Skip to content

[processor/resourcedetection] refactor eks detector to fetch attributes from k8s and AWS api #39981

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

[processor/resourcedetection] refactor eks detector to fetch attributes from k8s and AWS api #39981

wants to merge 1 commit into from

Conversation

dloucasfx
Copy link
Contributor

@dloucasfx dloucasfx commented May 9, 2025
edited
Loading

Description

  • refactored EKS detector to use the ec2 metadata provider when the metadata server is available . Metadata server will take priority over k8s/aws api as it's more robust
  • added EKS metadata provider which uses the k8s and aws api to gather attributes . This is needed when IMDS is not accessible . (ex: EKS Auto Mode and/or pod not running in hostnetwork)
  • use the new EKS metadata provider in EKS detector when IMDS server is NOT available.
  • added extra resource attributes to the EKS detector (region, availability region, instanceid) . As those attributes will fail in the ec2 detector when IMDS is not accessible

As mentioned in my note in the linked issue, extra care is need to enable AWS Auth when IMDS is not accessible

While developing the above suggestion, I have noticed that AWS API client gets its auth credentials through the metadata server endpoint. In other words, we can no longer "transparently" use AWS API calls in EKS AUTO MODE (non hostnetwork pod) as this endpoint is not reachable.
This means that the user needs to explicitly define the AWS credentials. This can be done through different means, example, env variables or using POD Identity.
Pod Identity is the best choice as the agent identity is pre-installed in EKS Auto Mode and the user will only need to create the appropriate role and associate it with the pod SA.

Link to tracking issue

Fixes #39503

Testing

And once I get an OK from the community, I will update this PR with the test files (for the EKS metadata provider and the eks detector)

Documentation

Auto generated docs.
And once I get an OK from the community, I will add extra notes on how to enable auth and extra info

Note:

I can break the PR into EKS metada provider and EKS resource detection if needed.

@dloucasfx dloucasfx requested review from dashpole, a team, mx-psi and songy23 as code owners May 9, 2025 18:57
@dloucasfx dloucasfx mentioned this pull request May 9, 2025
Merged
atoulme added a commit that referenced this pull request May 9, 2025
@dloucasfx @atoulme
[chore] update aws-sdk-go-v2 to v1.217.0 (#39983)
aa00ed1 
#### Description

Preparing for
#39981

---------

Signed-off-by: Dani Louca <[email protected]>
Co-authored-by: Antoine Toulme <[email protected]>
@atoulme atoulme requested review from mxiamxia and removed request for mackjmr and jade-guiton-dd May 9, 2025 20:25
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@dashpole dashpole Awaiting requested review from dashpole dashpole is a code owner

@Aneurysm9 Aneurysm9 Awaiting requested review from Aneurysm9

@mxiamxia mxiamxia Awaiting requested review from mxiamxia

At least 1 approving review is required to merge this pull request.

Assignees

@atoulme atoulme

Labels
internal/metadataproviders processor/resourcedetection Resource detection processor
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[processor/resourcedetection] Support EKS Auto Mode cluster
2 participants
@dloucasfx @atoulme