ServiceNetwork API Reference¶
Introduction¶
ServiceNetwork is a cluster scoped Custom Resource Definition (CRD) that manages the lifecycle of VPC Lattice Service Networks.
It provides a Kubernetes native way to create and delete service networks, as an alternative to the DEFAULT_SERVICE_NETWORK environment variable.
The ServiceNetwork CRD only manages service network creation and deletion. VPC association is managed by VpcAssociationPolicy and IAM auth is managed by IAMAuthPolicy.
Prerequisites¶
The ServiceNetwork CRD is optional. To use it, install the CRD:
If the CRD is not installed, the controller will start normally and skip ServiceNetwork functionality.
Key Behaviors¶
- Cluster scoped: Matches VPC Lattice's account level resource model. The service network name comes from
.metadata.name. - Adoption: If a Lattice service network with the same name already exists, the controller adopts it by adding a
ManagedBytag. - Self healing: If the Lattice service network is deleted out of band, the controller re-creates it on the next reconcile.
- Backward compatible: Gateway works with or without a ServiceNetwork CR.
DEFAULT_SERVICE_NETWORKcontinues to work.
Deletion Behavior¶
The controller uses a finalizer to ensure Lattice resources are cleaned up before the CR is removed. Deletion is blocked if:
- A Gateway with the same name exists and is controlled by the Lattice gateway controller.
- The Lattice service network still has active associations (VPC, service, resource, or endpoint). The Lattice API error message is surfaced in the CR status.
User Workflow¶
- Create a ServiceNetwork CR (creates the service network in Lattice).
- Create a Gateway with a matching name.
- Optionally create a VpcAssociationPolicy for VPC association.
- Optionally create an IAMAuthPolicy for auth.