Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Allow specifying kms key alias in the ec2 node class spec for blockDeviceMappings #7085

Open
shabbskagalwala opened this issue Sep 26, 2024 · 0 comments
Open

feat: Allow specifying kms key alias in the ec2 node class spec for blockDeviceMappings #7085

shabbskagalwala opened this issue Sep 26, 2024 · 0 comments
Labels
feature New feature or request needs-triage Issues that need to be triaged

Comments

@shabbskagalwala
Copy link
Contributor

shabbskagalwala commented Sep 26, 2024
edited
Loading

Description

What problem are you trying to solve?

This is a feature request to introduce the ability to specify a kmsKeyAlias in the blockDeviceMappings for the EC2 node class object, in addition to the currently supported kmsKeyID.

At present, only the kmsKeyID can be provided for the EC2 node class, this approach presents challenges in managing configurations across multiple clusters, environments, regions, and AWS accounts.

When operating at scale with multiple clusters, managing and manually entering the kmsKeyID in each template can become cumbersome and error-prone, specially with tools like Helm charts for nodepools and node classes when Terraform is not used in the setup. . The kmsKeyAlias is a logical identifier that remains consistent across environments, accounts, and regions making it more suitable for use in infrastructure templates. Relying solely on kmsKeyID increases the risk of misconfiguration, especially when managing EC2 node classes in environments where IDs vary but the alias always remains the same.

An example would be something like

spec:
  amiFamily: AL2
  amiSelectorTerms:
  - id: ami-1234567890
  blockDeviceMappings:
  - deviceName: /dev/xvda
    ebs:
      deleteOnTermination: true
      encrypted: true
      iops: 3000
      kmsKeyAlias: us-west-2/eks-cluster-ebs-key
      throughput: 750
      volumeSize: 100Gi
      volumeType: gp3
  detailedMonitoring: true

How important is this feature to you?

This would make cluster management at scale with Karpenter easier and simplify the process where multiple node pools are being used in 100s of EKS clusters.

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment
@shabbskagalwala shabbskagalwala added feature New feature or request needs-triage Issues that need to be triaged labels Sep 26, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
feature New feature or request needs-triage Issues that need to be triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@shabbskagalwala