search

argoproj / argo-cd

Declarative Continuous Deployment for Kubernetes
https://argo-cd.readthedocs.io
Apache License 2.0
17.82k stars 5.44k forks source link

Use AWS STS regional endpoint instead of AWS Global Endpoint by default for argocd-application-controller #20375

Open sushanth0910 opened 2 weeks ago

sushanth0910 commented 2 weeks ago

Summary

I am from EKS team, for some EKS clusters which are using argoCD we have observed this user-agent argocd-application-controller defaults to using global STS endpoint rather than the regional STS endpoint.

It is recommended to use the AWS regional endpoint rather than the global endpoint. This ensures better performance and compliance with AWS best practices.

https://docs.aws.amazon.com/sdkref/latest/guide/feature-sts-regionalized-endpoints.html

Motivation

Using AWS regional endpoints improves performance by reducing latency and enhances availability by eliminating dependencies on global services. It also ensures compliance with region-specific regulations and optimizes resource utilization.

Proposal

We propose argocd-application-controller need to use the AWS regional STS endpoint by default instead of the global endpoint to enhance performance, reduce latency, and align with AWS best practices.

agaudreault commented 2 weeks ago

@sushanth0910 as an open-source project, I don't see any configuration on this project on AWS STS, If this is related to the AWSAuthConfig, can you provide documentation and/or additional configuration that are required when users configure EKS clusters?

Since this is a user configuration and not something built-in the project, I think the only possibility here is to update documentation. Could you submit a pull request?

tooptoop4 commented 5 days ago

boomp @sushanth0910