Skip to content

Commit

Permalink
Updating Release 1.6 branch. (#494)
Browse files Browse the repository at this point in the history
* remove global exclusion for G108,G114 and add nosec in code (#404)

* Update controller_auth_proxy_patch.yaml (#405)

Update the reference from gcr.io to registry.k8s.io

>  kube-rbac-proxy is moving to registry.k8s.io/kubebuilder/kube-rbac-proxy (from gcr.io/kubebuilder/kube-rbac-proxy) because GCR is being sunset. We need to update these references.

* Fix log which causes panic (#407)

* Fix log which causes panic

* Consistent key name

* consistent naming

* updating ginkgo and gomega

* Bump github.com/prometheus/common from 0.51.1 to 0.53.0

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.51.1 to 0.53.0.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](prometheus/common@v0.51.1...v0.53.0)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>

* Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (#432)

Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](prometheus/client_model@v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/onsi/ginkgo/v2 from 2.17.2 to 2.19.0 (#431)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.17.2 to 2.19.0.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](onsi/ginkgo@v2.17.2...v2.19.0)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* QPS and busrt adjustment (#436)

* readme update for events (#453)

* Set controller user-agent to vpc-resource-controller/git-version (#455)

* update user-agent string.

* Use AppName instead of ControllerName.

* Add security group pods scale test in ginkgo (#457)

* Add security group pods scale test in ginkgo

* Add instructions to run scale tests manually

* fix typo in README

* Passing page limit to cach config instead of override. (#452)

* passing page limit to cache config

* adding error log to optimized list watcher

* importing vpc pkg

* pods will requeue for reconcile if nodes are not managed and requested eni (#463)

* pod will requeue for reconcile if nodes are not managed and requested eni

* log statement change

* looping through all container for eni requests

* adding ut for utils function

* add CNINode integration tests (#479)

* add CNINode integration tests

* address PR comments

* updating log statements

* add retry in VerifyCNINode

* Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#480)

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](uber-go/zap@v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* increasing timeout for few integration test (#486)

* Skipping health check on nodes if EC2 returns throttling errors (#485)

* updating limits.go for supported ec2 instance type #491

* Bump github.com/samber/lo from 1.39.0 to 1.47.0 (#481)

Bumps [github.com/samber/lo](https://github.com/samber/lo) from 1.39.0 to 1.47.0.
- [Release notes](https://github.com/samber/lo/releases)
- [Commits](samber/lo@v1.39.0...v1.47.0)

---
updated-dependencies:
- dependency-name: github.com/samber/lo
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <senthilx@amazon.com>
Co-authored-by: Garvin Pang <garvinpang@protonmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Hao Zhou <haouc@users.noreply.github.com>
  • Loading branch information
6 people authored Nov 18, 2024
1 parent 88956b9 commit bd090e0
Show file tree
Hide file tree
Showing 41 changed files with 1,420 additions and 172 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/presubmit.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -67,5 +67,5 @@ jobs:
- name: Install `gosec`
run: go install github.com/securego/gosec/v2/cmd/gosec@latest
- name: Run Gosec Security Scanner
run: ~/go/bin/gosec -exclude-dir test -exclude-generated -severity medium -exclude=G108,G114 ./...
run: ~/go/bin/gosec -exclude-dir test -exclude-generated -severity medium ./...

11 changes: 10 additions & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,16 @@

Controller running on EKS Control Plane for managing Branch & Trunk Network Interface for [Kubernetes Pod](https://kubernetes.io/docs/concepts/workloads/pods/) using the [Security Group for Pod](https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html) feature and IPv4 Address Management(IPAM) of [Windows Nodes](https://docs.aws.amazon.com/eks/latest/userguide/windows-support.html).

The controller broadcasts its version to nodes. Describing any node will provide the version information in node `Events`. The mapping between the controller's version and the cluster's platform version is also available in release notes.
The controller broadcasts its version to nodes. Describing any node will provide the version information in node `Events`. The mapping between the controller's version and the cluster's platform version is also available in release notes. Please be aware that kubernetes events last for one hour in general and you may have to check the version information events in newly created nodes.

Version events example:
```
Events:
Type Reason Age From Message
---- ------ ---- ---- -------
Normal ControllerVersionNotice 2m58s vpc-resource-controller The node is managed by VPC resource controller version v1.4.9
Normal NodeTrunkInitiated 2m55s vpc-resource-controller The node has trunk interface initialized successfully
```

## Security Group for Pods

Expand Down
2 changes: 1 addition & 1 deletion config/default/controller_auth_proxy_patch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ spec:
spec:
containers:
- name: kube-rbac-proxy
image: gcr.io/kubebuilder/kube-rbac-proxy:v0.5.0
image: registry.k8s.io/kubebuilder/kube-rbac-proxy:v0.5.0
args:
- "--secure-listen-address=0.0.0.0:8443"
- "--upstream=http://127.0.0.1:8080/"
Expand Down
6 changes: 6 additions & 0 deletions controllers/core/node_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -168,6 +168,12 @@ func (r *NodeReconciler) Check() healthz.Checker {
return nil
}

if r.Manager.SkipHealthCheck() {
// node manager observes EC2 error on processing node, pausing reconciler check to avoid stressing the system
r.Log.Info("due to EC2 error, node controller skips node reconciler health check for now")
return nil
}

err := rcHealthz.PingWithTimeout(func(c chan<- error) {
// when the reconciler is ready, testing the reconciler with a fake node request
pingRequest := &ctrl.Request{
Expand Down
7 changes: 6 additions & 1 deletion controllers/core/pod_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,7 @@ import (
"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/node"
"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/node/manager"
"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/resource"
"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/utils"
"github.com/google/uuid"

"github.com/go-logr/logr"
Expand Down Expand Up @@ -56,7 +57,7 @@ type PodReconciler struct {

var (
PodRequeueRequest = ctrl.Result{Requeue: true, RequeueAfter: time.Second}
MaxPodConcurrentReconciles = 10
MaxPodConcurrentReconciles = 20
)

// Reconcile handles create/update/delete event by delegating the request to the handler
Expand Down Expand Up @@ -112,6 +113,10 @@ func (r *PodReconciler) Reconcile(request custom.Request) (ctrl.Result, error) {
logger.V(1).Info("pod's node is not yet initialized by the manager, will retry", "Requested", request.NamespacedName.String(), "Cached pod name", pod.ObjectMeta.Name, "Cached pod namespace", pod.ObjectMeta.Namespace)
return PodRequeueRequest, nil
} else if !node.IsManaged() {
if utils.PodHasENIRequest(pod) {
r.Log.Info("pod's node is not managed, but has eni request, will retry", "Requested", request.NamespacedName.String(), "Cached pod name", pod.ObjectMeta.Name, "Cached pod namespace", pod.ObjectMeta.Namespace)
return PodRequeueRequest, nil
}
logger.V(1).Info("pod's node is not managed, skipping pod event", "Requested", request.NamespacedName.String(), "Cached pod name", pod.ObjectMeta.Name, "Cached pod namespace", pod.ObjectMeta.Namespace)
return ctrl.Result{}, nil
} else if !node.IsReady() {
Expand Down
3 changes: 2 additions & 1 deletion controllers/core/pod_controller_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,7 @@ package controllers
import (
"errors"
"testing"
"time"

"github.com/aws/amazon-vpc-resource-controller-k8s/controllers/custom"
mock_condition "github.com/aws/amazon-vpc-resource-controller-k8s/mocks/amazon-vcp-resource-controller-k8s/pkg/condition"
Expand Down Expand Up @@ -188,7 +189,7 @@ func TestPodReconciler_Reconcile_NonManaged(t *testing.T) {

result, err := mock.PodReconciler.Reconcile(mockReq)
assert.NoError(t, err)
assert.Equal(t, result, controllerruntime.Result{})
assert.Equal(t, controllerruntime.Result{Requeue: true, RequeueAfter: time.Second}, result)
}

