Eliminate ec2 metadata dependency

Access to ec2 metadata will soon be restricted (openshift/origin#22826). Eliminate the ec2 metadata dependency by discovering AWS region information from cluster config. This commit uses the deprecated install config for metatadata; once openshift/installer#1725 merges, supported cluster config will provide the region information and the code can be refactored.
ironcladlou · May 14, 2019 · b6063eb · b6063eb
1 parent 1cefef2
commit b6063eb
Show file tree

Hide file tree

Showing 2 changed files with 48 additions and 10 deletions.
diff --git a/cmd/ingress-operator/main.go b/cmd/ingress-operator/main.go
@@ -5,6 +5,8 @@ import (
 	"fmt"
 	"os"
 
+	"github.com/ghodss/yaml"
+
 	"github.com/openshift/cluster-ingress-operator/pkg/dns"
 	awsdns "github.com/openshift/cluster-ingress-operator/pkg/dns/aws"
 	logf "github.com/openshift/cluster-ingress-operator/pkg/log"
@@ -81,14 +83,28 @@ func main() {
 		os.Exit(1)
 	}
 
+	// TODO: This can be replaced by cluster API when
+	// https://github.com/openshift/installer/pull/1725 is available.
+	clusterConfig := &corev1.ConfigMap{}
+	err = kubeClient.Get(context.TODO(), types.NamespacedName{Namespace: "kube-system", Name: "cluster-config-v1"}, clusterConfig)
+	if err != nil {
+		log.Error(err, "failed to get configmap 'kube-system/cluster-config-v1'")
+		os.Exit(1)
+	}
+	installConfig, err := newInstallConfig(clusterConfig)
+	if err != nil {
+		log.Error(err, "failed to extract install config from cluster config")
+		os.Exit(1)
+	}
+
 	operatorConfig := operatorconfig.Config{
 		OperatorReleaseVersion: releaseVersion,
 		Namespace:              operatorNamespace,
 		IngressControllerImage: ingressControllerImage,
 	}
 
 	// Set up the DNS manager.
-	dnsManager, err := createDNSManager(kubeClient, operatorConfig, infraConfig, dnsConfig)
+	dnsManager, err := createDNSManager(kubeClient, operatorConfig, infraConfig, dnsConfig, installConfig)
 	if err != nil {
 		log.Error(err, "failed to create DNS manager")
 		os.Exit(1)
@@ -108,7 +124,7 @@ func main() {
 
 // createDNSManager creates a DNS manager compatible with the given cluster
 // configuration.
-func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, infraConfig *configv1.Infrastructure, dnsConfig *configv1.DNS) (dns.Manager, error) {
+func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, infraConfig *configv1.Infrastructure, dnsConfig *configv1.DNS, installConfig *installConfig) (dns.Manager, error) {
 	var dnsManager dns.Manager
 	switch infraConfig.Status.Platform {
 	case configv1.AWSPlatformType:
@@ -122,6 +138,7 @@ func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, in
 			AccessID:  string(awsCreds.Data["aws_access_key_id"]),
 			AccessKey: string(awsCreds.Data["aws_secret_access_key"]),
 			DNS:       dnsConfig,
+			Region:    installConfig.Platform.AWS.Region,
 		}, operatorConfig.OperatorReleaseVersion)
 		if err != nil {
 			return nil, fmt.Errorf("failed to create AWS DNS manager: %v", err)
@@ -132,3 +149,25 @@ func createDNSManager(cl client.Client, operatorConfig operatorconfig.Config, in
 	}
 	return dnsManager, nil
 }
+
+// TODO: This can be replaced by cluster API when
+// https://github.com/openshift/installer/pull/1725 is available.
+type installConfig struct {
+	Platform struct {
+		AWS struct {
+			Region string `json:"region"`
+		} `json:"aws"`
+	} `json:"platform"`
+}
+
+func newInstallConfig(clusterConfig *corev1.ConfigMap) (*installConfig, error) {
+	data, ok := clusterConfig.Data["install-config"]
+	if !ok {
+		return nil, fmt.Errorf("missing install-config in configmap")
+	}
+	var ic installConfig
+	if err := yaml.Unmarshal([]byte(data), &ic); err != nil {
+		return nil, fmt.Errorf("invalid install-config: %v\njson:\n%s", err, data)
+	}
+	return &ic, nil
+}
diff --git a/pkg/dns/aws/dns.go b/pkg/dns/aws/dns.go
@@ -13,7 +13,6 @@ import (
 	"github.com/aws/aws-sdk-go/aws/arn"
 	"github.com/aws/aws-sdk-go/aws/awserr"
 	"github.com/aws/aws-sdk-go/aws/credentials"
-	"github.com/aws/aws-sdk-go/aws/ec2metadata"
 	"github.com/aws/aws-sdk-go/aws/request"
 	"github.com/aws/aws-sdk-go/aws/session"
 	"github.com/aws/aws-sdk-go/service/elb"
@@ -68,6 +67,8 @@ type Config struct {
 	AccessID string
 	// AccessKey is an AWS credential.
 	AccessKey string
+	// Region is the AWS region ELBs are created in.
+	Region string
 	// DNS is public and private DNS zone configuration for the cluster.
 	DNS *configv1.DNS
 }
@@ -92,13 +93,11 @@ func NewManager(config Config, operatorReleaseVersion string) (*Manager, error)
 	if len(region) > 0 {
 		log.Info("using region from shared config", "region name", region)
 	} else {
-		metadata := ec2metadata.New(sess)
-		discovered, err := metadata.Region()
-		if err != nil {
-			return nil, fmt.Errorf("couldn't get region from metadata: %v", err)
-		}
-		region = discovered
-		log.Info("discovered region from metadata", "region name", region)
+		region = config.Region
+		log.Info("using region from operator config", "region name", region)
+	}
+	if len(region) == 0 {
+		return nil, fmt.Errorf("region is required")
 	}
 
 	return &Manager{