Skip to content

Commit

Permalink
logic to disable SrcAndDestCheck on NAT instances
Browse files Browse the repository at this point in the history
  • Loading branch information
AxiomSamarth committed Jul 28, 2021
1 parent 7d18e32 commit dc682b8
Show file tree
Hide file tree
Showing 3 changed files with 44 additions and 0 deletions.
3 changes: 3 additions & 0 deletions pkg/aws/apis/aws_provider_spec.go
Original file line number Diff line number Diff line change
Expand Up @@ -98,6 +98,9 @@ type AWSProviderSpec struct {
// When set to "" there is no maxPrice else, specifies the maxPrice
SpotPrice *string `json:"spotPrice,omitempty"`

// If set to false, source and destination checks are disabled, default is true
SrcAndDstChecksEnabled *bool `json:"srcAndDstChecksEnabled,omitempty"`

// Tags to be specified on the EC2 instances
Tags map[string]string `json:"tags,omitempty"`
}
Expand Down
22 changes: 22 additions & 0 deletions pkg/aws/core.go
Original file line number Diff line number Diff line change
Expand Up @@ -201,6 +201,14 @@ func (d *Driver) CreateMachine(ctx context.Context, req *driver.CreateMachineReq
return nil, status.Error(codes.Internal, err.Error())
}

// if SrcAnDstCheckEnabled is false then disable the SrcAndDestCheck on running NAT instance
if providerSpec.SrcAndDstChecksEnabled != nil && !*providerSpec.SrcAndDstChecksEnabled {
err := disableSrcAndDestCheck(svc, runResult.Instances[0].InstanceId)
if err != nil {
return nil, status.Error(codes.Internal, err.Error())
}
}

response := &driver.CreateMachineResponse{
ProviderID: encodeInstanceID(providerSpec.Region, *runResult.Instances[0].InstanceId),
NodeName: *runResult.Instances[0].PrivateDnsName,
Expand Down Expand Up @@ -335,6 +343,20 @@ func (d *Driver) GetMachineStatus(ctx context.Context, req *driver.GetMachineSta

requiredInstance := instances[0]

// if SrcAnDstCheckEnabled is false then disable the SrcAndDestCheck on running NAT instance
if providerSpec.SrcAndDstChecksEnabled != nil && !*providerSpec.SrcAndDstChecksEnabled {

svc, err := d.createSVC(secret, providerSpec.Region)
if err != nil {
return nil, status.Error(codes.Internal, err.Error())
}

err = disableSrcAndDestCheck(svc, requiredInstance.InstanceId)
if err != nil {
return nil, status.Error(codes.Internal, err.Error())
}
}

response := &driver.GetMachineStatusResponse{
NodeName: *requiredInstance.PrivateDnsName,
ProviderID: encodeInstanceID(providerSpec.Region, *requiredInstance.InstanceId),
Expand Down
19 changes: 19 additions & 0 deletions pkg/aws/core_util.go
Original file line number Diff line number Diff line change
Expand Up @@ -30,6 +30,7 @@ import (
corev1 "k8s.io/api/core/v1"
"k8s.io/apimachinery/pkg/util/validation/field"
"k8s.io/klog"
"k8s.io/utils/pointer"
)

const (
Expand Down Expand Up @@ -68,6 +69,24 @@ func decodeProviderSpecAndSecret(machineClass *v1alpha1.MachineClass, secret *co
return providerSpec, nil
}

// disableSrcAndDestCheck disbales the SrcAndDestCheck for NAT instances
func disableSrcAndDestCheck(svc ec2iface.EC2API, instanceID *string) error {

srcAndDstCheckEnabled := &ec2.ModifyInstanceAttributeInput{
InstanceId: instanceID,
SourceDestCheck: &ec2.AttributeBooleanValue{
Value: pointer.BoolPtr(false),
},
}

_, err := svc.ModifyInstanceAttribute(srcAndDstCheckEnabled)
if err != nil {
return err
}
klog.V(3).Infof("Successfully disabled Source/Destination check on NAT instance %s.", *instanceID)
return nil
}

// getInstancesFromMachineName extracts AWS Instance object from given machine name
func (d *Driver) getInstancesFromMachineName(machineName string, providerSpec *api.AWSProviderSpec, secret *corev1.Secret) ([]*ec2.Instance, error) {
var (
Expand Down

0 comments on commit dc682b8

Please sign in to comment.