Update SGs for EKS created managed ENI

aws · Jul 29, 2020 · eba1d3d · eba1d3d
1 parent cbee9e3
commit eba1d3d
Showing 1 changed file with 31 additions and 0 deletions.
diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go
@@ -411,6 +411,37 @@ func (cache *EC2InstanceMetadataCache) refreshSGIDs(mac string) error {
 		log.Infof("Removed %s from ipamd cache", sg)
 	}
 	cache.securityGroups.Set(sgIDs)
+
+	if addedSGsCount != 0 || deletedSGsCount != 0 {
+		var sgIDsPtrs []*string
+		sgIDsPtrs = aws.StringSlice(sgIDs)
+
+		// Fetch all local ENI info from metadata
+		eniMetadata, tagMap, err := cache.DescribeAllENIs()
+		if err != nil {
+			return errors.New("Failed to retrieve attached ENIs info while updating SGs")
+		}
+		log.Debugf("DescribeAllENIs success: ENIs: %d, tagged: %d", len(eniMetadata), len(tagMap))
+
+		//This will update managed ENIs created by EKS.
+		for eniID, tags := range tagMap {
+			if tags["node.k8s.amazonaws.com/no_manage"] != "true" {
+				log.Infof("GOT ENI %s", eniID)
+				// Also change the ENI's attribute so that the ENI will be deleted when the instance is deleted.
+				attributeInput := &ec2.ModifyNetworkInterfaceAttributeInput{
+					Groups:             sgIDsPtrs,
+					NetworkInterfaceId: aws.String(eniID),
+				}
+				start := time.Now()
+				_, err = cache.ec2SVC.ModifyNetworkInterfaceAttributeWithContext(context.Background(), attributeInput, userAgent)
+				awsAPILatency.WithLabelValues("ModifyNetworkInterfaceAttribute", fmt.Sprint(err != nil)).Observe(msSince(start))
+				if err != nil {
+					awsAPIErrInc("ModifyNetworkInterfaceAttribute", err)
+					return errors.Wrap(err, "refreshSGIDs: unable to update the ENI's SG")
+				}
+			}
+		}
+	}
 	return nil
 }