[EKS] [request]: Enable PodNodeSelector Admission Controller for EKS #304
Comments
|
The But if it were easy to enable |
|
Another solution I've considered using: give each auto scaling group a different taint. Say the current production environment is called "release 2019-05-01", then one ASG would have the taint |
|
So right now even with the latest EKS 1.13 eks.2 we don't have "PodNodeSelector" feature right? |
|
My requirement is that to run pods on nodes on default namespace which has label lifecycle=Ec2Spot and run dashboard,grafana,prometheus etc.. (management stuff) on ASG labeled lifecycle=OnDemand so to achieve that https://stackoverflow.com/questions/52487333/how-to-assign-a-namespace-to-certain-nodes |
|
+1 |
|
Now that there are managed node groups in 1.14 this would be super useful to automatically restrict pods to certain groups only. |
|
For those whom still want podnodesselector functionality but can't be bothered to write the admission webhook controllers: https://github.com/liangrog/admission-webhook-server |
|
@tabern is there any hope that it will be activated on EKS soon? |
|
Yes, any update? |
|
Any update, this is no longer alpha |
|
We're taking a look at this. Update 11/11 |
|
Is there any other solution to this problem? We have a 3rd party helm chart that doesn't cleanly handle setting tolerations and affinity. We would need everything to run on a specific node group and this would have solved the problem |
|
Any news on this? |
|
There really is a need for this feature. |
|
@tabern AKS supports this admission controller and it is an easy solution to an otherwise (more) complicated setup with custom mutation webhooks (be that OPA or something else). It solves quite an important aspect of enforcing multi-tenancy on a single cluster. Can you maybe elaborate on why the admission controller can't be made to work within the EKS context? |
|
We would like to use this as well. |
|
Any updates on this feature yet ? Would make life much easier if this is supported |
|
This is a great feature, please add this to EKS. |
|
This would be a great feature but AWS makes feature requests based on how many 👍🏻 the issue receives. To date, there are 44 that have more. If you want this to have a chance the only way is to get more 👍🏻 on the issue. |
|
I am sure there will be more requests for this when more people and organizations start to use EKS over AWS WaveLength since you want to deploy on a specific WL and it is much easier to use |
|
Need this for EKS!!! |
|
need this for EKS. |
Usually noone is interested in the file format configuration, most ppl are interested in the configuration annotation format. So i think the point is rather moot as that is not the primary or the only way of configuring this. For multi tenant clusters this is a big issue, and i would prefer to not roll my own solution if i have another option that is currently builtin. Edit: grammar. |
|
+1 |
2 similar comments
|
👍 |
|
+1 |
|
This will be a great feature and help us to solve some problems we are facing if enabled in EKS. |
|
+1 |
1 similar comment
|
+1 |
|
As iverberk mentioned, this can be achieved using Gatekeeper mutation feature. It automatically injects |
|
Need this for EKS!!! |
|
+1 |
|
@mikestef9 so you're telling me that AWS prefers a system for separating workloads based on developer goodwill (adding affinity & taints) or third party software (Gatekeeper, Kyverno) instead of using a native Kubernetes feature? A feature that Azure seems to have enabled. It has been requested for almost three years, I would say it has been in the backlog for quite a while. |
|
We always prefer a managed built-in solution, but wanted to at least document known alternatives in the EKS best practices guide in the interim. Using the in-tree PodNodeSelector is not the direction we are leaning, but rather providing EKS integration with a policy engine, which can do pod node selection along with many other capabilities. #1435 tracks this feature. We also think an integrated policy engine is the better answer here, given the pod node selector admission controller has been an alpha feature since Kubernetes v1.5, and EKS generally does not enable alpha features. |
|
@mikestef9 the problem is that the integration with a policy engine is not there at the moment, and the community is asking for enabling a native plugin to get the job done. |
|
@mikestef9 I can understand the AWS policy but for PodNodeSelector it is really a special case. |
|
Hi .. Is there any update on this request? |
|
Any updates? |
|
i came to the same challenge. |
|
+1 |
|
+1 looking for this feature :) |
|
+1 |
|
+100 :) |
|
+1 |
|
+42 |
|
+43 |
|
Instead of commenting |
and others
Tell us about your request
It would be nice if it was possible to use PodNodeSelector in EKS.
Which service(s) is this request for?
EKS
Tell us about the problem you're trying to solve. What are you trying to do, and why is it hard?
In our EKS clusters, we are looking to leverage namespaces to represent our deployment environments. In order to do this safely, we want to label different auto-scaling groups of nodes as production and non-production. We then could use have the clusterDefaultNodeSelector select the non-production nodes, and the prod namespace target production nodes.
Are you currently working around this issue?
We are currently considering 2 workarounds.
The text was updated successfully, but these errors were encountered: