Enhanced subnet discovery should use configurable tags
dougbyrne opened this issue · 2 comments
dougbyrne commented
What would you like to be added: The enhanced subnet discovery should use configurable tags. Currently the CNI will use any subnet in a matching VPC and AZ with the tag kubernetes.io/role/cni: 1. The CNI should have additional configurable tag filters.
Why is this needed: If multiple EKS clusters share a VPC, they will all share subnets. It is desirable to specify additional tags unique to each cluster to limit the discovery scope. An example filter might be kubernetes.io/cluster/my-example-cluster: shared.
| Subnet ID | tag kubernetes.io/role/cni |
tag kubernetes.io/cluster/my-example-cluster |
tag kubernetes.io/cluster/some-other-cluster |
Selected by my example cluster |
Selected by some other cluster |
|---|---|---|---|---|---|
| subnet-123 | 1 | shared | untagged | ✅ Yes | ❌ No |
| subnet-456 | 1 | untagged | shared | ❌ No | ✅ Yes |
| subnet-789 | 1 | shared | shared | ✅ Yes | ✅ Yes |
| subnet-abc | untagged | shared | untagged | ❌ No | ❌ No |
| subnet-def | untagged | untagged | untagged | ❌ No | ❌ No |