eksctl icon indicating copy to clipboard operation
eksctl copied to clipboard

Published 20 hours ago verified publisher icon eksctl-io

[Feature] Bottlerocket nodes don't have the instance-id label

Open vflaux opened this issue 2 years ago • 2 comments

What were you trying to accomplish?

Create a nodegroup of Bottlerocket instances and get the nodes instance-id easily.

What happened?

Nodes don't have the label alpha.eksctl.io/instance-id like AL2/Ubuntu nodes.

How to reproduce it?

Create a nodegroup with amiFamily: Bottlerocket. (See https://github.com/weaveworks/eksctl/blob/main/examples/20-bottlerocket.yaml)

Anything else we need to know?

On AL2 & Ubuntu the label is added at instance startup by the bootstrap script (bootstrap.helper.sh). There is currently no equivalent with Bottlerocket. This could potentially be achieved with a bootstrap container as suggested here (similar case): https://github.com/bottlerocket-os/bottlerocket/issues/1647#issuecomment-887664346

Versions

$ eksctl info
eksctl version: 0.101.0
kubectl version: v1.21.11
OS: linux

vflaux avatar Jun 17 '22 13:06 vflaux

Thanks for opening a detailed issue. The label alpha.eksctl.io/instance-id is not applied to managed nodegroups either. While this is a valid feature request and something that we can consider adding support for, I don't think it's a bug as eksctl does not advertise this behaviour as a feature. We'll add this to our backlog.

cPu1 avatar Jun 17 '22 13:06 cPu1

I handled this issue with a custom bootstrap container:

bootstrap.sh:

#!/bin/bash

set -o errexit
set -o pipefail
set -o nounset

# Use IMDSv2 to get metadata
TOKEN="$(curl --silent -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" http://169.254.169.254/latest/api/token)"
function get_metadata() {
  curl --silent -H "X-aws-ec2-metadata-token: $TOKEN" "http://169.254.169.254/latest/meta-data/$1"
}

INSTANCE_ID="$(get_metadata instance-id)"
INSTANCE_LIFECYCLE="$(get_metadata instance-life-cycle)"

apiclient apply - <<EOF
[settings.kubernetes.node-labels]
"node-lifecycle" = "${INSTANCE_LIFECYCLE}"
"alpha.eksctl.io/instance-id" = "${INSTANCE_ID}"
EOF

Dockerfile:

FROM alpine
RUN apk add --no-cache curl
COPY bootstrap.sh /
ENTRYPOINT ["/bootstrap.sh"]

conf:

nodegroups:
-  [...]
   bottlerocket:
      settings:
        bootstrap-containers:
          eksctl:
            source: {{ custom_image }}
            mode: once

vflaux avatar Jun 21 '22 09:06 vflaux

The workaround of maintaining a container image that sets labels and passing it to Bottlerocket settings is too involved and, IMO, outside of the scope of eksctl, especially because the alpha.eksctl.io/instance-id label is not a documented feature and is not even supported on managed nodegroups. We do not aim to provide feature parity for having this label applied to nodes as the mechanism for setting it for other AMI families and managed nodegroups is more involved and likely of less value as not many users have asked for it.

If the goal is to discover the instance ID for a Kubernetes Node, the more standard ProviderID field can be used instead which has the format aws:///<availability-zone>/<instance-id>.

For now, users can use the workaround posted above.

I'm closing the issue for now, but if more users ask for this feature, we might consider it.

cPu1 avatar Dec 08 '22 12:12 cPu1