-
Notifications
You must be signed in to change notification settings - Fork 744
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
entry point script migration to golang #1726
Conversation
Few high level comments before going into code details
|
Yes Srini will test on ARM nodes. Reg keeping the changes separate is not possible since the minimal distro image doesn't have a shell to run the entry point script and also few packages like js which is needed for the script. |
Jayanth, I understand that script migration is a pre-req for minimal distro. But i was suggesting following order of changes 1/ Commit the script migration as a separate change so that AL2 can leverage this. [ This would require exhaustive testing and we can enhance our AL2 test suite as well] . This can potentially be bundled into CNI 10.1.2 release This would help us isolate regression and unify API behavior across AL2/Minimal distro. As an example, AWS SDK attempts IMDSv2 and then falls back to IMDSv1. However, CNI 1.10.1 (AL2) entry point script doesn't do that. |
Sure Srini I can separate it to 2 PRs. |
@srini-ram - Updated the PR to have the AL2 image. Will open a new PR for minimal distro once this is merged. Automation will be added as a fast follow up. Will discuss about the test plan offline. |
This pull request is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days |
/not stale |
This pull request is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days |
This pull request is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days |
/not stale |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Overall content looks good to me, just a few nits. I can review further after the conflicts are resolved and jobs pass.
Quick question, any interest in pulling in go modules for cp
and sysctl
instead of implementing our own? I can see either side, I guess it depends on how specific this use is.
val, _ = sys.GetSysctl(entry) | ||
log.Infof("Updated entry for %d", val) | ||
|
||
enableIPv6 := getEnv(envEnableIPv6, "false") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
If the environment variable is not present, then we would be leaving default IPv6 settings. Should this explicitly disable IPv6 when env var is not present?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes false is the default.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
But that default could change on AL2. I think we should call these sysctls either way to be safe
entry = "net/ipv6/conf/all/disable_ipv6" | ||
err = sys.SetSysctl(entry, 0) | ||
if err != nil { | ||
log.WithError(err).Fatalf("Failed to enable disable_ipv6\n") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: maybe "Failed to set disable_ipv6
to 0"
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I can add it.
if outb.String() == "" { | ||
return true | ||
} | ||
time.Sleep(1 * time.Second) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: do we need a sleep here? Won't cmd
already have a built-in grpc timeout that should be sufficient?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah we can remove it, this was based of the old code and it was removed recently.
https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.10.3/scripts/entrypoint.sh#L120
return hostIP, nil | ||
} | ||
|
||
time.Sleep(1 * time.Second) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
nit: seems like GetMetaData
already has a timeout built in, so do we need this sleep?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So there are 10 retries so after that I added this sleep for the next retry. But let me check if we can remove it, we can save a second.
There were some 3P implementation for cp and sysctl, hence I added utils similar to upstream K8s. |
Closing this PR since including the changes in #2146 |
What type of PR is this?
Enhancement
Which issue does this PR fix:
N/A
What does this PR do / Why do we need it:
Rewrite the entry point shell scripts in golang
This is first part of the change to update to minimal distro image.
If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:
N/A
Testing done on this change:
Yes
Test Cases
Startup Aws-node
Startup Init-container
PD is Enable but WARM targets = 0
PD is enabled but Warm target = -1
Plugin log file = stdout
Veth prefix > 4
Veth prefix = lo
Created aws.conf file and restarted aws-node
File is delete -
Enable bw plugin -
Disable bw plugin -
Automation added to e2e:
Work in progress
Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No
Does this change require updates to the CNI daemonset config files to work?:
No
Does this PR introduce any user-facing change?:
No
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.