You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
EKS has a component called Security Groups Per Pod that allows you to set a unique security group for each pod.
When using this function, the behavior is to write branch ENI to the annotation, but when inserting APM using agent-operator, agent-operator also writes information to the annotation in the same way.
If there is a situation where these resources are used at the same time, the following errors will occur and the Pod will fail to start.
Warning BranchENIAnnotationFailed 5s (x12 over 15s) vpc-resource-controller
failed to annotate pod with branch ENI details: Pod "<Pod Name>" is invalid: spec:
Forbidden: pod updates may not change fields other than
`spec.containers[*].image`,`spec.initContainers[*].image`,
`spec.activeDeadlineSeconds`,`spec.tolerations`
(only additions to existing tolerations),`spec.terminationGracePeriodSeconds`
(allow it to be set to 1 if it was previously negative)
At present, it seems that the only workaround is to use a normal APM, and I am looking for a workaround for this.
Thanks you.
The text was updated successfully, but these errors were encountered:
EKS has a component called Security Groups Per Pod that allows you to set a unique security group for each pod.
When using this function, the behavior is to write branch ENI to the annotation, but when inserting APM using agent-operator, agent-operator also writes information to the annotation in the same way.
If there is a situation where these resources are used at the same time, the following errors will occur and the Pod will fail to start.
At present, it seems that the only workaround is to use a normal APM, and I am looking for a workaround for this.
Thanks you.
The text was updated successfully, but these errors were encountered: