io/nodegroup.eks.aws.crossplane.io: EKS Node Group
              friendly-kind-name.meta.crossplane.io/queue.sqs.aws.crossplane.io: SQS Queue
              friendly-kind-name.meta.crossplane.io/rdsinstance.database.aws.crossplane.io: RDS Instance
              friendly-kind-name.meta.crossplane.io/replicationgroup.cache.aws.crossplane.io: Replication Group
              friendly-kind-name.meta.crossplane.io/repository.ecr.aws.crossplane.io: Repository
              friendly-kind-name.meta.crossplane.io/repositorypolicy.ecr.aws.crossplane.io: Repository Policy
              friendly-kind-name.meta.crossplane.io/resourcerecordset.route53.aws.crossplane.io: Resource Record Set
              friendly-kind-name.meta.crossplane.io/route.apigatewayv2.aws.crossplane.io: Route
              friendly-kind-name.meta.crossplane.io/routeresponse.apigatewayv2.aws.crossplane.io: Route Response
              friendly-kind-name.meta.crossplane.io/routetable.ec2.aws.crossplane.io: Route Table
              friendly-kind-name.meta.crossplane.io/secret.secretsmanager.aws.crossplane.io: Secret
              friendly-kind-name.meta.crossplane.io/securitygroup.ec2.aws.crossplane.io: Security Group
              friendly-kind-name.meta.crossplane.io/snssubscription.notification.aws.crossplane.io: Subscription
              friendly-kind-name.meta.crossplane.io/snstopic.notification.aws.crossplane.io: Topic
              friendly-kind-name.meta.crossplane.io/stage.apigatewayv2.aws.crossplane.io: Stage
              friendly-kind-name.meta.crossplane.io/statemachine.sfn.aws.crossplane.io: State Machine
              friendly-kind-name.meta.crossplane.io/subnet.ec2.aws.crossplane.io: Subnet
              friendly-kind-name.meta.crossplane.io/table.dynamodb.aws.crossplane.io: Table
              friendly-kind-name.meta.crossplane.io/vpc.ec2.aws.crossplane.io: VPC
              friendly-kind-name.meta.crossplane.io/vpccidrblock.ec2.aws.crossplane.io: VPC CIDR Block
              friendly-kind-name.meta.crossplane.io/vpclink.apigatewayv2.aws.crossplane.io: VPC Link
              friendly-name.meta.crossplane.io: Provider AWS
              iconData:
                CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iNjUiIGhlaWdodD0iNjUiPjxnIGZpbGw9Im5vbmUiIGZpbGwtcnVsZT0iZXZlbm9kZCI+PHJlY3...
              license: Apache-2.0
              maintainer: Crossplane Maintainers <info@crossplane.io>
              meta.crossplane.io/description:
                The Amazon Web Services (AWS) Crossplane provider adds support for
                managing AWS resources in Kubernetes.
              meta.crossplane.io/iconURI:
                data:image/svg+xml;base64,CjxzdmcgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIiB3aWR0aD0iNjUiIGhlaWdodD0iNjUiPjxnIGZpbGw9Im5vbmUiIGZpbGwt...
              meta.crossplane.io/license: Apache-2.0
              meta.crossplane.io/maintainer: Crossplane Maintainers <info@crossplane.io>
              meta.crossplane.io/readme:
                `provider-aws` is the Crossplane infrastructure provider for [Amazon Web
                Services (AWS)](https://aws.amazon.com/).

                Available resources and their fields can be found in the [CRD
                Docs](https://doc.crds.dev/github.com/crossplane/provider-aws).

                If you encounter an issue please reach out on
                [slack.crossplane.io](https://slack.crossplane.io) and create an issue in
                the [crossplane/provider-aws](https://github.com/crossplane/provider-aws)
                repo.
              meta.crossplane.io/source: github.com/crossplane/provider-aws
              readme:
                `provider-aws` is the Crossplane infrastructure provider for [Amazon Web
                Services (AWS)](https://aws.amazon.com/).

                Available resources and their fields can be found in the [CRD
                Docs](https://doc.crds.dev/github.com/crossplane/provider-aws).

