Closed paulbraham-ds closed 1 month ago
teevans
commented
3 months ago Hey there, this is indeed expected - We query several different resources across all regions to make sure we're thorough on our reports such as orphaned resources! We don't currently offer a way to configure the application to ignore certain regions. However, blocking the traffic through a firewall should not cause any issues!
skmartin-trv
commented
3 months ago Hello,
I'd like to second this issue - as it does have impacts to us. We are looking to be cost aware everywhere - which includes network traffic and log messages. Un-necessary calls being made to other regions that are not needed do add additional complexity in our network costs, logging costs, and observability solutions - as these show up in our environment as failed calls being blocked.
While it may not impact the product functionality - it is more than an annoyance. A way to minimize these only to necessary regions would be beneficial.
Thanks.
AjayTripathy
commented
3 months ago That's fair @skmartin-trv I imagine this is a quick fix. cc @cliffcolvin for triage.
paulbraham-ds
commented
3 months ago Hello,
I'd like to second this issue - as it does have impacts to us. We are looking to be cost aware everywhere - which includes network traffic and log messages. Un-necessary calls being made to other regions that are not needed do add additional complexity in our network costs, logging costs, and observability solutions - as these show up in our environment as failed calls being blocked.
While it may not impact the product functionality - it is more than an annoyance. A way to minimize these only to necessary regions would be beneficial.
Thanks.
Hello,
I'd like to second this issue - as it does have impacts to us. We are looking to be cost aware everywhere - which includes network traffic and log messages. Un-necessary calls being made to other regions that are not needed do add additional complexity in our network costs, logging costs, and observability solutions - as these show up in our environment as failed calls being blocked.
While it may not impact the product functionality - it is more than an annoyance. A way to minimize these only to necessary regions would be beneficial.
Thanks.
I'd settle for being able to scope it to an AWS partition. AWS China is not a standard AWS Commercial region and has it's own totally separate login page similar to GovCloud. Stopping it from reaching in to other partitions would be great.
chipzoller
commented
1 month ago Not a Helm chart issue, transferred.
chipzoller
commented
1 month ago Hello, we are deprecating using GitHub to track bugs and feature requests. If this issue is still outstanding and you have not done so already, please raise a request at https://support.kubecost.com/.
Kubecost Helm Chart Version
2.1.1
Kubernetes Version
1.29
Kubernetes Platform
EKS
Description
Kubecost is installed using the Helm chart with default values (Other than disabling prometheus and reporting).
Our AWS firewall shows activity from the EC2 node to
sts.cn-northwest-1.amazonaws.com.cnandsts.cn-north-1.amazonaws.com.cnwhich is blocked. This traffic has been isolated to thekubecost-cost-analyzerpod.The deployment is not using the cost/usage report data currently.
Is this expected behavior? Or is there a way of disabling the application calling out to STS endpoints in certain regions and explicitly defining it.
Steps to reproduce
Expected behavior
Kubecost to only hit endpoints in the region it is deployed in. (Or at least not to traverse AWS partitions.)
Impact
It is triggering unnecessary alerts within our environment and raising questions from security teams.
Screenshots
Logs
No response
Slack discussion
No response
Troubleshooting