search

eksctl-io / eksctl

The official CLI for Amazon EKS
https://eksctl.io
Other
4.94k stars 1.42k forks source link

[Feature] Install cert-manager when installing ADOT addon #6171

Open emboss64 opened 1 year ago

emboss64 commented 1 year ago

What feature/behavior/change do you want?

cert-manager is a prerequisite for the adot addon. If you try to include adot in an initial cluster config you receive the following error: cert-manager is not installed on this cluster. During preview, you are required to have previously installed cert-manager.

Just installing the base cert-manager chart is enough to make it work: kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.8.2/cert-manager.yaml

Why do you want this feature?

Simplify the provisioning process

Himangini commented 1 year ago

@emboss64 Can you provide steps for how you are installing ADOT with eksctl? Are you following these instructions https://docs.aws.amazon.com/eks/latest/userguide/adot-manage.html#adot-install ?

emboss64 commented 1 year ago

Yes. However what's missing to get the addon working with a fresh cluster would be the prereqs/cert-manager part (https://docs.aws.amazon.com/eks/latest/userguide/adot-reqts.html)

dnutels commented 1 year ago

Allow me to interject.... @emboss64 I am not sure I understand your "Yes", or @Himangini the initial question, as the link you've added doesn't show any way to use eksctl to install add-ons.

Based on @emboss64 initial message they used eksctl to install the cluster and the add-ons. So the answer to the above question should be "No" as it requires you to use either AWS Console or AWS CLI to install add-ons separately from the cluster.

I mean, the word eksctl appears on that page in a single section -- on how to remove the add-on.

The following, today, doesn't work -- the cluster provision fails with a cryptic message:

apiVersion: eksctl.io/v1alpha5
kind: ClusterConfig

metadata:
  name: some-cluster
  region: eu-west-1
  version: '1.24'

... # skipping network setup

iam:
  withOIDC: true

... # skipping some irrelevant configuration, like node groups or fargate profiles

addons:
  - name: vpc-cni
  - name: kube-proxy
  - name: coredns
  - name: adot

If I remove name: adot it works, so the culprit is clear.

P.S. this is with eksctl version 0.131.0

emboss64 commented 1 year ago

Sorry if you got confused. By "yes" I meant that that's what I follow to get it working. Not using eksctl to get adot working

As I said in my initial message and as @dnutels mentions when including the adot addon in the cluster config it fails. To see the actual error you have to check the addon status (and it's the lack of cert-manager)

github-actions[bot] commented 1 year ago

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

github-actions[bot] commented 1 year ago

This issue was closed because it has been stalled for 5 days with no activity.

cnocula-peg commented 1 year ago

This feature request is still valid and should be kept open!