Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

add pod sg enforcing mode to fix ebs eni crashloopback issue #82

Closed
wants to merge 1 commit into from
Closed

add pod sg enforcing mode to fix ebs eni crashloopback issue #82

wants to merge 1 commit into from

Conversation

panchalnimesh
Copy link
Contributor

No description provided.

@panchalnimesh panchalnimesh self-assigned this Jun 30, 2023
@thepoppingone
Copy link
Contributor

I tried this but it will fail but lets try this build

@panchalnimesh
Copy link
Contributor Author

panchalnimesh commented Jun 30, 2023
edited
Loading

I tried this but it will fail but lets try this build

@thepoppingone i just tried manually by applying value as standard and it work for me, it's stable now and even i deleted pods, newly created pod's also looks normal

@thepoppingone
Copy link
Contributor

yea the manual way works, the problem is this problematic eks addon T_T

@panchalnimesh
Copy link
Contributor Author

yea the manual way works, the problem is this problematic eks addon T_T

Lets me test in st-dev with alpha version

@thepoppingone
Copy link
Contributor

i managed to get a working copy on my release:
https://app.terraform.io/app/sph/workspaces/platform-eng-tools-eks-cluster-dev/runs/run-kCPinpw9JWu5RaRg

@thepoppingone
Copy link
Contributor

thepoppingone commented Jun 30, 2023
edited
Loading

Some context for you

Error: updating EKS Add-On (herworld-dev:vpc-cni): InvalidParameterException: ConfigurationValue provided in request is not supported: Json schema validation failed with error: [$.env.DISABLE_TCP_EARLY_DEMUX: is not defined in the schema and the schema does not allow additional properties] { RespMetadata: { StatusCode: 400, RequestID: "965032b8-01d6-4af9-83e0-862acd68e91e" }, AddonName: "vpc-cni", ClusterName: "herworld-dev", Message_: "ConfigurationValue provided in request is not supported: Json schema validation failed with error: [$.env.DISABLE_TCP_EARLY_DEMUX: is not defined in the schema and the schema does not allow additional properties]" }

with module.eks_cluster.module.eks.module.eks.aws_eks_addon.this["vpc-cni"]
on .terraform/modules/eks_cluster.eks.eks/main.tf line 382, in resource "aws_eks_addon" "this":
resource "aws_eks_addon" "this" {

[$.env.DISABLE_TCP_EARLY_DEMUX: is not defined in the schema and the schema does not allow additional properties]" }

@thepoppingone thepoppingone mentioned this pull request Jun 30, 2023
Merged
@thepoppingone
Copy link
Contributor

thepoppingone commented Jun 30, 2023
edited
Loading

I have merged your in changes into my PR #81 , yours will error out on the message i shown above, I tested a few config b4 getting it to work

