feat(gateway): Auto-create ServiceNetwork on Gateway creation#904
Open
abdallahmahran10 wants to merge 1 commit intoaws:mainfrom
Open
feat(gateway): Auto-create ServiceNetwork on Gateway creation#904abdallahmahran10 wants to merge 1 commit intoaws:mainfrom
abdallahmahran10 wants to merge 1 commit intoaws:mainfrom
Conversation
abdallahmahran10
force-pushed
the
feat/auto-create-service-network
branch
from
e6f2a31 to
dd6327a
Compare
SinghVikram97
approved these changes
Mar 11, 2026
liucalvin
approved these changes
Mar 12, 2026
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
github-merge-queue bot
pushed a commit
that referenced
this pull request
Mar 17, 2026
- Gateway reconciler auto-creates a VPC Lattice ServiceNetwork using the Gateway's .metadata.name when no external SN exists - CreateOrUpdate is idempotent: reuses existing SN if found - Sibling Gateway safety: when deleting a Gateway, skip SN deletion if another active Gateway with the same name exists in a different namespace - Service association guard: block SN deletion if it still has active service associations, returning a clear error message - Ownership tracked via ManagedBy tag; externally-created SNs are never deleted - Documentation updated with auto-creation behavior, default settings, and external SN reuse for advanced configuration - Unit tests for hasSiblingGateway (4 cases) and Delete with active service associations - E2E integration tests for sibling deletion safety and service association delete guard
github-merge-queue
bot
removed this pull request from the merge queue due to failed status checks
Contributor
SinghVikram97
left a comment
SinghVikram97
left a comment
There was a problem hiding this comment.
One of the e2e test in failing
Test vpc association policy Update a VpcAssociationPolicy with associateWithVpc to false, expecting deleted ServiceNetworkVpcAssociation [Serial]
There is a CRD: https://www.gateway-api-controller.eks.aws.dev/latest/api-types/vpc-association-policy/ if you set associateWithVpc flag as false it should delete SNVA, but after this change it creates one if it doesn't exist.
Need further consideration on how to handle this case before we merge this.
- Gateway reconciler auto-creates a VPC Lattice ServiceNetwork using the Gateway's .metadata.name when no external SN exists - CreateOrUpdate is idempotent: reuses existing SN if found - Sibling Gateway safety: when deleting a Gateway, skip SN deletion if another active Gateway with the same name exists in a different namespace - Service association guard: block SN deletion if it still has active service associations, returning a clear error message - Ownership tracked via ManagedBy tag; externally-created SNs are never deleted - Documentation updated with auto-creation behavior, default settings, and external SN reuse for advanced configuration - Unit tests for hasSiblingGateway (4 cases) and Delete with active service associations - E2E integration tests for sibling deletion safety and service association delete guard
abdallahmahran10
force-pushed
the
feat/auto-create-service-network
branch
from
dd6327a to
4691eed
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
Auto-create a VPC Lattice ServiceNetwork when a Gateway is reconciled, eliminating the need for users to pre-create ServiceNetworks or rely on
DEFAULT_SERVICE_NETWORK.Changes
Auto-create ServiceNetwork (
gateway_controller.go)reconcileUpsertcallssnManager.CreateOrUpdate()using the Gateway.metadata.nameas the SN nameCreateOrUpdateis idempotent — finds and reuses an existing SN if one already existsManagedBytag; externally-created SNs are never deleted by the controllerSibling Gateway deletion safety (
gateway_controller.go)reconcileDeletechecks for sibling Gateways (same.Name, different namespace) before deleting the SNDeletionTimestampset are excluded from the sibling check, so simultaneous deletion of all siblings still cleans up the SNService association delete guard (
service_network_manager.go)Delete()checks for active service associations before attempting SN deletion"cannot delete ServiceNetwork X: N service association(s) still active, detach all services before deleting the Gateway"Documentation (
docs/api-types/gateway.md)Fixes #888
Testing
Unit tests
TestHasSiblingGateway: 4 cases — no sibling, has sibling (same name different ns), sibling being deleted (not counted), different name (not a sibling)Test_Delete_SnOwned_ActiveServiceAssociations: verifies Delete returns error when SN has active service associationsgo test ./...)E2E integration tests (
gateway_service_network_test.go)