Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Imdsv2 for entrypoint #1743

Merged
merged 1 commit into from
Nov 10, 2021
Merged

Imdsv2 for entrypoint #1743

merged 1 commit into from
Nov 10, 2021

Conversation

jayanthvn
Copy link
Contributor

What type of PR is this?
Porting PR #1727 from @chlunde

Which issue does this PR fix:
IMDSv1 disabled nodes will fail to be marked as ready because the conf file is not copied and entry point script is hung.

What does this PR do / Why do we need it:
Use tokens.

If an issue # is not available please add repro steps and logs from IPAMD/CNI showing the issue:

Testing done on this change:

Yes

Node is marked as not ready with v1.10.0 with IMDSV1 disabled -

ip-192-168-86-222.us-west-2.compute.internal   NotReady   <none>   7m15s   v1.17.17-eks-ac51f2   192.168.86.222   54.212.222.201   Amazon Linux 2   4.14.248-189.473.amzn2.x86_64   docker://20.10.7

Conf file is missing -

[root@ip-192-168-86-222 ec2-user]# cd /etc/cni/net.d/
[root@ip-192-168-86-222 net.d]# ls
[root@ip-192-168-86-222 net.d]# ls

With fix -

[root@ip-192-168-86-222 net.d]# ls
10-aws.conflist

Node is ready -

ip-192-168-86-222.us-west-2.compute.internal   Ready    <none>   21m   v1.17.17-eks-ac51f2   192.168.86.222   54.212.222.201   Amazon Linux 2   4.14.248-189.473.amzn2.x86_64   docker://20.10.7

Automation added to e2e:

No

Will this break upgrades or downgrades. Has updating a running cluster been tested?:
No

Does this change require updates to the CNI daemonset config files to work?:

Does this PR introduce any user-facing change?:

No


By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@jayanthvn jayanthvn added this to the v1.10.1 milestone Nov 10, 2021
@achevuru achevuru merged commit bf16838 into aws:master Nov 10, 2021
jayanthvn added a commit to jayanthvn/amazon-vpc-cni-k8s that referenced this pull request Nov 10, 2021
achevuru pushed a commit that referenced this pull request Nov 10, 2021
cgchinmay pushed a commit to cgchinmay/amazon-vpc-cni-k8s that referenced this pull request Nov 12, 2021
…ariables if available

removed unnecessary logs

Update failing test

Updated ClusterRole permissions

Rename mType to metricType
Fetch Region only if not available

Remove redundant logging

helm chart changes to use the new AWS_CLUSTER_ID env variable

Minor fixes to fetching region and cluster_id logic

Simply logic to fetch cluster_id and region

Updated cni-metrics-helper Readme with instructions for using IRSA

Updated clusterRole template for cni-metrics-helper helm chart

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet

Readme updates (aws#1735)

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc

imdsv2 changes (aws#1743)

fix flaky canary test (aws#1742)

add CODEOWNERS (aws#1747)

Snat tests: [agent is already updated] (aws#1513)

* resolved conflicts with go.sum

* Updated test agent image

* Removed redundant files

* Addressed PR comments

Fixed go.sum in root folder

Changed DescribeInstanceWithFilter to DescribeInstances
Moved GetPrimaryInstanceId from ec2 interface
Added GinkgoWriter

Updated Readme for Snat test

Rearranged snat_test logic
Updated Readme for test/e2e

* Minor change to logging

Updated Chart version for cni-metrics-helper
Shreya027 pushed a commit to Shreya027/amazon-vpc-cni-k8s that referenced this pull request Nov 16, 2021
cgchinmay pushed a commit to cgchinmay/amazon-vpc-cni-k8s that referenced this pull request Dec 9, 2021
# This is the 1st commit message:

Add VlanId in the cmdAdd Result struct
This VlanId will appear in the prevResult during cmdDel request

Test prevResult contents

CleanUp Pod Network using vlanId from prevResult in CNI itself
No need to call ipamd

Log formatting changes

Added hostNetworking Setup test for pods using security groups

revoke unnecessary test agent image changes

Revoke unnecessary changes

remove focussed test
set replica count to total number of branch interface

Fix replica count

# This is the commit message aws#2:

Updated cleanUpPodENI method

# This is the commit message aws#3:

Skip processing Delete request if prevResult is nil
Add Logging vlanId to ipamd

# This is the commit message aws#4:

Add support to test with containerd nodegroup in pod-eni test

# This is the commit message aws#5:

Add check for empty Netns() in cni

# This is the commit message aws#6:

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet
# This is the commit message aws#7:

Readme updates (aws#1735)


# This is the commit message aws#8:

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc
# This is the commit message aws#9:

imdsv2 changes (aws#1743)


# This is the commit message aws#10:

fix flaky canary test (aws#1742)


# This is the commit message aws#11:

add CODEOWNERS (aws#1747)
cgchinmay pushed a commit to cgchinmay/amazon-vpc-cni-k8s that referenced this pull request Dec 9, 2021
This VlanId will appear in the prevResult during cmdDel request

CleanUp Pod Network using vlanId from prevResult in CNI itself
No need to call ipamd

Log formatting changes

Added hostNetworking Setup test for pods using security groups

Updated cleanUpPodENI method

Skip processing Delete request if prevResult is nil
Add Logging vlanId to ipamd

Add support to test with containerd nodegroup in pod-eni test

Add check for empty Netns() in cni

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet

Readme updates (aws#1735)

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc

imdsv2 changes (aws#1743)

fix flaky canary test (aws#1742)

add CODEOWNERS (aws#1747)

