Merge branch 'master' into ip_alloc_wait

charts/aws-vpc-cni/Chart.yaml

@@ -1,6 +1,6 @@
 apiVersion: v1
 name: aws-vpc-cni
-version: 1.1.17
+version: 1.1.18
 appVersion: "v1.11.2"
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png

charts/aws-vpc-cni/values.yaml

@@ -116,7 +116,7 @@ readinessProbeTimeoutSeconds: 10
 
 resources:
   requests:
-    cpu: 10m
+    cpu: 25m
 
 updateStrategy:
   type: RollingUpdate

config/master/aws-k8s-cni-cn.yaml

@@ -214,7 +214,7 @@ spec:
                   fieldPath: spec.nodeName
           resources:
             requests:
-              cpu: 10m
+              cpu: 25m
           securityContext:
             capabilities:
               add:

config/master/aws-k8s-cni-us-gov-east-1.yaml

@@ -214,7 +214,7 @@ spec:
                   fieldPath: spec.nodeName
           resources:
             requests:
-              cpu: 10m
+              cpu: 25m
           securityContext:
             capabilities:
               add:

config/master/aws-k8s-cni-us-gov-west-1.yaml

@@ -214,7 +214,7 @@ spec:
                   fieldPath: spec.nodeName
           resources:
             requests:
-              cpu: 10m
+              cpu: 25m
           securityContext:
             capabilities:
               add:

config/master/aws-k8s-cni.yaml

@@ -214,7 +214,7 @@ spec:
                   fieldPath: spec.nodeName
           resources:
             requests:
-              cpu: 10m
+              cpu: 25m
           securityContext:
             capabilities:
               add:

config/master/manifests.jsonnet

@@ -155,10 +155,10 @@ local awsnode = {
               name: "aws-node",
               readinessProbe: {
                 exec: {
-                  command: ["/app/grpc-health-probe", "-addr=:50051", "-connect-timeout=2s", "-rpc-timeout=2s"],
+                  command: ["/app/grpc-health-probe", "-addr=:50051", "-connect-timeout=5s", "-rpc-timeout=5s"],
                 },
                 initialDelaySeconds: 1,
-                timeoutSeconds: 5,
+                timeoutSeconds: 10,
               },
               livenessProbe: self.readinessProbe + {
                 initialDelaySeconds: 60,
@@ -196,7 +196,7 @@ local awsnode = {
                 for kv in objectItems(self.env_)
               ],
               resources: {
-                requests: {cpu: "10m"},
+                requests: {cpu: "25m"},
               },
               securityContext: {
                 capabilities: {add: ["NET_ADMIN"]},

go.mod

@@ -16,7 +16,7 @@ require (
 	github.com/prometheus/client_model v0.2.0
 	github.com/prometheus/common v0.10.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.6.1
+	github.com/stretchr/testify v1.8.0
 	github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
 	go.uber.org/zap v1.15.0
 	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
@@ -75,7 +75,7 @@ require (
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
-	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 	k8s.io/apiextensions-apiserver v0.20.1 // indirect
 	k8s.io/component-base v0.20.2 // indirect
 	k8s.io/klog/v2 v2.4.0 // indirect
@@ -84,3 +84,7 @@ require (
 	sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )
+
+replace (
+        gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 => gopkg.in/yaml.v3 v3.0.1
+)

