Add a "local interface IP mode" to the AWS cloud provider. #518
Conversation
|
Hi I believe this approach is an anti-pattern. When running in a sidecar configuration like this (which is generally how we run it as well these days), the provider isn't needed as the tags can be looked up ahead of time and put in the configuration file. By doing it ahead of time, it also allows the service owner to pick what actually matters from the available tags (ie, some tags don't add actual value, so shouldn't flow to metrics), and allows enforcing tags by refusing to run if they're absent. |
|
Hi @tiedotguy, I understand what you are saying but this means there is more than one source of truth for the tags. For example, if I add a tag across my EC2 instances with the AWS CLI or console, I now also have to add that tag to my configuration files. This means not only do I now have to redeploy every time I want to add/remove/edit a tag but leads to human error entering those tags in the configuration. I could easily misspell a tag or value. This doesn't seem like very maintainable or scalable approach. But most importantly is, as I said, the fact that there is more than one source. |
|
Hi @tiedotguy, let me know if you have any comments on my comment above. |
|
Hi @tiedotguy, any comments on the above? This is something one of my customers is hoping can make it in. |
|
Hi @tiedotguy just checking in again. |
|
Hi I've done a bunch of thinking about this, because I don't like this solution, but I recognize it's a pain to add additional tooling to an instance to lookup tags on startup. I'm not going to accept a change in to the cloud provider to treat localhost as special, specifically because it's turning something static in to a dynamic lookup - the cloud provider is for when hosts come and go. As an alternate approach though, I'd accept a change which (on startup) looks up cloud tags and adds them to the static list (tag keys should be de-duped, with the cloud tag winning if there's a conflict with an existing static tag). The config for this would be a list of cloud tag names, and what they map to. As a hypothetical example (somewhere in the config file) Then if an ec2 instance has This provides three main benefits:
The reasons for 1 and 2 are that historically the automatic addition of tags has been a problem because it prevents the user from doing global aggregation, and so I believe adding tags should, to the extent possible, always be explicit. Ideally this would use the existing cloud provider infra to look up the tags, so that future cloud providers (if any) work "for free". |
One of my customers uses
gostatsdin a configuration where each EC2 instance has agostatsdinstance colocated with a single application instance. The application instance andgostatsdcommunicate with each other via UDP over the loopback interface. In this scenario, the destination IP of the UDP datagram packets is127.0.0.1.The current implementation of the AWS cloud provider looks up EC2 instance tags by using the destination addresses from the inbound UDP datagrams in the
private-ip-addressattribute of the filter on theDescribeInstancesoperation. This approach breaks if the UDP datagram packets are not the private IP addresses of EC2 instances, particularly if they are local interface IP addresses like127.0.0.1.This PR adds support for a "local interface IP mode". It can be enabled by setting the
local_ip_modetoallowin the cloud provider configuration. In this mode, the AWS cloud provider will check the inbound IP addresses against a local IP "whitelist". IP addresses which match will cause the cloud provider to locate instances by settingthe
instance-idin theDescribeInstancesfilter to the instance ID returnedby the EC2 instance identity document.