instances: implementation

Author: nicolehanjing

go.mod

@@ -28,9 +28,11 @@ replace (
 
 require (
 	github.com/aws/aws-sdk-go v1.28.2
+	github.com/google/uuid v1.1.1
 	github.com/spf13/cobra v1.0.0
 	github.com/spf13/pflag v1.0.5
 	github.com/stretchr/testify v1.4.0
+	k8s.io/api v0.0.0
 	k8s.io/apimachinery v0.0.0
 	k8s.io/apiserver v0.0.0
 	k8s.io/cloud-provider v0.0.0

pkg/providers/v2/cloud.go

@@ -46,8 +46,9 @@ var _ cloudprovider.Interface = (*cloud)(nil)
 
 // cloud is the AWS v2 implementation of the cloud provider interface
 type cloud struct {
-	creds  *credentials.Credentials
-	region string
+	creds     *credentials.Credentials
+	instances cloudprovider.InstancesV2
+	region    string
 }
 
 // EC2Metadata is an abstraction over the AWS metadata service.
@@ -107,9 +108,15 @@ func newCloud() (cloudprovider.Interface, error) {
 		return nil, err
 	}
 
+	instances, err := newInstances(region, creds)
+	if err != nil {
+		return nil, err
+	}
+
 	return &cloud{
-		creds:  creds,
-		region: region,
+		creds:     creds,
+		instances: instances,
+		region:    region,
 	}, nil
 }
 

