search

jtblin / kube2iam

kube2iam provides different AWS IAM roles for pods running on Kubernetes
BSD 3-Clause "New" or "Revised" License
1.97k stars 318 forks source link

`hostPort` missing in helm chart #299

Open wc-s opened 3 years ago

wc-s commented 3 years ago

In the README.md documentation, the kube2iam container always has the hostPort being set, ie.

apiVersion: apps/v1
kind: DaemonSet
...
spec:
  ...
  template:
    ...
    spec:
      hostNetwork: true
      containers:
        - image: jtblin/kube2iam:latest
          name: kube2iam
          ...
          ports:
            - containerPort: 8181
              hostPort: 8181
              name: http
          ...

However, this field is impossible to configure using the helm chart: https://github.com/jtblin/kube2iam/blob/master/charts/kube2iam/templates/daemonset.yaml#L86

Am I right in saying that hostPort is necessary, especially if using --iptales=true?

If it is always necessary, I'll submit a PR adding

              hostPort: {{ .Values.host.port }}

If it is sometimes necessary and sometimes not, then someone more knowledgeable than me about kube2iam may have to add the right conditional logic to the helm chart to dynamically configure that field.

walkafwalka commented 3 years ago

When hostNetwork is to true, the hostPort is set to the containerPort and cannot be set to anything else.