Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Feature request] Delete dummy interface when agent is uninstalled #17

Open
yagikota opened this issue Aug 16, 2024 · 1 comment
Open

Comments

@yagikota
Copy link

When agent starts, a new dummy interface is created.
ref. https://github.com/aws/eks-pod-identity-agent/blob/main/hack/dev/ds.yaml#L50-L56

However, this interface is not deleted when agent is uninstalled. I think when agent is uninstalled, the dummy interface should be deleted as well.

I think we can use PreStop like this:

---
# Source: eks-pod-identity-agent/templates/daemonset.yaml
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: eks-pod-identity-agent
  namespace: default
  labels:
    app.kubernetes.io/name: eks-pod-identity-agent
    app.kubernetes.io/instance: release-name
    app.kubernetes.io/version: "0.1.6"
spec:
  updateStrategy:
    rollingUpdate:
      maxUnavailable: 10%
    type: RollingUpdate
  selector:
    matchLabels:
      app.kubernetes.io/name: eks-pod-identity-agent
      app.kubernetes.io/instance: release-name
  template:
    metadata:
      labels:
        app.kubernetes.io/name: eks-pod-identity-agent
        app.kubernetes.io/instance: release-name
    spec:
      priorityClassName: system-node-critical
      hostNetwork: true
      terminationGracePeriodSeconds: 30
      tolerations:
        - operator: Exists
      affinity:
        nodeAffinity:
          requiredDuringSchedulingIgnoredDuringExecution:
            nodeSelectorTerms:
            - matchExpressions:
              - key: kubernetes.io/os
                operator: In
                values:
                - linux
              - key: kubernetes.io/arch
                operator: In
                values:
                - amd64
                - arm64
              - key: eks.amazonaws.com/compute-type
                operator: NotIn
                values:
                - fargate
      initContainers:
        - name: eks-pod-identity-agent-init
          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/eks-pod-identity-agent:0.1.10
          imagePullPolicy: Always
          command: ['/go-runner', '/eks-pod-identity-agent', 'initialize']
          securityContext:
            privileged: true
      containers:
        - name: eks-pod-identity-agent
          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/eks-pod-identity-agent:0.1.10
          imagePullPolicy: Always
          command: ['/go-runner', '/eks-pod-identity-agent', 'server']
          args:
            - "--port"
            - "80"
            - "--cluster-name"
            - "EKS_CLUSTER_NAME"
            - "--probe-port"
            - "2703"
          ports:
            - containerPort: 80
              protocol: TCP
              name: proxy
            - containerPort: 2703
              protocol: TCP
              name: probes-port
          env:
          - name: AWS_REGION
            value: "AWS_REGION_NAME"
          securityContext:
            capabilities:
              add:
                - CAP_NET_BIND_SERVICE
          resources:
            {}
          livenessProbe:
            failureThreshold: 3
            httpGet:
              host: localhost
              path: /healthz
              port: probes-port
              scheme: HTTP
            initialDelaySeconds: 30
            timeoutSeconds: 10
          readinessProbe:
            failureThreshold: 30
            httpGet:
              host: localhost
              path: /readyz
              port: probes-port
              scheme: HTTP
            initialDelaySeconds: 1
            timeoutSeconds: 10
          lifecycle:
            preStop:
              exec:
                command:
                  - /bin/sh
                  - -c
                  - |
                    if ip link del pod-id-link0; then
                      echo "Deleted dummy interface pod-id-link0"
                    else
                      echo "Failed to delete dummy interface pod-id-link0"
                    fi

What do you think about this proposal?

Thanks 🙏

@yagikota
Copy link
Author

@nnmin-aws

What do you think about this?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant