Skip to content

Commit

Permalink
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
instance metadata fix
Browse files Browse the repository at this point in the history
vdhanan authored and Varun Dhananjaya committed Apr 27, 2021
1 parent db68ef2 commit aef6203
Showing 222 changed files with 22,462 additions and 36 deletions.
2 changes: 2 additions & 0 deletions Makefile
Original file line number Diff line number Diff line change
@@ -142,8 +142,10 @@ verify-vendor:
generate-kustomize: bin/helm
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-attacher.yaml > ../../deploy/kubernetes/base/clusterrole-attacher.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-provisioner.yaml > ../../deploy/kubernetes/base/clusterrole-provisioner.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrole-csi-node.yaml > ../../deploy/kubernetes/base/clusterrole-csi-node.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-attacher.yaml > ../../deploy/kubernetes/base/clusterrolebinding-attacher.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-provisioner.yaml > ../../deploy/kubernetes/base/clusterrolebinding-provisioner.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/clusterrolebinding-csi-node.yaml > ../../deploy/kubernetes/base/clusterrolebinding-csi-node.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/controller.yaml -f ../../deploy/kubernetes/values/controller.yaml > ../../deploy/kubernetes/base/controller.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/csidriver.yaml > ../../deploy/kubernetes/base/csidriver.yaml
cd charts/aws-ebs-csi-driver && ../../bin/helm template kustomize . -s templates/node.yaml -f ../../deploy/kubernetes/values/controller.yaml > ../../deploy/kubernetes/base/node.yaml
2 changes: 1 addition & 1 deletion charts/aws-ebs-csi-driver/Chart.yaml
Original file line number Diff line number Diff line change
@@ -2,7 +2,7 @@ apiVersion: v1
appVersion: "0.10.1"
name: aws-ebs-csi-driver
description: A Helm chart for AWS EBS CSI Driver
version: 0.10.2
version: 0.10.3
kubeVersion: ">=1.17.0-0"
home: https://github.com/kubernetes-sigs/aws-ebs-csi-driver
sources:
11 changes: 11 additions & 0 deletions charts/aws-ebs-csi-driver/templates/clusterrole-csi-node.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
---
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-role
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
---
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-binding
labels:
{{- include "aws-ebs-csi-driver.labels" . | nindent 4 }}
subjects:
- kind: ServiceAccount
name: {{ .Values.serviceAccount.node.name }}
namespace: {{ .Release.Namespace }}
roleRef:
kind: ClusterRole
name: ebs-external-attacher-role
apiGroup: rbac.authorization.k8s.io
4 changes: 4 additions & 0 deletions charts/aws-ebs-csi-driver/templates/node.yaml
Original file line number Diff line number Diff line change
@@ -65,6 +65,10 @@ spec:
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
{{- if .Values.proxy.http_proxy }}
- name: HTTP_PROXY
value: {{ .Values.proxy.http_proxy | quote }}
12 changes: 12 additions & 0 deletions deploy/kubernetes/base/clusterrole-csi-node.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,12 @@
---
# Source: aws-ebs-csi-driver/templates/clusterrole-csi-node.yaml
kind: ClusterRole
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-role
labels:
app.kubernetes.io/name: aws-ebs-csi-driver
rules:
- apiGroups: [""]
resources: ["nodes"]
verbs: ["get"]
16 changes: 16 additions & 0 deletions deploy/kubernetes/base/clusterrolebinding-csi-node.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
---
# Source: aws-ebs-csi-driver/templates/clusterrolebinding-csi-node.yaml
kind: ClusterRoleBinding
apiVersion: rbac.authorization.k8s.io/v1
metadata:
name: ebs-csi-node-binding
labels:
app.kubernetes.io/name: aws-ebs-csi-driver
subjects:
- kind: ServiceAccount
name: ebs-csi-node-sa
namespace: default
roleRef:
kind: ClusterRole
name: ebs-external-attacher-role
apiGroup: rbac.authorization.k8s.io
4 changes: 2 additions & 2 deletions deploy/kubernetes/base/controller.yaml
Original file line number Diff line number Diff line change
@@ -77,7 +77,7 @@ spec:
periodSeconds: 10
failureThreshold: 5
- name: csi-provisioner
image: k8s.gcr.io/sig-storage/csi-provisioner:v2.0.2
image: k8s.gcr.io/sig-storage/csi-provisioner:v2.1.1
args:
- --csi-address=$(ADDRESS)
- --v=5
@@ -91,7 +91,7 @@ spec:
- name: socket-dir
mountPath: /var/lib/csi/sockets/pluginproxy/
- name: csi-attacher
image: k8s.gcr.io/sig-storage/csi-attacher:v3.0.0
image: k8s.gcr.io/sig-storage/csi-attacher:v3.1.0
args:
- --csi-address=$(ADDRESS)
- --v=5
6 changes: 5 additions & 1 deletion deploy/kubernetes/base/node.yaml
Original file line number Diff line number Diff line change
@@ -51,6 +51,10 @@ spec:
env:
- name: CSI_ENDPOINT
value: unix:/csi/csi.sock
- name: CSI_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
volumeMounts:
- name: kubelet-dir
mountPath: /var/lib/kubelet
@@ -72,7 +76,7 @@ spec:
periodSeconds: 10
failureThreshold: 5
- name: node-driver-registrar
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.0.1
image: k8s.gcr.io/sig-storage/csi-node-driver-registrar:v2.1.0
args:
- --csi-address=$(ADDRESS)
- --kubelet-registration-path=$(DRIVER_REG_SOCK_PATH)
70 changes: 66 additions & 4 deletions pkg/cloud/metadata.go
Original file line number Diff line number Diff line change
@@ -17,14 +17,20 @@ limitations under the License.
package cloud

import (
"context"
"fmt"
"os"
"regexp"
"strings"

"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/arn"
"github.com/aws/aws-sdk-go/aws/ec2metadata"
"github.com/aws/aws-sdk-go/aws/session"

metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
"k8s.io/client-go/kubernetes"
"k8s.io/client-go/rest"
"k8s.io/klog"
)

@@ -69,13 +75,69 @@ func (m *Metadata) GetOutpostArn() arn.ARN {
func NewMetadata() (MetadataService, error) {
sess := session.Must(session.NewSession(&aws.Config{}))
svc := ec2metadata.New(sess)
return NewMetadataService(svc)
// creates the in-cluster config
config, err := rest.InClusterConfig()
if err != nil {
return nil, err
}
// creates the clientset
clientset, err := kubernetes.NewForConfig(config)
if err != nil {
return nil, err
}
return NewMetadataService(svc, clientset)
}

// NewMetadataService returns a new MetadataServiceImplementation.
func NewMetadataService(svc EC2Metadata) (MetadataService, error) {
func NewMetadataService(svc EC2Metadata, clientset kubernetes.Interface) (MetadataService, error) {
if !svc.Available() {
return nil, fmt.Errorf("EC2 instance metadata is not available")
klog.Warningf("EC2 instance metadata is not available")
nodeName := os.Getenv("CSI_NODE_NAME")
if nodeName == "" {
return nil, fmt.Errorf("instance metadata is unavailable and CSI_NODE_NAME env var not set")
}

// get node with k8s API
node, err := clientset.CoreV1().Nodes().Get(context.TODO(), nodeName, metav1.GetOptions{})
if err != nil {
return nil, err
}

providerID := node.Spec.ProviderID
if providerID == "" {
return nil, fmt.Errorf("node providerID empty, cannot parse")
}

awsRegionRegex := "([a-z]{2}(-gov)?)-(central|(north|south)?(east|west)?)-[0-9]"
awsAvailabilityZoneRegex := "([a-z]{2}(-gov)?)-(central|(north|south)?(east|west)?)-[0-9][a-z]"
awsInstanceIDRegex := "i-[a-z0-9]+$"

re := regexp.MustCompile(awsRegionRegex)
region := re.FindString(providerID)
if region == "" {
return nil, fmt.Errorf("did not find aws region in node providerID string")
}

re = regexp.MustCompile(awsAvailabilityZoneRegex)
availabilityZone := re.FindString(providerID)
if availabilityZone == "" {
return nil, fmt.Errorf("did not find aws availability zone in node providerID string")
}

re = regexp.MustCompile(awsInstanceIDRegex)
instanceID := re.FindString(providerID)
if instanceID == "" {
return nil, fmt.Errorf("did not find aws instance ID in node providerID string")
}

metadata := Metadata{
InstanceID: instanceID,
InstanceType: "", // we have no way to find this, so we leave it empty
Region: region,
AvailabilityZone: availabilityZone,
}

return &metadata, nil
}

doc, err := svc.GetInstanceIdentityDocument()
@@ -96,7 +158,7 @@ func NewMetadataService(svc EC2Metadata) (MetadataService, error) {
}

if len(doc.AvailabilityZone) == 0 {
return nil, fmt.Errorf("could not get valid EC2 availavility zone")
return nil, fmt.Errorf("could not get valid EC2 availability zone")
}

outpostArn, err := svc.GetMetadata(OutpostArnEndpoint)
Loading

0 comments on commit aef6203

Please sign in to comment.