From 3fa11dc636fb3357a77ae064b1d7a0bd26a38374 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Fri, 2 Jun 2023 14:00:00 -0700 Subject: [PATCH 1/7] refactor canary test to access images from AWS registries (#2398) --- scripts/run-canary-test.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/run-canary-test.sh b/scripts/run-canary-test.sh index 666f7a46de..97680cdb49 100755 --- a/scripts/run-canary-test.sh +++ b/scripts/run-canary-test.sh @@ -11,10 +11,6 @@ GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} ADC_REGIONS="us-iso-east-1 us-isob-east-1 us-iso-west-1" -# authenticate into test registry -echo "authenticate to test image registry in $REGION" -aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${TEST_IMAGE_REGISTRY} - source "$SCRIPT_DIR"/lib/add-on.sh source "$SCRIPT_DIR"/lib/cluster.sh source "$SCRIPT_DIR"/lib/canary.sh From 68c7e4454ce6dce04ea742d60d8570edd95f118e Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Fri, 9 Jun 2023 15:50:08 -0700 Subject: [PATCH 2/7] skip delete test cluster to debug (#2414) --- scripts/lib/cluster.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/scripts/lib/cluster.sh b/scripts/lib/cluster.sh index 660a35c8e8..baf8c45bb1 100644 --- a/scripts/lib/cluster.sh +++ b/scripts/lib/cluster.sh @@ -16,10 +16,11 @@ function load_deveks_cluster_details() { } function down-test-cluster() { - echo -n "Deleting cluster (this may take ~10 mins) ... " - eksctl delete cluster $CLUSTER_NAME >>$CLUSTER_MANAGE_LOG_PATH 2>&1 || - (echo "failed. Check $CLUSTER_MANAGE_LOG_PATH." && exit 1) - echo "ok." + echo "skipping the cluster deletion in down-test-cluster for debug" +# echo -n "Deleting cluster (this may take ~10 mins) ... " +# eksctl delete cluster $CLUSTER_NAME >>$CLUSTER_MANAGE_LOG_PATH 2>&1 || +# (echo "failed. Check $CLUSTER_MANAGE_LOG_PATH." && exit 1) +# echo "ok." } function up-test-cluster() { From 6ef6a54cd6abb99007a230c6943c10f99025d605 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Fri, 9 Jun 2023 16:57:35 -0700 Subject: [PATCH 3/7] Revert "skip delete test cluster to debug (#2414)" (#2415) This reverts commit 7c30943e94a3f7179feb8cc3fbef7737858f8111. --- scripts/lib/cluster.sh | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/scripts/lib/cluster.sh b/scripts/lib/cluster.sh index baf8c45bb1..660a35c8e8 100644 --- a/scripts/lib/cluster.sh +++ b/scripts/lib/cluster.sh @@ -16,11 +16,10 @@ function load_deveks_cluster_details() { } function down-test-cluster() { - echo "skipping the cluster deletion in down-test-cluster for debug" -# echo -n "Deleting cluster (this may take ~10 mins) ... " -# eksctl delete cluster $CLUSTER_NAME >>$CLUSTER_MANAGE_LOG_PATH 2>&1 || -# (echo "failed. Check $CLUSTER_MANAGE_LOG_PATH." && exit 1) -# echo "ok." + echo -n "Deleting cluster (this may take ~10 mins) ... " + eksctl delete cluster $CLUSTER_NAME >>$CLUSTER_MANAGE_LOG_PATH 2>&1 || + (echo "failed. Check $CLUSTER_MANAGE_LOG_PATH." && exit 1) + echo "ok." } function up-test-cluster() { From 14f1e1c29be868b7904f6c7313436675fffa62f9 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Tue, 13 Jun 2023 12:25:39 -0700 Subject: [PATCH 4/7] authenticate to test image registry (#2417) --- scripts/run-canary-test.sh | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/scripts/run-canary-test.sh b/scripts/run-canary-test.sh index 97680cdb49..666f7a46de 100755 --- a/scripts/run-canary-test.sh +++ b/scripts/run-canary-test.sh @@ -11,6 +11,10 @@ GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} ADC_REGIONS="us-iso-east-1 us-isob-east-1 us-iso-west-1" +# authenticate into test registry +echo "authenticate to test image registry in $REGION" +aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${TEST_IMAGE_REGISTRY} + source "$SCRIPT_DIR"/lib/add-on.sh source "$SCRIPT_DIR"/lib/cluster.sh source "$SCRIPT_DIR"/lib/canary.sh From 63af99529f11c2b156a4b22180bcec4bdc2bf05d Mon Sep 17 00:00:00 2001 From: Jeffrey Nelson Date: Fri, 16 Jun 2023 12:59:30 -0500 Subject: [PATCH 5/7] fix hard-coded nitro instances (#2428) --- pkg/awsutils/vpc_ip_resource_limit.go | 4 ++-- scripts/gen_vpc_ip_limits.go | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/pkg/awsutils/vpc_ip_resource_limit.go b/pkg/awsutils/vpc_ip_resource_limit.go index bc5534b3f6..57172d8f91 100644 --- a/pkg/awsutils/vpc_ip_resource_limit.go +++ b/pkg/awsutils/vpc_ip_resource_limit.go @@ -172,7 +172,7 @@ var InstanceNetworkingLimits = map[string]InstanceTypeLimits{ "c7g.8xlarge": {ENILimit: 8, IPv4Limit: 30, HypervisorType:"nitro", IsBareMetal:false}, "c7g.large": {ENILimit: 3, IPv4Limit: 10, HypervisorType:"nitro", IsBareMetal:false}, "c7g.medium": {ENILimit: 2, IPv4Limit: 4, HypervisorType:"nitro", IsBareMetal:false}, - "c7g.