-
Notifications
You must be signed in to change notification settings - Fork 612
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Migrate Agent to use vpc-eni plugin for awsvpc mode instead of ecs-eni plugin on Linux #3873
Conversation
@@ -61,9 +61,9 @@ make clean | |||
|
|||
# buildvcs=false excludes version control information in golang >= 1.18. This is required for compiling agent with included repositories | |||
if [[ $goversion < "1.18" ]]; then | |||
cd ${GITPATH}/amazon-vpc-cni-plugins && GO111MODULE=on GOFLAGS="-mod=vendor" make aws-appmesh vpc-branch-eni ecs-serviceconnect | |||
cd ${GITPATH}/amazon-vpc-cni-plugins && GO111MODULE=on GOFLAGS="-mod=vendor" make aws-appmesh vpc-branch-eni ecs-serviceconnect vpc-eni |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
were you able to validate that the new make commands all work with this update -- I'm specifically looking at release-agent-internal
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes for all the manual testing I built Agent with make release-agent
which delegates image building to release-agent-internal
. There were no issues in getting the Agent image built and running Agent with it.
Some functional tests are executed on images built with docker-release
target. This target is also updated in this PR (change is in scripts/dockerfiles/Dockerfile.buildVPCCNIPlugins
). Those tests are also passing and I have verified in the logs that vpc-eni
plugin is invoked indeed.
Overall comment -- |
Summary
We recently added Linux support to vpc-eni CNI plugin (aws/amazon-vpc-cni-plugins#101). So, vpc-eni plugin is now capable of setting up network for awsvpc tasks on Linux rendering the currently used ecs-eni plugin redundant. Agent on Windows already uses vpc-eni plugin to set up task network for awsvpc mode.
This PR updates vpc-cni submodule in this repository to be5214353252f8315a1341f4df9ffbd8cf69000c from a83b66349768e020487a00e31767fc2e6fc88136 (diff) and makes Agent use vpc-eni plugin for awsvpc tasks on Linux so that the same plugin is used to setup awsvpc network across Windows and Linux platforms.
There is no change in functionality.
Implementation details
Agent code changes -
NewENINetworkConfig
function that is used to create a CNI configuration for ecs-eni plugin for Linux inagent/ecscni/netconfig_linux.go
file has been replaced withNewVPCENINetworkConfig
function that creates a CNI configuration for vpc-eni plugin. Function call to build CNI configuration for awsvpc mode for Linux (for environments with ENI Trunking disabled) inBuildCNIConfigAwsvpc
function intask_linux.go
file is changed accordingly.ecscni/types_windows.go
file to the more generalecscni/types.go
file so that the same configuration struct can be used for both Windows and Linux.ECSVPCENIPluginName
for the name of vpc-eni plugin is removed fromecscni/types_windows.go
file and is replaced with a newVPCENIPluginName
constant inecscni/types.go
file.ecscni/types_linux.go
file as they are now unused.Build script changes -
scripts/build-cni-plugins
script is updated to include buildingvpc-eni
plugin.scripts/build-agent-image
script is updated to copyvpc-eni
plugin instead ofecs-eni
plugin to Agent image.scripts/dockerfiles/Dockerfile.buildVPCCNIPlugins
Dockerfile is updated to include buildingvpc-eni
plugin.Testing
A new functional test was added for testing awsvpc mode on Linux for instances with ENI trunking disabled.
Comprehensive manual testing was done -
New tests cover the changes: yes
Description for the changelog
Migrate Agent to use vpc-eni plugin for awsvpc mode instead of ecs-eni plugin on Linux
Licensing
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.