                If you encounter an issue please reach out on
                [slack.crossplane.io](https://slack.crossplane.io) and create an issue in
                the [crossplane/provider-aws](https://github.com/crossplane/provider-aws)
                repo.
              source: github.com/crossplane/provider-aws
API Version:  pkg.crossplane.io/v1
Kind:         ProviderRevision
Metadata:
  Creation Timestamp:  2022-05-26T18:33:09Z
  Finalizers:
    revision.pkg.crossplane.io
  Generation:  1
  Managed Fields:
    API Version:  pkg.crossplane.io/v1
    Fields Type:  FieldsV1
    fieldsV1:
      f:metadata:
        f:annotations:
          .:
          f:company:
          f:description:
          f:descriptionShort:
          f:friendly-group-name.meta.crossplane.io/acm.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/acmpca.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/apigatewayv2.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/cache.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/database.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/dynamodb.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/ec2.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/ecr.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/efs.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/eks.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/elasticloadbalancing.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/iam.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/kms.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/notification.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/rds.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/redshift.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/route53.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/s3.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/secretsmanager.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/sfn.aws.crossplane.io:
          f:friendly-group-name.meta.crossplane.io/sqs.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/activity.sfn.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/address.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/api.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/apimapping.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/authorizer.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/backup.dynamodb.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/bucket.s3.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/bucketpolicy.s3.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/cachecluster.cache.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/cachesubnetgroup.cache.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/certificate.acm.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/certificateauthority.acmpca.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/certificateauthoritypermission.acmpca.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/cluster.eks.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/cluster.redshift.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/dbcluster.rds.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/dbparametergroup.rds.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/dbsubnetgroup.database.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/deployment.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/domainname.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/elb.elasticloadbalancing.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/elbattachment.elasticloadbalancing.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/fargateprofile.eks.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/filesystem.efs.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/globaltable.dynamodb.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/hostedzone.route53.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamaccesskey.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamgroup.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamgrouppolicyattachment.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamgroupusermembership.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iampolicy.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamrole.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamrolepolicyattachment.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamuser.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/iamuserpolicyattachment.iam.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/integration.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/integrationresponse.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/internetgateway.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/key.kms.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/model.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/natgateway.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/nodegroup.eks.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/queue.sqs.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/rdsinstance.database.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/replicationgroup.cache.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/repository.ecr.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/repositorypolicy.ecr.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/resourcerecordset.route53.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/route.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/routeresponse.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/routetable.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/secret.secretsmanager.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/securitygroup.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/snssubscription.notification.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/snstopic.notification.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/stage.apigatewayv2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/statemachine.sfn.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/subnet.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/table.dynamodb.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/vpc.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/vpccidrblock.ec2.aws.crossplane.io:
          f:friendly-kind-name.meta.crossplane.io/vpclink.apigatewayv2.aws.crossplane.io:
          f:friendly-name.meta.crossplane.io:
          f:iconData:
          f:license:
          f:maintainer:
          f:meta.crossplane.io/description:
          f:meta.crossplane.io/iconURI:
          f:meta.crossplane.io/license:
          f:meta.crossplane.io/maintainer:
          f:meta.crossplane.io/readme:
          f:meta.crossplane.io/source:
          f:readme:
          f:source:
        f:finalizers:
          .:
          v:"revision.pkg.crossplane.io":
        f:labels:
          .:
          f:pkg.crossplane.io/package:
        f:ownerReferences:
          .:
          k:{"uid":"7766ff62-e3cc-4dc7-a0e4-07ef8313e30e"}:
            .:
            f:apiVersion:
            f:blockOwnerDeletion:
            f:controller:
            f:kind:
            f:name:
            f:uid:
      f:spec:
        .:
        f:controllerConfigRef:
          .:
          f:name:
        f:desiredState:
        f:ignoreCrossplaneConstraints:
        f:image:
        f:packagePullPolicy:
        f:revision:
        f:skipDependencyResolution:
      f:status:
        .:
        f:conditions:
        f:controllerRef:
          .:
          f:name:
    Manager:    crossplane
    Operation:  Update
    Time:       2022-05-26T18:33:27Z
  Owner References:
    API Version:           pkg.crossplane.io/v1
    Block Owner Deletion:  true
    Controller:            true
    Kind:                  Provider
    Name:                  provider-aws
    UID:                   7766ff62-e3cc-4dc7-a0e4-07ef8313e30e
  Resource Version:        250308
  UID:                     89d4877f-babd-41c1-86fc-c3d739fd0a2d
Spec:
  Controller Config Ref:
    Name:                         aws-config
  Desired State:                  Active
  Ignore Crossplane Constraints:  false
  Image:                          crossplane/provider-aws:v0.27.0
  Package Pull Policy:            IfNotPresent
  Revision:                       1
  Skip Dependency Resolution:     false
Status:
  Conditions:
    Last Transition Time:  2022-05-26T18:33:27Z
    Reason:                UnhealthyPackageRevision
    Status:                False
    Type:                  Healthy
  Controller Ref:
    Name:
Events:
  Type     Reason             Age                 From                                         Message
  ----     ------             ----                ----                                         -------
  Normal   BindClusterRole    26m (x4 over 26m)   rbac/providerrevision.pkg.crossplane.io      Bound system ClusterRole to provider ServiceAccount(s)
  Normal   ApplyClusterRoles  26m (x5 over 26m)   rbac/providerrevision.pkg.crossplane.io      Applied RBAC ClusterRoles
  Warning  SyncPackage        26m                 packages/providerrevision.pkg.crossplane.io  cannot update annotations for package revision: Operation cannot be fulfilled on providerrevisions.pkg.crossplane.io "provider-aws-866abfbb37fc": the object has been modified; please apply your changes to the latest version and try again
  Warning  SyncPackage        34s (x26 over 26m)  packages/providerrevision.pkg.crossplane.io  cannot establish control of object: certificates.acm.aws.crossplane.io is already controlled by ProviderRevision provider-aws-866abfbb37fc (UID 7151c613-eb69-4512-a7d4-995e26cb024c)

