AWS: handle multiple IPs when using more than 1 network interface per ec2 instance #50112
Conversation
|
Thanks for your pull request. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA). 📝 Please follow instructions at https://github.com/kubernetes/kubernetes/wiki/CLA-FAQ to sign the CLA. It may take a couple minutes for the CLA signature to be fully registered; after that, please reply here with a new comment and we'll verify. Thanks.
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
cncf-cla: no
|
Hi @jlz27. Thanks for your PR. I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here. |
k8s-ci-robot
added
the
needs-ok-to-test
k8s-github-robot
added
size/L
|
/assign @justinsb |
k8s-ci-robot
added
cncf-cla: yes
|
/ok-to-test |
k8s-ci-robot
removed
the
needs-ok-to-test
|
A few nits, but mostly about making the code more defensive, and generally looks good as long as it passes tests! |
| return nil, fmt.Errorf("error querying AWS metadata for %q: %q", macPath, err) | ||
| } | ||
| for _, internalIP := range strings.Split(internalIPs, "\n") { | ||
| addresses = append(addresses, v1.NodeAddress{Type: v1.NodeInternalIP, Address: internalIP}) |
There was a problem hiding this comment.
And probably best to skip empty strings here also, but again not needed
| } | ||
|
|
||
| for _, macID := range strings.Split(macs, "\n") { | ||
| macPath := path.Join("network/interfaces/macs/", macID, "local-ipv4s") |
There was a problem hiding this comment.
Probably good to skip empty strings here just in case, but I don't think it is needed for the EC2 metadata service.
| // handle internal network interfaces | ||
| for _, networkInterface := range instance.NetworkInterfaces { | ||
| // skip network interfaces that are not currently in use | ||
| if isNilOrEmpty(networkInterface.Status) || *networkInterface.Status != ec2.NetworkInterfaceStatusInUse { |
There was a problem hiding this comment.
Nit: you can probably use if aws.StringValue(networkInterface.Status) != ec2.NetworkInterfaceStatusInUse
| ipAddress := *internalIP.PrivateIpAddress | ||
| ip := net.ParseIP(ipAddress) | ||
| if ip == nil { | ||
| return nil, fmt.Errorf("EC2 instance had invalid private address: %s (%s)", orEmpty(instance.InstanceId), ipAddress) |
There was a problem hiding this comment.
In general, we're trying to use aws.StringValue instead of orEmpty. orEmpty predates aws.StringValue!
There was a problem hiding this comment.
Also something I've learned from bitter experience - always use %q when printing an unparseable value, because you want to see the whitespace / invalid characters!
There was a problem hiding this comment.
(Though I realize this is existing code, so no need to change it in this PR!)
There was a problem hiding this comment.
fixed instance of orEmpty in the changed code, good call on %q
|
@justinsb ping on this, I thought all the test passed last week but now it looks like the bazel builds are waiting again? Let me know if there is anything else I can do to push this through. |
k8s-github-robot
added
do-not-merge/release-note-label-needed
justinsb
changed the title
|
I think it's just hung. Going to close and reopen as that often kicks things off again. Can I ask though - what is the use case here? Because I've realized that we may also want to use multiple ENIs for pods with dedicated ENIs in future. It's a lot of work and the limits are currently a bit low, so I'm not sure that will ever actually come to fruition, but I just want to check that what we're doing here is worth it! (i.e. why are you giving your instances multiple IPs / ENIs?) |
|
/retest |
|
Yep, so the concrete thing that this blocks right now if you want to run a pod with |
|
/test pull-kubernetes-federation-e2e-gce |
|
/test pull-kubernetes-e2e-gce-bazel |
|
Cool, using ENIs for pods sounds pretty interesting. I think that implementation will need to be aware of the implications of users swapping out the base ENI for the instance since kubelets shouldn't care about how the user set up the AWS cluster. For example, I could attach 2 ENIs to my instance to handle public/private traffic and would like the kubelet to bind correctly to the private ENI. |
|
/test pull-kubernetes-e2e-kops-aws |
1 similar comment
|
/test pull-kubernetes-e2e-kops-aws |
|
/lgtm I suspect you're right, that if we ever do ENI-per-pod (or similar) that we'll need special handling anyway. |
k8s-ci-robot
added
the
lgtm
|
/approve |
|
[APPROVALNOTIFIER] This PR is APPROVED This pull-request has been approved by: jlz27, justinsb Associated issue: 44686 The full list of commands accepted by this bot can be found here.
Needs approval from an approver in each of these OWNERS Files:
You can indicate your approval by writing |
k8s-github-robot
added
the
approved
|
Automatic merge from submit-queue (batch tested with PRs 51301, 50497, 50112, 48184, 50993) |
What this PR does / why we need it:
Adds support for kubelets running with the AWS cloud provider on ec2 instances with multiple network interfaces. If the active interface is not eth0, the AWS cloud provider currently reports the wrong node IP.
Which issue this PR fixes (optional, in
fixes #<issue number>(, fixes #<issue_number>, ...)format, will close that issue when PR gets merged): fixes #44686Special notes for your reviewer:
There is also some work necessary for handling multiple DNS names and such but I didn't fix them in this PR.
Release note: