From 655e8a635a482a578b671d3b6002d2df872f6354 Mon Sep 17 00:00:00 2001 From: "heiko.rothe" Date: Tue, 18 Jan 2022 19:28:34 +0100 Subject: [PATCH 1/4] Fix api server connectivity for IPv6 The upstream library kube-rs uses an old way of connection to the K8s API, which in their implementation breaks on IPv6 clusters due to wrong URL formatting. This forces the lib to use the proper service, which works on IPv6 clusters as well. --- .../templates/deployment.yaml | 3 +-- charts/rustrial-aws-eks-iam-auth-controller/values.yaml | 6 ++++++ 2 files changed, 7 insertions(+), 2 deletions(-) diff --git a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml index df7abf0..a800cf3 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml @@ -33,8 +33,7 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - - name: RUST_LOG - value: debug + {{- toYaml .Values.env | nindent 12 }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml index f4151c3..17969dc 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml @@ -29,6 +29,12 @@ podSecurityContext: {} # fsGroup: 2000 +env: + - name: RUST_LOG + value: debug + - name: KUBERNETES_SERVICE_HOST + value: kubernetes.default.svc + securityContext: capabilities: drop: From 23b08df728b64a2d7c33d05ae7789746cd787e94 Mon Sep 17 00:00:00 2001 From: "heiko.rothe" Date: Wed, 19 Jan 2022 07:58:34 +0100 Subject: [PATCH 2/4] Make IPv6 fix optional There's no reason why this would need to be applied to IPv4 cluster, so instead it can simply be an optional setting with a note. --- .../templates/deployment.yaml | 6 +++++- .../rustrial-aws-eks-iam-auth-controller/values.yaml | 12 +++++++----- 2 files changed, 12 insertions(+), 6 deletions(-) diff --git a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml index a800cf3..0483cbb 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml @@ -33,7 +33,11 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - {{- toYaml .Values.env | nindent 12 }} + - name: RUST_LOG + value: debug + {{- with .Values.env }} + {{- toYaml . | nindent 12 }} + {{- end }} imagePullPolicy: {{ .Values.image.pullPolicy }} ports: - name: http diff --git a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml index 17969dc..aca845f 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml @@ -29,11 +29,13 @@ podSecurityContext: {} # fsGroup: 2000 -env: - - name: RUST_LOG - value: debug - - name: KUBERNETES_SERVICE_HOST - value: kubernetes.default.svc +env: [] + # In case you are using an IPv6 cluster, you might need to to explicitly set KUBERNETES_SERVICE_HOST + # like shown below to work around a bug in kube-rs. + # + #- name: KUBERNETES_SERVICE_HOST + # value: kubernetes.default.svc + securityContext: capabilities: From 7f50047877ffaba2f406b1a6ebfe43e72fda6012 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Wed, 19 Jan 2022 09:23:21 +0100 Subject: [PATCH 3/4] Make log level configurable via values.yaml --- charts/rustrial-aws-eks-iam-auth-controller/values.yaml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml index aca845f..0445efa 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/values.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/values.yaml @@ -29,7 +29,9 @@ podSecurityContext: {} # fsGroup: 2000 -env: [] +env: + - name: RUST_LOG + value: debug # In case you are using an IPv6 cluster, you might need to to explicitly set KUBERNETES_SERVICE_HOST # like shown below to work around a bug in kube-rs. # From 24ef30b9d3c6f4c93e37c1bef0b14acd8bcc73d3 Mon Sep 17 00:00:00 2001 From: Alexander Berger Date: Wed, 19 Jan 2022 09:24:05 +0100 Subject: [PATCH 4/4] Remove hard-coded log level --- .../templates/deployment.yaml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml index 0483cbb..4e617fb 100644 --- a/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml +++ b/charts/rustrial-aws-eks-iam-auth-controller/templates/deployment.yaml @@ -33,8 +33,6 @@ spec: {{- toYaml .Values.securityContext | nindent 12 }} image: "{{ .Values.image.repository }}:{{ .Values.image.tag | default .Chart.AppVersion }}" env: - - name: RUST_LOG - value: debug {{- with .Values.env }} {{- toYaml . | nindent 12 }} {{- end }} @@ -60,4 +58,4 @@ spec: {{- with .Values.topologySpreadConstraints }} topologySpreadConstraints: {{- toYaml . | nindent 8 }} - {{- end }} \ No newline at end of file + {{- end }}