Skip to content

aws/ENI: Only use pagination when not specifying IDs #39120

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 14, 2025
Merged

aws/ENI: Only use pagination when not specifying IDs #39120

merged 1 commit into from
May 14, 2025

Conversation

HadrienPatte
Copy link
Member

@HadrienPatte HadrienPatte commented Apr 23, 2025
edited
Loading

Setting both IDs and a maxresult parameter in a describe call input is not possible, see AWS documentation:

If you call a describe API action with both a list of IDs and MaxResults, the request fails with the error InvalidParameterCombination.

Fixes #39106

See also #37983

Will need to be backported to 1.17

Please ensure your pull request adheres to the following guidelines:

  • For first time contributors, read Submitting a pull request
  • All code is covered by unit and/or runtime tests where feasible.
  • All commits contain a well written commit description including a title,
    description and a Fixes: #XXX line if the commit addresses a particular
    GitHub issue.
  • If your commit description contains a Fixes: <commit-id> tag, then
    please add the commit author[s] as reviewer[s] to this issue.
  • All commits are signed off. See the section Developer’s Certificate of Origin
  • Provide a title or release-note blurb suitable for the release notes.
  • Are you a user of Cilium? Please add yourself to the Users doc
  • Thanks for contributing!
aws/ENI: Only use pagination when not specifying IDs

@HadrienPatte
aws/ENI: Only use pagination when not specifying IDs
dab0a30 
Setting both IDs and a maxresult parameter in a describe call input is
not possible, see [AWS documentation](https://docs.aws.amazon.com/AWSEC2/latest/APIReference/Query-Requests.html#api-pagination):

> If you call a describe API action with both a list of IDs and MaxResults, the request fails with the error InvalidParameterCombination.

Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com>
@HadrienPatte HadrienPatte requested a review from a team as a code owner April 23, 2025 19:21
@HadrienPatte HadrienPatte requested a review from liyihuang April 23, 2025 19:21
@maintainer-s-little-helper maintainer-s-little-helper bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 23, 2025
@HadrienPatte
Copy link
Member Author

/test

@liyihuang liyihuang requested a review from antonipp April 25, 2025 16:11
@liyihuang liyihuang added area/eni Impacts ENI based IPAM. needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch release-note/bug This PR fixes an issue in a previous release of Cilium. release-note/misc This PR makes changes that have no direct user impact. labels Apr 25, 2025
@maintainer-s-little-helper maintainer-s-little-helper bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Apr 25, 2025
@liyihuang
Copy link
Contributor

Do you mind to help me understand why I dont see any issue when starting the cluster in 1.17.x. or how the CI get passed? Is it only be triggered when it reaches the certain size?

@HadrienPatte
Copy link
Member Author

The issue should only affect users that set the instance-tags-filter operator configuration option. When instance-tags-filter is unset, its default value is an empty array, so the describeNetworkInterfacesFromInstances function never gets called here and so we never reach the bad codepath.

Since that parameter is not set in the EKS CI tests, it's expected that the CI passed on the initial PR that introduced this behavior.

Currently, we hit the problematic codepath where both MaxResults and NetworkInterfaceIds are set on ENIAttrs only when len(enisListFromInstances) > 0 which happens when enisListFromInstances is not empty which depends on the result of the DescribeInstances call which depends heavily on the value of instanceAttrs.Filters which is configured through operatorOption.Config.IPAMInstanceTags so the instance-tags-filter operator configuration option.

@liyihuang
Copy link
Contributor

The issue should only affect users that set the instance-tags-filter operator configuration option. When instance-tags-filter is unset, its default value is an empty array, so the describeNetworkInterfacesFromInstances function never gets called here and so we never reach the bad codepath.

Since that parameter is not set in the EKS CI tests, it's expected that the CI passed on the initial PR that introduced this behavior.

Currently, we hit the problematic codepath where both MaxResults and NetworkInterfaceIds are set on ENIAttrs only when len(enisListFromInstances) > 0 which happens when enisListFromInstances is not empty which depends on the result of the DescribeInstances call which depends heavily on the value of instanceAttrs.Filters which is configured through operatorOption.Config.IPAMInstanceTags so the instance-tags-filter operator configuration option.

Thanks for the explaination, and it was a busy week for me.

Here is the reference for someone look into it in the future

MaxResults
The maximum number of items to return for this request. To get the next page of items, make another request with the token returned in the output. You cannot specify this parameter and the network interface IDs parameter in the same request.

https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_DescribeNetworkInterfaces.html

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label May 13, 2025
@tklauser tklauser added this pull request to the merge queue May 14, 2025
Merged via the queue into cilium:main with commit 3a59bed May 14, 2025
74 checks passed
@antonipp antonipp mentioned this pull request May 14, 2025
Merged
@nbusseneau nbusseneau mentioned this pull request May 15, 2025
Merged
9 tasks
@nbusseneau nbusseneau added backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. and removed needs-backport/1.17 This PR / issue needs backporting to the v1.17 branch labels May 15, 2025
@github-actions github-actions bot added backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. and removed backport-pending/1.17 The backport for Cilium 1.17.x for this PR is in progress. labels May 19, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@liyihuang liyihuang liyihuang approved these changes

+1 more reviewer

@antonipp antonipp antonipp approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
area/eni Impacts ENI based IPAM. backport-done/1.17 The backport for Cilium 1.17.x for this PR is done. ready-to-merge This PR has passed all tests and received consensus from code owners to merge. release-note/bug This PR fixes an issue in a previous release of Cilium. release-note/misc This PR makes changes that have no direct user impact.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

cilium-operator 1.17.3 fails to start on EKS w/ ENI allocator
5 participants
@HadrienPatte @liyihuang @antonipp @tklauser @nbusseneau