diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.patch b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.patch index e437301173..084ca79b76 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.patch +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.patch @@ -1,6 +1,6 @@ ---- orig/bootstrap.sh 2021-01-21 15:07:34.749539965 +0100 -+++ flatcar/bootstrap.sh 2021-01-22 12:21:58.080452841 +0100 -@@ -202,6 +202,9 @@ +--- orig/bootstrap.sh 2021-02-02 14:04:27.121358890 +0100 ++++ flatcar/bootstrap.sh 2021-02-02 14:07:15.175175277 +0100 +@@ -268,6 +268,9 @@ exit 1 fi @@ -8,9 +8,9 @@ +mkdir -p /etc/eks +echo "CLUSTER_NAME=\"${CLUSTER_NAME}\"" > /etc/eks/cluster.conf - TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token") - AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r) -@@ -218,7 +221,8 @@ + TOKEN=$(get_token) + AWS_DEFAULT_REGION=$(get_meta_data 'latest/dynamic/instance-identity/document' | jq .region -r) +@@ -284,7 +287,8 @@ PAUSE_CONTAINER="$PAUSE_CONTAINER_IMAGE:$PAUSE_CONTAINER_VERSION" ### kubelet kubeconfig @@ -20,7 +20,7 @@ CA_CERTIFICATE_DIRECTORY=/etc/kubernetes/pki CA_CERTIFICATE_FILE_PATH=$CA_CERTIFICATE_DIRECTORY/ca.crt mkdir -p $CA_CERTIFICATE_DIRECTORY -@@ -258,9 +262,9 @@ +@@ -324,9 +328,9 @@ echo $B64_CLUSTER_CA | base64 -d > $CA_CERTIFICATE_FILE_PATH @@ -33,7 +33,7 @@ ### kubelet.service configuration if [[ -z "${DNS_CLUSTER_IP}" ]]; then -@@ -279,7 +283,7 @@ +@@ -345,7 +349,7 @@ DNS_CLUSTER_IP="${DNS_CLUSTER_IP}" fi @@ -41,8 +41,8 @@ +KUBELET_CONFIG=/usr/share/oem/eks/kubelet-config.json echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG - INTERNAL_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/local-ipv4) -@@ -291,7 +295,7 @@ + INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4') +@@ -357,7 +361,7 @@ # with this formula when scheduling pods: Allocatable = Capacity - Reserved - Eviction Threshold. #calculate the max number of pods per instance type @@ -51,7 +51,7 @@ set +o pipefail MAX_PODS=$(cat $MAX_PODS_FILE | awk "/^${INSTANCE_TYPE:-unset}/"' { print $2 }') set -o pipefail -@@ -316,6 +320,8 @@ +@@ -382,6 +386,8 @@ fi fi @@ -60,12 +60,13 @@ mkdir -p /etc/systemd/system/kubelet.service.d cat < /etc/systemd/system/kubelet.service.d/10-kubelet-args.conf -@@ -330,10 +336,15 @@ +@@ -396,10 +402,16 @@ EOF fi + # Replace with custom docker config contents. ++mkdir -p /etc/docker if [[ -n "$DOCKER_CONFIG_JSON" ]]; then echo "$DOCKER_CONFIG_JSON" > /etc/docker/daemon.json systemctl restart docker @@ -76,7 +77,7 @@ fi if [[ "$ENABLE_DOCKER_BRIDGE" = "true" ]]; then -@@ -343,7 +354,19 @@ +@@ -409,7 +421,19 @@ systemctl restart docker fi diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.sh b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.sh index c17bb816aa..ca787717ed 100755 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.sh +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/bootstrap.sh @@ -134,6 +134,72 @@ function get_pause_container_account_for_region () { esac } +function _get_token() { + local token_result= + local http_result= + + token_result=$(curl -s -w "\n%{http_code}" -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token") + http_result=$(echo "$token_result" | tail -n 1) + if [[ "$http_result" != "200" ]] + then + echo -e "Failed to get token:\n$token_result" + return 1 + else + echo "$token_result" | head -n 1 + return 0 + fi +} + +function get_token() { + local token= + local retries=20 + local result=1 + + while [[ retries -gt 0 && $result -ne 0 ]] + do + retries=$[$retries-1] + token=$(_get_token) + result=$? + [[ $result != 0 ]] && sleep 5 + done + [[ $result == 0 ]] && echo "$token" + return $result +} + +function _get_meta_data() { + local path=$1 + local metadata_result= + + metadata_result=$(curl -s -w "\n%{http_code}" -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/$path) + http_result=$(echo "$metadata_result" | tail -n 1) + if [[ "$http_result" != "200" ]] + then + echo -e "Failed to get metadata:\n$metadata_result\nhttp://169.254.169.254/$path\n$TOKEN" + return 1 + else + local lines=$(echo "$metadata_result" | wc -l) + echo "$metadata_result" | head -n $(( lines - 1 )) + return 0 + fi +} + +function get_meta_data() { + local metadata= + local path=$1 + local retries=20 + local result=1 + + while [[ retries -gt 0 && $result -ne 0 ]] + do + retries=$[$retries-1] + metadata=$(_get_meta_data $path) + result=$? + [[ $result != 0 ]] && TOKEN=$(get_token) + done + [[ $result == 0 ]] && echo "$metadata" + return $result +} + # Helper function which calculates the amount of the given resource (either CPU or memory) # to reserve in a given resource range, specified by a start and end of the range and a percentage # of the resource to reserve. Note that we return zero if the start of the resource range is @@ -203,9 +269,9 @@ if [ -z "$CLUSTER_NAME" ]; then fi -TOKEN=$(curl -X PUT -H "X-aws-ec2-metadata-token-ttl-seconds: 600" "http://169.254.169.254/latest/api/token") -AWS_DEFAULT_REGION=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/latest/dynamic/instance-identity/document | jq .region -r) -AWS_SERVICES_DOMAIN=$(curl -s --retry 5 -H "X-aws-ec2-metadata-token: $TOKEN" http://169.254.169.254/2018-09-24/meta-data/services/domain) +TOKEN=$(get_token) +AWS_DEFAULT_REGION=$(get_meta_data 'latest/dynamic/instance-identity/document' | jq .region -r) +AWS_SERVICES_DOMAIN=$(get_meta_data '2018-09-24/meta-data/services/domain') MACHINE=$(uname -m) if [[ "$MACHINE" != "x86_64" && "$MACHINE" != "aarch64" ]]; then @@ -268,8 +334,8 @@ if [[ -z "${DNS_CLUSTER_IP}" ]]; then #Sets the DNS Cluster IP address that would be chosen from the serviceIpv4Cidr. (x.y.z.10) DNS_CLUSTER_IP=${SERVICE_IPV4_CIDR%.*}.10 else - MAC=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/ -s | head -n 1 | sed 's/\/$//') - TEN_RANGE=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-blocks | grep -c '^10\..*' || true ) + MAC=$(get_meta_data 'latest/meta-data/network/interfaces/macs/' | head -n 1 | sed 's/\/$//') + TEN_RANGE=$(get_meta_data "latest/meta-data/network/interfaces/macs/$MAC/vpc-ipv4-cidr-blocks" | grep -c '^10\..*' || true ) DNS_CLUSTER_IP=10.100.0.10 if [[ "$TEN_RANGE" != "0" ]]; then DNS_CLUSTER_IP=172.20.0.10 @@ -282,8 +348,8 @@ fi KUBELET_CONFIG=/etc/kubernetes/kubelet/kubelet-config.json echo "$(jq ".clusterDNS=[\"$DNS_CLUSTER_IP\"]" $KUBELET_CONFIG)" > $KUBELET_CONFIG -INTERNAL_IP=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/local-ipv4) -INSTANCE_TYPE=$(curl -H "X-aws-ec2-metadata-token: $TOKEN" -s http://169.254.169.254/latest/meta-data/instance-type) +INTERNAL_IP=$(get_meta_data 'latest/meta-data/local-ipv4') +INSTANCE_TYPE=$(get_meta_data 'latest/meta-data/instance-type') # Sets kubeReserved and evictionHard in /etc/kubernetes/kubelet/kubelet-config.json for worker nodes. The following two function # calls calculate the CPU and memory resources to reserve for kubeReserved based on the instance type of the worker node. diff --git a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/eni-max-pods.txt b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/eni-max-pods.txt index a6eb620fad..99e61b9ecb 100644 --- a/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/eni-max-pods.txt +++ b/sdk_container/src/third_party/coreos-overlay/coreos-base/flatcar-eks/files/eni-max-pods.txt @@ -11,7 +11,7 @@ # express or implied. See the License for the specific language governing # permissions and limitations under the License. # -# This file was generated at 2020-12-12T18:33:04-03:00 +# This file was generated at 2021-01-13T12:54:18-08:00 # # Mapping is calculated from AWS EC2 API using the following formula: # * First IP on each ENI is not used for pods @@ -100,6 +100,14 @@ c6gd.large 29 c6gd.medium 8 c6gd.metal 737 c6gd.xlarge 58 +c6gn.12xlarge 234 +c6gn.16xlarge 737 +c6gn.2xlarge 58 +c6gn.4xlarge 234 +c6gn.8xlarge 234 +c6gn.large 29 +c6gn.medium 8 +c6gn.xlarge 58 cc2.8xlarge 234 cr1.8xlarge 234 d2.2xlarge 58