search

open-telemetry / opentelemetry-collector-contrib

Contrib repository for the OpenTelemetry Collector
https://opentelemetry.io
Apache License 2.0
2.9k stars 2.27k forks source link

New EKS cluster may not have aws_auth config map breaking resource detection #31300

Open ryanfaircloth opened 7 months ago

ryanfaircloth commented 7 months ago

Component(s)

No response

What happened?

Description

AWS is moving from config_map managed auth to a new feature called access entries, when access entries is enabled the aws_auth is removed this break the current resourcedetection/eks https://docs.aws.amazon.com/eks/latest/userguide/migrating-access-entries.html

https://github.com/open-telemetry/opentelemetry-collector-contrib/blob/609be0a4ed4a0a8a3db694cc88ef6ad015177c69/processor/resourcedetectionprocessor/internal/aws/eks/detector.go#L105

Steps to Reproduce

Deploy a collector on a EKS cluster with API only access entries (no aws_auth config map)

Expected Result

EKS should still be the resource type

Actual Result

Collector version

v0.93.0

Environment information

AWS EKS 1.28 Access Entries enabled aws_auth configmap removed

OpenTelemetry Collector configuration

resourcedetection:
                detectors:
                - env
                - eks

Log output

2024-02-16T16:56:02.022Z        warn    internal/resourcedetection.go:130       failed to detect resource       {"kind": "processor", "name": "resourcedetection", "pipeline": "logs", "error": "isEks() error retrieving auth configmap: failed to retrieve ConfigMap kube-system/aws-auth: configmaps \"aws-auth\" is forbidden: User \"system:serviceaccount:otel-system:otel-collector-cluster\" cannot get resource \"configmaps\" in API group \"\" in the namespace \"kube-system\""}
2024-02-16T16:56:02.023Z        info    internal/resourcedetection.go:139       detected resource information   {"kind": "processor", "name": "resourcedetection", "pipeline": "logs", "resource": {}}

Additional context

No response

github-actions[bot] commented 6 months ago

Pinging code owners for processor/resourcedetection: @Aneurysm9 @dashpole. See Adding Labels via Comments if you do not have permissions to add labels yourself.

crobert-1 commented 6 months ago

Thanks for posting @ryanfaircloth, I was able to read the links provided and agree this is an issue that needs resolved.

Removing needs triage

github-actions[bot] commented 4 months ago

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

github-actions[bot] commented 2 months ago

This issue has been inactive for 60 days. It will be closed in 60 days if there is no activity. To ping code owners by adding a component label, see Adding Labels via Comments, or if you are unsure of which component this issue relates to, please ping @open-telemetry/collector-contrib-triagers. If this issue is still relevant, please ping the code owners or leave a comment explaining why it is still relevant. Otherwise, please close it.

Pinging code owners:

See Adding Labels via Comments if you do not have permissions to add labels yourself.

SoerenHenning commented 1 month ago

I ran into this issue today. My cluster does not have the ConfigMap kube-system/aws-auth. Is there any workaround for that? I thought whether maybe the alpha.eksctl.io/cluster-name node label can be used for EKS clusters that are created with eksctl.