{
  "$ref": "#/definitions/VpcCni",
  "$schema": "http://json-schema.org/draft-06/schema#",
  "definitions": {
    "Affinity": {
      "type": [
        "object",
        "null"
      ]
    },
    "EniConfig": {
      "additionalProperties": false,
      "properties": {
        "create": {
          "type": "boolean"
        },
        "region": {
          "type": "string"
        },
        "subnets": {
          "additionalProperties": {
            "additionalProperties": false,
            "properties": {
              "id": {
                "type": "string"
              },
              "securityGroups": {
                "items": {
                  "type": "string"
                },
                "type": "array"
              }
            },
            "required": [
              "id"
            ],
            "type": "object"
          },
          "minProperties": 1,
          "type": "object"
        }
      },
      "required": [
        "create",
        "region",
        "subnets"
      ],
      "type": "object"
    },
    "Env": {
      "additionalProperties": false,
      "properties": {
        "ADDITIONAL_ENI_TAGS": {
          "type": "string"
        },
        "ANNOTATE_POD_IP": {
          "format": "boolean",
          "type": "string"
        },
        "AWS_EC2_ENDPOINT": {
          "type": "string"
        },
        "AWS_EXTERNAL_SERVICE_CIDRS": {
          "type": "string"
        },
        "AWS_MANAGE_ENIS_NON_SCHEDULABLE": {
          "format": "boolean",
          "type": "string"
        },
        "AWS_VPC_CNI_NODE_PORT_SUPPORT": {
          "format": "boolean",
          "type": "string"
        },
        "AWS_VPC_ENI_MTU": {
          "format": "integer",
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG": {
          "format": "boolean",
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_EXCLUDE_SNAT_CIDRS": {
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_EXTERNALSNAT": {
          "format": "boolean",
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_LOGLEVEL": {
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_LOG_FILE": {
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_RANDOMIZESNAT": {
          "type": "string"
        },
        "AWS_VPC_K8S_CNI_VETHPREFIX": {
          "type": "string"
        },
        "AWS_VPC_K8S_PLUGIN_LOG_FILE": {
          "type": "string"
        },
        "AWS_VPC_K8S_PLUGIN_LOG_LEVEL": {
          "type": "string"
        },
        "CLUSTER_ENDPOINT": {
          "type": "string"
        },
        "DISABLE_INTROSPECTION": {
          "format": "boolean",
          "type": "string"
        },
        "DISABLE_LEAKED_ENI_CLEANUP": {
          "format": "boolean",
          "type": "string"
        },
        "DISABLE_METRICS": {
          "format": "boolean",
          "type": "string"
        },
        "DISABLE_NETWORK_RESOURCE_PROVISIONING": {
          "format": "boolean",
          "type": "string"
        },
        "ENABLE_BANDWIDTH_PLUGIN": {
          "format": "boolean",
          "type": "string"
        },
        "ENABLE_POD_ENI": {
          "format": "boolean",
          "type": "string"
        },
        "ENABLE_PREFIX_DELEGATION": {
          "format": "boolean",
          "type": "string"
        },
        "ENABLE_V6_EGRESS": {
          "format": "boolean",
          "type": "string"
        },
        "ENI_CONFIG_ANNOTATION_DEF": {
          "type": "string"
        },
        "ENI_CONFIG_LABEL_DEF": {
          "type": "string"
        },
        "INTROSPECTION_BIND_ADDRESS": {
          "type": "string"
        },
        "MAX_ENI": {
          "format": "integer",
          "type": "string"
        },
        "MINIMUM_IP_TARGET": {
          "format": "integer",
          "type": "string"
        },
        "POD_SECURITY_GROUP_ENFORCING_MODE": {
          "type": "string"
        },
        "WARM_ENI_TARGET": {
          "format": "integer",
          "type": "string"
        },
        "WARM_IP_TARGET": {
          "format": "integer",
          "type": "string"
        },
        "WARM_PREFIX_TARGET": {
          "format": "integer",
          "type": "string"
        }
      },
      "title": "Env",
      "type": "object"
    },
    "Init": {
      "additionalProperties": false,
      "properties": {
        "env": {
          "$ref": "#/definitions/InitEnv"
        }
      },
      "title": "Init",
      "type": "object"
    },
    "InitEnv": {
      "additionalProperties": false,
      "properties": {
        "DISABLE_TCP_EARLY_DEMUX": {
          "format": "boolean",
          "type": "string"
        },
        "ENABLE_V6_EGRESS": {
          "format": "boolean",
          "type": "string"
        }
      },
      "title": "InitEnv",
      "type": "object"
    },
    "Limits": {
      "additionalProperties": false,
      "properties": {
        "cpu": {
          "type": "string"
        },
        "memory": {
          "type": "string"
        }
      },
      "title": "Limits",
      "type": "object"
    },
    "Resources": {
      "additionalProperties": false,
      "properties": {
        "limits": {
          "$ref": "#/definitions/Limits"
        },
        "requests": {
          "$ref": "#/definitions/Limits"
        }
      },
      "title": "Resources",
      "type": "object"
    },
    "Tolerations": {
      "additionalProperties": false,
      "items": {
        "type": "object"
      },
      "type": "array"
    },
    "VpcCni": {
      "additionalProperties": false,
      "properties": {
        "affinity": {
          "$ref": "#/definitions/Affinity"
        },
        "eniConfig": {
          "$ref": "#/definitions/EniConfig"
        },
        "env": {
          "$ref": "#/definitions/Env"
        },
        "init": {
          "$ref": "#/definitions/Init"
        },
        "livenessProbeTimeoutSeconds": {
          "type": "integer"
        },
        "readinessProbeTimeoutSeconds": {
          "type": "integer"
        },
        "resources": {
          "$ref": "#/definitions/Resources"
        },
        "tolerations": {
          "$ref": "#/definitions/Tolerations"
        }
      },
      "title": "VpcCni",
      "type": "object"
    }
  },
  "description": "vpc-cni"
}

@thepoppingone
Copy link
Contributor

https://app.terraform.io/app/sph/workspaces/platform-eng-tools-eks-cluster-dev/runs/run-38uHyeDEamouGDBW
My branch managed to work as well after merging your changes

@thepoppingone thepoppingone reopened this Jun 30, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pkailasu pkailasu Awaiting requested review from pkailasu

@lawliet89 lawliet89 Awaiting requested review from lawliet89

@thepoppingone thepoppingone Awaiting requested review from thepoppingone

Assignees

@panchalnimesh panchalnimesh

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@panchalnimesh @thepoppingone