Open grosser opened 2 months ago
oliviassss
commented
1 month ago you can leverage the existing svc annotation to add additional tags: service.beta.kubernetes.io/aws-load-balancer-additional-resource-tags
check: https://kubernetes-sigs.github.io/aws-load-balancer-controller/v2.8/guide/service/annotations/#aws-resource-tags
M00nF1sh
commented
1 month ago @grosser We would need security reviews to accept such PRs. AWS Tags are security related(due to it can be used for tag based auth), thus we cannot blindly copy over all labels.
Personally I'm open for proposed feature which provides a label whitelist, but this seems low priority in my mind as you can already specify it via the aws-load-balancer-additional-resource-tags annotation. (which seems a low effort if you define ingress/services via some automatically tools).
BTW, have you considered automatically generate the "aws-load-balancer-additional-resource-tags" annotation via a webhook for your team(or some manifest generation tools), instead of embed this functionality into the controller itself?
grosser
commented
1 month ago
Is your feature request related to a problem? we need our aws lbs to be tagged with the team/project that created them
Describe the solution you'd like our services are already labeled with the team they have, so I'd like to make aws-lbc reuse that instead of having to tell every team how and why to configure aws-load-balancer-additional-resource-tags
the logic would fit neatly into buildAdditionalResourceTags with a new cli option like copy-labels-to-resource-tags=team,project,foo,bar
I think I can make a PR since this is fairly simple, but wanted feedback on if this is merge-able first
Describe alternatives you've considered make everyone copy-paste and ensure the copy-paste stays in sync