Handle aws-node 1.7 initContainer properly

Since version 1.7 of AWS VPC CNI plugin for Kubernetes the DaemonSet consists additionally of one initContainer. This initContainer needs the same treatment as the main container regarding usage of the regional image. Otherwise the consequence would be a failing pod in China regions or slow image pulls in other regions than us-west-2.
eksctl-io · Oct 13, 2020 · 4aeb2c5 · 4aeb2c5
1 parent 126f0a1
commit 4aeb2c5
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 3 deletions.
diff --git a/pkg/addons/default/aws_node.go b/pkg/addons/default/aws_node.go
@@ -19,7 +19,8 @@ const (
 	// AWSNode is the name of the aws-node addon
 	AWSNode = "aws-node"
 
-	awsNodeImageFormatPrefix = "%s.dkr.ecr.%s.%s/amazon-k8s-cni"
+	awsNodeImageFormatPrefix     = "%s.dkr.ecr.%s.%s/amazon-k8s-cni"
+	awsNodeInitImageFormatPrefix = "%s.dkr.ecr.%s.%s/amazon-k8s-cni-init"
 )
 
 // DoesAWSNodeSupportMultiArch makes sure awsnode supports ARM nodes
@@ -92,22 +93,39 @@ func UpdateAWSNode(rawClient kubernetes.RawClientInterface, region string, plan
 				return false, fmt.Errorf("expected type %T; got %T", &appsv1.Deployment{}, resource.Info.Object)
 			}
 			container := &daemonSet.Spec.Template.Spec.Containers[0]
+			initContainer := &daemonSet.Spec.Template.Spec.InitContainers[0]
 			imageParts := strings.Split(container.Image, ":")
 			if len(imageParts) != 2 {
 				return false, fmt.Errorf("invalid container image: %s", container.Image)
 			}
 
 			container.Image = awsNodeImageFormatPrefix + ":" + imageParts[1]
+			initContainer.Image = awsNodeInitImageFormatPrefix + ":" + imageParts[1]
 			if err := addons.UseRegionalImage(&daemonSet.Spec.Template, region); err != nil {
 				return false, err
 			}
-			tagMismatch, err = addons.ImageTagsDiffer(
+
+			containerTagMismatch, err := addons.ImageTagsDiffer(
 				container.Image,
 				clusterDaemonSet.Spec.Template.Spec.Containers[0].Image,
 			)
 			if err != nil {
 				return false, err
 			}
+
+			initContainerTagMismatch := true // Will be true by default if the init containers don't exist
+			if len(clusterDaemonSet.Spec.Template.Spec.InitContainers) > 0 {
+				initContainerTagMismatch, err = addons.ImageTagsDiffer(
+					initContainer.Image,
+					clusterDaemonSet.Spec.Template.Spec.InitContainers[0].Image,
+				)
+				if err != nil {
+					return false, err
+				}
+			}
+
+			tagMismatch = containerTagMismatch || initContainerTagMismatch
+
 		case "CustomResourceDefinition":
 			if plan {
 				// eniconfigs.crd.k8s.amazonaws.com CRD is only partially defined in the

diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go
@@ -122,7 +122,10 @@ var _ = Describe("default addons - aws-node", func() {
 			Expect(awsNode.Spec.Template.Spec.Containers[0].Image).To(
 				Equal("602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon-k8s-cni:v1.7.5"),
 			)
-
+			Expect(awsNode.Spec.Template.Spec.InitContainers).To(HaveLen(1))
+			Expect(awsNode.Spec.Template.Spec.InitContainers[0].Image).To(
+				Equal("602401143452.dkr.ecr.eu-west-1.amazonaws.com/amazon-k8s-cni-init:v1.7.5"),
+			)
 			rawClient.ClearUpdated()
 		})
 
@@ -140,6 +143,10 @@ var _ = Describe("default addons - aws-node", func() {
 			Expect(awsNode.Spec.Template.Spec.Containers[0].Image).To(
 				Equal("602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon-k8s-cni:v1.7.5"),
 			)
+			Expect(awsNode.Spec.Template.Spec.InitContainers).To(HaveLen(1))
+			Expect(awsNode.Spec.Template.Spec.InitContainers[0].Image).To(
+				Equal("602401143452.dkr.ecr.us-east-1.amazonaws.com/amazon-k8s-cni-init:v1.7.5"),
+			)
 		})
 
 		It("can update 1.14 sample for china region to multi-architecture image", func() {
@@ -156,6 +163,10 @@ var _ = Describe("default addons - aws-node", func() {
 			Expect(awsNode.Spec.Template.Spec.Containers[0].Image).To(
 				Equal("961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.7.5"),
 			)
+			Expect(awsNode.Spec.Template.Spec.InitContainers).To(HaveLen(1))
+			Expect(awsNode.Spec.Template.Spec.InitContainers[0].Image).To(
+				Equal("961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.7.5"),
+			)
 		})
 
 		It("detects matching image version when determining plan", func() {

diff --git a/pkg/addons/image.go b/pkg/addons/image.go
@@ -29,6 +29,12 @@ func UseRegionalImage(spec *corev1.PodTemplateSpec, region string) error {
 	}
 	regionalImage := fmt.Sprintf(imageFormat, api.EKSResourceAccountID(region), region, dnsSuffix)
 	spec.Spec.Containers[0].Image = regionalImage
+
+	if len(spec.Spec.InitContainers) > 0 {
+		imageFormat = spec.Spec.InitContainers[0].Image
+		regionalImage = fmt.Sprintf(imageFormat, api.EKSResourceAccountID(region), region, dnsSuffix)
+		spec.Spec.InitContainers[0].Image = regionalImage
+	}
 	return nil
 }