HTTPRoute creates extra target group #823
Description
Describe the bug
HTTPRoute creates extra target group. One target group gets properly associated with the VPC Lattice service, while the other remains orphaned without any service association
To Reproduce
Steps to reproduce the behavior:
Check target groups
aws vpc-lattice list-target-groups --region us-west-2 { "items": [] } Create gateway: kubectl apply -f test-gateway.yaml
apiVersion: gateway.networking.k8s.io/v1 kind: Gateway metadata: name: test-gateway spec: gatewayClassName: amazon-vpc-lattice listeners: - name: http protocol: HTTP port: 80 Create service and deployment: kubectl apply -f app.yaml
apiVersion: apps/v1 kind: Deployment metadata: name: test-app spec: replicas: 1 selector: matchLabels: app: test-app template: metadata: labels: app: test-app spec: containers: - name: nginx image: nginx:latest ports: - containerPort: 80 --- apiVersion: v1 kind: Service metadata: name: test-service spec: selector: app: test-app ports: - port: 80 targetPort: 80 Create HttpRoute: kubectl apply -f httproute.yaml
apiVersion: gateway.networking.k8s.io/v1 kind: HTTPRoute metadata: name: test-route spec: parentRefs: - name: test-gateway sectionName: http rules: - matches: - path: type: PathPrefix value: / backendRefs: - name: test-service kind: Service port: 80 Check service
aws vpc-lattice list-services --region us-west-2 { "items": [ { "arn": "arn:aws:vpc-lattice:us-west-2:868969185523:service/svc-02fad91d2db8a2f4d", "createdAt": "2025-09-23T21:08:30.961000+00:00", "dnsEntry": { "domainName": "test-route-default-02fad91d2db8a2f4d.7d67968.vpc-lattice-svcs.us-west-2.on.aws", "hostedZoneId": "Z09127221KTH2CFUOHIZH" }, "id": "svc-02fad91d2db8a2f4d", "lastUpdatedAt": "2025-09-23T21:08:30.961000+00:00", "name": "test-route-default", "status": "ACTIVE" } ] } Check target groups
aws vpc-lattice list-target-groups --region us-west-2 { "items": [ { "arn": "arn:aws:vpc-lattice:us-west-2:868969185523:targetgroup/tg-015c87c47882b1251", "createdAt": "2025-09-23T21:07:49.777000+00:00", "id": "tg-015c87c47882b1251", "ipAddressType": "IPV4", "lastUpdatedAt": "2025-09-23T21:07:49.777000+00:00", "name": "k8s-default-test-service-kftxbyztlr", "port": 80, "protocol": "HTTP", "serviceArns": [], "status": "ACTIVE", "type": "IP", "vpcIdentifier": "vpc-05193e45ca60df81e" }, { "arn": "arn:aws:vpc-lattice:us-west-2:868969185523:targetgroup/tg-0f8c9e8d9e9088b12", "createdAt": "2025-09-23T21:07:49.783000+00:00", "id": "tg-0f8c9e8d9e9088b12", "ipAddressType": "IPV4", "lastUpdatedAt": "2025-09-23T21:07:49.783000+00:00", "name": "k8s-default-test-service-cqllqzylcn", "port": 80, "protocol": "HTTP", "serviceArns": [], "status": "ACTIVE", "type": "IP", "vpcIdentifier": "vpc-05193e45ca60df81e" } ] } Only one of them is associated with the lattice service
aws vpc-lattice get-target-group \ --target-group-identifier tg-015c87c47882b1251 --region us-west-2 \ --query '{arn: arn, serviceArns: serviceArns}' \ --output json { "arn": "arn:aws:vpc-lattice:us-west-2:868969185523:targetgroup/tg-015c87c47882b1251", "serviceArns": [] } aws vpc-lattice get-target-group \ --target-group-identifier tg-0f8c9e8d9e9088b12 --region us-west-2 \ --query '{arn: arn, serviceArns: serviceArns}' \ --output json { "arn": "arn:aws:vpc-lattice:us-west-2:868969185523:targetgroup/tg-0f8c9e8d9e9088b12", "serviceArns": [ "arn:aws:vpc-lattice:us-west-2:868969185523:service/svc-02fad91d2db8a2f4d" ] } Expected behavior
One target group gets created.
Screenshots
Additional context
There might be similar problem with TLSRoute and GRPCRoute
Possible Solution
If you have any ideas on how to solve the issue, please describe them here.