Open vlerenc opened 1 year ago
himanshu-kun
commented
1 year ago We'll update extension-provider-gcp first to also send network tag in the machineClass, so that VMs have them Regarding other providers, yes that is possible. We'll track for each provider in this issue. These tags will be added for new VMs not the old ones in-place. But in next rolling update they will also have it.
himanshu-kun
commented
1 year ago @vlerenc has commented https://github.com/gardener/machine-controller-manager-provider-gcp/issues/71#issuecomment-1442846862 , but still zone information is a good info on a VM, so we'll go ahead with it.
vlerenc
commented
1 year ago OK, then please add it also for the other (cloud) providers where it's missing. It's certainly practical to have the zone as something that can be filtered on in general.
What would you like to be added: While trying to implement zone outage tests in GCP, it was difficult to find the right machines. In Gardener GCP we have one VPC and one subnet (as opposed to AWS for instance) and the machines get IPs from a joint IP range. Hence, machines must be filtered, but we do not set any zone labels or tags. Network tags would be particularly useful, because then firewall rules could be established and GCP does the filtering (you can define firewall rules and "select" machines by network tags only in GCP).
Would that make sense, i.e. additionally applying the zone information per machine, possibly across all infrastructures, if not yet the case? End users cannot do that themselves as they define their worker pools usually across multiple zones and let Gardener do the heavy-lifting of distribution of the worker pool across their zones.
Providers:
Why is this needed: It would considerably simplify zone outage tests and possibly open up options also for other use cases as the machine-to-zone association would then be available out-of-the-box. Unfortunately, while network tags are optimal for firewalls, end custom filtering works only with labels (https://issuetracker.google.com/issues/120255780#comment14), so probably labels and network tags should be set, but we do that already to some degree.