// TestPodReconciler_Reconcile_NoNodeAssigned tests that the request for a Pod with no Node assigned
Expand Down
11 changes: 6 additions & 5 deletions controllers/custom/builder.go
Original file line number Diff line number Diff line change
Expand Up @@ -113,15 +113,16 @@ func (b *Builder) Complete(reconciler Reconciler) (healthz.Checker, error) {
workqueue.DefaultControllerRateLimiter(), b.options.Name)

optimizedListWatch := newOptimizedListWatcher(b.ctx, b.clientSet.CoreV1().RESTClient(),
b.converter.Resource(), b.options.Namespace, b.options.PageLimit, b.converter)
b.converter.Resource(), b.options.Namespace, b.converter, b.log.WithName("listWatcher"))

// Create the config for low level controller with the custom converter
// list and watch
config := &cache.Config{
Queue: cache.NewDeltaFIFO(b.converter.Indexer, b.dataStore),
ListerWatcher: optimizedListWatch,
ObjectType: b.converter.ResourceType(),
FullResyncPeriod: b.options.ResyncPeriod,
Queue: cache.NewDeltaFIFO(b.converter.Indexer, b.dataStore),
ListerWatcher: optimizedListWatch,
WatchListPageSize: int64(b.options.PageLimit),
ObjectType: b.converter.ResourceType(),
FullResyncPeriod: b.options.ResyncPeriod,
Process: func(obj interface{}, _ bool) error {
// from oldest to newest
for _, d := range obj.(cache.Deltas) {
Expand Down
27 changes: 20 additions & 7 deletions controllers/custom/custom_controller.go
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ import (

"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/condition"
"github.com/go-logr/logr"
apierrors "k8s.io/apimachinery/pkg/api/errors"
metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/apimachinery/pkg/runtime"
"k8s.io/apimachinery/pkg/types"
Expand Down Expand Up @@ -178,23 +179,26 @@ func (c *CustomController) WaitForCacheSync(controller cache.Controller) {

// newOptimizedListWatcher returns a list watcher with a custom list function that converts the
// response for each page using the converter function and returns a general watcher
func newOptimizedListWatcher(ctx context.Context, restClient cache.Getter, resource string, namespace string, limit int,
converter Converter) *cache.ListWatch {
func newOptimizedListWatcher(ctx context.Context, restClient cache.Getter, resource string, namespace string,
converter Converter, log logr.Logger) *cache.ListWatch {

listFunc := func(options metav1.ListOptions) (runtime.Object, error) {
list, err := restClient.Get().
Namespace(namespace).
Resource(resource).
// This needs to be done because just setting the limit using option's
// Limit is being overridden and the response is returned without pagination.
VersionedParams(&metav1.ListOptions{
Limit: int64(limit),
Limit: options.Limit,
Continue: options.Continue,
}, metav1.ParameterCodec).
Do(ctx).
Get()
if err != nil {
return list, err
if statusErr, ok := err.(*apierrors.StatusError); ok {
log.Error(err, "List operation error", "code", statusErr.Status().Code)
} else {
log.Error(err, "List operation error")
}
return nil, err
}
// Strip down the the list before passing the paginated response back to
// the pager function
Expand All @@ -206,11 +210,20 @@ func newOptimizedListWatcher(ctx context.Context, restClient cache.Getter, resou
// before storing the object in the data store.
watchFunc := func(options metav1.ListOptions) (watch.Interface, error) {
options.Watch = true
return restClient.Get().
watch, err := restClient.Get().
Namespace(namespace).
Resource(resource).
VersionedParams(&options, metav1.ParameterCodec).
Watch(ctx)
if err != nil {
if statusErr, ok := err.(*apierrors.StatusError); ok {
log.Error(err, "Watch operation error", "code", statusErr.Status().Code)
} else {
log.Error(err, "Watch operation error")
}
return nil, err
}
return watch, err
}
return &cache.ListWatch{ListFunc: listFunc, WatchFunc: watchFunc}
}
Expand Down
26 changes: 13 additions & 13 deletions go.mod
Original file line number Diff line number Diff line change
Expand Up @@ -9,14 +9,14 @@ require (
github.com/go-logr/zapr v1.3.0
github.com/golang/mock v1.6.0
github.com/google/uuid v1.6.0
github.com/onsi/ginkgo/v2 v2.17.1
github.com/onsi/gomega v1.31.1
github.com/onsi/ginkgo/v2 v2.19.0
github.com/onsi/gomega v1.33.1
github.com/pkg/errors v0.9.1
github.com/prometheus/client_golang v1.19.0
github.com/prometheus/client_model v0.6.0
github.com/prometheus/common v0.52.2
github.com/prometheus/client_model v0.6.1
github.com/prometheus/common v0.53.0
github.com/stretchr/testify v1.9.0
go.uber.org/zap v1.26.0
go.uber.org/zap v1.27.0
golang.org/x/time v0.5.0
gomodules.xyz/jsonpatch/v2 v2.4.0
k8s.io/api v0.29.3
Expand All @@ -26,6 +26,7 @@ require (
)

