AWS - EKS: Good afternoon, I am writing to you from Peru. I find myself trying to deal with a problem configuring APP Mesh and Calico CNI in an EKS cluster. I spend several days trying to deal with an error and my prod environment is stopped for that reason. I have the following error when executing:
Error from server (InternalError): error when creating "mesh.yml": Internal error occurred: failed calling webhook "mmesh.appmesh.k8s.aws": Post
: dial tcp 192.168.35.70:9443: i/o timeout
Does anyone have any suggestions, I will be grateful
I’m not an expert on the app mesh control plane, but it this sounds like it might be the k8s api server trying to call out to a webhook pod on one of the worker nodes. EKS support for custom CNIs such as Calico (i.e. any CNI other than the Amazon VPC CNI plugin) is limited to worker nodes. The custom CNI is not installed on the control node. As a result the k8s API server does not know how to get traffic to pods on worker nodes.
There is this suggested workaround in the Calico docs (https://docs.projectcalico.org/getting-started/kubernetes/managed-public-cloud/eks):
Note : Calico networking cannot currently be installed on the EKS control plane nodes. As a result the control plane nodes will not be able to initiate network connections to Calico pods. (This is a general limitation of EKS’s custom networking support, not specific to Calico.) As a workaround, trusted pods that require control plane nodes to connect to them, such as those implementing admission controller webhooks, can include
hostNetwork:true in their pod spec. See the Kuberentes API pod spec definition for more information on this setting.