diff --git a/.github/workflows/eks.yaml b/.github/workflows/eks.yaml index 074adbae61..bbabbaf688 100644 --- a/.github/workflows/eks.yaml +++ b/.github/workflows/eks.yaml @@ -106,6 +106,10 @@ jobs: - name: Wait for test job run: | kubectl -n kube-system wait job/cilium-cli --for=condition=complete --timeout=10m + + - name: Make sure the 'aws-node' DaemonSet exists but has no scheduled pods + run: | + [[ $(kubectl -n kube-system get ds/aws-node -o jsonpath='{.status.currentNumberScheduled}') == 0 ]] - name: Post-test information gathering if: ${{ failure() }} diff --git a/install/aws.go b/install/aws.go new file mode 100644 index 0000000000..846670ac4d --- /dev/null +++ b/install/aws.go @@ -0,0 +1,22 @@ +// Copyright 2021 Authors of Cilium +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package install + +const ( + AwsNodeDaemonSetName = "aws-node" + AwsNodeDaemonSetNamespace = "kube-system" + AwsNodeDaemonSetNodeSelectorKey = "io.cilium/aws-node-enabled" + AwsNodeDaemonSetNodeSelectorValue = "true" +) diff --git a/install/install.go b/install/install.go index 368e006684..d10ace7cc0 100644 --- a/install/install.go +++ b/install/install.go @@ -1506,9 +1506,11 @@ func (k *K8sInstaller) Install(ctx context.Context) error { switch k.flavor.Kind { case k8s.KindEKS: - if _, err := k.client.GetDaemonSet(ctx, "kube-system", "aws-node", metav1.GetOptions{}); err == nil { - k.Log("🔥 Deleting aws-node DaemonSet...") - if err := k.client.DeleteDaemonSet(ctx, "kube-system", "aws-node", metav1.DeleteOptions{}); err != nil { + if _, err := k.client.GetDaemonSet(ctx, AwsNodeDaemonSetNamespace, AwsNodeDaemonSetName, metav1.GetOptions{}); err == nil { + k.Log("🔥 Patching the %q DaemonSet to evict its pods...", AwsNodeDaemonSetName) + patch := []byte(fmt.Sprintf(`{"spec":{"template":{"spec":{"nodeSelector":{"%s":"%s"}}}}}`, AwsNodeDaemonSetNodeSelectorKey, AwsNodeDaemonSetNodeSelectorValue)) + if _, err := k.client.PatchDaemonSet(ctx, AwsNodeDaemonSetNamespace, AwsNodeDaemonSetName, types.StrategicMergePatchType, patch, metav1.PatchOptions{}); err != nil { + k.Log("❌ Unable to patch the %q DaemonSet", AwsNodeDaemonSetName) return err } } diff --git a/install/uninstall.go b/install/uninstall.go index 66063d378a..c1431e1657 100644 --- a/install/uninstall.go +++ b/install/uninstall.go @@ -18,6 +18,7 @@ import ( "context" "fmt" "io" + "strings" "time" "github.com/cilium/cilium-cli/clustermesh" @@ -25,6 +26,7 @@ import ( "github.com/cilium/cilium-cli/internal/k8s" metav1 "k8s.io/apimachinery/pkg/apis/meta/v1" + "k8s.io/apimachinery/pkg/types" ) var retryInterval = 2 * time.Second @@ -86,7 +88,11 @@ func (k *K8sUninstaller) Uninstall(ctx context.Context) error { switch k.flavor.Kind { case k8s.KindEKS: - k.Log("⚠️ The aws-node DaemonSet will still be missing. You have to re-create it.") + bytes := []byte(fmt.Sprintf(`[{"op":"remove","path":"/spec/template/spec/nodeSelector/%s"}]`, strings.ReplaceAll(AwsNodeDaemonSetNodeSelectorKey, "/", "~1"))) + k.Log("⏪ Undoing the changes to the %q DaemonSet...", AwsNodeDaemonSetName) + if _, err := k.client.PatchDaemonSet(ctx, AwsNodeDaemonSetNamespace, AwsNodeDaemonSetName, types.JSONPatchType, bytes, metav1.PatchOptions{}); err != nil { + k.Log("❌ Failed to patch the %q DaemonSet, please remove it's node selector manually", AwsNodeDaemonSetName) + } case k8s.KindGKE: k.Log("🔥 Deleting GKE Node Init DaemonSet...") k.client.DeleteDaemonSet(ctx, k.params.Namespace, gkeInitName, metav1.DeleteOptions{})