containers-roadmap icon indicating copy to clipboard operation
containers-roadmap copied to clipboard

Published 20 hours ago verified publisher icon aws

[EKS] [request]: Allow us to set labels for pods of EKS-managed addons

Open mbonica1990 opened this issue 1 year ago • 9 comments

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Tell us about your request I want EKS to be able to add custom labels (which I define) to the pods it creates when we use add-ons.

Which service(s) is this request for? EKS (Add-ons)

Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard? We use labels on pods to track cost and resource consumption across different applications. (For example, "app" label, "team" label.) This works great for almost everything we deploy (most helm charts or kustomize templates, for instance, let us do this), but EKS add-ons doesn't allow that functionality. This means that if we use EKS addons to manage coredns, kube-proxy, and vpc-cni, when we do our reporting, they would all show up as uncategorized.

Are you currently working around this issue? Right now our options are:

  • just have to assume that anything missing a label (and therefore uncategorized in our reporting) is an EKS add-on.
  • stop using EKS add-ons

Additional context N/A

Attachments N/A

mbonica1990 avatar Nov 07 '22 16:11 mbonica1990

We just launched configuration support for add-ons, so we could add a configuration option to each addon for additionalLabels. But also wanted to get feedback, would copying any tags set on the addon itself as labels on any pods launched as part of the addon be a viable solution?

mikestef9 avatar Dec 20 '22 19:12 mikestef9

would copying any tags set on the addon itself as labels on any pods launched as part of the addon be a viable solution?

In our case the set of tags on the Addon resource comes from the Provider (Pulumi) which also tags other resources like the cluster, node groups etc. The set of labels I would like to see would be a tiny subset of the tags but there is at least two label values which I would apply which are not tags. All the labels are then included on logs/metrics so keeping them targetted would be preferred.

gunzy83 avatar Jun 28 '23 22:06 gunzy83

Parhaps copying a particular "namespace" of tags on the AddOn would work. Maybe a tag name must start with "lablel." to be added and the "label." prefix is stripped away?

jw-maynard avatar Aug 03 '23 19:08 jw-maynard

Parhaps copying a particular "namespace" of tags on the AddOn would work. Maybe a tag name must start with "lablel." to be added and the "label." prefix is stripped away?

This just sounds like a hack which would be more effort to develop than providing first class support for labels.

gunzy83 avatar Aug 05 '23 10:08 gunzy83

I wanted to use the app.kubernetes.io/name label to steer logs, but this label is missing from coredns and kube-proxy pods created by add-ons.

We just launched configuration support for add-ons, so we could add a configuration option to each addon for additionalLabels. But also wanted to get feedback, would copying any tags set on the addon itself as labels on any pods launched as part of the addon be a viable solution?

I would prefer an add-on configuration over copying tags to labels. In my case they do not conflict, other than general formatting preferences (e.g. kebab vs camel), but they are used for different purposes.

JoshCooley-alto avatar Aug 10 '23 19:08 JoshCooley-alto

Is there any update on this? We wanted to add kubeaudit.io labels to suppress security alerts from kubeaudit on missing securityContext configuration and root access related reporting on aws-node, kube-proxy and coredns.

Any work-around recommendations?

maggisha avatar Oct 30 '23 17:10 maggisha

Please implement this, it's 2024 already.

Edit:

  • CoreDNS already allows pod labels to be added via podLabels.
  • EBS CSI already allows pod labels to be added via customLabels.
  • KubeProxy no support.
  • VPC CNI ~~no support~~edit (from v1.15.5-eksbuild.1): allows pod labels to be added via podLabels

Please make it consistent and allow suuport for both KubeProxy ~~and VPC CNI~~ :pray: .

migueleliasweb avatar Jan 15 '24 05:01 migueleliasweb

Ping @mikestef9. Could this request please be prioritised by the EKS team?

migueleliasweb avatar Jan 16 '24 23:01 migueleliasweb

Amazon VPC CNI starting version v1.15.5 allows you to configure pod labels and pod annotations using EKS addons configuration. We will look into kube-proxy to provide the same capability.

sriramranganathan avatar Jan 22 '24 18:01 sriramranganathan

kube-proxy work is in progress, stay tuned. Thanks for your patience.

sjastis avatar Feb 26 '24 16:02 sjastis

Also tracked here : https://github.com/aws/containers-roadmap/issues/2216

sjastis avatar Feb 26 '24 16:02 sjastis

EKS kube-proxy add-on version supports labels, starting with Kube-proxy v1.25.16-eksbuild.3, v1.26.13-eksbuild.2, v1.27.10-eksbuild.2, v1.28.6-eksbuild.2, v1.29.1-eksbuild.2.

Please re-open the issue if anything is missing.

sjastis avatar Mar 01 '24 20:03 sjastis

Does this also work with Coredns? I don't see labels as an allowed configuration value with:

aws eks describe-addon-configuration \ --addon-name coredns \ --addon-version v1.10.1-eksbuild.1 --region us-east-1

joereyna avatar Aug 07 '24 17:08 joereyna

Does this also work with Coredns? I don't see labels as an allowed configuration value with:

aws eks describe-addon-configuration \ --addon-name coredns \ --addon-version v1.10.1-eksbuild.1 --region us-east-1

The configuration is available from v1.10.1-eksbuild.3 and above.

gunzy83 avatar Aug 12 '24 00:08 gunzy83