Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Introduce well-known tag for exclude subnets within a auto-discovery procedure for ELB backed services #442

Closed
lobziik opened this issue Aug 18, 2022 · 5 comments · Fixed by #499
Closed

Introduce well-known tag for exclude subnets within a auto-discovery procedure for ELB backed services #442

lobziik opened this issue Aug 18, 2022 · 5 comments · Fixed by #499
Assignees
@nckturner @kishorj
Labels
kind/feature Categorizes issue or PR as related to a new feature. triage/accepted Indicates an issue or PR is ready to be actively worked on.

Comments

@lobziik
Copy link
Member

lobziik commented Aug 18, 2022

What would you like to be added:

Another well known tag for subnets which will helps to exclude subnets and prevent its attachment to an ELB during auto-discovery procedure.

or

extend kubernetes.io/role/elb semantic and allow to specify kubernetes.io/role/elb=0 for subnets exclusion.

Why is this needed:

Currently subnets auto-discovery procedure for ELB relies on kubernetes.io/cluster/{clusterId} and/or kubernetes.io/role/elb tags, however it might be desirable to not attach subnets in certain zones (local zones, wavelength zones) but still keep kubernetes.io/cluster/{clusterId} for another automation purposes.

Some context (Openshift specific unfortunately): https://bugzilla.redhat.com/show_bug.cgi?id=2105337

/kind feature
@k8s-ci-robot k8s-ci-robot added kind/feature Categorizes issue or PR as related to a new feature. needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Aug 18, 2022
@elmiko
Copy link

elmiko commented Aug 31, 2022

we have discussed this issue at the SIG Cloud Provider meeting on 31 August 2022.

follow up questions,

  • would this work need an enhancement to progress further?
  • workaround might be specify load balancer on subnet, but this won't work necessarily in this situation.

/assign @kishorj
/assign @nckturner

@kishorj
Copy link
Contributor

kishorj commented Sep 1, 2022

The auto-discovery excludes subnets not tagged for the current cluster but contains thekubernetes.io/cluster/{clusterId} tags for some other clusters. The role tag alone does not impact the auto-discovery, it helps determining the precedence in case there are multiple matches.

For the auto-discovery, we can restrict to the subnets of ZoneType availability-zone only since outpost, wavelength and local zone don't support NLB or CLB at the moment. This is a simple fix and will not depend on the end user applying correct tags to all of their subnets in the other zones.

@kishorj
Copy link
Contributor

kishorj commented Sep 1, 2022

/triage accepted

@k8s-ci-robot k8s-ci-robot added triage/accepted Indicates an issue or PR is ready to be actively worked on. and removed needs-triage Indicates an issue or PR lacks a `triage/foo` label and requires one. labels Sep 1, 2022
@lobziik lobziik mentioned this issue Sep 8, 2022
Merged
@lobziik lobziik mentioned this issue Nov 24, 2022
Merged
johngmyers pushed a commit to johngmyers/kops that referenced this issue Nov 24, 2022
@lobziik @johngmyers
Add ec2:DescribeAvailabilityZones to the AWS CCM permissions list
d9c3701 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] kubernetes/cloud-provider-aws#442
[2] kubernetes/cloud-provider-aws#499
johngmyers pushed a commit to johngmyers/kops that referenced this issue Nov 24, 2022
@lobziik @johngmyers
Add ec2:DescribeAvailabilityZones to the AWS CCM permissions list
7e5a711 
To workaround the issue with subnets auto-discovery [1]
AWS ccm needs to have permission to retrieve information about
availability zones (specifically to detect outpost, wavelength, and local zones [2]).

[1] kubernetes/cloud-provider-aws#442
[2] kubernetes/cloud-provider-aws#499
@k8s-triage-robot
Copy link

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

  • After 90d of inactivity, lifecycle/stale is applied
  • After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
  • After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

  • Mark this issue or PR as fresh with /remove-lifecycle stale
  • Mark this issue or PR as rotten with /lifecycle rotten
  • Close this issue or PR with /close
  • Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

@k8s-ci-robot k8s-ci-robot added the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Nov 30, 2022
@lobziik
Copy link
Member Author

lobziik commented Dec 6, 2022

I need to update patch after the kops changes was merged. But this issue is still actual.

/remove-lifecycle stale

@k8s-ci-robot k8s-ci-robot removed the lifecycle/stale Denotes an issue or PR has remained open with no activity and has become stale. label Dec 6, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@nckturner nckturner

@kishorj kishorj

Labels
kind/feature Categorizes issue or PR as related to a new feature. triage/accepted Indicates an issue or PR is ready to be actively worked on.
Projects
None yet
Milestone
No milestone
6 participants
@elmiko @nckturner @lobziik @kishorj @k8s-ci-robot @k8s-triage-robot