Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
helm: Allow to specify k8s api-server host and port via env vars
Currently, there are three ways how k8s api-server address can be passed to cilium-agent: 1. Default: k8s passes it to cilium-agent Pod via KUBERNETES_SERVICE_{HOST,PORT} env vars. Usually, it's a ClusterIP which is translated to the master node IP address via iptables rules installed by kube-proxy. 2. Via the `--k8s-kubeconfig-path` cilium-agent param. This way seems to be unnecessary too complicated because the kubeconfig has to be distributed among all cilium nodes, and cilium-agent needs only IP addr + port of the api service, as the service account credentials are already mounted into cilium-agent Pod [1]. 3. Via the `--k8s-api-server` cilium-agent param. Unfortunately, this way provides http-only access to the api-server, as pkg/k8s/config.go does not try to set certificate authority and token when `--k8s-api-server` is set. This commit introduces a fourth way to pass the address to the api-server by overriding KUBERNETES_SERVICE_{HOST,PORT} env vars with helm. This is a temporary workaround needed for the kube-proxy free getting started guide until the third way has been fixed. [1]: https://kubernetes.io/docs/tasks/access-application-cluster/access-cluster/#accessing-the-api-from-a-pod Signed-off-by: Martynas Pumputis <m@lambda.lt>
- Loading branch information