From 9ceff0edde3076e55f91261f8917a6178ceed746 Mon Sep 17 00:00:00 2001
From: Nick Baker <nbakerd@amazon.com>
Date: Wed, 9 Oct 2024 20:46:00 +0000
Subject: [PATCH] Update logic for pulling cni plugins and bump version

---
 templates/al2/provisioners/install-worker.sh | 38 +++++++++++++++-----
 templates/al2/variables-default.json         |  2 +-
 2 files changed, 31 insertions(+), 9 deletions(-)

diff --git a/templates/al2/provisioners/install-worker.sh b/templates/al2/provisioners/install-worker.sh
index 5b715a5a7..ff755f049 100644
--- a/templates/al2/provisioners/install-worker.sh
+++ b/templates/al2/provisioners/install-worker.sh
@@ -272,9 +272,30 @@ elif [ "$BINARY_BUCKET_REGION" = "eu-isoe-west-1" ]; then
 elif [ "$BINARY_BUCKET_REGION" = "us-isof-south-1" ]; then
   S3_DOMAIN="csp.hci.ic.gov"
 fi
+
+# TODO: start deprecating these.
 S3_URL_BASE="https://$BINARY_BUCKET_NAME.s3.$BINARY_BUCKET_REGION.$S3_DOMAIN/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH"
 S3_PATH="s3://$BINARY_BUCKET_NAME/$KUBERNETES_VERSION/$KUBERNETES_BUILD_DATE/bin/linux/$ARCH"
 
+function s3_binary_path() {
+  local binary_name=""
+  local os="linux"
+  local arch="$ARCH"
+  local version=""
+  while getopts 'n:o:a:v:' OPTION; do
+    case "$OPTION" in
+      n) binary_name="$OPTARG" ;;
+      o) os="$OPTARG" ;;
+      a) arch="$OPTARG" ;;
+      v) version="$OPTARG" ;;
+    esac
+  done
+  echo "bin/$binary_name/$version/$os/$arch/$binary_name"
+}
+
+S3_URI_BASE="s3://$BINARY_BUCKET_NAME"
+S3_HTTP_BASE="https://$BINARY_BUCKET_NAME.s3.$BINARY_BUCKET_REGION.$S3_DOMAIN"
+
 BINARIES=(
   kubelet
   aws-iam-authenticator
@@ -313,21 +334,22 @@ if [ "$PULL_CNI_FROM_GITHUB" = "true" ]; then
   wget "https://github.com/containernetworking/plugins/releases/download/${CNI_PLUGIN_VERSION}/${CNI_PLUGIN_FILENAME}.tgz.sha512"
   sudo sha512sum -c "${CNI_PLUGIN_FILENAME}.tgz.sha512"
   rm "${CNI_PLUGIN_FILENAME}.tgz.sha512"
+  sudo tar -xvf "${CNI_PLUGIN_FILENAME}.tgz" -C /opt/cni/bin
+  rm "${CNI_PLUGIN_FILENAME}.tgz"
 else
   if [[ -n "$AWS_ACCESS_KEY_ID" ]]; then
     echo "AWS cli present - using it to copy binaries from s3."
-    aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz .
-    aws s3 cp --region $BINARY_BUCKET_REGION $S3_PATH/${CNI_PLUGIN_FILENAME}.tgz.sha256 .
+    aws s3 cp --region $BINARY_BUCKET_REGION $S3_URI_BASE/$(s3_binary_path -n cni-plugins -v $CNI_PLUGIN_VERSION).tgz .
+    aws s3 cp --region $BINARY_BUCKET_REGION $S3_URI_BASE/$(s3_binary_path -n cni-plugins -v $CNI_PLUGIN_VERSION).tgz.sha256 .
   else
     echo "AWS cli missing - using wget to fetch cni binaries from s3. Note: This won't work for private bucket."
-    sudo wget "$S3_URL_BASE/${CNI_PLUGIN_FILENAME}.tgz"
-    sudo wget "$S3_URL_BASE/${CNI_PLUGIN_FILENAME}.tgz.sha256"
+    sudo wget "$S3_HTTP_BASE/$(s3_binary_path -n cni-plugins -v $CNI_PLUGIN_VERSION).tgz"
+    sudo wget "$S3_HTTP_BASE/$(s3_binary_path -n cni-plugins -v $CNI_PLUGIN_VERSION).tgz.sha256"
   fi
-  sudo sha256sum -c "${CNI_PLUGIN_FILENAME}.tgz.sha256"
+  sudo sha256sum -c cni-plugins.tgz.sha256
+  sudo tar -xvf cni-plugins.tgz -C /opt/cni/bin
+  rm cni-plugins.tgz
 fi
-sudo tar -xvf "${CNI_PLUGIN_FILENAME}.tgz" -C /opt/cni/bin
-rm "${CNI_PLUGIN_FILENAME}.tgz"
-
 sudo rm ./*.sha256
 
 sudo mkdir -p /etc/kubernetes/kubelet
diff --git a/templates/al2/variables-default.json b/templates/al2/variables-default.json
index 0e6c96a7c..4b43da790 100644
--- a/templates/al2/variables-default.json
+++ b/templates/al2/variables-default.json
@@ -12,7 +12,7 @@
     "binary_bucket_name": "amazon-eks",
     "binary_bucket_region": "us-west-2",
     "cache_container_images": "false",
-    "cni_plugin_version": "v1.2.0",
+    "cni_plugin_version": "v1.5.1",
     "containerd_version": "1.7.*",
     "creator": "{{env `USER`}}",
     "docker_version": "none",