Skip to content

Commit

Permalink
handle pod-infra-container-image on older versions
Browse files Browse the repository at this point in the history
  • Loading branch information
ndbaker1 committed Jan 29, 2024
1 parent 25a470a commit 587d772
Show file tree
Hide file tree
Showing 3 changed files with 60 additions and 0 deletions.
33 changes: 33 additions & 0 deletions nodeadm/internal/kubelet/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -240,6 +240,35 @@ func (ksc *kubeletConfig) withDefaultReservedResources() {
ksc.KubeReservedCgroup = ptr.String("/runtime")
}

// The '--pod-infra-container-image' flags is added so that the sandbox image is
// not garbage collected. There are several way in which we could remove this:
// - wait until a minimum supported version of kubernetes which implements the
// image pinning CRI support: https://github.com/kubernetes/kubernetes/pull/118544
// - update to containerd 2.0, which reworks the abstraction and no longer
// requires sandbox image
func (ksc *kubeletConfig) withPodInfraContainerImage(cfg *api.NodeConfig, kubeletVersion string, flags map[string]string) error {
if semver.Compare(kubeletVersion, "v1.27.0") < 0 {
awsDomain, err := util.GetAwsDomain(context.TODO(), imds.New(imds.Options{}))
if err != nil {
return err
}
ecrUri, err := util.GetEcrUri(util.GetEcrUriRequest{
Region: cfg.Status.Instance.Region,
Domain: awsDomain,
AllowFips: true,
})
if err != nil {
return err
}
pauseContainerImage, err := util.GetPauseContainer(ecrUri)
if err != nil {
return err
}
flags["pod-infra-container-image"] = pauseContainerImage
}
return nil
}

func (k *kubelet) GenerateKubeletConfig(cfg *api.NodeConfig) (*kubeletConfig, error) {
// Get the kubelet/kubernetes version to help conditionally enable features
kubeletVersion, err := GetKubeletVersion()
Expand All @@ -249,6 +278,7 @@ func (k *kubelet) GenerateKubeletConfig(cfg *api.NodeConfig) (*kubeletConfig, er
zap.L().Info("Detected kubelet version", zap.String("version", kubeletVersion))

kubeletConfig := defaultKubeletSubConfig()

if err := kubeletConfig.withFallbackClusterDns(&cfg.Spec.Cluster); err != nil {
return nil, err
}
Expand All @@ -258,6 +288,9 @@ func (k *kubelet) GenerateKubeletConfig(cfg *api.NodeConfig) (*kubeletConfig, er
if err := kubeletConfig.withNodeIp(cfg, k.flags); err != nil {
return nil, err
}
if err := kubeletConfig.withPodInfraContainerImage(cfg, kubeletVersion, k.flags); err != nil {
return nil, err
}

kubeletConfig.withVersionToggles(kubeletVersion, k.flags)
kubeletConfig.withCloudProvider(cfg, k.flags)
Expand Down
9 changes: 9 additions & 0 deletions nodeadm/test/e2e/cases/pod-infra-container/config.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
---
apiVersion: node.eks.aws/v1alpha1
kind: NodeConfig
spec:
cluster:
name: my-cluster
apiServerEndpoint: https://example.com
certificateAuthority: Y2VydGlmaWNhdGVBdXRob3JpdHk=
cidr: 10.100.0.0/16
18 changes: 18 additions & 0 deletions nodeadm/test/e2e/cases/pod-infra-container/run.sh
Original file line number Diff line number Diff line change
@@ -0,0 +1,18 @@
#!/usr/bin/env bash

set -o errexit
set -o nounset
set -o pipefail

source /helpers.sh

mock::imds
wait::dbus-ready

mock::kubelet 1.26.0
nodeadm init --skip run --config-source file://config.yaml
assert::file-contains /etc/eks/kubelet/environment '--pod-infra-container-image=602401143452.dkr.ecr.us-west-2.amazonaws.com/eks/pause:3.5'

mock::kubelet 1.27.0
nodeadm init --skip run --config-source file://config.yaml
assert::file-not-contains /etc/eks/kubelet/environment 'pod-infra-container-image'

0 comments on commit 587d772

Please sign in to comment.