Fixes and address comments

kubernetes · Jun 21, 2021 · dd26563 · dd26563
1 parent b8c401d
commit dd26563
Show file tree

Hide file tree

Showing 10 changed files with 25 additions and 69 deletions.
diff --git a/k8s/crds/kops.k8s.io_clusters.yaml b/k8s/crds/kops.k8s.io_clusters.yaml
@@ -3121,22 +3121,9 @@ spec:
                     description: AmazonVPCNetworkingSpec declares that we want Amazon
                       VPC CNI networking
                     properties:
-                      awsVpcK8sCniConfigureRpFilter:
-                        description: Specifies whether ipamd should configure rp filter
-                          for primary interface. Setting this to false will require
-                          rp filter to be configured through init container.
-                        type: string
-                      disableTCPEarlyDemux:
-                        description: If ENABLE_POD_ENI is set to true, in order for
-                          the kubelet to connect via TCP (for liveness or readiness
-                          probes) to pods that are using per pod security groups,
-                          DISABLE_TCP_EARLY_DEMUX should be set to true for amazon-k8s-cni-init
-                          container under initcontainers. This will increase the local
-                          TCP connection latency slightly. To use this setting, a
-                          Linux kernel version of at least 4.6 is needed on the worker
-                          node.
-                        type: string
                       env:
+                        description: Env is a list of environment variables to set
+                          in the container.
                         items:
                           description: EnvVar represents an environment variable present
                             in a Container.
@@ -3161,10 +3148,11 @@ spec:
                           type: object
                         type: array
                       imageName:
-                        description: The container image name to use
+                        description: ImageName is the container image name to use.
                         type: string
                       initImageName:
-                        description: The init container image name to use
+                        description: InitImageName is the init container image name
+                          to use.
                         type: string
                     type: object
                   calico:

diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go
@@ -248,19 +248,12 @@ type RomanaNetworkingSpec struct {
 
 // AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking
 type AmazonVPCNetworkingSpec struct {
-	// Specifies whether ipamd should configure rp filter for primary interface.
-	// Setting this to false will require rp filter to be configured through init container.
-	AwsVpcK8sCniConfigureRpFilter string   `json:"awsVpcK8sCniConfigureRpFilter,omitempty"`
-	Env                           []EnvVar `json:"env,omitempty"`
-	// If ENABLE_POD_ENI is set to true, in order for the kubelet to connect via TCP (for liveness or readiness probes) to pods that are using per pod security groups,
-	// DISABLE_TCP_EARLY_DEMUX should be set to true for amazon-k8s-cni-init container under initcontainers.
-	// This will increase the local TCP connection latency slightly.
-	// To use this setting, a Linux kernel version of at least 4.6 is needed on the worker node.
-	DisableTCPEarlyDemux string `json:"disableTCPEarlyDemux,omitempty"`
-	// The container image name to use
+	// ImageName is the container image name to use.
 	ImageName string `json:"imageName,omitempty"`
-	// The init container image name to use
+	// InitImageName is the init container image name to use.
 	InitImageName string `json:"initImageName,omitempty"`
+	// Env is a list of environment variables to set in the container.
+	Env []EnvVar `json:"env,omitempty"`
 }
 
 const CiliumIpamEni = "eni"

diff --git a/pkg/apis/kops/v1alpha2/networking.go b/pkg/apis/kops/v1alpha2/networking.go
@@ -248,19 +248,12 @@ type RomanaNetworkingSpec struct {
 
 // AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking
 type AmazonVPCNetworkingSpec struct {
-	// Specifies whether ipamd should configure rp filter for primary interface.
-	// Setting this to false will require rp filter to be configured through init container.
-	AwsVpcK8sCniConfigureRpFilter string   `json:"awsVpcK8sCniConfigureRpFilter,omitempty"`
-	Env                           []EnvVar `json:"env,omitempty"`
-	// If ENABLE_POD_ENI is set to true, in order for the kubelet to connect via TCP (for liveness or readiness probes) to pods that are using per pod security groups,
-	// DISABLE_TCP_EARLY_DEMUX should be set to true for amazon-k8s-cni-init container under initcontainers.
-	// This will increase the local TCP connection latency slightly.
-	// To use this setting, a Linux kernel version of at least 4.6 is needed on the worker node.
-	DisableTCPEarlyDemux string `json:"disableTCPEarlyDemux,omitempty"`
-	// The container image name to use
+	// ImageName is the container image name to use.
 	ImageName string `json:"imageName,omitempty"`
-	// The init container image name to use
+	// InitImageName is the init container image name to use.
 	InitImageName string `json:"initImageName,omitempty"`
+	// Env is a list of environment variables to set in the container.
+	Env []EnvVar `json:"env,omitempty"`
 }
 
