Support Availability Zone ID topology labels #300
Comments
k8s-ci-robot
added
the
kind/feature
|
Yes please! We have the exact same need. |
|
Actually, I wonder if not the zone label could change to using zone IDs. I think the transition should be fairly painless as the new CCM leader would just patch all existing nodes. |
|
If we reuse the Its common for zonal deployments to use nodeAffinity on specific nodeAffinity:
requiredDuringSchedulingIgnoredDuringExecution:
nodeSelectorTerms:
- matchExpressions:
- key: topology.kubernetes.io/zone
operator: In
values:
- us-east-1a
- use1-az1 |
|
Spread constraints is only evaluated during scheduling, so this shouldn't be affected. But nodeAffinity on a given zone label can cause problems, I suppose. |
|
An alternative AWS-specific label could be |
|
sig-cloud-provider agreed to use an AWS-specific label and/or the ability to configure CCM to use the zone ID in the |
My only caution to using zone-id in |
|
E.g EBS CSI drivers use topology keys and changing the convention on a live cluster may cause problems with PVs. So I think the safer route is to add new labels for now. I'd really like zone to use zone-ids, but it seems like too many things may break over it. |
|
Reposting from aws/containers-roadmap#1638 (comment)
|
|
|
|
The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle stale |
k8s-ci-robot
added
the
lifecycle/stale
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /lifecycle rotten |
k8s-ci-robot
added
lifecycle/rotten
|
The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs. This bot triages issues and PRs according to the following rules:
You can:
Please send feedback to sig-contributor-experience at kubernetes/community. /close |
|
@k8s-triage-robot: Closing this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/reopen |
|
@dims: Reopened this issue. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
This issue is currently awaiting triage. If cloud-provider-aws contributors determine this is a relevant issue, they will accept it by applying the The Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
k8s-ci-robot
added
the
needs-triage
|
/assign |
|
/remove-lifecycle rotten still seems relevant and referenced |
k8s-ci-robot
removed
the
lifecycle/rotten
I'm in favor of this approach and possibly later adding the ability to configure CCM to populate |
|
/assign |
|
Is there any parallel on other cloud providers? Do we know if Azure/GCP do the similar zone remapping that AWS does? |
|
I asked in a sig-cloud-provider meeting around when I opened this issue and was told there is no equivalent concept in GCP and Azure. |
|
OCI does it:
(https://docs.oracle.com/en-us/iaas/Content/General/Concepts/regions.htm) |
|
So if we want to implement this feature, it might make sense to have it consistent across clouds that support it, to do that, we need to know that they expose a way for the CCM to set it. Do we know if oracle has an API similar to AWS? What happens if the zone-id isn't needed for a platform, lets take Azure for example, if they don't do this, then If omitted, then manifest examples might not work on platforms that omit it right? |
|
@JoelSpeed You are talking specifically about |
|
@sayap Yes, I'm trying to work out if there's merit to having this as a standard kube well known label that would work across clouds, seems like if there is precedent for multiple clouds, having a consistent label name would be preferential to specific cloud having their own right? |
|
Could this maybe be accomplished via opt-in using a flag on the binary to change |
@josh-ferrell This something your working on? Sounds reasonable to me. |
|
@mmerkes: GitHub didn't allow me to assign the following users: merkes. Note that only kubernetes members with read permissions, repo collaborators and people who have commented on this issue/PR can be assigned. Additionally, issues/PRs can only have 10 assignees at the same time. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
|
/assign mmerkes |
|
@rifelpet I think the consensus view is to use |
I've updated the issue description to match |
in 1.30 the AWS cloud provider added a new label: `topology.k8s.aws/zone-id`, this change adds it to the ignore list. For more details about the label, see kubernetes/cloud-provider-aws#300
What would you like to be added:
Currently AWS CCM populates the
topology.kubernetes.io/regionandtopology.kubernetes.io/zonenode labels with the node's region and AZ name respectively:It would be useful to include a topology label for AZ IDs.
topology.kubernetes.io/zone-idor something along those lines. Only the original two labels are standard in the k/k API so we'll need to decide on a new label to use.Why is this needed:
For inter-cluster communication that spans AWS accounts, ensuring zonal isolation becomes challenging when the accounts do not have the same AZ mappings. By including AZ ID information in topologies we can more easily ensure that workloads are scheduled to consistent AZ IDs and communicate with other workloads in the same AZ ID regardless of their AWS account or the account's AZ mapping.
/kind feature
The text was updated successfully, but these errors were encountered: