consul-k8s
consul-k8s copied to clipboard
hashicorp
helm:Cannot install chart on gke autopilot
Overview of the Issue
The helm chart fails to install on gke autopilot cluster.
Reproduction Steps
- Create gke autopilot cluster
- Deploy helm chart (weirdly succeeded first deploy, but didn't actually create all resources
- Re-deploy and get admission webhook errors
Logs
Error: failed to create resource: admission webhook "validation.gatekeeper.sh" denied the request: [denied by autogke-no-host-port] container consul specifies a host port; disallowed in Autopilot. Requesting user: and groups: <["system:serviceaccounts", "system:serviceaccounts:default", "system:authenticated"]>
[denied by autogke-no-host-port] container consul specifies a host port; disallowed in Autopilot. Requesting user: and groups: <["system:serviceaccounts", "system:serviceaccounts:default", "system:authenticated"]>
on modules/kubernetes/mesh/main.tf line 102, in resource "helm_release" "consul":
102: resource "helm_release" "consul" {
Additional Context
It looks like datadog had similar issues and created a flag for autopilot to enable installation of their agent: https://github.com/DataDog/helm-charts/issues/182
Hi, currently Consul requires host ports to connect with the local Consul agents so I think I would consider this a feature to support installation in autopilot.
Hi @tjhiggins we are working towards removing host ports and client agents for the default deployment of Consul K8s, which is aligned with our next major Consul release. We'll let you know later this year when a beta is available to try out
Closing since we now have support for GKE Autopilot with Consul K8s 1.0.0-Beta, our GA is scheduled for next month.