-
Notifications
You must be signed in to change notification settings - Fork 736
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support Pod IRSA for CNI metrics helper #1287
Comments
I've been tracking 3 important AWS addons:
|
@groodt https://github.com/aws/amazon-vpc-cni-k8s/blob/master/config/v1.9/cni-metrics-helper.yaml#L86 |
We are currently running: https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.2/config/v1.7/cni-metrics-helper.yaml We have had to patch the Deployment through to The ideal solution here is that |
If However, I can't see any way to get the clusterID except as a user-parameter, as it's a tag on the instance, but not (AFAIK) otherwise exposed inside kubernetes. The AWS Cloud Provider itself relies on IMDS to locate the EC2 Instance data in order to extract the clusterID tags, but does not, for example, add the cluster ID as an annotation on the Node objects (which would be nice for use-cases like this, and might be worth a feature-request). Given both of these, I guess a reasonable approach is:
If we can get the AWS instance ID somehow (not sure if that's exposed on a Node object off-hand...) and the IRSA account is given the It'd be higher-level nicer if either the IRSA webhook could inject the cluster ID as well as the |
PR 1715 is merged and will be part of 1.10.2 release. EKS documentation will be updated post release. Readme is update in GitHub repo. |
|
What would you like to be added:
Support Pod IRSA feature for CNI metrics helper.
Today, we rely heavily on getting region and EC2 instance ID information from EC2 metadata. However, when using Pod IRSA along with dropping iptables to reach EC2 IMDS (169.254.169.254), we will not be able to get this information and the Pod will fail to establish/create a session.
CC: @jayanthvn
The text was updated successfully, but these errors were encountered: