Open celestialorb opened 2 years ago
Looks like the plugin is pulling in both DNS names for both addresses as well, so that explains why the dns
selectors didn't make a difference.
Yeah, I think the only solution to this, aside from reworking our networking setup, would be to make the IP address / DNS name that matches the instance's address as the first preference unless otherwise stated by the preferred_endpoints
attribute.
Either that or an additional attribute for the plugin. A boolean value describing whether or not to only source the instance's address and to ignore any other additional network interfaces on it.
Something along the lines of: instance_primary_interface_only: true
?
I've attempted to address this with #22 I am running into this with node groups on EKS. So far it hasn't been possible to get boundary to select the right ip when I want to use it for SSH because the additional ips added by VPC CNI keep getting in the way.
I have an AWS ECS cluster that I'd like to be able to SSH into via Boundary, but cannot configure the host set AWS plugin to select the proper address of the host node.
Each of my AWS ECS nodes has two private addresses, one for the host itself and one for what I assume is the CNI on the node. However, Boundary seems to always select the CNI address and not the host address. Both of these exist in the same subnet CIDR ranges, so using the
preferred_endpoints
with a CIDR specification will not help.I have tried using the
dns
specification inpreferred_endpoints
with bothdns:ip-*
anddns:*
but neither seem to work and I can't find any documentation for it so I'm not positive that is a proper option.Is there anyway that I can configure it to select the proper address? Could the plugin check the address against the private DNS name and always prefer the one matching the host if no
preferred_endpoints
is set?Am I missing something?