require (
github.com/go-task/slim-sprig/v3 v3.0.0 // indirect
github.com/google/gnostic-models v0.6.9-0.20230804172637-c7be7c783f49 // indirect
github.com/gorilla/websocket v1.5.0 // indirect
github.com/mxk/go-flowrate v0.0.0-20140419014527-cca7078d478f // indirect
Expand All @@ -42,13 +43,12 @@ require (
github.com/go-openapi/jsonpointer v0.19.6 // indirect
github.com/go-openapi/jsonreference v0.20.2 // indirect
github.com/go-openapi/swag v0.22.3 // indirect
github.com/go-task/slim-sprig v0.0.0-20230315185526-52ccab3ef572 // indirect
github.com/gogo/protobuf v1.3.2 // indirect
github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da // indirect
github.com/golang/protobuf v1.5.4 // indirect
github.com/google/go-cmp v0.6.0 // indirect
github.com/google/gofuzz v1.2.0 // indirect
github.com/google/pprof v0.0.0-20230323073829-e72429f035bd // indirect
github.com/google/pprof v0.0.0-20240424215950-a892ee059fd6 // indirect
github.com/imdario/mergo v0.3.13 // indirect
github.com/jmespath/go-jmespath v0.4.0 // indirect
github.com/josharian/intern v1.0.0 // indirect
Expand All @@ -60,16 +60,16 @@ require (
github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect
github.com/pmezard/go-difflib v1.0.0 // indirect
github.com/prometheus/procfs v0.12.0 // indirect
github.com/samber/lo v1.39.0
github.com/samber/lo v1.47.0
github.com/spf13/pflag v1.0.5 // indirect
go.uber.org/multierr v1.11.0 // indirect
golang.org/x/exp v0.0.0-20231006140011-7918f672742d
golang.org/x/net v0.23.0 // indirect
golang.org/x/net v0.25.0 // indirect
golang.org/x/oauth2 v0.18.0 // indirect
golang.org/x/sys v0.18.0 // indirect
golang.org/x/term v0.18.0 // indirect
golang.org/x/text v0.14.0 // indirect
golang.org/x/tools v0.17.0 // indirect
golang.org/x/sys v0.20.0 // indirect
golang.org/x/term v0.20.0 // indirect
golang.org/x/text v0.16.0 // indirect
golang.org/x/tools v0.21.1-0.20240508182429-e35e4ccd0d2d // indirect
google.golang.org/appengine v1.6.8 // indirect
google.golang.org/protobuf v1.33.0 // indirect
gopkg.in/inf.v0 v0.9.1 // indirect
Expand Down
Loading

0 comments on commit bd090e0

Please sign in to comment.