go.sum

@@ -393,12 +393,15 @@ github.com/stoewer/go-strcase v1.2.0/go.mod h1:IBiWB2sKIp3wVVQ3Y035++gc+knqhUQag
 github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.1.1/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME=
 github.com/stretchr/objx v0.2.0/go.mod h1:qt09Ya8vawLte6SNmTgCsAVtYtaKzEcn8ATUoHMkEqE=
+github.com/stretchr/objx v0.4.0/go.mod h1:YvHI0jy2hoMjB+UWwv71VJQ9isScKT/TqJzVSSt89Yw=
 github.com/stretchr/testify v1.2.2/go.mod h1:a8OnRcib4nhh0OaRAV+Yts87kKdq0PP7pXfy6kDkUVs=
 github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI=
 github.com/stretchr/testify v1.4.0/go.mod h1:j7eGeouHqKxXV5pUuKE4zz7dFj8WfuZ+81PSLYec5m4=
 github.com/stretchr/testify v1.5.1/go.mod h1:5W2xD1RspED5o8YsWQXVCued0rvSQ+mT+I5cxcmMvtA=
-github.com/stretchr/testify v1.6.1 h1:hDPOHmpOpP40lSULcqw7IrRb/u7w6RpDC9399XyoNd0=
 github.com/stretchr/testify v1.6.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.7.1/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg=
+github.com/stretchr/testify v1.8.0 h1:pSgiaMZlXftHpm5L7V1+rVB+AZJydKsMxsQBIJw4PKk=
+github.com/stretchr/testify v1.8.0/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO+kdMU+MU=
 github.com/subosito/gotenv v1.2.0/go.mod h1:N0PQaV/YGNqwC0u51sEeR/aUtSLEXKX9iv69rRypqCw=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20170815181823-89b8d40f7ca8/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
 github.com/tmc/grpc-websocket-proxy v0.0.0-20190109142713-0ad062ec5ee5/go.mod h1:ncp9v5uamzpCO7NfCPTXjqaC+bZgJeR0sMTm6dMHP7U=
@@ -729,8 +732,8 @@ gopkg.in/yaml.v2 v2.2.8/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v2 v2.3.0 h1:clyUAQHOM3G0M3f5vQj7LuJrETvjVot3Z5el9nffUtU=
 gopkg.in/yaml.v2 v2.3.0/go.mod h1:hI93XBmqTisBFMUTm0b8Fm+jr3Dg1NNxqwp+5A1VGuI=
 gopkg.in/yaml.v3 v3.0.0-20200313102051-9f266ea9e77c/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 h1:tQIYjPdBoyREyB9XMu+nnTclpTYkz2zFM+lzLJFO4gQ=
-gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
+gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
 gotest.tools v2.2.0+incompatible/go.mod h1:DsYFclhRJ6vuDpmuTbkuFWG+y2sxOXAzmJt81HFBacw=
 gotest.tools/v3 v3.0.2/go.mod h1:3SzNCllyD9/Y+b5r9JIKQ474KzkZyqLqEfYqMsX94Bk=
 honnef.co/go/tools v0.0.0-20190102054323-c2f93a96b099/go.mod h1:rf3lG4BRIbNafJWhAfAdb/ePZxsR/4RtNHQocxwk9r4=

pkg/utils/eventrecorder/eventrecorder.go

@@ -64,7 +64,6 @@ func InitEventRecorder(k8sClient client.Client) error {
 	})
 	recorder.k8sClient = k8sClient
 	eventRecorder = recorder
-	log.Infof("eventrecoder set:", eventRecorder.recorder)
 	return nil
 }
 

scripts/update-cni-images.sh

@@ -14,7 +14,7 @@ AWS_K8S_CNI_MANIFEST="$SCRIPTS_DIR/../config/master/aws-k8s-cni.yaml"
 MANIFEST_IMG_VERSION=`grep "image:" $AWS_K8S_CNI_MANIFEST | cut -d ":" -f3 | cut -d "\"" -f1 | head -1`
 
 # Replace the images in aws-k8s-cni.yaml with the tester images
-echo "Replacing images in aws-k8s-cni manifest with \$AMAZON_K8S_CNI and \$AMAZON_K8S_CNI_INIT"
+echo "Replacing images in aws-k8s-cni manifest with $AMAZON_K8S_CNI and $AMAZON_K8S_CNI_INIT"
 sed -i'.bak' "s,602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:$MANIFEST_IMG_VERSION,$AMAZON_K8S_CNI," "$AWS_K8S_CNI_MANIFEST"
 sed -i'.bak' "s,602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:$MANIFEST_IMG_VERSION,$AMAZON_K8S_CNI_INIT," "$AWS_K8S_CNI_MANIFEST"
 

test/framework/resources/aws/services/iam.go

@@ -37,6 +37,7 @@ type IAM interface {
 	CreatePolicy(policyName string, policyDocument string) (*iam.CreatePolicyOutput, error)
 	DeletePolicy(policyARN string) error
 	GetInstanceProfile(instanceProfileName string) (*iam.GetInstanceProfileOutput, error)
+	ListPolicies(scope string) (*iam.ListPoliciesOutput, error)
 }
 
 type defaultIAM struct {
@@ -84,6 +85,13 @@ func (d *defaultIAM) GetInstanceProfile(instanceProfileName string) (*iam.GetIns
 	return d.IAMAPI.GetInstanceProfile(getInstanceProfileInput)
 }
 
