Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

implementation issue #23

Open
atilsensalduz opened this issue Mar 27, 2023 · 3 comments
Open

implementation issue #23

atilsensalduz opened this issue Mar 27, 2023 · 3 comments

Comments

@atilsensalduz
Copy link

I've deployed gtoken as mentioned in read me. But I couldn't achieve to access aws resource. Actually, webhook doesn't run properly. I couldn't see any log in webhook pod. there is only following logs
time="2023-03-24T09:26:19Z" level=info msg="listening on https://:8443"

when I tried aws command in test pod I saw the following error.
Unable to locate credentials. You can configure credentials by running "aws configure".

Also, I couldn't see any environment variables related with AWS in test pod after creation. I expect webhook adds some aws related variables after pod creation.
@RonaldCrb
Copy link

im experiencing the same issue but only in standard clusters... it does work on autopilot clusters (using self-signed certificate)

@langesven
Copy link

I've set this up recently and can definitely say it works for us.

One thing I had to adjust was moving the service and application to port 10250 because we are using GKE private clusters and they have some fun firewall limitations out of the box.
See

After that it worked because the webhook was no longer timing out.
You can try if this helps you.

One thing that helped me in debugging was tuning the failurePolicy for the mutating webhook from Ignore to Fail, this made it very visible that on pod scheduling nothing was happening because the GKE control plane was unable to talk to the service behind the webhook and thus my pods were unschedulable.

@ramondeklein
Copy link

I've deployed gtoken as mentioned in read me. But I couldn't achieve to access aws resource. Actually, webhook doesn't run properly. I couldn't see any log in webhook pod. there is only following logs time="2023-03-24T09:26:19Z" level=info msg="listening on https://:8443"

when I tried aws command in test pod I saw the following error. Unable to locate credentials. You can configure credentials by running "aws configure".

I had the same issue. In my case, there was a problem with the CA bundle (it was base64 encoded twice). This doesn't show up as an error, but it just never triggers the webhook. After I changed the CA bundle, then the webhook got triggered.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@ramondeklein @langesven @RonaldCrb @atilsensalduz