Ipv6 cluster dns ip

[bwagner5]

Description of changes:

• DNS_CLUSTER_IP isn't recognized in a IPv6 cluster. It is fixed to the IP from SERVICE_IPV6_CIDR.
  • The PR enables setting DNS_CLUSTER_IP or --dns-cluster-ip in IPv6 env.
• This PR adds a local testing env via an AL2 docker image for the bootstrap script. This makes it easier and quicker to test multiple bootstrap options.

(This is a follow-up to #860 which needed to be reverted due a bug)

Testing:

$ ./test-bootstrap.sh
[+] Building 0.4s (13/13) FINISHED
 => [internal] load build definition from Dockerfile                                                                                                                                                 0.0s
 => => transferring dockerfile: 37B                                                                                                                                                                  0.0s
 => [internal] load .dockerignore                                                                                                                                                                    0.0s
 => => transferring context: 2B                                                                                                                                                                      0.0s
 => [internal] load metadata for public.ecr.aws/amazonlinux/amazonlinux:2                                                                                                                            0.3s
 => [1/8] FROM public.ecr.aws/amazonlinux/amazonlinux:2@sha256:49389ee736646dbd3245004811b7768dff5e224a2d7c36f32286f09985c047a6                                                                      0.0s
 => [internal] load build context                                                                                                                                                                    0.0s
 => => transferring context: 1.11kB                                                                                                                                                                  0.0s
 => CACHED [2/8] COPY files/kubelet-config.json /etc/kubernetes/kubelet/kubelet-config.json                                                                                                          0.0s
 => CACHED [3/8] COPY files/kubelet-kubeconfig /var/lib/kubelet/kubeconfig                                                                                                                           0.0s
 => CACHED [4/8] COPY tests/entrypoint.sh /entrypoint.sh                                                                                                                                             0.0s
 => CACHED [5/8] COPY files /etc/eks                                                                                                                                                                 0.0s
 => CACHED [6/8] COPY tests/mocks/ /sbin/                                                                                                                                                            0.0s
 => CACHED [7/8] RUN yum install -y jq                                                                                                                                                               0.0s
 => CACHED [8/8] RUN /sbin/install-imds                                                                                                                                                              0.0s
 => exporting to image                                                                                                                                                                               0.0s
 => => exporting layers                                                                                                                                                                              0.0s
 => => writing image sha256:10ddf52462d96b548b44862827fa190c01c15770ff368777a5d9ada2fe4147a2                                                                                                         0.0s
 => => naming to docker.io/library/eks-optimized-ami                                                                                                                                                 0.0s

Use 'docker scan' to run Snyk tests against images to find vulnerabilities and learn how to fix them
#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint test
---------------------------------------------STDOUT------------------------------------------------------
'/etc/eks/iptables-restore.service' -> '/etc/systemd/system/iptables-restore.service'
mocking sudo with params chown root:root /etc/systemd/system/iptables-restore.service
mocking systemctl with daemon-reload
mocking systemctl with enable iptables-restore
mocking systemctl with daemon-reload
mocking systemctl with enable docker
mocking systemctl with restart docker
mocking systemctl with enable kubelet
mocking systemctl with start kubelet
nvidia-smi not found
✅ Test "Default params should pass" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint --ip-family ipv6 test
---------------------------------------------STDOUT------------------------------------------------------
One of --service-ipv6-cidr or --dns-cluster-ip must be provided when ip-family is specified as ipv6
✅ Test "Should fail w/ "service-ipv6-cidr must be provided when ip-family is specified as ipv6"" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint --ip-family ipv6 --service-ipv6-cidr fe80::1 test
---------------------------------------------STDOUT------------------------------------------------------
'/etc/eks/iptables-restore.service' -> '/etc/systemd/system/iptables-restore.service'
mocking sudo with params chown root:root /etc/systemd/system/iptables-restore.service
mocking systemctl with daemon-reload
mocking systemctl with enable iptables-restore
mocking systemctl with daemon-reload
mocking systemctl with enable docker
mocking systemctl with restart docker
mocking systemctl with enable kubelet
mocking systemctl with start kubelet
nvidia-smi not found
✅ Test "Should return IPv6 DNS cluster IP when given service-ipv6-cidr" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint --ip-family ipv6 --dns-cluster-ip fe80::1 test
---------------------------------------------STDOUT------------------------------------------------------
'/etc/eks/iptables-restore.service' -> '/etc/systemd/system/iptables-restore.service'
mocking sudo with params chown root:root /etc/systemd/system/iptables-restore.service
mocking systemctl with daemon-reload
mocking systemctl with enable iptables-restore
mocking systemctl with daemon-reload
mocking systemctl with enable docker
mocking systemctl with restart docker
mocking systemctl with enable kubelet
mocking systemctl with start kubelet
nvidia-smi not found
✅ Test "Should return ipv6 DNS Cluster IP when given dns-cluster-ip" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint --ip-family ipv4 --dns-cluster-ip 192.168.0.1 test
---------------------------------------------STDOUT------------------------------------------------------
'/etc/eks/iptables-restore.service' -> '/etc/systemd/system/iptables-restore.service'
mocking sudo with params chown root:root /etc/systemd/system/iptables-restore.service
mocking systemctl with daemon-reload
mocking systemctl with enable iptables-restore
mocking systemctl with daemon-reload
mocking systemctl with enable docker
mocking systemctl with restart docker
mocking systemctl with enable kubelet
mocking systemctl with start kubelet
nvidia-smi not found
✅ Test "Should return IPv4 DNS Cluster IP when given dns-cluster-ip" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/bootstrap.sh --b64-cluster-ca dGVzdA== --apiserver-endpoint http://my-api-endpoint --ip-family ipv4 --service-ipv6-cidr 192.168.0.1/24 test
---------------------------------------------STDOUT------------------------------------------------------
ip-family should be ipv6 when service-ipv6-cidr is specified
✅ Test "Should fail validation - ip-family mismatch" Passed
#########################################################################################################


#########################################################################################################
/etc/eks/max-pods-calculator.sh --instance-type-from-imds --cni-version 1.7.5
---------------------------------------------STDOUT------------------------------------------------------
58
✅ Test "Should calc max-pods successfully" Passed
#########################################################################################################





===================================================================================================================
Test Summary:
===================================================================================================================
✅ Test "Default params should pass" Passed
✅ Test "Should fail w/ "service-ipv6-cidr must be provided when ip-family is specified as ipv6"" Passed
✅ Test "Should return IPv6 DNS cluster IP when given service-ipv6-cidr" Passed
✅ Test "Should return ipv6 DNS Cluster IP when given dns-cluster-ip" Passed
✅ Test "Should return IPv4 DNS Cluster IP when given dns-cluster-ip" Passed
✅ Test "Should fail validation - ip-family mismatch" Passed
✅ Test "Should calc max-pods successfully" Passed

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[suket22]

The testing of the bootstrap.sh script is awesome stuff!

[cartermckinnon]

@ravisinha0506 is a better reviewer on the actual IPV6 CIDR, DNS changes here 👍

[cartermckinnon]

I fixed a merge conflict from #1005 and asked @xr1776 to take a look, since he's recently done some work on a regression test for this issue.

[xr1776]

Can we update tests to validate DNS_CLUSTER_IP value instead of just validating against exit_code?

[cartermckinnon]

This is looking really slick @bwagner5 , really appreciate it!