instances: initial implementation of instancesV2 interface

[nicolehanjing]

What type of PR is this?
/kind feature

What this PR does / why we need it:
Take over the initial work here: #127
This is a first pass at implementing Instances.
Some TODOs:

• add more unit tests
• support node naming policy other than private DNS names

Which issue(s) this PR fixes:

Part of #125

Special notes for your reviewer:

Does this PR introduce a user-facing change?:

Add initial implementation of Instances for the v2 provider.

[k8s-ci-robot]

Hi @nicolehanjing. Thanks for your PR.

I'm waiting for a kubernetes member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[nicolehanjing]

@andrewsykim is that intended to only parse well-formatted providerID? Should I take care of invalid cases?

[nicolehanjing]

@andrewsykim A little confused on how we define "shutdown"
I feel that states after "shutting down" (terminated, stopping, stopped) should all be considered as a "shutdown" state, is that right? 🤔

[andrewsykim]

I think "shutdown" is really referring to "stopped" here. The key difference from "terminated" is that a stopped instance can go back to running state, where-as terminated instances are gone for good.

[andrewsykim]

So we should remove the check for ec2.InstanceStateNameTerminated here.

[nicolehanjing]

gotcha, thanks for the explanation!

[nicolehanjing]

not sure if I have enough contexts here, can you share more inputs? :) @andrewsykim

[andrewsykim]

In the existing implementation, only private DNS is allowed for a node's name (see kubernetes/kubernetes#52241). We should allow other naming policies. I think a reasonable starting point is allowing the node name to be either the private DNS or the instance name

[andrewsykim]

I'm thinking that maybe we need a ConfigMap or something to store this information. For this PR maybe just implementing with private DNS is sufficient.

[nicolehanjing]

gotcha, thanks for the contexts!

[randomvariable]

After looking into kops and EKS in some detail, I don't think we would want "arbitrary" names, or at least if we do, it would have to come with huge caveats around node security.

In particular, EKS and kops-controller match a instance ID attestation with the privateDNSName, via an STS based authentication webhook in EKS using aws-iam-authenticator, or via issuance of a certificate with the privateDNSname as the node name with presentation of the AWS instance identity document in kops-controller's case (CAPI will likely also implement the latter).

In theory, this means we can securely support instanceID, privateDNSName or other unique identifiers on the EC2 DescribeInstances, but beyond that, it would have to come with big "you don't want to use this" warnings.

cc @nckturner @justinsb

[randomvariable]

Also, why would we use a ConfigMap vs. say ComponentConfig for the controller?

[nckturner]

EKS currently has a lot of built-in assumptions on private DNS. That being said, instance ID is attractive because its guaranteed to be unique. I'm ok with making it possible for other names, but we will need to be able to restrict it for EKS to stuff available to DescribeInstances, like @randomvariable said. I don't think a ConfigMap is a good idea though. Its seems like that suggests we want to allow on-the-fly reconfiguration, which for EKS we definitely wouldn't want. Guessing, but if we allowed customers to make changes here then we'd probably want it protected behind an EKS API, which would be easier to do if it was configuration passed in via flags/ComponentConfig file on disk, and required a restart.

[andrewsykim]

Also, why would we use a ConfigMap vs. say ComponentConfig for the controller?

I'm not particularly tied to using ConfigMap here, but if we use a config file it should ideally be yaml/json and not INI. I'm not sure ComponentConfig is relevant here since this is a config file read by aws-cloud-controller-manager, not a config for any of its options/flags.

EKS currently has a lot of built-in assumptions on private DNS. That being said, instance ID is attractive because its guaranteed to be unique. I'm ok with making it possible for other names, but we will need to be able to restrict it for EKS to stuff available to DescribeInstances

Sounds like there needs to be a broader discussion on this topic for sure. @nicolehanjing since we know for sure that we still want to support private DNS, let's get this PR only working with that and make sure we have a follow-up PR to support instance ID and other naming policies.

[nicolehanjing]

gotcha! thanks for the info!

[andrewsykim]

In the existing implementation, only private DNS is allowed for a node's name (see kubernetes/kubernetes#52241). We should allow other naming policies. I think a reasonable starting point is allowing the node name to be either the private DNS or the instance name

[andrewsykim]

I'm thinking that maybe we need a ConfigMap or something to store this information. For this PR maybe just implementing with private DNS is sufficient.

[andrewsykim]

I think "shutdown" is really referring to "stopped" here. The key difference from "terminated" is that a stopped instance can go back to running state, where-as terminated instances are gone for good.

[andrewsykim]

So we should remove the check for ec2.InstanceStateNameTerminated here.