+func (d *defaultIAM) ListPolicies(scope string) (*iam.ListPoliciesOutput, error) {
+	listPolicyInput := &iam.ListPoliciesInput{
+		Scope: aws.String(scope),
+	}
+	return d.IAMAPI.ListPolicies(listPolicyInput)
+}
+
 func NewIAM(session *session.Session) IAM {
 	return &defaultIAM{
 		IAMAPI: iam.New(session),

test/helm/charts/cni-metrics-helper/values.yaml

@@ -7,7 +7,7 @@ replicaCount: 1
 image:
   repository: 602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper
   pullPolicy: Always
-  tag: "v1.7.10"
+  tag: "v1.11.2"
 
 imagePullSecrets: []
 nameOverride: ""
@@ -56,7 +56,8 @@ autoscaling:
   targetCPUUtilizationPercentage: 80
   # targetMemoryUtilizationPercentage: 80
 
-nodeSelector: {}
+nodeSelector:
+  kubernetes.io/os: "linux"
 
 tolerations: []
 

test/integration/README.md

@@ -38,6 +38,26 @@ ginkgo -v --failOnPending -- \
 ```
 
 ### cni-metrics-helper
+
+> #### Prerequisites: 
+>
+> This test expects CNIMetricsHelperPolicy to be present in the test account. Create the policy with below permissions in the test account:
+
+```
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Effect": "Allow",
+            "Action": [
+                "cloudwatch:PutMetricData"
+            ],
+            "Resource": "*"
+        }
+    ]
+}
+```
+
 The CNI Metrics Helper Integration test uses helm to install the cni-metrics-helper. The helm charts are present in local test directory and if needed can be published to a repository.
 
 In order to test a custom image you need pass the following tags along with the tags discussed above.

test/integration/ipamd/eni_ip_leak_test.go

@@ -22,11 +22,6 @@ var numOfNodes int
 
 var _ = Describe("[CANARY] ENI/IP Leak Test", func() {
 	Context("ENI/IP Released on Pod Deletion", func() {
-		BeforeEach(func() {
-			By("creating test namespace")
-			f.K8sResourceManagers.NamespaceManager().
-				CreateNamespace(utils.DefaultTestNamespace)
-		})
 
 		It("Verify that on Pod Deletion, ENI/IP State is restored", func() {
 			// Set the WARM_ENI_TARGET to 0 to prevent all pods being scheduled on secondary ENI
@@ -72,9 +67,6 @@ var _ = Describe("[CANARY] ENI/IP Leak Test", func() {
 		})
 
 		AfterEach(func() {
-			By("deleting test namespace")
-			f.K8sResourceManagers.NamespaceManager().
-				DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
 
 			By("Restoring WARM ENI Target value")
 			k8sUtils.RemoveVarFromDaemonSetAndWaitTillUpdated(f, "aws-node", "kube-system",

test/integration/ipamd/eni_tag_test.go

@@ -39,9 +39,6 @@ var _ = Describe("test tags are created on Secondary ENI", func() {
 	// sets the desired environment variables and gets the list of new ENIs created after setting
 	// the environment variables
 	JustBeforeEach(func() {
-		By("creating test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			CreateNamespace(utils.DefaultTestNamespace)
 
 		// To re-initialize for each test case
 		newENIs = []string{}
@@ -84,9 +81,6 @@ var _ = Describe("test tags are created on Secondary ENI", func() {
 	})
 
 	JustAfterEach(func() {
-		By("deleting test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
 
 		envVarToRemove := map[string]struct{}{}
 		for key, _ := range environmentVariables {

test/integration/ipamd/introspection_test.go

@@ -34,9 +34,6 @@ var _ = Describe("test Environment Variables for IPAMD Introspection ", func() {
 	var curlJob *v1.Job
 
 	JustBeforeEach(func() {
-		By("creating test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			CreateNamespace(utils.DefaultTestNamespace)
 
 		// Initially the host networking job pod should succeed