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"unknown", IsBareMetal:true}, + "c7g.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:true}, "c7g.xlarge": {ENILimit: 4, IPv4Limit: 15, HypervisorType:"nitro", IsBareMetal:false}, "cr1.8xlarge": {ENILimit: 8, IPv4Limit: 30, HypervisorType:"unknown", IsBareMetal:false}, "d2.2xlarge": {ENILimit: 4, IPv4Limit: 15, HypervisorType:"xen", IsBareMetal:false}, @@ -449,7 +449,7 @@ var InstanceNetworkingLimits = map[string]InstanceTypeLimits{ "p3.8xlarge": {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false}, "p3dn.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false}, "p4d.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false}, - "p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"unknown", IsBareMetal:false}, + "p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType:"nitro", IsBareMetal:false}, "r3.2xlarge": {ENILimit: 4, IPv4Limit: 15, HypervisorType:"xen", IsBareMetal:false}, "r3.4xlarge": {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false}, "r3.8xlarge": {ENILimit: 8, IPv4Limit: 30, HypervisorType:"xen", IsBareMetal:false}, diff --git a/scripts/gen_vpc_ip_limits.go b/scripts/gen_vpc_ip_limits.go index 5ee298b8ff..2187af3af3 100644 --- a/scripts/gen_vpc_ip_limits.go +++ b/scripts/gen_vpc_ip_limits.go @@ -201,8 +201,8 @@ func addManualLimits(limitMap map[string]awsutils.InstanceTypeLimits) map[string "u-9tb1.metal": {ENILimit: 5, IPv4Limit: 30, HypervisorType: "unknown", IsBareMetal: true}, "c5a.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true}, "c5ad.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true}, - "p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: false}, - "c7g.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true}, + "p4de.24xlarge": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "nitro", IsBareMetal: false}, + "c7g.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "nitro", IsBareMetal: true}, "bmn-sf1.metal": {ENILimit: 15, IPv4Limit: 50, HypervisorType: "unknown", IsBareMetal: true}, } for instanceType, instanceLimits := range manuallyAddedLimits { From 1b55e4a904a5b6603132f42b60964aedbdb8e1d0 Mon Sep 17 00:00:00 2001 From: Olivia Song Date: Fri, 16 Jun 2023 12:52:10 -0700 Subject: [PATCH 6/7] move authentication step from test canary script (#2429) --- scripts/run-canary-test.sh | 4 ---- 1 file changed, 4 deletions(-) diff --git a/scripts/run-canary-test.sh b/scripts/run-canary-test.sh index 666f7a46de..97680cdb49 100755 --- a/scripts/run-canary-test.sh +++ b/scripts/run-canary-test.sh @@ -11,10 +11,6 @@ GINKGO_TEST_BUILD="$SCRIPT_DIR/../test/build" TEST_IMAGE_REGISTRY=${TEST_IMAGE_REGISTRY:-"617930562442.dkr.ecr.us-west-2.amazonaws.com"} ADC_REGIONS="us-iso-east-1 us-isob-east-1 us-iso-west-1" -# authenticate into test registry -echo "authenticate to test image registry in $REGION" -aws ecr get-login-password --region $REGION | docker login --username AWS --password-stdin ${TEST_IMAGE_REGISTRY} - source "$SCRIPT_DIR"/lib/add-on.sh source "$SCRIPT_DIR"/lib/cluster.sh source "$SCRIPT_DIR"/lib/canary.sh From bb94eecfc787bf3e369c81e7b35a2d8f8650bec2 Mon Sep 17 00:00:00 2001 From: Jeff Nelson Date: Fri, 16 Jun 2023 16:20:42 +0000 Subject: [PATCH 7/7] node initialization must come after primary ENI's security groups are synced to cache --- pkg/ipamd/ipamd.go | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/pkg/ipamd/ipamd.go b/pkg/ipamd/ipamd.go index 91289818fe..ed16d9ae94 100644 --- a/pkg/ipamd/ipamd.go +++ b/pkg/ipamd/ipamd.go @@ -439,14 +439,8 @@ func New(rawK8SClient client.Client, cachedK8SClient client.Client) (*IPAMContex checkpointer := datastore.NewJSONFile(dsBackingStorePath()) c.dataStore = datastore.NewDataStore(log, checkpointer, c.enablePrefixDelegation) - err = c.nodeInit() - if err != nil { - return nil, err - } - - mac := c.awsClient.GetPrimaryENImac() - // Retrieve security groups + mac := c.awsClient.GetPrimaryENImac() if c.enableIPv4 && !c.disableENIProvisioning { err = c.awsClient.RefreshSGIDs(mac) if err != nil { @@ -458,6 +452,11 @@ func New(rawK8SClient client.Client, cachedK8SClient client.Client) (*IPAMContex go wait.Forever(func() { _ = c.awsClient.RefreshSGIDs(mac) }, 30*time.Second) } + err = c.nodeInit() + if err != nil { + return nil, err + } + return c, nil }