Snat tests: [agent is already updated] (aws#1513)

* resolved conflicts with go.sum

* Updated test agent image

* Removed redundant files

* Addressed PR comments

Fixed go.sum in root folder

Changed DescribeInstanceWithFilter to DescribeInstances
Moved GetPrimaryInstanceId from ec2 interface
Added GinkgoWriter

Updated Readme for Snat test

Rearranged snat_test logic
Updated Readme for test/e2e

* Minor change to logging

Fix compilation errors (aws#1751)

add support for running canary script in different regions (aws#1752)

Regenerate pod eni values for new instance types (aws#1754)

* Regenerate pod eni values for new instance types

Co-authored-by: Senthil Kumaran <senthilx@amazon.com>

Minor change to container runtime argument

Check for Empty NetNs() first
Fallback to older method if prevResult is nil

Closed issue message (aws#1761)

* closed issue message

* update message

fix typo in upload script (aws#1763)

Update calico file path

Use an unique s3 bucket name (aws#1760)

Update region

Workflow to build arm and x86 images (aws#1764)

DataStore.GetStats() refactoring to simplify adding new fields (aws#1704)

* DataStore.GetStats() refactoring to simplify adding new fields

* cleanup

* cleanup

* cleanup

* goimports

* rename test to TestGetStatsV4

* address comments

* fix typo

* update

* update "IP pool is too low" logging

* GetStats() -> GetIpStats()

* GetStats() -> GetIpStats() in tests and comments

* update test

* cleanup test

* add logPoolStats comment

Fix KOPS_STATE_STORE (aws#1770)

Automation script for running IT  (aws#1759)

Update issue template

Update issue template with email address

Update issue template

Update go.mod for integration folder (aws#1741)

* Update go.mod for integration folder

- Update go.mod for integration folder

* Change integration test to use new K8s test framework

* Modify server pod image

* Switch to Nginx port 80 for server pod

* Switch server port in client test

* Remove custom command directive for Nginx pod

* Added ping command for host checks

README: mention arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy (aws#1768)

Co-authored-by: Shreya027 <shrenaik@amazon.com>

Add dl1.24xlarge to ENILimits override list (aws#1777)

Chart and Manifest updates (aws#1771)

* Chart and Manifest updates

* Update probe timeout values

Change workflow to use git install (aws#1785)

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file
cgchinmay pushed a commit to cgchinmay/amazon-vpc-cni-k8s that referenced this pull request Dec 9, 2021
Add VlanId in the cmdAdd Result struct
This VlanId will appear in the prevResult during cmdDel request

CleanUp Pod Network using vlanId from prevResult in CNI itself
No need to call ipamd

Log formatting changes

Added hostNetworking Setup test for pods using security groups

Updated cleanUpPodENI method

Skip processing Delete request if prevResult is nil
Add Logging vlanId to ipamd

Add support to test with containerd nodegroup in pod-eni test

Add check for empty Netns() in cni

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet

Readme updates (aws#1735)

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc

imdsv2 changes (aws#1743)

fix flaky canary test (aws#1742)

add CODEOWNERS (aws#1747)

Snat tests: [agent is already updated] (aws#1513)

* resolved conflicts with go.sum

* Updated test agent image

* Removed redundant files

* Addressed PR comments

Fixed go.sum in root folder

Changed DescribeInstanceWithFilter to DescribeInstances
Moved GetPrimaryInstanceId from ec2 interface
Added GinkgoWriter

Updated Readme for Snat test

Rearranged snat_test logic
Updated Readme for test/e2e

* Minor change to logging

Fix compilation errors (aws#1751)

add support for running canary script in different regions (aws#1752)

Regenerate pod eni values for new instance types (aws#1754)

* Regenerate pod eni values for new instance types

Co-authored-by: Senthil Kumaran <senthilx@amazon.com>

Minor change to container runtime argument

Check for Empty NetNs() first
Fallback to older method if prevResult is nil

Closed issue message (aws#1761)

* closed issue message

* update message

fix typo in upload script (aws#1763)

Update calico file path

Use an unique s3 bucket name (aws#1760)

Update region

Workflow to build arm and x86 images (aws#1764)

DataStore.GetStats() refactoring to simplify adding new fields (aws#1704)

* DataStore.GetStats() refactoring to simplify adding new fields

* cleanup

* cleanup

* cleanup

* goimports

* rename test to TestGetStatsV4

* address comments

* fix typo

* update

* update "IP pool is too low" logging

* GetStats() -> GetIpStats()

* GetStats() -> GetIpStats() in tests and comments

* update test

* cleanup test

* add logPoolStats comment

Fix KOPS_STATE_STORE (aws#1770)

Automation script for running IT  (aws#1759)

Update issue template

Update issue template with email address

Update issue template

Update go.mod for integration folder (aws#1741)

* Update go.mod for integration folder

- Update go.mod for integration folder

* Change integration test to use new K8s test framework

* Modify server pod image

* Switch to Nginx port 80 for server pod

* Switch server port in client test

* Remove custom command directive for Nginx pod

* Added ping command for host checks

README: mention arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy (aws#1768)

Co-authored-by: Shreya027 <shrenaik@amazon.com>

Add dl1.24xlarge to ENILimits override list (aws#1777)

Chart and Manifest updates (aws#1771)

* Chart and Manifest updates

* Update probe timeout values

Change workflow to use git install (aws#1785)

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file
haouc pushed a commit to haouc/amazon-vpc-cni-k8s that referenced this pull request Feb 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants