Config connector fails to reconcile ContainerNodePool resources with apparently a remote 400 error

[victor-ufg]

Checklist

• I did not find a related open issue.
• I did not find a solution in the troubleshooting guide: (https://cloud.google.com/config-connector/docs/troubleshooting)
• If this issue is time-sensitive, I have submitted a corresponding issue with GCP support.

Bug Description

This is related to the #260 issue one of our colleagues actually closed back in 2020.

Health status for some ContainerNodePools will show an error message. Apparently ContainerNodePool is created/updated successfully, but the health status remains degraded.
We use the add-on Config Connector version in our cluster (v 1.105.0), resources are deployed via argocd (v2.12.6+4dab5bd), we configured the system in namespaced mode.

Additional Diagnostic Information

Here's the error that happens upon reconciling:

Update call failed: error applying desired state: summary: googleapi: Error 400: At least one of ['node_version', 'image_type', 'updated_node_pool', 'locations', 'workload_metadata_config', 'upgrade_settings', 'kubelet_config', 'linux_node_config', 'tags', 'taints', 'labels', 'node_network_config', 'gcfs_config', 'gvnic', 'confidential_nodes', 'logging_config', 'fast_socket', 'resource_labels', 'accelerators', 'windows_node_config', 'machine_type', 'disk_type', 'disk_size_gb', 'storage_pools', 'containerd_config', 'resource_manager_tags', 'performance_monitoring_unit', 'queued_provisioning', 'max_run_duration'] must be specified. Details: [ { "@type": "type.googleapis.com/google.rpc.RequestInfo", "requestId": "0x138ed53e779ce378" } ] , badRequest

Kubernetes Cluster Version

v1.30.6-gke.1596000

Config Connector Version

1.105.0

Config Connector Mode

namespaced mode (default)

Log Output

No response

Steps to reproduce the issue

1. Try to create nodepool by deploying Yaml
2. wait for status update

YAML snippets

---
apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerNodePool
metadata:
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
  name: test-nodepool
spec:
  location: europe-west6-b
  initialNodeCount: 3
  autoscaling:
    minNodeCount: 2
    maxNodeCount: 6
  clusterRef:
    name: test-cluster
  management:
    autoRepair: true
    autoUpgrade: true
  nodeConfig:
    diskSizeGb: 26
    diskType: pd-balanced
    machineType: e2-standard-2
    preemptible: false
    spot: true
    oauthScopes:
      - "https://www.googleapis.com/auth/logging.write"
      - "https://www.googleapis.com/auth/monitoring"
      - "https://www.googleapis.com/auth/devstorage.read_only"
    tags:
      - updated-2024-12-18-2
  upgradeSettings:
    maxSurge: 2
    maxUnavailable: 0

---
apiVersion: container.cnrm.cloud.google.com/v1beta1
kind: ContainerCluster
metadata:
  annotations:
    cnrm.cloud.google.com/deletion-policy: abandon
    cnrm.cloud.google.com/remove-default-node-pool: "true"
  name: test-cluster
spec:
  location: europe-west6-b
  initialNodeCount: 1
  authenticatorGroupsConfig:
    securityGroup: [email protected]
  ipAllocationPolicy:
    clusterIpv4CidrBlock: ""
  masterAuth:
    clientCertificateConfig:
      issueClientCertificate: false
  maintenancePolicy:
    recurringWindow:
      startTime: "2020-01-01T00:30:00Z"
      endTime: "2020-01-01T04:30:00Z"
      recurrence: "FREQ=WEEKLY;BYDAY=MO,TU,WE,TH"
  releaseChannel:
    channel: REGULAR
  addonsConfig:
    networkPolicyConfig:
      disabled: false
  networkPolicy:
    enabled: true
    provider: "CALICO"
  workloadIdentityConfig:
    workloadPool: some-project.svc.id.goog