Fix multi-tag VPC lookup #4638
Merged
zac-nixon merged 1 commit intokubernetes-sigs:mainfrom Mar 27, 2026
Merged
Conversation
73a5fa3 to
477aeb7
Compare
477aeb7 to
4746133
Compare
wweiwei-li
approved these changes
Mar 26, 2026
Contributor
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: shraddhabang, wweiwei-li, zac-nixon The full list of commands accepted by this bot can be found here. The pull request process is described here DetailsNeeds approval from an approver in each of these files:
Approvers can indicate their approval by writing |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Issue
#4633
The --aws-vpc-tags flag claims to support multiple tags for VPC lookup, but the implementation only ever used a single tag — the one selected by --aws-vpc-tag-key (defaulting to Name). All other tags were silently ignored.
For example, deploying with --aws-vpc-tags=foo=bar,baz=buzz would only filter on the Name tag (which doesn't exist in this input), causing the controller to fail at startup
Fix
--aws-vpc-tagsto always use all specified tags as AND filters in the DescribeVpcs call, matching the documented behavior.--aws-vpc-tag-key. The flag is still accepted but ignored, and logs a warning at startup if set to a non-default value. It will be removed in a future release.Breaking Changes
If you were passing multiple tags via
--aws-vpc-tagsbut your VPC only matched a subset of them (relying on the buggy single-tag behavior), the controller will now fail to find the VPC since all tags are used as filters. Update your VPC tags or your--aws-vpc-tagsvalue to ensure they match.Release Notes updates
Bug Fixes
--aws-vpc-tagsto use all specified tags as AND filters for VPC lookup. Previously, only a single tag (selected by--aws-vpc-tag-key, defaulting toName) was used, and all other tags were silently ignored.Deprecations
--aws-vpc-tag-keyis now deprecated and ignored. All tags from--aws-vpc-tagsare always used for VPC lookup. This flag will be removed in a future release.Breaking Changes
--aws-vpc-tagsbut your VPC only matched a subset of them, the controller will now fail to find the VPC since all tags are used as filters. Update your VPC tags or your--aws-vpc-tagsvalue to ensure they match.Checklist
README.md, or thedocsdirectory)BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