aws-load-balancer-controller
aws-load-balancer-controller copied to clipboard
kubernetes-sigs
Overrideable default tags
Is your feature request related to a problem?
I would like the ability to set global, overrideable default tags for Ingresses. i.e., "by default it should have this tag, but the Ingress annotation may override that default setting.
Describe the solution you'd like In order of preference:
- Breaking change: make --default-tags controller flags lower priority than tags supplied via annotation, and replace the old functionality with
--global-tags - Add a new
--overrideable-default-tagscontroller flag which has the weakest priority in tag merging. - Add a default-tags field to ingress class which has weaker priority than the annotation in tag merging.
Describe alternatives you've considered Mutating admission webhooks
@sosheskaz, thanks for the feedback. Would this solution work in your use case -
use the spec.tags in IngressClassParams to set the global tags for your ingresses under the same class, and use the --default-tags controller flag to override when needed?
If I am understanding you correctly, then no that would not work for me. The behavior I want is "Set this tag to this value only if the ingress itself did not specify a replacement value". Let's say I have 3 Ingresses, alpha bravo charlie.
---
kind: Ingress
metadata:
name: alpha
annotations:
alb.ingress.kubernetes.io/tags: MyTag=alpha
---
kind: Ingress
metadata:
name: bravo
annotations:
alb.ingress.kubernetes.io/tags: MyTag=bravo
---
kind: Ingress
metadata:
name: charlie
annotations: {}
My desired behavior is that all of them should have MyTag: MyValue by default, unless they override it. So I would expect the tags for each resource, given these manifests, to be:
alpha:
MyTag: alpha
bravo:
MyTag: bravo
charlie:
MyTag: MyValue
If I set --default-tags=MyTag=MyValue, then the resulting tags would be:
alpha:
MyTag: MyValue
bravo:
MyTag: MyValue
charlie:
MyTag: MyValue
which is not what I want. The given solution may work if I ran a load balancer controller for each ingress, but maintaining that would be worse than the problem I am currently having.
@sosheskaz, thanks for the clarification, we will discuss this internally
The Kubernetes project currently lacks enough contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle stale - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle stale
@oliviassss I am also interested in this feature set. Any updates?
My use case is that the security team at the company requires all Security Groups and Loadbalancers to be tagged with owner: <some-team-name>.
We run a multi-tenant kubernetes cluster, and as a result, we want to put the team names of the each tenant onto their respective LBs+SGs.
Setting alb.ingress.kubernetes.io/tags at each Ingress object isn't enough because the AWS load balancer controller also creates a Backend SG that doesn't inherit that annotation.
We can set default-tags input flag to set the Backend SG tag, but then that default tag is set everywhere for all LBs and SGs. We want this overridable via the annotation.
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues.
This bot triages un-triaged issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Mark this issue as fresh with
/remove-lifecycle rotten - Close this issue with
/close - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/lifecycle rotten
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied - After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied - After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closed
You can:
- Reopen this issue with
/reopen - Mark this issue as fresh with
/remove-lifecycle rotten - Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
@k8s-triage-robot: Closing this issue, marking it as "Not Planned".
In response to this:
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.
This bot triages issues according to the following rules:
- After 90d of inactivity,
lifecycle/staleis applied- After 30d of inactivity since
lifecycle/stalewas applied,lifecycle/rottenis applied- After 30d of inactivity since
lifecycle/rottenwas applied, the issue is closedYou can:
- Reopen this issue with
/reopen- Mark this issue as fresh with
/remove-lifecycle rotten- Offer to help out with Issue Triage
Please send feedback to sig-contributor-experience at kubernetes/community.
/close not-planned
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.
This really needs to get fixed. Priority should be:
-
alb.ingress.kubernetes.io/tag -
IngressClassParams - then
--default-tagson the controller args.
It is very odd to have default-tags be an "override" instead a "default".
