No support for EKS in helm
Closed this issue · 4 comments
Cert-Manager and Trust-Manager both use ValidatingWebhookConfiguration as part of their helm deployments, however cert-manager has specifically got support for AWS EKS, where these webhooks require hostnetwork: true to be set. This is because the EKS control plane sits apart from the rest of the cluster. Cert-manager documents the config changes needed to work in EKS but currently the Trust-Manager helm chart neither supports these changes nor documents how it can done. Without these changes, it is currently not possible to have a stable deployment of trust-manager on AWS EKS.
if deploying right now, you would see errors like the following:
cannot patch "cert-bundle" with kind Bundle: Internal error occurred: failed calling webhook "trust.cert-manager.io": failed to call webhook: Post "https://trust-manager.default.svc:443/validate?timeout=5s": Address is not allowed
The helm chart's webhook should be changed to allow a hostNetwork flag to be added so that EKS can be supported, which should also bring the chart in line with the cert-manager helm chart..
@ChevronTango Just to be completely clear, this is only necessary if using a non-standard CNI with EKS. We've been using this on EKS for sometime without hostnetworking turned on using the standard VPC CNI.
@ChevronTango Just to be completely clear, this is only necessary if using a non-standard CNI with EKS. We've been using this on EKS for sometime without hostnetworking turned on using the standard VPC CNI.
Ahh yes. Quite right. Good distinction to make!
@erikgb: Closing this issue.
In response to this:
I believe this issue is resolved by #156.
/close
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.