 		curlContainer = manifest.NewCurlContainer().
@@ -67,12 +64,6 @@ var _ = Describe("test Environment Variables for IPAMD Introspection ", func() {
 		Expect(err).ToNot(HaveOccurred())
 	})
 
-	JustAfterEach(func() {
-		By("deleting test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
-	})
-
 	Context("when disabling introspection by setting DISABLE_INTROSPECTION to true", func() {
 		It("introspection should not work anymore", func() {
 

test/integration/ipamd/ipamd_suite_test.go

@@ -15,9 +15,11 @@ package ipamd
 
 import (
 	"testing"
+	"time"
 
 	"github.com/aws/amazon-vpc-cni-k8s/test/framework"
 	k8sUtils "github.com/aws/amazon-vpc-cni-k8s/test/framework/resources/k8s/utils"
+	"github.com/aws/amazon-vpc-cni-k8s/test/framework/utils"
 	. "github.com/onsi/ginkgo/v2"
 	. "github.com/onsi/gomega"
 )
@@ -30,6 +32,10 @@ func TestIPAMD(t *testing.T) {
 var _ = BeforeSuite(func() {
 	f = framework.New(framework.GlobalOptions)
 
+	By("creating test namespace")
+	f.K8sResourceManagers.NamespaceManager().
+		CreateNamespace(utils.DefaultTestNamespace)
+
 	nodeList, err := f.K8sResourceManagers.NodeManager().GetNodes(f.Options.NgNameLabelKey,
 		f.Options.NgNameLabelVal)
 	Expect(err).ToNot(HaveOccurred())
@@ -43,4 +49,17 @@ var _ = BeforeSuite(func() {
 	instanceID := k8sUtils.GetInstanceIDFromNode(primaryNode)
 	primaryInstance, err = f.CloudServices.EC2().DescribeInstance(instanceID)
 	Expect(err).ToNot(HaveOccurred())
+
+	// Remove WARM_ENI_TARGET, WARM_IP_TARGET, MINIMUM_IP_TARGET and WARM_PREFIX_TARGET before running IPAMD tests
+	k8sUtils.RemoveVarFromDaemonSetAndWaitTillUpdated(f, "aws-node", "kube-system",
+		"aws-node", map[string]struct{}{"WARM_ENI_TARGET": {}, "WARM_IP_TARGET": {}, "MINIMUM_IP_TARGET": {}, "WARM_PREFIX_TARGET": {}})
+
+	// Allow reconciler to free up ENIs if any
+	time.Sleep(utils.PollIntervalLong)
+})
+
+var _ = AfterSuite(func() {
+	By("deleting test namespace")
+	f.K8sResourceManagers.NamespaceManager().
+		DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
 })

test/integration/ipamd/metrics_test.go

@@ -32,18 +32,6 @@ var _ = Describe("test IPAMD metric environment variable", func() {
 	// Job's output determines if the API is reachable or not
 	var curlJob *v1.Job
 
-	JustBeforeEach(func() {
-		By("creating test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			CreateNamespace(utils.DefaultTestNamespace)
-	})
-
-	JustAfterEach(func() {
-		By("deleting test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
-	})
-
 	Context("when metrics is disabled", func() {
 		metricAddr := "127.0.0.1:61678/metrics"
 		It("should not be accessible anymore", func() {

test/integration/ipamd/warm_target_test_PD_enabled.go

@@ -73,7 +73,6 @@ var _ = Describe("test warm target variables", func() {
 					*primaryInstance.PrivateDnsName, pod.Status.PodIP, pod.Spec.NodeName))
 				if pod.Spec.NodeName == *primaryInstance.PrivateDnsName {
 					assigned++
-					break
 				}
 			}
 

test/integration/metrics-helper/metric_helper_test.go

@@ -28,18 +28,6 @@ import (
 
 var _ = Describe("test cni-metrics-helper publishes metrics", func() {
 
-	JustBeforeEach(func() {
-		By("creating test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			CreateNamespace(utils.DefaultTestNamespace)
-	})
-
-	JustAfterEach(func() {
-		By("deleting test namespace")
-		f.K8sResourceManagers.NamespaceManager().
-			DeleteAndWaitTillNamespaceDeleted(utils.DefaultTestNamespace)
-	})
-
 	Context("when a metric is updated", func() {
 		It("the updated metric is published to CW", func() {