Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
helm: Allow to specify k8s api-server host and port via env vars
Currently, there are three ways how k8s api-server address can be
passed to cilium-agent:
1. Default: k8s passes it to cilium-agent Pod via KUBERNETES_SERVICE_{HOST,PORT}
env vars. Usually, it's a ClusterIP which is translated to the master
node IP address via iptables rules installed by kube-proxy.
2. Via the `--k8s-kubeconfig-path` cilium-agent param. This way seems to be
unnecessary too complicated because the kubeconfig has to be distributed
among all cilium nodes, and cilium-agent needs only IP addr + port of
the api service, as the service account credentials are already
mounted into cilium-agent Pod [1].
3. Via the `--k8s-api-server` cilium-agent param. Unfortunately, this way
provides http-only access to the api-server, as pkg/k8s/config.go
does not try to set certificate authority and token when
`--k8s-api-server` is set.
This commit introduces a fourth way to pass the address to the api-server
by overriding KUBERNETES_SERVICE_{HOST,PORT} env vars with helm. This is
a temporary workaround needed for the kube-proxy free getting started
guide until the third way has been fixed.
[1]: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod
Signed-off-by: Martynas Pumputis <m@lambda.lt>- Loading branch information