pkg/providers/v2/instances.go

@@ -0,0 +1,332 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v2 is an out-of-tree only implementation of the AWS cloud provider.
+// It is not compatible with v1 and should only be used on new clusters.
+package v2
+
+import (
+	"context"
+	"errors"
+	"fmt"
+	"net"
+	"strings"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/ec2"
+
+	v1 "k8s.io/api/core/v1"
+	cloudprovider "k8s.io/cloud-provider"
+)
+
+// newInstances returns an implementation of cloudprovider.InstancesV2
+func newInstances(region string, creds *credentials.Credentials) (cloudprovider.InstancesV2, error) {
+	awsConfig := &aws.Config{
+		Region:      aws.String(region),
+		Credentials: creds,
+	}
+	awsConfig = awsConfig.WithCredentialsChainVerboseErrors(true)
+
+	sess, err := session.NewSession(awsConfig)
+	if err != nil {
+		return nil, err
+	}
+	ec2Service := ec2.New(sess)
+
+	return &instances{
+		ec2: ec2Service,
+	}, nil
+}
+
+// EC2 is an interface defining only the methods we call from the AWS EC2 SDK.
+type EC2 interface {
+	DescribeInstances(request *ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error)
+}
+
+// instances is an implementation of cloudprovider.InstancesV2
+type instances struct {
+	ec2 EC2
+}
+
+// InstanceExists indicates whether a given node exists according to the cloud provider
+func (i *instances) InstanceExists(ctx context.Context, node *v1.Node) (bool, error) {
+	var err error
+	if node.Spec.ProviderID == "" {
+		_, err = i.getInstanceByPrivateDNSName(ctx, node.Name)
+		if err == cloudprovider.InstanceNotFound {
+			return false, nil
+		}
+
+		if err != nil {
+			return false, err
+		}
+	} else {
+		_, err = i.getInstanceByProviderID(ctx, node.Spec.ProviderID)
+		if err == cloudprovider.InstanceNotFound {
+			return false, nil
+		}
+
+		if err != nil {
+			return false, err
+		}
+	}
+
+	return true, nil
+}
+
+// InstanceShutdown returns true if the instance is shutdown according to the cloud provider.
+func (i *instances) InstanceShutdown(ctx context.Context, node *v1.Node) (bool, error) {
+	var err error
+	var ret bool
+	if node.Spec.ProviderID == "" {
+		ret, err = i.instanceShutdownByPrivateDNSName(ctx, node.Name)
+	} else {
+		ret, err = i.instanceShutdownByProviderID(ctx, node.Spec.ProviderID)
+	}
+
+	return ret, err
+}
+
+// InstanceMetadata returns the instance's metadata.
+func (i *instances) InstanceMetadata(ctx context.Context, node *v1.Node) (*cloudprovider.InstanceMetadata, error) {
+	var err error
+	var ec2Instance *ec2.Instance
+	if node.Spec.ProviderID == "" {
+		//  TODO: support node name policy other than private DNS names
+		ec2Instance, err = i.getInstanceByPrivateDNSName(ctx, node.Name)
+		if err != nil {
+			return nil, err
+		}
+	} else {
+		ec2Instance, err = i.getInstanceByProviderID(ctx, node.Spec.ProviderID)
+		if err != nil {
+			return nil, err
+		}
+	}
+
+	nodeAddresses, err := nodeAddressesForInstance(ec2Instance)
+	if err != nil {
+		return nil, err
+	}
+
+	providerID, err := getInstanceProviderID(ec2Instance)
+	if err != nil {
+		return nil, err
+	}
+
+	metadata := &cloudprovider.InstanceMetadata{
+		ProviderID:    providerID,
+		InstanceType:  aws.StringValue(ec2Instance.InstanceType),
+		NodeAddresses: nodeAddresses,
+	}
+
+	return metadata, nil
+}
+
+// InstanceExistsByProviderID returns the instance if the instance with the given provider id still exists.
+// If false an error will be returned, the instance will be immediately deleted by the cloud controller manager.
+func (i *instances) getInstanceByProviderID(ctx context.Context, providerID string) (*ec2.Instance, error) {
+	instanceID, err := parseInstanceIDFromProviderID(providerID)
+	if err != nil {
+		return nil, err
+	}
+
+	request := &ec2.DescribeInstancesInput{
+		InstanceIds: []*string{aws.String(instanceID)},
+		Filters: []*ec2.Filter{
+			newEc2Filter("instance-state-name", aliveFilter...),
+		},
+	}
+
+	instances := []*ec2.Instance{}
+	var nextToken *string
+	for {
+		response, err := i.ec2.DescribeInstances(request)
+		if err != nil {
+			return nil, fmt.Errorf("error describing ec2 instances: %v", err)
+		}
+
+		for _, reservation := range response.Reservations {
+			instances = append(instances, reservation.Instances...)
+		}
+
+		nextToken = response.NextToken
+		if aws.StringValue(nextToken) == "" {
+			break
+		}
+		request.NextToken = nextToken
+	}
+
+	if len(instances) == 0 {
+		return nil, cloudprovider.InstanceNotFound
+	}
+
+	if len(instances) > 1 {
+		return nil, fmt.Errorf("multiple instances found with provider ID: %s", instanceID)
+	}
+
+	return instances[0], nil
+}
+
+// InstanceExistsByPrivateDNSName returns the instance if the instance with the given provider id still exists.
+// If false an error will be returned, the instance will be immediately deleted by the cloud controller manager.
+func (i *instances) getInstanceByPrivateDNSName(ctx context.Context, nodeName string) (*ec2.Instance, error) {
+	request := &ec2.DescribeInstancesInput{
+		Filters: []*ec2.Filter{
+			newEc2Filter("private-dns-name", nodeName),
+			newEc2Filter("instance-state-name", aliveFilter...),
+		},
+	}
+
+	instances := []*ec2.Instance{}
+	var nextToken *string
+	for {
+		response, err := i.ec2.DescribeInstances(request)
+		if err != nil {
+			return nil, fmt.Errorf("error describing ec2 instances: %v", err)
+		}
+
+		for _, reservation := range response.Reservations {
+			instances = append(instances, reservation.Instances...)
+		}
+
+		nextToken = response.NextToken
+		if aws.StringValue(nextToken) == "" {
+			break
+		}
+		request.NextToken = nextToken
+	}
+
+	if len(instances) == 0 {
+		return nil, cloudprovider.InstanceNotFound
+	}
+
+	if len(instances) > 1 {
+		return nil, fmt.Errorf("multiple instances found with private DNS name: %s", nodeName)
+	}
+
+	return instances[0], nil
+}
+
+// instanceShutdownByProviderID returns true if the instance is shutdown according to the cloud provider.
+func (i *instances) instanceShutdownByProviderID(ctx context.Context, providerID string) (bool, error) {
+	ec2Instance, err := i.getInstanceByProviderID(ctx, providerID)
+	if err != nil {
+		return false, err
+	}
+
+	if ec2Instance.State != nil {
+		state := aws.StringValue(ec2Instance.State.Name)
+		if state == ec2.InstanceStateNameStopping || state == ec2.InstanceStateNameStopped {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// instanceShutdownByPrivateDNSName returns true if the instance is shutdown according to the cloud provider.
+func (i *instances) instanceShutdownByPrivateDNSName(ctx context.Context, nodeName string) (bool, error) {
+	ec2Instance, err := i.getInstanceByPrivateDNSName(ctx, nodeName)
+	if err != nil {
+		return false, err
+	}
+
+	if ec2Instance.State != nil {
+		state := aws.StringValue(ec2Instance.State.Name)
+		if state == ec2.InstanceStateNameStopping || state == ec2.InstanceStateNameStopped {
+			return true, nil
+		}
+	}
+
+	return false, nil
+}
+
+// nodeAddresses for Instance returns a list of v1.NodeAddress for the give instance.
+// TODO: should we support ExternalIP by default?
+func nodeAddressesForInstance(instance *ec2.Instance) ([]v1.NodeAddress, error) {
+	if instance == nil {
+		return nil, errors.New("provided instances is nil")
+	}
+
+	addresses := []v1.NodeAddress{}
+	for _, networkInterface := range instance.NetworkInterfaces {
+		// skip network interfaces that are not currently in use
+		if aws.StringValue(networkInterface.Status) != ec2.NetworkInterfaceStatusInUse {
+			continue
+		}
+
+		for _, privateIP := range networkInterface.PrivateIpAddresses {
+			if ipAddress := aws.StringValue(privateIP.PrivateIpAddress); ipAddress != "" {
+				ip := net.ParseIP(ipAddress)
+				if ip == nil {
+					return nil, fmt.Errorf("invalid IP address %q from instance %q", ipAddress, aws.StringValue(instance.InstanceId))
+				}
+
+				addresses = append(addresses, v1.NodeAddress{
+					Type:    v1.NodeInternalIP,
+					Address: ip.String(),
+				})
+			}
+		}
+	}
+
+	return addresses, nil
+}
+
+// getInstanceProviderID returns the provider ID of an instance which is ultimately set in the node.Spec.ProviderID field.
+// The well-known format for a node's providerID is:
+//    * aws://<availability-zone>/<instance-id>
+func getInstanceProviderID(instance *ec2.Instance) (string, error) {
+	if aws.StringValue(instance.Placement.AvailabilityZone) == "" {
+		return "", errors.New("instance availability zone was not set")
+	}
+
+	if aws.StringValue(instance.InstanceId) == "" {
+		return "", errors.New("instance ID was not set")
+	}
+
+	return "aws://" + aws.StringValue(instance.Placement.AvailabilityZone) + "/" + aws.StringValue(instance.InstanceId), nil
+}
+
+// parseInstanceIDFromProviderID parses the node's instance ID based on the well-known provider ID format:
+//   * aws://<availability-zone>/<instance-id>
+// This function always assumes a valid providerID format was provided.
+func parseInstanceIDFromProviderID(providerID string) (string, error) {
+	// trim the provider name prefix 'aws://', renaming providerID should contain metadata in the format:
+	// <availability-zone>/<instance-id>
+	metadata := strings.Split(strings.TrimPrefix(providerID, "aws://"), "/")
+	return metadata[1], nil
+}
+
+var aliveFilter = []string{
+	ec2.InstanceStateNamePending,
+	ec2.InstanceStateNameRunning,
+	ec2.InstanceStateNameShuttingDown,
+	ec2.InstanceStateNameStopping,
+	ec2.InstanceStateNameStopped,
+}
+
+func newEc2Filter(name string, values ...string) *ec2.Filter {
+	filter := &ec2.Filter{
+		Name: aws.String(name),
+	}
+
+	for _, value := range values {
+		filter.Values = append(filter.Values, aws.String(value))
+	}
+
+	return filter
+}

pkg/providers/v2/instances_test.go

@@ -0,0 +1,236 @@
+/*
+Copyright 2020 The Kubernetes Authors.
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+    http://www.apache.org/licenses/LICENSE-2.0
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
+*/
+
+// Package v2 is an out-of-tree only implementation of the AWS cloud provider.
+// It is not compatible with v1 and should only be used on new clusters.
+package v2
+
+import (
+	"context"
+	"fmt"
+	"testing"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/service/ec2"
+	"github.com/google/uuid"
+	"github.com/stretchr/testify/assert"
+
+	v1 "k8s.io/api/core/v1"
+	metav1 "k8s.io/apimachinery/pkg/apis/meta/v1"
+	cloudprovider "k8s.io/cloud-provider"
+)
+
+const TestClusterID = "clusterid.test"
+
+type fakeEC2 struct {
+	instances []*ec2.Instance
+}
+
+func (f fakeEC2) DescribeInstances(request *ec2.DescribeInstancesInput) (*ec2.DescribeInstancesOutput, error) {
+	instance := &ec2.Instance{}
+	stateName := "running"
+	instance.State = &ec2.InstanceState{
+		Name: &stateName,
+	}
+	instance.Placement = &ec2.Placement{
+		AvailabilityZone: aws.String("us-west-1a"),
+	}
+	instance.NetworkInterfaces = []*ec2.InstanceNetworkInterface{
+		{
+			Status: aws.String(ec2.NetworkInterfaceStatusInUse),
+			PrivateIpAddresses: []*ec2.InstancePrivateIpAddress{
+				{
+					PrivateIpAddress: aws.String("192.168.0.2"),
+				},
+			},
+		},
+	}
+	instanceID := "i-1"
+	instance.InstanceId = &instanceID
+
+	return &ec2.DescribeInstancesOutput{
+		Reservations: []*ec2.Reservation{
+			{
+				Instances: []*ec2.Instance{
+					instance,
+				},
+			},
+		},
+	}, nil
+}
+
+func newFakeInstances() (cloudprovider.InstancesV2, error) {
+	fakeEC2 := fakeEC2{}
+	return &instances{
+		ec2: fakeEC2,
+	}, nil
+}
+
+func makeInstance(num int, privateIP, publicIP, privateDNSName, publicDNSName string, setNetInterface bool) ec2.Instance {
+	instance := ec2.Instance{
+		InstanceId:       aws.String(fmt.Sprintf("i-%d", num)),
+		PrivateDnsName:   aws.String(privateDNSName),
+		PrivateIpAddress: aws.String(privateIP),
+		PublicDnsName:    aws.String(publicDNSName),
+		PublicIpAddress:  aws.String(publicIP),
+		InstanceType:     aws.String("c3.large"),
+		Placement:        &ec2.Placement{AvailabilityZone: aws.String("us-west-1a")},
+		State: &ec2.InstanceState{
+			Name: aws.String("running"),
+		},
+	}
+	if setNetInterface == true {
+		instance.NetworkInterfaces = []*ec2.InstanceNetworkInterface{
+			{
+				Status: aws.String(ec2.NetworkInterfaceStatusInUse),
+				PrivateIpAddresses: []*ec2.InstancePrivateIpAddress{
+					{
+						PrivateIpAddress: aws.String(privateIP),
+					},
+				},
+			},
+		}
+	}
+	return instance
+}
+
+func makeNode(nodeName string, offset int) *v1.Node {
+	id := uuid.New()
+	instanceID := fmt.Sprintf("i-%v-%d", id.String(), offset)
+	instance := &ec2.Instance{}
+	instance.InstanceId = aws.String(instanceID)
+	instance.Placement = &ec2.Placement{
+		AvailabilityZone: aws.String("us-west-1a"),
+	}
+	instance.PrivateDnsName = aws.String(fmt.Sprintf("ip-172-20-0-%d.ec2.internal", 101+offset))
+	instance.PrivateIpAddress = aws.String(fmt.Sprintf("192.168.0.%d", 1+offset))
+
+	var tag ec2.Tag
+	tag.Key = aws.String("KubernetesCluster")
+	tag.Value = aws.String(TestClusterID)
+	instance.Tags = []*ec2.Tag{&tag}
+
+	providerID := "aws://us-west-1a/" + instanceID
+	return &v1.Node{
+		ObjectMeta: metav1.ObjectMeta{
+			Name: nodeName,
+		},
+		Spec: v1.NodeSpec{
+			ProviderID: providerID,
+		},
+	}
+}
+
+func TestGetInstanceProviderID(t *testing.T) {
+	instance0 := makeInstance(0, "192.168.0.1", "1.2.3.4", "instance-same.ec2.internal", "instance-same.ec2.external", true)
+	instance1 := makeInstance(1, "192.168.0.2", "", "instance-same.ec2.internal", "", false)
+	instance2 := makeInstance(2, "192.168.0.1", "1.2.3.4", "instance-other.ec2.internal", "", false)
+
+	testCases := []struct {
+		instance   ec2.Instance
+		providerID string
+	}{
+		{instance0, "aws://us-west-1a/i-0"},
+		{instance1, "aws://us-west-1a/i-1"},
+		{instance2, "aws://us-west-1a/i-2"},
+	}
+
+	for _, testCase := range testCases {
+		providerID, err := getInstanceProviderID(&testCase.instance)
+		assert.NoError(t, err)
+		assert.Equal(t, testCase.providerID, providerID)
+	}
+}
+
+func TestInstanceExists(t *testing.T) {
+	instances, err := newFakeInstances()
+	if err != nil {
+		t.Errorf("Error creating a new instance: %v", err)
+	}
+
+	for i := 0; i < 5; i++ {
+		nodeName := fmt.Sprintf("ip-172-21-32-%d.ec2.internal", i)
+
+		node := makeNode(nodeName, 2)
+		exists, err := instances.InstanceExists(context.TODO(), node)
+
+		if err != nil {
+			t.Errorf("InstanceExists failed with node %v: %v", nodeName, err)
+		}
+		if !exists {
+			t.Errorf("instance not found with node %v", nodeName)
+		}
+	}
+}
+
+func TestInstanceShutdown(t *testing.T) {
+	instances, err := newFakeInstances()
+	if err != nil {
+		t.Errorf("Error creating a new instance: %v", err)
+	}
+
+	for i := 0; i < 5; i++ {
+		nodeName := fmt.Sprintf("ip-172-21-32-%d.ec2.internal", i)
+
+		node := makeNode(nodeName, 2)
+		shutdown, err := instances.InstanceShutdown(context.TODO(), node)
+
+		if err != nil {
+			t.Errorf("InstanceShutdown failed with node %v: %v", nodeName, err)
+		}
+		if shutdown {
+			t.Errorf("instance is shutdown with node %v", nodeName)
+		}
+	}
+}
+
+func TestInstanceMetadata(t *testing.T) {
+	instances, err := newFakeInstances()
+	if err != nil {
+		t.Errorf("Error creating a new instance: %v", err)
+	}
+
+	for i := 0; i < 5; i++ {
+		nodeName := fmt.Sprintf("ip-172-21-32-%d.ec2.internal", i)
+
+		node := makeNode(nodeName, 2)
+		metadata, err := instances.InstanceMetadata(context.TODO(), node)
+
+		if err != nil {
+			t.Errorf("InstanceMetadata failed with node %v: %v", nodeName, err)
+		}
+		if metadata == nil {
+			t.Errorf("instance's metadata is nil with node %v", nodeName)
+		}
+	}
+}
+
+func TestParseInstanceIDFromProviderID(t *testing.T) {
+	testCases := []struct {
+		providerID string
+		instanceID string
+	}{
+		{"aws://eu-central-1a/i-1238asjd8asdm123", "i-1238asjd8asdm123"},
+		{"aws://us-west-2a/i-112as321asjd8asdm23", "i-112as321asjd8asdm23"},
+		{"aws://us-iso-east-1a/i-123", "i-123"},
+		{"aws://us-isob-east-1a/i-abcdef", "i-abcdef"},
+		{"aws://us-isob-east-1a/i-abCDef", "i-abCDef"},
+		{"aws://us-east-1a/8asdm23", "8asdm23"},
+	}
+
+	for _, testCase := range testCases {
+		ret, err := parseInstanceIDFromProviderID(testCase.providerID)
+		assert.NoError(t, err)
+		assert.Equal(t, testCase.instanceID, ret)
+	}
+}