Handle eventually-consistent PrivateDnsName

awslabs · Aug 8, 2023 · cf837ed · cf837ed
1 parent c2cf65d
commit cf837ed
Show file tree

Hide file tree

Showing 2 changed files with 44 additions and 6 deletions.
diff --git a/files/bin/private-dns-name b/files/bin/private-dns-name
@@ -0,0 +1,43 @@
+#!/usr/bin/env bash
+
+set -o errexit
+set -o pipefail
+set -o nounset
+
+# Retrieves the PrivateDnsName from EC2 for this instance, waiting until
+# it is available if necessary (due to eventual consistency).
+
+function log {
+  echo >&2 "$(date '+%Y-%m-%dT%H:%M:%S%z')" "[private-dns-name]" "$@"
+}
+
+INSTANCE_ID=$(imds /latest/meta-data/instance-id)
+
+# the AWS CLI currently constructs the wrong endpoint URL on localzones (the availability zone group will be used instead of the parent region)
+# more info: https://github.com/aws/aws-cli/issues/7043
+REGION=$(imds /latest/meta-data/placement/region)
+
+MAX_ATTEMPTS=25
+ATTEMPT_INTERVAL=5
+
+ATTEMPT=0
+while true; do
+  PRIVATE_DNS_NAME=$(AWS_RETRY_MODE=standard AWS_MAX_ATTEMPTS=10 aws ec2 describe-instances --region $REGION --instance-ids $INSTANCE_ID --query 'Reservations[].Instances[].PrivateDnsName' --output text)
+  if [ ! "${PRIVATE_DNS_NAME}" = "" ] || [ ${ATTEMPT} -gteq ${MAX_ATTEMPTS} ]; then
+    break
+  fi
+  ATTEMPT=$((ATTEMPT + 1))
+  JITTER=$(seq -1 1 | shuf -n1)
+  DELAY=$((ATTEMPT_INTERVAL + JITTER))
+  log "WARN: PrivateDnsName is not available, waiting for ${DELAY} seconds..."
+  sleep ${DELAY}
+done
+
+if [ "${PRIVATE_DNS_NAME}" = "" ]; then
+  log "ERROR: failed to retrieve PrivateDnsName after ${ATTEMPT} attempts!"
+  exit 1
+else
+  log "INFO: retrieved PrivateDnsName: ${PRIVATE_DNS_NAME}"
+  echo "${PRIVATE_DNS_NAME}"
+  exit 0
+fi
diff --git a/files/bootstrap.sh b/files/bootstrap.sh
@@ -529,12 +529,7 @@ else
   # If the VPC has a custom `domain-name` in its DHCP options set, and the VPC has `enableDnsHostnames` set to `true`,
   # then /etc/hostname is not the same as EC2's PrivateDnsName.
   # The name of the Node object must be equal to EC2's PrivateDnsName for the aws-iam-authenticator to allow this kubelet to manage it.
-  INSTANCE_ID=$(imds /latest/meta-data/instance-id)
-  # the AWS CLI currently constructs the wrong endpoint URL on localzones (the availability zone group will be used instead of the parent region)
-  # more info: https://github.com/aws/aws-cli/issues/7043
-  REGION=$(imds /latest/meta-data/placement/region)
-  PRIVATE_DNS_NAME=$(AWS_RETRY_MODE=standard AWS_MAX_ATTEMPTS=10 aws ec2 describe-instances --region $REGION --instance-ids $INSTANCE_ID --query 'Reservations[].Instances[].PrivateDnsName' --output text)
-  KUBELET_ARGS="$KUBELET_ARGS --hostname-override=$PRIVATE_DNS_NAME"
+  KUBELET_ARGS="$KUBELET_ARGS --hostname-override=$(private-dns-name)"
 fi
 
 KUBELET_ARGS="$KUBELET_ARGS --cloud-provider=$KUBELET_CLOUD_PROVIDER"