How can we reproduce it?

Create an EKS cluster
Create an EKS serviceIAMAccount

Install helm chart for crossplane
chart: crossplane
repoURL: https://charts.crossplane.io/stable
targetRevision: 1.8.0

apply

apiVersion: pkg.crossplane.io/v1
kind: Provider
metadata:
  name: provider-aws
spec:
  package: crossplane/provider-aws:v0.27.0
  controllerConfigRef:
    name: aws-config
---
apiVersion: pkg.crossplane.io/v1alpha1
kind: ControllerConfig
metadata:
  name: aws-config
  annotations:
    <some aws role arn with permissions arn>
spec:
  podSecurityContext:
    fsGroup: 2000
---
apiVersion: aws.crossplane.io/v1beta1
kind: ProviderConfig
metadata:
  name: default
spec:
  credentials:
    source: InjectedIdentity

What environment did it happen in?

Crossplane version: 1.8.0
EKS kubernetes: 1.22
@anfoxtrot anfoxtrot added the bug Something isn't working label May 26, 2022
@anfoxtrot
Copy link
Author

Redeploying the cluster and this worked.

@flaviomoringa
Copy link

@anfoxtrot I'm having the same issue every time I want to upgrade the aws-provider.

What do you mean with "Redeploying the cluster and this worked."?!

@Lincon-Freitas
Copy link

Lincon-Freitas commented Nov 8, 2022
edited

I am also having the same problem! Any solution for this?

Update:

I actually managed to fix it and that is how I did it:

Describe the ProviderRevision CRD:

kubectl describe providerrevision.pkg.crossplane.io

Then saw the following message:

Warning SyncPackage 38s packages/providerrevision.pkg.crossplane.io cannot establish control of object: Operation cannot be fulfilled on customresourcedefinitions.apiextensions.k8s.io "filesystems.efs.aws.crossplane.io": the object has been modified; please apply your changes to the latest version and try again

And following this comment here I just deleted the CRD:

kubectl delete crd filesystems.efs.aws.crossplane.io

After that it worked like a charm!

What I got from it is that the new provider version has an updated version of the CRD (API version) which is not automatically deleted and that makes the provider fail. After deleting the old CRD the provider manages to install the CRD again and everything works!

@candonov
Copy link

Thank you! Deleting the crd worked for me as well.

@nicraMarcin
Copy link

nicraMarcin commented Nov 16, 2023
edited

Hi,
I have the same problem

Warning  CannotUpdateManagedResource      6m51s                  managed/s3.aws.upbound.io/v1beta1, kind=bucketpolicy  Operation cannot be fulfilled on bucketpolicies.s3.a
ws.upbound.io "my-super-secret-bucket-7639856": the object has been modified; please apply your changes to the latest version and try again

The same warning with Bucket and other.
provider version 0.43.1 and wasn't be upgraded, it is fresh install

@Yatin03
Copy link

Yatin03 commented Apr 3, 2024

If CRDs (Custom Resource Definitions) are deleted, all resources created from those CRDs will also be removed.
How would you go about recovering the deleted resources?

@echozio
Copy link

echozio commented May 8, 2024

If your CRDs are in use and you've removed the old provider, just removing the ownerReferences on the CRDs seems to do the trick as well

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@nicraMarcin @flaviomoringa @echozio @candonov @Lincon-Freitas @anfoxtrot @Yatin03