amazon-vpc-cni-k8s icon indicating copy to clipboard operation
amazon-vpc-cni-k8s copied to clipboard

Published 20 hours ago verified publisher icon aws

ENI Config Label/Annotation Def Concatenation

Open tanguyfalconnet opened this issue 4 years ago • 9 comments

What would you like to be added: Currently, with Custom Networking, VPC CNI can easily use one subnet and security group per AZ when reading failure-domain.beta.kubernetes.io/zone label. But if we want to use multiple custom network per AZ, we can't rely on only one label. We should be able to concanate labels/annotations in ENI_CONFIG_LABEL_DEF and ENI_CONFIG_ANNOTATION_DEF.

Example of ENIConfig with 3 subnets : name : eu-west-1a, subnet : 10.0.0.0/18 name : eu-west-1b, subnet : 10.0.64.0/18 name : eu-west-1c, subnet : 10.0.128.0/18 ENI_CONFIG_LABEL_DEF = failure-domain.beta.kubernetes.io/zone

Example of ENIConfig with 6 subnets : name : sub1-eu-west-1a, subnet : 10.0.0.0/18 name : sub1-eu-west-1b, subnet : 10.0.64.0/18 name : sub1-eu-west-1c, subnet : 10.0.128.0/18 name : sub2-eu-west-1a, subnet : 10.1.0.0/18 name : sub2-eu-west-1b, subnet : 10.1.64.0/18 name : sub2-eu-west-1c, subnet : 10.1.128.0/18 ENI_CONFIG_LABEL_DEF = some_label_containing_sub_name,failure-domain.beta.kubernetes.io/zone

Why is this needed: We would like to be able to use more IPs than provided by three /18 subnets for our pods.

tanguyfalconnet avatar Sep 11 '20 09:09 tanguyfalconnet

This is really needed.. Can anyone check the status of this one?

prabhushan avatar Mar 23 '21 13:03 prabhushan

Hi,

Sure I can discuss internally and we will prioritize this, so instead of sub1-eu-west-1a and sub2-eu-west-1a would it be fine if we have list of subnets something like -

cat <<EOF | kubectl apply -f -
apiVersion: crd.k8s.amazonaws.com/v1alpha1
kind: ENIConfig
metadata:
 name: $AZ2
spec:
  securityGroups: 
    - sg-xxxxxxxxxxxx
  subnet: 
    - $CUST_SNET1
    - $CUST_SNET2
EOF

jayanthvn avatar Mar 23 '21 15:03 jayanthvn

Hi @jayanthvn - any update on this?

niroowns avatar Mar 24 '22 12:03 niroowns

@niroowns - Sorry we haven't got a chance to look into this enhancement. I will take a look next month and provide an update.

jayanthvn avatar Mar 24 '22 14:03 jayanthvn

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar May 24 '22 00:05 github-actions[bot]

This is still a requirement.

sidewinder12s avatar May 26 '22 17:05 sidewinder12s

I was about to raise a ticket suggesting this feature and found it has already been requested.

This feature is required, we need to have the option of a per-nodeGroup subnet and/or security group.

Currently all the options are per-cluster (via ENVIRONMENT_VARIABLES), we need some way or extending the ENIConfig name with a prefix or suffix via a node label!

e.g. "k8s.amazonaws.com/eniConfigSuffix" = "-pci"

Would force vpc-cni in eu-west-2a to use the ENIConfig called "eu-west-2a-pci".

technotaff-nbs avatar Jul 12 '22 10:07 technotaff-nbs

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Sep 21 '22 17:09 github-actions[bot]

/remove-lifecycle stale

sidewinder12s avatar Sep 21 '22 20:09 sidewinder12s

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] avatar Nov 22 '22 00:11 github-actions[bot]

stale=not

elasticdotventures avatar Nov 22 '22 04:11 elasticdotventures