Is your feature request related to a problem?
Hi Kubewarden team,
We are using Kubewarden in a restricted Kubernetes environment where webhook communication must go through the host network interface. Because of this, we require hostNetwork: true to be set on the following components:
kubewarden-controller
policy-server (e.g. policy-server-default)
If hostNetwork is not enabled, we encounter the following webhook error when trying to apply policies like disallow-service-loadbalancer:
Error from server (InternalError): error when creating "test.yaml": Internal error occurred: failed calling webhook "clusterwide-disallow-service-loadbalancer.kubew arden.admission": failed to call webhook: Post "https://policy-server-default.kubewarden.svc:443/validate/clusterwide-disallow-service-loadbalancer?timeout=10s": Ad dress is not allowed
Currently, the official Helm charts do not provide any configuration options to enable hostNetwork, so we are forced to manually patch the deployments after installation.
The same error we encountered with kubewarden-controller but as of now we updated deployment file to use hostnetwork manually and it worked.
Solution you'd like
Please add support in the Helm charts to configure hostNetwork for:
kubewarden-controller
policy-server
This could be done by adding a hostNetwork field in values.yaml and wiring it in the deployment templates like:
spec:
template:
spec:
hostNetwork: {{ .Values.hostNetwork | default false }}
This would let users enable it like this:
hostNetwork: true
Alternatives you've considered
No response
Anything else?
No response
Is your feature request related to a problem?
Hi Kubewarden team,
We are using Kubewarden in a restricted Kubernetes environment where webhook communication must go through the host network interface. Because of this, we require hostNetwork: true to be set on the following components:
kubewarden-controller
policy-server (e.g. policy-server-default)
If hostNetwork is not enabled, we encounter the following webhook error when trying to apply policies like disallow-service-loadbalancer:
Error from server (InternalError): error when creating "test.yaml": Internal error occurred: failed calling webhook "clusterwide-disallow-service-loadbalancer.kubew arden.admission": failed to call webhook: Post "https://policy-server-default.kubewarden.svc:443/validate/clusterwide-disallow-service-loadbalancer?timeout=10s": Ad dress is not allowed
Currently, the official Helm charts do not provide any configuration options to enable hostNetwork, so we are forced to manually patch the deployments after installation.
The same error we encountered with kubewarden-controller but as of now we updated deployment file to use hostnetwork manually and it worked.
Solution you'd like
Please add support in the Helm charts to configure hostNetwork for:
kubewarden-controller
policy-server
This could be done by adding a hostNetwork field in values.yaml and wiring it in the deployment templates like:
spec:
template:
spec:
hostNetwork: {{ .Values.hostNetwork | default false }}
This would let users enable it like this:
hostNetwork: true
Alternatives you've considered
No response
Anything else?
No response