diff --git a/CHANGELOG.md b/CHANGELOG.md index 1269f6a0a8..694b57eb6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,7 +4,6 @@ * Feature: run make generate-limits to update the max pods file by @tzneal in https://github.com/aws/amazon-vpc-cni-k8s/pull/3141 * Tests: Fix KOps Integration Test by @dshehbaj in https://github.com/aws/amazon-vpc-cni-k8s/pull/3140 -* Bug-fix: Fix issues with handling unmanaged ENIs with IPv6 only by @gavinbunney in https://github.com/aws/amazon-vpc-cni-k8s/pull/3122 * Bug-Fix: Revert "utils prometheusmetrics: convert gauges to counters (#3093)" by @orsenthil in https://github.com/aws/amazon-vpc-cni-k8s/pull/3147 * Docs: Update NP strict mode doc by @Pavani-Panakanti in https://github.com/aws/amazon-vpc-cni-k8s/pull/3125 * Docs: adding email to share node bundle by @yash97 in https://github.com/aws/amazon-vpc-cni-k8s/pull/3134 diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go index c037622ad8..3fea1e189d 100644 --- a/pkg/awsutils/awsutils.go +++ b/pkg/awsutils/awsutils.go @@ -610,9 +610,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat awsAPIErrInc("GetMACImdsFields", err) return ENIMetadata{}, err } - - ipv4Available := false - ipv6Available := false + ipInfoAvailable := false // Efa-only interfaces do not have any ipv4s or ipv6s associated with it. If we don't find any local-ipv4 or ipv6 info in imds we assume it to be efa-only interface and validate this later via ec2 call for _, field := range macImdsFields { if field == "local-ipv4s" { @@ -622,7 +620,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat return ENIMetadata{}, err } if len(imdsIPv4s) > 0 { - ipv4Available = true + ipInfoAvailable = true log.Debugf("Found IPv4 addresses associated with interface. This is not efa-only interface") break } @@ -632,14 +630,14 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat if err != nil { awsAPIErrInc("GetIPv6s", err) } else if len(imdsIPv6s) > 0 { - ipv6Available = true + ipInfoAvailable = true log.Debugf("Found IPv6 addresses associated with interface. This is not efa-only interface") break } } } - if !ipv4Available && !ipv6Available { + if !ipInfoAvailable { return ENIMetadata{ ENIID: eniID, MAC: eniMAC, @@ -654,29 +652,23 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat } // Get IPv4 and IPv6 addresses assigned to interface - var ec2ip4s []*ec2.NetworkInterfacePrivateIpAddress - var subnetV4Cidr string - if ipv4Available { - cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) - return ENIMetadata{}, err - } - - subnetV4Cidr = cidr.String() + cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetSubnetIPv4CIDRBlock", err) + return ENIMetadata{}, err + } - imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) - if err != nil { - awsAPIErrInc("GetLocalIPv4s", err) - return ENIMetadata{}, err - } + imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC) + if err != nil { + awsAPIErrInc("GetLocalIPv4s", err) + return ENIMetadata{}, err + } - ec2ip4s = make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) - for i, ip4 := range imdsIPv4s { - ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ - Primary: aws.Bool(i == 0), - PrivateIpAddress: aws.String(ip4.String()), - } + ec2ip4s := make([]*ec2.NetworkInterfacePrivateIpAddress, len(imdsIPv4s)) + for i, ip4 := range imdsIPv4s { + ec2ip4s[i] = &ec2.NetworkInterfacePrivateIpAddress{ + Primary: aws.Bool(i == 0), + PrivateIpAddress: aws.String(ip4.String()), } } @@ -740,7 +732,7 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat ENIID: eniID, MAC: eniMAC, DeviceNumber: deviceNum, - SubnetIPv4CIDR: subnetV4Cidr, + SubnetIPv4CIDR: cidr.String(), IPv4Addresses: ec2ip4s, IPv4Prefixes: ec2ipv4Prefixes, SubnetIPv6CIDR: subnetV6Cidr, @@ -1415,17 +1407,14 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult, efaENIs[eniID] = true } if interfaceType != "efa-only" { - if len(eniMetadata.IPv4Addresses) == 0 && len(eniMetadata.IPv6Addresses) == 0 { + if len(eniMetadata.IPv4Addresses) == 0 { log.Errorf("Missing IP addresses from IMDS. Non efa-only interface should have IP address associated with it %s", eniID) - outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 and IPv6 addresses found") + outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 address found") return DescribeAllENIsResult{}, outOfSyncErr } } - // Check IPv4 addresses - if len(eniMetadata.IPv4Addresses) > 0 { - logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses) - } + logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses) tagMap[eniMetadata.ENIID] = convertSDKTagsToTags(ec2res.TagSet) } return DescribeAllENIsResult{ diff --git a/pkg/awsutils/awsutils_test.go b/pkg/awsutils/awsutils_test.go index 3fcfb4e982..e923a82bcc 100644 --- a/pkg/awsutils/awsutils_test.go +++ b/pkg/awsutils/awsutils_test.go @@ -53,7 +53,6 @@ const ( metadataSubnetCIDR = "/subnet-ipv4-cidr-block" metadataIPv4s = "/local-ipv4s" metadataIPv4Prefixes = "/ipv4-prefix" - metadataIPv6s = "/ipv6s" metadataIPv6Prefixes = "/ipv6-prefix" az = "us-east-1a" @@ -77,14 +76,12 @@ const ( eni2Device = "1" eni2PrivateIP = "10.0.0.2" eni2Prefix = "10.0.2.0/28" - eni2v6IP = "2001:db8:8:4::2" eni2v6Prefix = "2001:db8::/64" eni2ID = "eni-12341234" metadataVPCIPv4CIDRs = "192.168.0.0/16 100.66.0.0/1" myNodeName = "testNodeName" imdsMACFields = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block local-ipv4s ipv4-prefix ipv6-prefix" imdsMACFieldsEfaOnly = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv4-prefix ipv6-prefix" - imdsMACFieldsV6Only = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv6-cidr-blocks ipv6s ipv6-prefix" ) func testMetadata(overrides map[string]interface{}) FakeIMDS { @@ -241,23 +238,6 @@ func TestGetAttachedENIsWithEfaOnly(t *testing.T) { } } -func TestGetAttachedENIsWithIPv6Only(t *testing.T) { - mockMetadata := testMetadata(map[string]interface{}{ - metadataMACPath: primaryMAC + " " + eni2MAC, - metadataMACPath + eni2MAC: imdsMACFieldsV6Only, - metadataMACPath + eni2MAC + metadataDeviceNum: eni2Device, - metadataMACPath + eni2MAC + metadataInterface: eni2ID, - metadataMACPath + eni2MAC + metadataIPv6s: eni2v6IP, - metadataMACPath + eni2MAC + metadataIPv6Prefixes: eni2v6Prefix, - }) - - cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}} - ens, err := cache.GetAttachedENIs() - if assert.NoError(t, err) { - assert.Equal(t, len(ens), 2) - } -} - func TestGetAttachedENIsWithPrefixes(t *testing.T) { mockMetadata := testMetadata(map[string]interface{}{ metadataMACPath: primaryMAC + " " + eni2MAC,