EC2 task networking on Windows: gMSA support, adding additional local routes and IMDS route in the task namespace. #2876
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
angelcar
approved these changes
May 21, 2021
added 2 commits
May 23, 2021 16:42
This is not required as we can use the dns settings of the primary instance ENI.
rawahars
force-pushed
the
feature/ec2-awsvpc-windows-task-setup
branch
3 times, most recently
from
f0ce968 to
6785d8d
Compare
rawahars
changed the title
We use the instance ENIs DNS settings since both the ENIs would be in the same VPC and would be additionally beneficial during domain join.
rawahars
force-pushed
the
feature/ec2-awsvpc-windows-task-setup
branch
from
6785d8d to
7871ec0
Compare
angelcar
reviewed
May 24, 2021
fenxiong
approved these changes
Jun 1, 2021
vsiddharth
reviewed
Jun 1, 2021
added 3 commits
June 3, 2021 16:40
…k stats. Initially, without any network, pause container returns nil network stats. When container stats are collected with pause namespace in place, lastStats.NetworkStats is nil which causes agent to crash and restart.
rawahars
changed the title
rawahars
force-pushed
the
feature/ec2-awsvpc-windows-task-setup
branch
from
da10ba8 to
6045511
Compare
rawahars
changed the title
|
Decoupled CNI plugin build logic from this PR as it was making the entire PR complex. |
vsiddharth
reviewed
Jun 7, 2021
Whenever the instance is domain joined, the instance is restarted and therefore, the agent on startup will have the updated DNS server list. |
fenxiong
reviewed
Jun 7, 2021
rawahars
force-pushed
the
feature/ec2-awsvpc-windows-task-setup
branch
from
d2416dd to
e8fc5bb
Compare
fenxiong
approved these changes
Jun 7, 2021
angelcar
approved these changes
Jun 9, 2021
rawahars
added a commit
to rawahars/amazon-ecs-agent
that referenced
this pull request
Jun 23, 2021
… routes and IMDS route in the task namespace. (aws#2876) * Add IMDS route to the task namespace if task is allowed to have IMDS access.c * Add support for adding additional local routes in awsvpc network mode on Windows. * Removed the workflow for getting Primary ipv4 address of the vpc. This is not required as we can use the dns settings of the primary instance ENI. * Added gSMA support while using awsvpc network mode. We use the instance ENIs DNS settings since both the ENIs would be in the same VPC and would be additionally beneficial during domain join. * PR review changes: Reverted netwrapper to platform agnostic package * Changes to json format for vpc-eni plugin * Bug fix to rectify the scenario when pause container sends nil network stats. Initially, without any network, pause container returns nil network stats. When container stats are collected with pause namespace in place, lastStats.NetworkStats is nil which causes agent to crash and restart. * Minor changes: Comment changes, logfile path consolidation and variable name change
rawahars
added a commit
to rawahars/amazon-ecs-agent
that referenced
this pull request
Jun 24, 2021
… routes and IMDS route in the task namespace. (aws#2876) * Add IMDS route to the task namespace if task is allowed to have IMDS access.c * Add support for adding additional local routes in awsvpc network mode on Windows. * Removed the workflow for getting Primary ipv4 address of the vpc. This is not required as we can use the dns settings of the primary instance ENI. * Added gSMA support while using awsvpc network mode. We use the instance ENIs DNS settings since both the ENIs would be in the same VPC and would be additionally beneficial during domain join. * PR review changes: Reverted netwrapper to platform agnostic package * Changes to json format for vpc-eni plugin * Bug fix to rectify the scenario when pause container sends nil network stats. Initially, without any network, pause container returns nil network stats. When container stats are collected with pause namespace in place, lastStats.NetworkStats is nil which causes agent to crash and restart. * Minor changes: Comment changes, logfile path consolidation and variable name change
rawahars
added a commit
to rawahars/amazon-ecs-agent
that referenced
this pull request
Jun 29, 2021
… routes and IMDS route in the task namespace. (aws#2876) * Add IMDS route to the task namespace if task is allowed to have IMDS access.c * Add support for adding additional local routes in awsvpc network mode on Windows. * Removed the workflow for getting Primary ipv4 address of the vpc. This is not required as we can use the dns settings of the primary instance ENI. * Added gSMA support while using awsvpc network mode. We use the instance ENIs DNS settings since both the ENIs would be in the same VPC and would be additionally beneficial during domain join. * PR review changes: Reverted netwrapper to platform agnostic package * Changes to json format for vpc-eni plugin * Bug fix to rectify the scenario when pause container sends nil network stats. Initially, without any network, pause container returns nil network stats. When container stats are collected with pause namespace in place, lastStats.NetworkStats is nil which causes agent to crash and restart. * Minor changes: Comment changes, logfile path consolidation and variable name change
rawahars
added a commit
to rawahars/amazon-ecs-agent
that referenced
this pull request
Jun 29, 2021
… routes and IMDS route in the task namespace. (aws#2876) * Add IMDS route to the task namespace if task is allowed to have IMDS access.c * Add support for adding additional local routes in awsvpc network mode on Windows. * Removed the workflow for getting Primary ipv4 address of the vpc. This is not required as we can use the dns settings of the primary instance ENI. * Added gSMA support while using awsvpc network mode. We use the instance ENIs DNS settings since both the ENIs would be in the same VPC and would be additionally beneficial during domain join. * PR review changes: Reverted netwrapper to platform agnostic package * Changes to json format for vpc-eni plugin * Bug fix to rectify the scenario when pause container sends nil network stats. Initially, without any network, pause container returns nil network stats. When container stats are collected with pause namespace in place, lastStats.NetworkStats is nil which causes agent to crash and restart. * Minor changes: Comment changes, logfile path consolidation and variable name change
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
The changes introduced in this PR includes-
ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTESenvironment variableECS_AWSVPC_BLOCK_IMDSis falseImplementation details
The changes are implemented as -
Testing
A custom binary was tested for gMSA, additional local routes and IMDS.
New tests cover the changes:
Yes
Description for the changelog
Added gMSA support for tasks in awsvpc network mode and create additional local routes in task namespace.
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.