Open muwiess opened 3 years ago
Any update on this issue?
Hi @muwiess thanks for discovering this and reporting it. Do you know if this is the case for v1.2 of the env-injector as well (i.e. the v2.0 of the helmchart)?
The failurePolicy value is not part of the Deployment resource, it is part of the MutatingWebhookConfiguration resource.
kubectl get mutatingwebhookconfiguration akv2k8s-envinjector -o yaml
will show a failurePolicy
line.
Can you share that output? Feel free to redact any sensitive info
Note: Make sure to check out known issues (https://akv2k8s.io/troubleshooting/known-issues/) before submitting
Components and versions Select which component(s) the bug relates to with [X].
[ ] Controller, version:
x.x.x
(docker image tag) [ ] Env-Injector (webhook), version:x.x.x
(docker image tag) [ ] OtherDescribe the bug A clear and concise description of what the bug is.
AKV2K8S Injector --version=1.3.0 AKS cluster installation
We found that on the normal pod deployment there are some errors related to the AKV access that the injector is blocking the pod to start up. We tried the following option with the helm 3 version install, env_injector.failurePolicy but is not being sourced as the deployment YAML files show.
helm upgrade --install akv2k8s spv-charts/akv2k8s --namespace akv2k8s --set addAzurePodIdentityException=true --set keyVaultAuth=azureCloudConfig --set env_injector.failurePolicy=Ignore
apiVersion: apps/v1 kind: Deployment metadata: annotations: deployment.kubernetes.io/revision: "1" meta.helm.sh/release-name: akv2k8s meta.helm.sh/release-namespace: akv2k8s creationTimestamp: "2021-08-17T21:56:00Z" generation: 1 labels: app.kubernetes.io/instance: akv2k8s app.kubernetes.io/managed-by: Helm app.kubernetes.io/name: akv2k8s helm.sh/chart: akv2k8s-2.1.0 name: akv2k8s-envinjector namespace: akv2k8s resourceVersion: "11442840" selfLink: /apis/apps/v1/namespaces/akv2k8s/deployments/akv2k8s-envinjector uid: 91d07063-f593-452f-ba70-18815f9c191a spec: progressDeadlineSeconds: 600 replicas: 2 revisionHistoryLimit: 10 selector: matchLabels: app.kubernetes.io/component: akv2k8s-webhook app.kubernetes.io/instance: akv2k8s app.kubernetes.io/name: akv2k8s strategy: rollingUpdate: maxSurge: 25% maxUnavailable: 25% type: RollingUpdate template: metadata: annotations: checksum/config: c27c18ceb9cf546a5ed18d5391ac8519a2b056b84eaefebf1aa2546cc1620bd6 creationTimestamp: null labels: app.kubernetes.io/component: akv2k8s-webhook app.kubernetes.io/instance: akv2k8s app.kubernetes.io/name: akv2k8s spec: containers:
hostPath: path: /etc/kubernetes/azure.json type: File name: azureconf status: availableReplicas: 2 conditions:
lastTransitionTime: "2021-08-17T21:56:00Z" lastUpdateTime: "2021-08-17T21:56:10Z" message: ReplicaSet "akv2k8s-envinjector-5fd899f8d9" has successfully progressed. reason: NewReplicaSetAvailable status: "True" type: Progressing lastTransitionTime: "2021-08-18T19:38:12Z" lastUpdateTime: "2021-08-18T19:38:12Z" message: Deployment has minimum availability. reason: MinimumReplicasAvailable status: "True" type: Available observedGeneration: 1 readyReplicas: 2 replicas: 2 updatedReplicas: 2
To Reproduce Steps to reproduce the behavior:
helm upgrade --install akv2k8s spv-charts/akv2k8s --namespace akv2k8s --set addAzurePodIdentityException=true --set keyVaultAuth=azureCloudConfig --set env_injector.failurePolicy=Ignore
Expected behavior A clear and concise description of what you expected to happen.
The --set env_injector.failurePolicy should be configured in the injector for the Ignore option.
Logs If applicable, add logs to help explain your problem.
Additional context Add any other context about the problem here.