-
Notifications
You must be signed in to change notification settings - Fork 51
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add compute.backendServices.list to the list of permissions required for workload identity sa #138
Comments
But I am not so sure this one is coming from Autoneg at all - it could be part of NEG reconciler from GKE. |
Could be, havent found the relevant change in NEG side yet. |
Autoneg does not create or change NEGs, that's handled through the |
My apologies, I meant that flow itself. AutoNEG is not deattaching the NEG from the GCP backend when the name of NEG is changed. |
Maybe you could outline the steps that have to happen for you to hit this bug? |
Following up on this thread a bit late, I found this issue while I was changing the NEG name.
Examples:
Additional Observation: If you delete the annotation from service, it deletes the Network endpoint group. My suspicion is that AutoNeg might not be sending request to deattach the network endpoints from the backend when there is a rename of the network endpoint group name. I found that there is recent change to deattach the network ep on removing annotations but maybe there is a corner case on not deleting on removing it.This issue initially started with observing logs in my cluster, but I feel that was a side effect of a bigger problem- Deregistering when annotation is edited. |
Hi Team
I am getting a
Seems to be benign here mostly but unsure if it is actually needed.
Version:
v1.0.0
A suggestion from my end would be to update the script here if its needed.
Thanks
The text was updated successfully, but these errors were encountered: