Skip to content

Airship 4631: Rewrite to avoid imds #26

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mmcgarr merged 10 commits into from
Apr 21, 2026
Merged

Airship 4631: Rewrite to avoid imds #26

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
75a7ccb
feat(launch_config_drift): get node info from kube api not imds
mmcgarr Apr 15, 2026
ca67d18
feat(spot_termination): get termination info from aws not imds
mmcgarr Apr 16, 2026
c9ab830
feat(base-image): update base image patch version
mmcgarr Apr 16, 2026
f407af2
feat(launch_config_drift): extend invoke interval
mmcgarr Apr 17, 2026
7be2f4e
use metadata endpoint to get instance info
mmcgarr Apr 17, 2026
ee97594
reference node-local-dns by ip
mmcgarr Apr 20, 2026
963b914
still use aws cli for comparing launch template
mmcgarr Apr 21, 2026
a25ccfc
get node-local-dns pod ip
mmcgarr Apr 21, 2026
b9273e7
cache result of describe-auto-scaling-instances
mmcgarr Apr 21, 2026
3470d6d
remove launch config drift plugin
mmcgarr Apr 21, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,16 +1,15 @@
FROM registry.k8s.io/node-problem-detector/node-problem-detector:v1.35.1
FROM registry.k8s.io/node-problem-detector/node-problem-detector:v1.35.2

RUN set -eux; \
apt-get update; \
apt-get install -y --no-install-recommends \
# required by plugin/spot_termination.sh
curl \
# required by plugin/launch_config_drift.sh
awscli \
# required by plugin/local_dns_resolver.sh
jq \
# required by local_dns_resolver.sh and upstream_dns_resolver.sh plugins
dnsutils \
; \
rm -rf /var/lib/apt/lists/*;

COPY config /config
COPY config /config
26 changes: 0 additions & 26 deletions config/aws-ec2-asg-lc-drift-plugin-monitor.json
View file
Open in desktop

This file was deleted.

5 changes: 1 addition & 4 deletions config/local-dns-resolver-config.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,10 +19,7 @@
"type": "permanent",
"condition": "NodeLocalDnsResolutionFailure",
"reason": "NodeLocalDnsResolutionFailing",
"path": "./config/plugin/local_dns_resolver.sh",
"args": [
"kube-dns-upstream.kube-system.svc.cluster.local."
]
"path": "./config/plugin/local_dns_resolver.sh"
}
]
}
36 changes: 0 additions & 36 deletions config/plugin/launch_config_drift.sh
View file
Open in desktop

This file was deleted.

16 changes: 15 additions & 1 deletion config/plugin/local_dns_resolver.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,21 @@ OK=0
NONOK=1
UNKNOWN=2

readonly local_dns_resolver_ip="$1"
if [ -z "${NODE_NAME}" ]; then
exit $UNKNOWN
fi

# Get the node-local-dns pod IP running on this node directly,
# bypassing 169.254.20.10 which requires Cilium's eBPF path
local_dns_resolver_ip="$(curl -s \
-H "Authorization: Bearer $(cat /var/run/secrets/kubernetes.io/serviceaccount/token)" \
--cacert /var/run/secrets/kubernetes.io/serviceaccount/ca.crt \
"https://${KUBERNETES_SERVICE_HOST}:${KUBERNETES_SERVICE_PORT}/api/v1/namespaces/kube-system/pods?labelSelector=k8s-app%3Dnode-local-dns&fieldSelector=spec.nodeName%3D${NODE_NAME}" \
2>/dev/null | jq -r '.items[0].status.podIP')"

if [ -z "${local_dns_resolver_ip}" ] || [ "${local_dns_resolver_ip}" = "null" ]; then
exit $UNKNOWN
fi

dig_cmd_out="$(dig -t TXT @"${local_dns_resolver_ip}" +tries=1 +retry=0 +time=33 +noqr +noall +comments kubernetes.default.svc. 2>&1)"
dig_cmd_return_code="$?"
Expand Down
Loading