gracefully handle stale ENI's SG updates

aws · Dec 22, 2020 · 6cbdf9f · 6cbdf9f
1 parent dbef8be
commit 6cbdf9f
Showing 1 changed file with 5 additions and 14 deletions.
diff --git a/pkg/awsutils/awsutils.go b/pkg/awsutils/awsutils.go
@@ -369,18 +369,6 @@ func (cache *EC2InstanceMetadataCache) initWithEC2Metadata(ctx context.Context)
 	}
 	log.Debugf("Found subnet-id: %s ", cache.subnetID)
 
-	// retrieve security groups
-	err = cache.refreshSGIDs(mac)
-	if err != nil {
-		return err
-	}
-
-	// retrieve VPC IPv4 CIDR blocks
-	err = cache.refreshVPCIPv4CIDRs(mac)
-	if err != nil {
-		return err
-	}
-
 	// Refresh security groups and VPC CIDR blocks in the background
 	// Ignoring errors since we will retry in 30s
 	go wait.Forever(func() { _ = cache.refreshSGIDs(mac) }, 30*time.Second)
@@ -436,7 +424,7 @@ func (cache *EC2InstanceMetadataCache) refreshSGIDs(mac string) error {
 		for _, eni := range allENIs {
 			eniIDs = append(eniIDs, string(eni.ENIID))
 		}
-
+		
 		newENIs := StringSet{}
 		newENIs.Set(eniIDs)
 
@@ -455,7 +443,10 @@ func (cache *EC2InstanceMetadataCache) refreshSGIDs(mac string) error {
 			awsAPILatency.WithLabelValues("ModifyNetworkInterfaceAttribute", fmt.Sprint(err != nil)).Observe(msSince(start))
 			if err != nil {
 				awsAPIErrInc("ModifyNetworkInterfaceAttribute", err)
-				return errors.Wrap(err, "refreshSGIDs: unable to update the ENI's SG")
+				//No need to return error here since retry will happen in 30seconds and also
+				//If update failed due to stale ENI then returning error will prevent updating SG 
+				//for following ENIs since the list is sorted 
+			    log.Debugf("refreshSGIDs: unable to update the ENI %s SG - %v", eniID, err)
 			}
 		}
 	}