You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
The AWS Load Balancer Controller admission webhook seems to be blocking deletion of any Ingress resource that is associated with an Ingress Class that has already been deleted.
We have a series of ArgoCD applications on which we perform selective resource deletion, based on a number of requirements. During this resource deletion, ingress classes can get removed before the actual ingress resources referencing them. The removed ingress classes are not related to the AWS Load Balancer Controller.
This wasn't an issue with versions < 2.6.0, as the behaviour of this webhook seems to have changed with this commit
$ kubectl patch ingress xxxxxx -p '{"metadata":{"finalizers":null}}'
Error from server (invalid ingress class: IngressClass.networking.k8s.io "xxxx" not found): admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: IngressClass.networking.k8s.io "xxxx" not found
Steps to reproduce
From ArgoCD, deploy an application which contains an ingress class and an ingress resource referencing it. Trigger a deletion of both IngressClass and Ingress, making sure that the Ingress Class is removed first.
This could potentially be reproduced without ArgoCD.
Expected outcome
The AWS Load Balancer Controller webhook doesn't randomly block ingress resource deletion within the cluster.
Environment
AWS Load Balancer controller version
v2.7.2 (but bug occurs on >= v2.6.0)
Kubernetes version
v1.28.9
Using EKS (yes/no), if so version?
No - kubeadm based cluster running on AWS
Additional Context:
The text was updated successfully, but these errors were encountered:
Describe the bug
The AWS Load Balancer Controller admission webhook seems to be blocking deletion of any Ingress resource that is associated with an Ingress Class that has already been deleted.
We have a series of ArgoCD applications on which we perform selective resource deletion, based on a number of requirements. During this resource deletion, ingress classes can get removed before the actual ingress resources referencing them. The removed ingress classes are not related to the AWS Load Balancer Controller.
This wasn't an issue with versions < 2.6.0, as the behaviour of this webhook seems to have changed with this commit
kube-controller-manager-ip-xxxxxxx kube-controller-manager E0509 14:16:52.686392 1 garbagecollector.go:392] error syncing item &garbagecollector.node{identity:garbagecollector.objectReference{OwnerReference:v1.OwnerReference{APIVersion:"networking.k8s.io/v1", Kind:"Ingress", Name:"xxxxxx", UID:"xxxxxxxx", Controller:(*bool)(nil), BlockOwnerDeletion:(*bool)(nil)}, Namespace:"xxxxxxxxx"}, dependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:1}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, dependents:map[*garbagecollector.node]struct {}{}, deletingDependents:true, deletingDependentsLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, beingDeleted:true, beingDeletedLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, virtual:false, virtualLock:sync.RWMutex{w:sync.Mutex{state:0, sema:0x0}, writerSem:0x0, readerSem:0x0, readerCount:atomic.Int32{_:atomic.noCopy{}, v:0}, readerWait:atomic.Int32{_:atomic.noCopy{}, v:0}}, owners:[]v1.OwnerReference(nil)}: admission webhook "vingress.elbv2.k8s.aws" denied the request: invalid ingress class: IngressClass.networking.k8s.io "xxxxxxxx" not found
Steps to reproduce
From ArgoCD, deploy an application which contains an ingress class and an ingress resource referencing it. Trigger a deletion of both IngressClass and Ingress, making sure that the Ingress Class is removed first.
This could potentially be reproduced without ArgoCD.
Expected outcome
The AWS Load Balancer Controller webhook doesn't randomly block ingress resource deletion within the cluster.
Environment
AWS Load Balancer controller version
v2.7.2 (but bug occurs on >= v2.6.0)
Kubernetes version
v1.28.9
Using EKS (yes/no), if so version?
No - kubeadm based cluster running on AWS
Additional Context:
The text was updated successfully, but these errors were encountered: