From 0a92684d8be1c6a964f058ae694b55ab7ddd6dbb Mon Sep 17 00:00:00 2001 From: Nick Baker Date: Thu, 10 Oct 2024 00:08:27 +0000 Subject: [PATCH] strip out the unneeded caching logic --- nodeadm/cmd/nodeadm/init/init.go | 2 +- nodeadm/internal/containerd/daemon.go | 2 +- nodeadm/internal/containerd/sandbox.go | 59 ------------------- nodeadm/internal/containerd/sandbox_test.go | 57 ------------------ .../al2/provisioners/cache-pause-container.sh | 9 +++ templates/al2/template.json | 5 +- .../provisioners/cache-pause-container.sh | 7 +++ templates/al2023/template.json | 5 +- .../bin/cache-pause-container} | 4 +- 9 files changed, 24 insertions(+), 126 deletions(-) delete mode 100644 nodeadm/internal/containerd/sandbox.go delete mode 100644 nodeadm/internal/containerd/sandbox_test.go create mode 100755 templates/al2/provisioners/cache-pause-container.sh create mode 100755 templates/al2023/provisioners/cache-pause-container.sh rename templates/shared/{provisioners/cache-pause-container.sh => runtime/bin/cache-pause-container} (82%) diff --git a/nodeadm/cmd/nodeadm/init/init.go b/nodeadm/cmd/nodeadm/init/init.go index 4024a172c..c4822ea15 100644 --- a/nodeadm/cmd/nodeadm/init/init.go +++ b/nodeadm/cmd/nodeadm/init/init.go @@ -164,7 +164,7 @@ func enrichConfig(log *zap.Logger, cfg *api.NodeConfig) error { log.Info("Instance details populated", zap.Reflect("details", instanceDetails)) log.Info("Fetching default options...") cfg.Status.Defaults = api.DefaultOptions{ - SandboxImage: containerd.PauseContainerImageRef, + SandboxImage: "localhost/kubernetes/pause:0.1.0", } log.Info("Default options populated", zap.Reflect("defaults", cfg.Status.Defaults)) return nil diff --git a/nodeadm/internal/containerd/daemon.go b/nodeadm/internal/containerd/daemon.go index 6a0ddd740..76f1766b1 100644 --- a/nodeadm/internal/containerd/daemon.go +++ b/nodeadm/internal/containerd/daemon.go @@ -28,7 +28,7 @@ func (cd *containerd) EnsureRunning() error { } func (cd *containerd) PostLaunch(c *api.NodeConfig) error { - return cacheSandboxImage(c) + return nil } func (cd *containerd) Name() string { diff --git a/nodeadm/internal/containerd/sandbox.go b/nodeadm/internal/containerd/sandbox.go deleted file mode 100644 index d4a3383ed..000000000 --- a/nodeadm/internal/containerd/sandbox.go +++ /dev/null @@ -1,59 +0,0 @@ -package containerd - -import ( - "context" - "fmt" - "os/exec" - "regexp" - "time" - - "github.com/awslabs/amazon-eks-ami/nodeadm/internal/api" - "github.com/awslabs/amazon-eks-ami/nodeadm/internal/aws/ecr" - "github.com/awslabs/amazon-eks-ami/nodeadm/internal/util" - "github.com/containerd/containerd/integration/remote" - "go.uber.org/zap" - v1 "k8s.io/cri-api/pkg/apis/runtime/v1" -) - -const PauseContainerImageRef = "localhost/kubernetes/pause:0.1.0" - -var containerdSandboxImageRegex = regexp.MustCompile(`sandbox_image = "(.*)"`) - -func cacheSandboxImage(cfg *api.NodeConfig) error { - zap.L().Info("Looking up current sandbox image in containerd config..") - // capture the output of a `containerd config dump`, which is the final - // containerd configuration used after all of the applied transformations - dump, err := exec.Command("containerd", "config", "dump").Output() - if err != nil { - return err - } - matches := containerdSandboxImageRegex.FindSubmatch(dump) - if matches == nil { - return fmt.Errorf("sandbox image could not be found in containerd config") - } - sandboxImage := string(matches[1]) - zap.L().Info("Found sandbox image", zap.String("image", sandboxImage)) - - zap.L().Info("Fetching ECR authorization token..") - ecrUserToken, err := ecr.GetAuthorizationToken(cfg.Status.Instance.Region) - if err != nil { - return err - } - - client, err := remote.NewImageService(ContainerRuntimeEndpoint, 5*time.Second) - if err != nil { - return err - } - imageSpec := &v1.ImageSpec{Image: sandboxImage} - authConfig := &v1.AuthConfig{Auth: ecrUserToken} - - return util.NewRetrier(util.WithBackoffExponential()).Retry(context.TODO(), func() error { - zap.L().Info("Pulling sandbox image..", zap.String("image", sandboxImage)) - imageRef, err := client.PullImage(imageSpec, authConfig, nil) - if err != nil { - return err - } - zap.L().Info("Finished pulling sandbox image", zap.String("image-ref", imageRef)) - return nil - }) -} diff --git a/nodeadm/internal/containerd/sandbox_test.go b/nodeadm/internal/containerd/sandbox_test.go deleted file mode 100644 index b0d60de5f..000000000 --- a/nodeadm/internal/containerd/sandbox_test.go +++ /dev/null @@ -1,57 +0,0 @@ -package containerd - -import ( - "testing" - - "github.com/stretchr/testify/assert" -) - -const containerdConfigDumpFragment = ` -[plugins] - - [plugins."io.containerd.gc.v1.scheduler"] - deletion_threshold = 0 - mutation_threshold = 100 - pause_threshold = 0.02 - schedule_delay = "0s" - startup_delay = "100ms" - - [plugins."io.containerd.grpc.v1.cri"] - cdi_spec_dirs = ["/etc/cdi", "/var/run/cdi"] - device_ownership_from_security_context = false - disable_apparmor = false - disable_cgroup = false - disable_hugetlb_controller = true - disable_proc_mount = false - disable_tcp_service = true - drain_exec_sync_io_timeout = "0s" - enable_cdi = false - enable_selinux = false - enable_tls_streaming = false - enable_unprivileged_icmp = false - enable_unprivileged_ports = false - ignore_image_defined_volumes = false - image_pull_progress_timeout = "1m0s" - max_concurrent_downloads = 3 - max_container_log_line_size = 16384 - netns_mounts_under_state_dir = false - restrict_oom_score_adj = false - sandbox_image = "registry.k8s.io/pause:3.8" - selinux_category_range = 1024 - stats_collect_period = 10 - stream_idle_timeout = "4h0m0s" - stream_server_address = "127.0.0.1" - stream_server_port = "0" - systemd_cgroup = false - tolerate_missing_hugetlb_controller = true - unset_seccomp_profile = "" -` - -func TestSandboxImageRegex(t *testing.T) { - matches := containerdSandboxImageRegex.FindStringSubmatch(containerdConfigDumpFragment) - if matches == nil { - t.Errorf("sandbox image could not be found in containerd config") - } - sandboxImage := matches[1] - assert.Equal(t, sandboxImage, "registry.k8s.io/pause:3.8") -} diff --git a/templates/al2/provisioners/cache-pause-container.sh b/templates/al2/provisioners/cache-pause-container.sh new file mode 100755 index 000000000..3b01e34ad --- /dev/null +++ b/templates/al2/provisioners/cache-pause-container.sh @@ -0,0 +1,9 @@ +#!/usr/bin/env bash + +set -o nounset +set -o errexit +set -o pipefail + +AWS_DOMAIN=$(imds 'latest/meta-data/services/domain') +ECR_URI="$(/etc/eks/get-ecr-uri.sh ${AWS_REGION} ${AWS_DOMAIN})" +cache-pause-container "${ECR_URI}/eks/pause:3.5" diff --git a/templates/al2/template.json b/templates/al2/template.json index 46b6e6267..7bb79eb50 100644 --- a/templates/al2/template.json +++ b/templates/al2/template.json @@ -211,13 +211,12 @@ { "type": "shell", "remote_folder": "{{ user `remote_folder`}}", - "script": "{{template_dir}}/../shared/provisioners/cache-pause-container.sh", + "script": "{{template_dir}}/provisioners/cache-pause-container.sh", "environment_vars": [ "AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}", "AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}", "AWS_SESSION_TOKEN={{user `aws_session_token`}}", - "AWS_REGION={{user `aws_region`}}", - "PAUSE_CONTAINER_CMD=echo $(/etc/eks/get-ecr-uri.sh \"{{user `aws_region`}}\" \"$(imds 'latest/meta-data/services/domain')\")/eks/pause:3.5" + "AWS_REGION={{user `aws_region`}}" ] }, { diff --git a/templates/al2023/provisioners/cache-pause-container.sh b/templates/al2023/provisioners/cache-pause-container.sh new file mode 100755 index 000000000..f690defea --- /dev/null +++ b/templates/al2023/provisioners/cache-pause-container.sh @@ -0,0 +1,7 @@ +#!/usr/bin/env bash + +set -o nounset +set -o errexit +set -o pipefail + +cache-pause-container "$(nodeadm runtime ecr-uri)/eks/pause:3.5" diff --git a/templates/al2023/template.json b/templates/al2023/template.json index af8913212..03f7585e4 100644 --- a/templates/al2023/template.json +++ b/templates/al2023/template.json @@ -220,13 +220,12 @@ { "type": "shell", "remote_folder": "{{ user `remote_folder`}}", - "script": "{{template_dir}}/../shared/provisioners/cache-pause-container.sh", + "script": "{{template_dir}}/provisioners/cache-pause-container.sh", "environment_vars": [ "AWS_ACCESS_KEY_ID={{user `aws_access_key_id`}}", "AWS_SECRET_ACCESS_KEY={{user `aws_secret_access_key`}}", "AWS_SESSION_TOKEN={{user `aws_session_token`}}", - "AWS_REGION={{user `aws_region`}}", - "PAUSE_CONTAINER_CMD=echo $(nodeadm runtime ecr-uri)/eks/pause:3.5" + "AWS_REGION={{user `aws_region`}}" ] }, { diff --git a/templates/shared/provisioners/cache-pause-container.sh b/templates/shared/runtime/bin/cache-pause-container similarity index 82% rename from templates/shared/provisioners/cache-pause-container.sh rename to templates/shared/runtime/bin/cache-pause-container index 866683b58..17bb1c2e9 100755 --- a/templates/shared/provisioners/cache-pause-container.sh +++ b/templates/shared/runtime/bin/cache-pause-container @@ -4,8 +4,8 @@ set -o nounset set -o errexit set -o pipefail -LOCAL_REF=${LOCAL_REF:-"localhost/kubernetes/pause:0.1.0"} -PAUSE_CONTAINER=${PAUSE_CONTAINER:-$(eval "${PAUSE_CONTAINER_CMD}")} +PAUSE_CONTAINER=${1} +LOCAL_REF=${2:-"localhost/kubernetes/pause:0.1.0"} sudo systemctl start containerd