 const CiliumIpamEni = "eni"

diff --git a/pkg/apis/kops/v1alpha2/zz_generated.conversion.go b/pkg/apis/kops/v1alpha2/zz_generated.conversion.go
diff --git a/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template b/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
@@ -107,7 +107,7 @@
       "containers":
       - "env":
         - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER"
-          "value": "{{ AwsVpcK8sCniConfigureRpFilter }}"
+          "value": "false"
         # The below envs are commented-out on purpose. See https://github.com/kubernetes/kops/issues/11144 for more context.
         # - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG"
         #   "value": "false"
@@ -135,6 +135,8 @@
           "valueFrom":
             "fieldRef":
               "fieldPath": "spec.nodeName"
+        # - "name": "WARM_ENI_TARGET"
+        #   "value": "1"
         - "name": "CLUSTER_NAME"
           "value": "{{ ClusterName }}"
         {{- range .Networking.AmazonVPC.Env }}
@@ -183,7 +185,7 @@
       "initContainers":
       - "env":
         - "name": "DISABLE_TCP_EARLY_DEMUX"
-          "value": " {{ DisableTCPEarlyDemux }}"
+          "value": "false"
         "image": "{{- or .Networking.AmazonVPC.InitImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.8.0" }}"
         "imagePullPolicy": "Always"
         "name": "aws-vpc-cni-init"

diff --git a/upup/pkg/fi/cloudup/template_functions.go b/upup/pkg/fi/cloudup/template_functions.go
@@ -149,22 +149,6 @@ func (tf *TemplateFunctions) AddTo(dest template.FuncMap, secretStore fi.SecretS
 		}
 	}
 
-	if cluster.Spec.Networking != nil && cluster.Spec.Networking.AmazonVPC != nil {
-		c := cluster.Spec.Networking.AmazonVPC
-		dest["AwsVpcK8sCniConfigureRpFilter"] = func() string {
-			if c.AwsVpcK8sCniConfigureRpFilter != "" {
-				return c.AwsVpcK8sCniConfigureRpFilter
-			}
-			return "false"
-		}
-		dest["DisableTCPEarlyDemux"] = func() string {
-			if c.DisableTCPEarlyDemux != "" {
-				return c.DisableTCPEarlyDemux
-			}
-			return "false"
-		}
-	}
-
 	if cluster.Spec.Networking != nil && cluster.Spec.Networking.Calico != nil {
 		c := cluster.Spec.Networking.Calico
 		dest["CalicoIPv4PoolIPIPMode"] = func() string {

diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc-containerd/manifest.yaml
@@ -54,7 +54,7 @@ spec:
     version: 1.17.0
   - id: k8s-1.16
     manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml
-    manifestHash: 102ad54bf34da0a827df22e8cbaae453b83b0db9
+    manifestHash: 85f44dc21be84b6aeb78997a38b06183b7dc6e44
     name: networking.amazon-vpc-routed-eni
     needsRollingUpdate: all
     selector:

diff --git a/...otstrapchannelbuilder/amazonvpc-containerd/networking.amazon-vpc-routed-eni-k8s-1.16.yaml b/...otstrapchannelbuilder/amazonvpc-containerd/networking.amazon-vpc-routed-eni-k8s-1.16.yaml
@@ -186,7 +186,7 @@ spec:
       initContainers:
       - env:
         - name: DISABLE_TCP_EARLY_DEMUX
-          value: ' false'
+          value: "false"
         image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.8.0
         imagePullPolicy: Always
         name: aws-vpc-cni-init

diff --git a/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml b/upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml
@@ -54,7 +54,7 @@ spec:
     version: 1.17.0
   - id: k8s-1.16
     manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml
-    manifestHash: 102ad54bf34da0a827df22e8cbaae453b83b0db9
+    manifestHash: 85f44dc21be84b6aeb78997a38b06183b7dc6e44
     name: networking.amazon-vpc-routed-eni
     needsRollingUpdate: all
     selector:

diff --git a/...up/tests/bootstrapchannelbuilder/amazonvpc/networking.amazon-vpc-routed-eni-k8s-1.16.yaml b/...up/tests/bootstrapchannelbuilder/amazonvpc/networking.amazon-vpc-routed-eni-k8s-1.16.yaml
@@ -186,7 +186,7 @@ spec:
       initContainers:
       - env:
         - name: DISABLE_TCP_EARLY_DEMUX
-          value: ' false'
+          value: "false"
         image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.8.0
         imagePullPolicy: Always
         name: aws-vpc-cni-init