-
Notifications
You must be signed in to change notification settings - Fork 983
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Pricing Endpoints in EKS Private Clusters #2604
Comments
We're trying to understand the pricing API endpoints a little better ourselves to be able to implement something more flexible. Endpoint configuration is likely something we can support. Regardless, it looks like it would be possible to specify an SCP that only allows the pricing API getPrices in ap-south-1 which would give you the lowest latency request to the pricing endpoint. Is that a possible workaround for you? |
Thanks for the reply. Also, thank you for considering supporting Endpoint configuration.
Yes, we're working around the issue that way now. So we're not in a hurry to resolve this issue. However, we believe that we need to support Pricing API Endpoint configuration to make the SCP policy more robust :) |
Hi, anymore updates on this ? I'm in similar boat where by our organisation lock down AWS Regions that we don't use. |
@samuelthan does the static pricing not work for you? We hardcode fallback pricing at release time, and bake it into the binary. |
@ellistarn it doesn't seem to work as i deploy my EKS cluster in the ap-southeast-2 region. It seem to be grabbing the endpoint of ap-south-1 as it's endpoint which is a region we don't support at the moment. Here's a question, if i were to update the karpenter's chart's deployment value of AWS_REGION environment to us-east-1 |
meanwhile the code got slightly updated covering us, ap, eu pricing endpoints. Actually PR #4495 adds a regression to deployments running in eu-* and having SCPs in place which deny use of eu-central-1. https://github.com/aws/karpenter/blob/main/pkg/providers/pricing/pricing.go#L80-L93
So if SCPs restrict region to eu-west-1 the pricing api in eu-central-1 is queried and that region has to be enabled. Verification outside of karpenter:
|
@tbugfinder, just like the author of the issue, do you want to rely on us-east-1 for all your pricing queries? Does the post that @bwagner5 suggested work for you as a workaround for the eu partition?
|
@njtran Relying on us-east-1 (at least as a fallback) would be ok for my usecase, although I like the approach to use closest API endpoints. I don't have control on SCPs so I asked the responsible team to review and open the endpoint in eu-central-1 - awaiting feedback on that... |
Any updates on this? scp's are blocking eu-central-1. Would be ideal to have an override env variable for pricing end point region |
@shivkonaje |
Tell us about your request
Existing implementations automatically select the pricingAPIRegion by region.
https://github.com/aws/karpenter/blob/077c099b4419d0caac447904d9ffae1d871e37b9/pkg/cloudprovider/aws/pricing.go#L86-L91
However, I would like to determine the pricingAPIRegion myself without following this logic.
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
This problem occurs, for example, when karpenter is used in a region starting with "ap-" and the use of ap-south-1 is restricted by AWS SCPs.
Removing the restriction on the use of ap-south-1 by AWS SCPs would solve this problem, but we do not want to do that as much as possible because it would increase the security risk. Instead, we want to use us-east-1 for pricingAPIRegion even if the region starts with "ap-".
Are you currently working around this issue?
No, we have not been able to work around this issue.
Additional Context
No response
Attachments
No response
Community Note
The text was updated successfully, but these errors were encountered: