Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI

aws / amazon-vpc-cni-k8s

Networking plugin repository for pod networking in Kubernetes using Elastic Network Interfaces on AWS

Apache License 2.0

2.26k stars 736 forks source link

Allow setting of EC2 Security group connection tracking configurable idle timeouts in AWS VPC CNI #2677

Open youwalther65 opened 10 months ago

youwalther65 commented 10 months ago

What would you like to be added: AWS just released EC2 Security group connection tracking adds support for configurable idle timeouts.

Modifying these parameters requires EC2 API calls. It would be great if AWS VPC CNI can automatically implement custom configuration of these idle timeouts for newly provisioned ENI, it manages.

Why is this needed: Avoid conntrack (connection tracking) issues leading to paket loss etc.

jdn5126 commented 10 months ago

For whomever works on this, ENI options are specified on create here: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/awsutils.go#L786

The data-structure chain from aws-sdk-go(https://raw.githubusercontent.com/aws/aws-sdk-go/main/service/ec2/api.go) is:

CreateNetworkInterfaceInput -> ConnectionTrackingSpecification -> ConnectionTrackingSpecificationRequest

bawejahritik commented 9 months ago

I would like to try and implement this, any guidance is highly appreciated as this is my first issue

jdn5126 commented 9 months ago

@bawejahritik thank you for the offer! We are currently discussing internally when to pick this up, as we want to limit the number of new environment variables that we introduce until we have a chance to clean existing ones up.

bawejahritik commented 9 months ago

Thank you for your response, is there anything else I can work on which is a good first issue?

Would love to contribute

github-actions[bot] commented 7 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

github-actions[bot] commented 5 months ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days

youwalther65 commented 5 months ago

@jdn5126 Any news regarding AWS internal decision?

jdn5126 commented 4 months ago

@youwalther65 I no longer work for AWS, so I cannot answer this

jayanthvn commented 4 months ago

cc: @orsenthil

orsenthil commented 4 months ago

Any news regarding AWS internal decision?

No news yet. this is desirable feature that we will bring it up for prioritization.

OverStruck commented 2 months ago

bump, please add

github-actions[bot] commented 1 day ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days