Latest Ubuntu Cloud Image AMI for EKS is packaged with AWS CLI version 1.x which causes /etc/eks/bootstrap.sh to silently misconfigure the cluster DNS when the EKS cluster has a custom Service IP CIDR address
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
cloud-images |
Fix Released
|
Undecided
|
Thomas Bechtold |
Bug Description
What happened:
When an EKS cluster with a custom Kubernetes Service IP CIDR is created with Ubuntu cloud-image worker nodes, the /etc/eks/
The Ubuntu cloud-image AMI (us-east-1, EKS 1.21) is ami-04c4f2c4799
# Distro details
root@ip-
Distributor ID: Ubuntu
Description: Ubuntu 20.04.4 LTS
Release: 20.04
Codename: focal
# Kubernetes version
root@ip-
Client Version: v1.21.9
Server Version: v1.21.12-
---
What you expected to happen:
The /etc/eks/
---
How to reproduce it (as minimally and precisely as possible):
Here is a link to the /etc/eks/
In my test case, I've extracted the command of interest executed by the bootstrap.sh script:
#
# Below is the extracted command from the /etc/eks/
#
AWS_DEFAULT_
CLUSTER_
aws eks describe-cluster \
--query 'cluster.{endpoint: endpoint, serviceIpv4Cidr: kubernetesNetwo
Failure when using AWS CLI version 1.x.x. The v1 of the CLI doesn't produce a kubernetesNetwo
#
# The Ubuntu cloud-image ami-04c4f2c4799
# AMI image was retrieved for us-east-1 from: https:/
#
root@ip-
aws-cli/1.18.69 Python/3.8.10 Linux/5.
#
# The aws_describe_
#
root@ip-
None https:/
---
Anything else we need to know?:
Working when used with AWS CLI version 2.x.x
See that the 3rd field contains the custom EKS service IP CIDR address.
#
# This host is installed with version 2.7.4 of the AWS CLI
#
root@test-
aws-cli/2.7.4 Python/3.9.11 Linux/5.
#
# The same script produces the correct Service CIDR address.
#
root@test-
ipv4 https:/
---
I've also posted an issue on the Amazon-EKS-AMI github repository.
It would be great if they could enhance the bootstrap.sh script to guard against AWS CLI version requirements. Issue link: https:/
Changed in cloud-images: | |
assignee: | nobody → Thomas Bechtold (toabctl) |
GitHub maintainer said the below, which resolves my general bug described above. When the new Ubuntu Cloud AMI is created from the latest Amazon EKS AMI release, this bug should be resolved.
> We now install 2.x CLI instead of relying on the version available in the package manager. Unfortunately I don't have an update on Ubuntu's AMI, we don't track those issues here.
GitHub issues comment link: https:/ /github. com/awslabs/ amazon- eks-ami/ issues/ 963#issuecommen t-1320372621