search

hashicorp / waypoint-helm

Helm chart to install Waypoint and other associated components.
Mozilla Public License 2.0
29 stars 14 forks source link

Configuring 'Headless' waypoint-ui service behind Istio leaves the waypoint-server-token blank #30

Closed masonhuemmer closed 2 years ago

masonhuemmer commented 2 years ago

Describe the bug I was able to successfully install waypoint using the default values from the waypoint-helm repository. However, I did not need a LB/Cluster IP for the UI Service since I wanted waypoint behind Istio.

When I pulled the helm charts and configured the UI as a 'headless' service, the waypoint-runner-0 pod is stuck at init because the 'wait-for-token' container is still running.

I verified the waypoint-server-token is empty/blank and even though I am able to reach the UI outside the Cluster, I am not able to authenticate.

To see if I reproduce the issue, I ran helm uninstall waypoint -n waypoint to remove the custom Waypoint configuration. However, even when running helm install waypoint hashicorp/waypoint -n waypoint --create-namespace, I ran into the same issue. I'm a bit puzzled as to why at this point. I am also fairly new to Waypoint and would appreciate any assistance.

Steps to Reproduce Steps to reproduce the behavior.

{{- if (and (eq (.Values.ui.service.enabled | toString) "true") (eq (.Values.server.enabled | toString) "true")) }}
# UI Service for Waypoint Server
apiVersion: v1
kind: Service
metadata:
  name: {{ template "waypoint.fullname" . }}-ui
  namespace: {{ .Release.Namespace }}
  labels:
    app: {{ template "waypoint.name" . }}
    chart: {{ template "waypoint.chart" . }}
    heritage: {{ .Release.Service }}
    release: {{ .Release.Name }}
    component: ui
  {{- if .Values.ui.service.annotations }}
  annotations:
    {{ tpl .Values.ui.service.annotations . | nindent 4 | trim }}
  {{- end }}
spec:
  clusterIP: None
  ports:
    - name: http
      port: 80
      targetPort: http
    - name: https
      port: 443
      targetPort: https
    - name: grpc
      port: 9701
      targetPort: grpc
    - name: https-2
      port: 9702
      targetPort: https
  selector:
    app.kubernetes.io/name: {{ template "waypoint.name" . }}
    app.kubernetes.io/instance: {{ .Release.Name }}
    component: server
  # {{- if .Values.ui.service.type }}
  # type: {{ .Values.ui.service.type }}
  # {{- end }}
  {{- if .Values.ui.service.additionalSpec }}
  {{ tpl .Values.ui.service.additionalSpec . | nindent 2 | trim }}
  {{- end }}
{{- end }}

helm install waypoint ./charts/waypoint -n waypoint --create-namespace

Expected behavior To successfully install waypoint-ui as a 'headless' service behind Istio and successfully authenticate into the site using the waypoint-server-token.

Waypoint Platform Versions Additional version and platform information to help triage the issue if applicable:

Additional context Add any other context about the problem here.

evanphx commented 2 years ago

We're dealing with this issue at https://github.com/hashicorp/waypoint/issues/3176