From d23d93bfd0772f0dfe948205c830fcb400f37427 Mon Sep 17 00:00:00 2001
From: Jeff Nelson <jdnelson@amazon.com>
Date: Tue, 8 Nov 2022 21:49:00 +0000
Subject: [PATCH] update troubleshooting docs for CNI image

fix location where make command is run
---
 docs/troubleshooting.md | 15 +++++++++++++++
 scripts/lib/canary.sh   |  2 +-
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/docs/troubleshooting.md b/docs/troubleshooting.md
index 7b48b3c056..03b36545c5 100644
--- a/docs/troubleshooting.md
+++ b/docs/troubleshooting.md
@@ -220,6 +220,21 @@ cni v1.10.x introduced 2 new env variables - ENABLE_IPv4 and ENABLE_IPv6. The ab
 kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.10/config/master/aws-k8s-cni.yaml
 ```
 
+## CNI Compatibility
+
+The [CNI image](../scripts/dockerfiles/Dockerfile.release) built for the `aws-node` manifest uses Amazon Linux 2 as the base image. Support for other Linux distributions (custom AMIs) is best-effort. Known issues with other Linux distributions are captured here:
+
+- **iptables** - iptables is installed by default in `aws-node` container images. Newer distributions of RHEL (RHEL 8.x+), Ubuntu (Ubuntu 20.x+), etc. have moved to using `nftables`. This leads to issues such as [this](https://github.com/aws/amazon-vpc-cni-k8s/issues/1847) when running IPAMD.
+  
+  To resolve this issue on distributions that use `nftables`, there are currently two options:
+  1. Uninstall `nftables` and install `iptables-legacy` in base distribution
+  2. Build a custom CNI image based on `nftables`, such as:
+  ```
+  from $ACCOUNT.dkr.ecr.$REGION.amazonaws.com/amazon-k8s-cni:$IMAGE_TAG
+  run yum install iptables-nft -y
+  run cd /usr/sbin && rm iptables && ln -s xtables-nft-multi iptables
+  ```
+
 ## cni-metrics-helper
 
 See the [cni-metrics-helper README](../cmd/cni-metrics-helper/README.md).
diff --git a/scripts/lib/canary.sh b/scripts/lib/canary.sh
index 1a5cae6316..db21940f67 100644
--- a/scripts/lib/canary.sh
+++ b/scripts/lib/canary.sh
@@ -16,7 +16,7 @@ fi
 
 if [[ -z "${SKIP_MAKE_TEST_BINARIES}" ]]; then
   echo "making ginkgo test binaries"
-  (cd $SCRIPT_DIR/../test && make build-test-binaries)
+  (cd $SCRIPT_DIR/../ && make build-test-binaries)
 else
   echo "skipping making ginkgo test binaries"
 fi