[nicolehanjing]

@andrewsykim Updated the unit tests, let me know if you have any other suggestions :)

[randomvariable]

We'll need some follow up issues to do the following, but not blocking this PR:

• Add rate limiters and metrics collection to the AWS request handlers
• Check if there's anything needed to support custom EC2 endpoints (for GovCloud/Secret Region and Outposts setups)

[randomvariable]

/ok-to-test

[andrewsykim]

We'll need some follow up issues to do the following, but not blocking this PR:
Add rate limiters and metrics collection to the AWS request handlers
Check if there's anything needed to support custom EC2 endpoints (for airgapped and Outposts setups)

+1, we should definitely add the first one before removing the alpha gating env var (but in a follow-up PR):

cloud-provider-aws/cmd/aws-cloud-controller-manager/main.go

Lines 104 to 108 in 4eef54c

	if cloudProvider == awsv2.ProviderName {
	if v2Enabled := os.Getenv(enableAlphaV2EnvVar); v2Enabled != "true" {
	klog.Fatalf("aws/v2 cloud provider requires environment variable ENABLE_ALPHA_V2=true to be set")
	}
	}

[nckturner]

I wouldn't mind some level 4 (or maybe higher) logging here that printed a line "looking for node X by private DNS name".

[nicolehanjing]

gotcha, will add!

[nckturner]

Another log line at 4 or higher for "looking for node by provider ID".

[nckturner]

If the instance does exist by private DNS name, and the provider ID is empty, we are still falling through this block and calling getInstanceByProviderID()? Should we have an else statement for the provider ID check?

[nicolehanjing]

updated! I wrap the logic in an if-else block so that ensures we only call getInstanceByProviderID() when the providerID is not empty

[nckturner]

If we group this entire thing into an if else, then we can also add a single err != nil and err == cloudprovider.InstanceNotFound at the end of the function, and add logs (maybe at level 6?) for not found instances.

[nckturner]

Instead of having the getInstanceByPrivateDNSName and then getInstanceByProviderID logic in multiple places, can we put all that logic into a getInstance(ctx context.Context, node *Node) (*ec2.Instance, error) function? That way it will be easier to refactor or add other forms of getInstance in the future.

[nicolehanjing]

the only difference in these two functions is the ec2 request, I think we could put the logic into a getInstance(ctx context.Context, node *Node) (*ec2.Instance, error) function but inside that function we need to differentiate the request based on the type of given node info

[nckturner]

/cc @micahhausler @wongma7

[nicolehanjing]

@nckturner Updated!

• added the logs
• unified two functions getInstanceByProviderID and getInstanceByPrivateDNSName into getInstance and the only difference is the ec2 request input
• likely unified two functions InstanceShutdownByProviderID and InstanceShutdownByPrivateDNSName into InstanceShutdown
  PTAL! :)

[wongma7]

It may be better to describe without this aliveFilter and instead filter out terminated instances locally like v1 did. I do not have numbers or documentation but my understanding is that filters can affect describeinstances performance. cc kubernetes/kubernetes#78140

[nicolehanjing]

gotcha, will update! Thanks for the contexts

[andrewsykim]

Really minor comments

[andrewsykim]

Log the node name here for the instance:

klog.V(6).Infof("instance not found for node: %s", node.Name)

[andrewsykim]

These tests are looking great :)

[andrewsykim]

I would call this field mockedEC2Output instead, since we are not actually validating against this as an "expected" valuie.

[andrewsykim]

same applies for other tests

[nicolehanjing]

gotcha, will update!

[nicolehanjing]

/retest

[nicolehanjing]

@andrewsykim updated! PTAL :)

[andrewsykim]

ErrInstanceTerminated is for terminated instances which I don't think apply for the "shutdown" case. Checking ec2.InstanceStateNameStopped might be enough for checking shutdown.

[andrewsykim]

Oh I see you're already checking that below. In that case for terminated state this should return false, nil or false, err

[andrewsykim]

I think this whole block can be simplified actually to:

ec2Instance, err := i.getInstance(ctx, node)
if err != nil {
    return false, err
}

[nicolehanjing]

gotcha, updated!

[nicolehanjing]

@andrewsykim Updated the shutdown checks, PTAL!
Let me know if you have any other suggestions :)

[andrewsykim]

If DescribeInstances returns only 1 instance and that instance has state InstanceStateNameTerminated, then I think we should treat it similar to the case of len(instances) == 0 and here return nil, cloudprovider.InstanceNotFound.

[nicolehanjing]

gotcha, updated!
I was thinking to have a different log for terminated instances, but as "terminated" is just an intermediate state I agree that we should treat it the same as 'not exist'

[andrewsykim]

nit: this should use errors.New

[andrewsykim]

I think this is a reasonable starting point. Nothing added here is binding so we can revisit some decisions in a follow-up PR. Some functionality we need to revisit is:

• Cluster tagging support
• Support instance ID as the node name
• Configuration API to store the various thing that are configurable.

Thanks @nicolehanjing

/approve
/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: andrewsykim, nicolehanjing

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [andrewsykim]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment