search

aws-quickstart / cdk-eks-blueprints

AWS Quick Start Team
Apache License 2.0
454 stars 205 forks source link

Unable to configure DISABLE_TCP_EARLY_DEMUX #1011

Closed jwilms1971 closed 4 months ago

jwilms1971 commented 4 months ago

Describe the bug

I wish to set configure my VPC CNI as follows:

const vpcCniAddOnProps: blueprints.VpcCniAddOnProps = {
    version: "v1.18.1-eksbuild.3",
    enablePodEni: true,
    disableTcpEarlyDemux: true,
    podSecurityGroupEnforcingMode: "strict",
    serviceAccountPolicies: [iam.ManagedPolicy.fromAwsManagedPolicyName("AmazonEKS_CNI_Policy")],
};

When I run the blueprint with disableTCpEarlyDemux the reported error in CloudFormation is:

Resource handler returned message: "ConfigurationValue provided in request is not supported: Json schema validation failed with error: [$.env.DISABLE_TCP_EARLY_DEMUX: is not defined in the schema and the schema does not allow additional properties] (Service: Eks, Status Code: 400, Request ID: 79d3aaab-2708-4620-952e-fc513a30ddee)" (RequestToken: 35530c55-8a59-7c67-1a08-6be7213409f0, HandlerErrorCode: InvalidRequest)

I think this issue is similar to what has been reported here and was wondering when there will be a fix for the blueprint?

https://github.com/terraform-aws-modules/terraform-aws-eks/issues/2667 https://github.com/aws/amazon-vpc-cni-k8s/issues/2491

Expected Behavior

The init container should have the flag set to true instead of current false: Init Containers: aws-vpc-cni-init: Container ID: containerd://13f9678e7b36dd3cf63a1a6e570c8e73115616f207a389fcbd5cec895efdbfe8 Image: 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.2-eksbuild.1 Image ID: 602401143452.dkr.ecr.eu-west-2.amazonaws.com/amazon-k8s-cni-init@sha256:227a943b32d8250cae375ba23c0823f62ffa33b6e4f7db8785f434e97affe8f0 Port: Host Port: State: Terminated Reason: Completed Exit Code: 0 Started: Tue, 11 Jun 2024 03:47:19 +0000 Finished: Tue, 11 Jun 2024 03:47:19 +0000 Ready: True Restart Count: 0 Requests: cpu: 25m Environment: DISABLE_TCP_EARLY_DEMUX: false <-- should be set to true ENABLE_IPv6: false AWS_STS_REGIONAL_ENDPOINTS: regional AWS_DEFAULT_REGION: eu-west-2 AWS_REGION: eu-west-2 AWS_ROLE_ARN: arn:aws:iam::1234567890:role/EksClusterStack-EksClusterStackawsnodesaRole09DBCDD-iR6cyiNR4Keg AWS_WEB_IDENTITY_TOKEN_FILE: /var/run/secrets/eks.amazonaws.com/serviceaccount/token Mounts: /host/opt/cni/bin from cni-bin-dir (rw) /var/run/secrets/eks.amazonaws.com/serviceaccount from aws-iam-token (ro) /var/run/secrets/kubernetes.io/serviceaccount from kube-api-access-5s5h2 (ro)

Current Behavior

Error prevents the CDK from running to completion (it rolls back).

Reproduction Steps

See above code snippet.

Possible Solution

No response

Additional Information/Context

No response

CDK CLI Version

2.143.0 (build 9f2bdf7)

EKS Blueprints Version

1.14.1

Node.js Version

v20.13.1

Environment details (OS name and version, etc.)

Cloud9 IDE

Other information

No response

shapirov103 commented 4 months ago

@jwilms1971 I think your pointer to the terraform issue is likely the root cause. @elamaran11 please take a look, we need to nest init config values under initEnv rather than directly under env per schema.

elamaran11 commented 4 months ago

ACK. I will work on this issue.