Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set default toleration value to avoid error connecting to provider "aws" #267

Open
riosje opened this issue Aug 31, 2023 · 1 comment · May be fixed by #215
Open

Set default toleration value to avoid error connecting to provider "aws" #267

riosje opened this issue Aug 31, 2023 · 1 comment · May be fixed by #215
Labels
bug Something isn't working

Comments

@riosje
Copy link

riosje commented Aug 31, 2023

Set a default Toleration value

There are several issues including this one #266 where the users get the error error connecting to provider "aws" due to the POD tolerations.

I think that it should be set by default [{"operator": "Exists"}] as it is on secrets-store-csi-driver

This will save a ton of debugging time to a lot of people.

Update the troubleshooting section with this issue is also a good option, in case there is not possible to update the default value on the helm chart.

@marquesmateus93
Copy link

marquesmateus93 commented Sep 17, 2023

In my case, I have a Node Group with Taints, and the Secrets Storage CSI Driver Provider has not been deployed.
I solve my issue by configuring secrets-store-csi-driver and secrets-store-csi-driver-provider-aws:

secrets-store-csi-driver

local.tf

locals {
  csi-secrets-store = {
    name = lower("${var.prefix_name}-secrets-store-helm-${var.tags["environment"]}")

    tolerations = {
        key       = "MY_KEY"
        operator  = "Exists"
        effect    = "NoSchedule"
    }
  }
}

secrets-store-csi-driver.tf

resource "helm_release" "csi-secrets-store" {
  count       = var.is_enabled ? 1:0

  name        = local.csi-secrets-store.name
  repository  = var.helm.repository
  chart       = var.helm.chart
  namespace   = var.helm.namespace

  set {
    name  = "syncSecret.enabled"
    value = "true"
  }

  dynamic "set" {
    for_each = local.csi-secrets-store.tolerations
    content {
      name  = "linux.tolerations[${count.index}].${set.key}"
      value = set.value
    }
  }
}

secrets-store-csi-driver-provider-aws

local.tf

locals {
  aws-secrets-store = {
    name = lower("${var.prefix_name}-aws-secrets-manager-${var.tags["environment"]}")

    tolerations = {
      key       = "MY_KEY"
      operator  = "Exists"
      effect    = "NoSchedule"
    }
  }
}

aws-secrets-store.tf

resource "helm_release" "aws-secrets-store" {
  count       = var.is_enabled ? 1:0

  name        = local.aws-secrets-store.name
  repository  = var.helm.repository
  chart       = var.helm.chart
  namespace   = var.helm.namespace

  dynamic "set" {
    for_each = local.aws-secrets-store.tolerations
    content {
      name  = "tolerations[${count.index}].${set.key}"
      value = set.value
    }
  }
}

@simonmarty simonmarty linked a pull request Sep 18, 2023 that will close this issue
@msardana94 msardana94 linked a pull request Feb 7, 2024 that will close this issue
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
2 participants