Fix eni maxpods (#3605)

* Bump k8scc to enable max pod calculations when cilium is in ENI IPAM mode. * Bump k8scc to enable max pod calculations when cilium is in ENI IPAM mode.
giantswarm · Oct 4, 2023 · fd773c6 · fd773c6
1 parent bfb4b60
commit fd773c6
Show file tree

Hide file tree

Showing 5 changed files with 23 additions and 12 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -10,6 +10,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 ### Fixed
 
 - Cleanup `kube-proxy` VPA after switching to Cilium.
+- Bump k8scc to enable max pod calculations when cilium is in ENI IPAM mode.
 
 ## [14.22.0] - 2023-09-11
 

diff --git a/go.mod b/go.mod
@@ -14,7 +14,7 @@ require (
 	github.com/giantswarm/certs/v4 v4.0.0
 	github.com/giantswarm/ipam v0.3.0
 	github.com/giantswarm/k8sclient/v7 v7.0.1
-	github.com/giantswarm/k8scloudconfig/v16 v16.5.1
+	github.com/giantswarm/k8scloudconfig/v16 v16.6.0
 	github.com/giantswarm/k8smetadata v0.22.0
 	github.com/giantswarm/kubelock/v4 v4.0.0
 	github.com/giantswarm/microendpoint v1.0.0

diff --git a/go.sum b/go.sum
@@ -232,8 +232,8 @@ github.com/giantswarm/ipam v0.3.0 h1:QNb4k5Zu6nGsqJkAM7dLM1J6TiUP+LGjo9CPR+ewZBk
 github.com/giantswarm/ipam v0.3.0/go.mod h1:xG4cMEKwHlbE0aZ7x2H5j7o81U13LIStA73XCECdk+I=
 github.com/giantswarm/k8sclient/v7 v7.0.1 h1:UmRwgsw5Uda27tpIblPo7nWjp/nq5qwqxEPHWcvzsHk=
 github.com/giantswarm/k8sclient/v7 v7.0.1/go.mod h1:zJTXammjLHSiukMIO4+a6eUDgzj/lJxEXFZ22mC0WXc=
-github.com/giantswarm/k8scloudconfig/v16 v16.5.1 h1:+VMd4kLQCP1J+W91JiLacCn9hpeVbchq8Rv4QFCuK+Q=
-github.com/giantswarm/k8scloudconfig/v16 v16.5.1/go.mod h1:9QNKXwjyBCWup2ek+kRZ356zw38QhQ2QgwuHuK9zzQo=
+github.com/giantswarm/k8scloudconfig/v16 v16.6.0 h1:k5SoOxOcKusRaTgtqYKAy/4zXMn881g8IGwIM6hHYE4=
+github.com/giantswarm/k8scloudconfig/v16 v16.6.0/go.mod h1:9QNKXwjyBCWup2ek+kRZ356zw38QhQ2QgwuHuK9zzQo=
 github.com/giantswarm/k8smetadata v0.22.0 h1:hTDM61G/vbyCPTo16bz3tTb+/Jg77kkEcUWKj6qZP4o=
 github.com/giantswarm/k8smetadata v0.22.0/go.mod h1:QiQAyaZnwco1U0lENLF0Kp4bSN4dIPwIlHWEvUo3ES8=
 github.com/giantswarm/kubelock/v4 v4.0.0 h1:qvFGOIlDthAD8r32WcorT8R4gp3c1dpnDbHuLsDU2ZA=

diff --git a/service/internal/cloudconfig/tccpn.go b/service/internal/cloudconfig/tccpn.go
@@ -485,6 +485,7 @@ func (t *TCCPN) newTemplate(ctx context.Context, obj interface{}, mapping hamast
 			params.DisableCalico = true
 			params.CalicoPolicyOnly = false
 			params.DisableKubeProxy = true
+			params.AWSCiliumENIMode = key.IsCiliumEniModeEnabled(cluster)
 		} else {
 			params.EnableAWSCNI = true
 			params.DisableCalico = false

diff --git a/service/internal/cloudconfig/tcnp.go b/service/internal/cloudconfig/tcnp.go
@@ -74,7 +74,7 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 		return nil, microerror.Mask(err)
 	}
 
-	var cl infrastructurev1alpha3.AWSCluster
+	var awsCluster infrastructurev1alpha3.AWSCluster
 	{
 		var list infrastructurev1alpha3.AWSClusterList
 		err := t.config.K8sClient.CtrlClient().List(
@@ -91,7 +91,15 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 			return nil, microerror.Maskf(executionFailedError, "expected 1 CR got %d", len(list.Items))
 		}
 
-		cl = list.Items[0]
+		awsCluster = list.Items[0]
+	}
+
+	var cluster apiv1beta1.Cluster
+	{
+		err = t.config.K8sClient.CtrlClient().Get(ctx, client.ObjectKey{Namespace: awsCluster.Namespace, Name: awsCluster.Name}, &cluster)
+		if err != nil {
+			return nil, microerror.Mask(err)
+		}
 	}
 
 	var md apiv1beta1.MachineDeployment
@@ -179,13 +187,13 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 
 	// Allow the actual externalSNAT to be set by the CR.
 	var externalSNAT bool
-	if key.ExternalSNAT(cl) == nil {
+	if key.ExternalSNAT(awsCluster) == nil {
 		externalSNAT = t.config.ExternalSNAT
 	} else {
-		externalSNAT = *key.ExternalSNAT(cl)
+		externalSNAT = *key.ExternalSNAT(awsCluster)
 	}
 
-	hasCilium, err := key.HasCilium(&cl)
+	hasCilium, err := key.HasCilium(&awsCluster)
 	if err != nil {
 		return nil, microerror.Mask(err)
 	}
@@ -195,7 +203,7 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 
 	if !hasCilium {
 		{
-			if v, ok := cl.GetAnnotations()[annotation.AWSCNIPrefixDelegation]; ok && v == true_value {
+			if v, ok := awsCluster.GetAnnotations()[annotation.AWSCNIPrefixDelegation]; ok && v == true_value {
 				awsCNIPrefix = true
 			}
 		}
@@ -212,12 +220,13 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 		// Required for proper rending of the templates.
 		params = k8scloudconfig.Params{}
 
-		g8sConfig := cmaClusterToG8sConfig(t.config, cl, key.KubeletLabelsTCNP(&cr))
+		g8sConfig := cmaClusterToG8sConfig(t.config, awsCluster, key.KubeletLabelsTCNP(&cr))
 		if hasCilium {
 			params.EnableAWSCNI = false
 			params.DisableCalico = true
 			params.CalicoPolicyOnly = false
 			params.DisableKubeProxy = true
+			params.AWSCiliumENIMode = key.IsCiliumEniModeEnabled(cluster)
 		} else {
 			params.EnableAWSCNI = true
 			params.AWSCNISubnetPrefixMode = awsCNIPrefix
@@ -230,9 +239,9 @@ func (t *TCNP) NewTemplates(ctx context.Context, obj interface{}) ([]string, err
 		params.DockerhubToken = t.config.DockerhubToken
 		params.EnableCSIMigrationAWS = true
 		params.Extension = &TCNPExtension{
-			awsConfigSpec:  cmaClusterToG8sConfig(t.config, cl, key.KubeletLabelsTCNP(&cr)),
+			awsConfigSpec:  cmaClusterToG8sConfig(t.config, awsCluster, key.KubeletLabelsTCNP(&cr)),
 			cc:             cc,
-			cluster:        cl,
+			cluster:        awsCluster,
 			clusterCerts:   certFiles,
 			encrypter:      t.config.Encrypter,
 			encryptionKey:  ek,