cluster eni cleaner will use cluster tag filter of vpc-cni and vpc-rc (#550)

* keeping cluster tag same as vpc-cni

* adding OR filter which will use vpc-rc and vpc-cni tag

Author: yash97

controllers/crds/cninode_controller.go

@@ -128,13 +128,13 @@ func (r *CNINodeReconciler) Reconcile(ctx context.Context, req ctrl.Request) (ct
 		shouldPatch := false
 		cniNodeCopy := cniNode.DeepCopy()
 		// Add cluster name tag if it does not exist
-		val, ok := cniNode.Spec.Tags[config.CNINodeClusterNameKey]
+		val, ok := cniNode.Spec.Tags[config.VPCCNIClusterNameKey]
 		if !ok || val != r.clusterName {
 			if len(cniNodeCopy.Spec.Tags) != 0 {
-				cniNodeCopy.Spec.Tags[config.CNINodeClusterNameKey] = r.clusterName
+				cniNodeCopy.Spec.Tags[config.VPCCNIClusterNameKey] = r.clusterName
 			} else {
 				cniNodeCopy.Spec.Tags = map[string]string{
-					config.CNINodeClusterNameKey: r.clusterName,
+					config.VPCCNIClusterNameKey: r.clusterName,
 				}
 			}
 			shouldPatch = true

controllers/crds/cninode_controller_test.go

@@ -89,7 +89,7 @@ func TestCNINodeReconcile(t *testing.T) {
 				assert.NoError(t, err)
 				assert.Equal(t, res, reconcile.Result{})
 				assert.Equal(t, cniNode.Labels, map[string]string{config.NodeLabelOS: "linux"})
-				assert.Equal(t, cniNode.Spec.Tags, map[string]string{config.CNINodeClusterNameKey: mockClusterName})
+				assert.Equal(t, cniNode.Spec.Tags, map[string]string{config.VPCCNIClusterNameKey: mockClusterName})
 			},
 		},
 	}

pkg/aws/ec2/api/cleanup/eni_cleanup.go

@@ -23,7 +23,6 @@ import (
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/config"
 	rcHealthz "github.com/aws/amazon-vpc-resource-controller-k8s/pkg/healthz"
 	"github.com/aws/amazon-vpc-resource-controller-k8s/pkg/utils"
-	"github.com/samber/lo"
 
 	ec2Errors "github.com/aws/amazon-vpc-resource-controller-k8s/pkg/aws/errors"
 	"github.com/aws/aws-sdk-go-v2/aws"
@@ -38,6 +37,7 @@ import (
 // NetworkInterfaceManager interface allows to define the ENI filters and checks if ENI should be deleted for different callers like in the periodic cleanup routine or
 // during node termination
 type NetworkInterfaceManager interface {
+	// If there are multiple filters then we will OR them.
 	GetENITagFilters() []ec2types.Filter
 	ShouldDeleteENI(eniID *string) bool
 	UpdateAvailableENIsIfNeeded(eniMap *map[string]struct{})
@@ -126,18 +126,36 @@ func (e *ENICleaner) DeleteLeakedResources() error {
 	}...)
 
 	// only apply extra filters when the controller is enabled which provides cninode resources
+	var OrFilters []ec2types.Filter
+	var err error
+	var networkInterfaces []*ec2types.NetworkInterface
 	if !e.ControllerDisabled {
 		// get cleaner specific filters
-		filters = append(filters, e.Manager.GetENITagFilters()...)
-	}
-	describeNetworkInterfaceIp := &ec2.DescribeNetworkInterfacesInput{
-		Filters: filters,
-	}
+		OrFilters = e.Manager.GetENITagFilters()
+		for _, OrFilter := range OrFilters {
+			filterCopy := append([]ec2types.Filter{}, filters...)
+			filterCopy = append(filterCopy, OrFilter)
+
+			describeNetworkInterfaceIp := &ec2.DescribeNetworkInterfacesInput{
+				Filters: filterCopy,
+			}
 
-	networkInterfaces, err := e.EC2Wrapper.DescribeNetworkInterfacesPagesWithRetry(describeNetworkInterfaceIp)
-	if err != nil {
-		e.Log.Error(err, "failed to describe network interfaces, cleanup will be retried in next cycle")
-		return err
+			tempNetworkInterfaces, err := e.EC2Wrapper.DescribeNetworkInterfacesPagesWithRetry(describeNetworkInterfaceIp)
+			if err != nil {
+				e.Log.Error(err, "failed to describe network interfaces, cleanup will be retried in next cycle")
+				return err
+			}
+			networkInterfaces = append(networkInterfaces, tempNetworkInterfaces...)
+		}
+	} else {
+		describeNetworkInterfaceIp := &ec2.DescribeNetworkInterfacesInput{
+			Filters: filters,
+		}
+		networkInterfaces, err = e.EC2Wrapper.DescribeNetworkInterfacesPagesWithRetry(describeNetworkInterfaceIp)
+		if err != nil {
+			e.Log.Error(err, "failed to describe network interfaces, cleanup will be retried in next cycle")
+			return err
+		}
 	}
 
 	for _, nwInterface := range networkInterfaces {
@@ -169,9 +187,12 @@ func (e *ENICleaner) DeleteLeakedResources() error {
 				}
 				continue
 			}
-			e.Log.Info("deleted leaked ENI successfully",
-				"eniID", nwInterface.NetworkInterfaceId,
-				"instanceID", lo.TernaryF(nwInterface.Attachment == nil, func() *string { return lo.ToPtr("") }, func() *string { return nwInterface.Attachment.InstanceId }))
+			// It is possible for eni attachment to be nil, if it was never attached to instance
+			instanceID := ""
+			if nwInterface.Attachment != nil && nwInterface.Attachment.InstanceId != nil {
+				instanceID = aws.ToString(nwInterface.Attachment.InstanceId)
+			}
+			e.Log.Info("deleted leaked ENI successfully", "eni id", *nwInterface.NetworkInterfaceId, "instance id", instanceID)
 		} else {
 			// Seeing the ENI for the first time, add it to the new list of available network interfaces
 			availableENIs[*nwInterface.NetworkInterfaceId] = struct{}{}
@@ -184,11 +205,14 @@ func (e *ENICleaner) DeleteLeakedResources() error {
 }
 
 func (e *ClusterENICleaner) GetENITagFilters() []ec2types.Filter {
-	clusterNameTagKey := fmt.Sprintf(config.ClusterNameTagKeyFormat, e.ClusterName)
 	return []ec2types.Filter{
 		{
-			Name:   aws.String("tag:" + clusterNameTagKey),
-			Values: []string{config.ClusterNameTagValue},
+			Name:   aws.String("tag:" + config.VPCCNIClusterNameKey),
+			Values: []string{e.ClusterName},
+		},
+		{
+			Name:   aws.String("tag:" + fmt.Sprintf(config.VPCRCClusterNameTagKeyFormat, e.ClusterName)),
+			Values: []string{config.VPCRCClusterNameTagValue},
 		},
 	}
 }

pkg/aws/ec2/api/cleanup/eni_cleanup_test.go

@@ -33,7 +33,7 @@ import (
 var (
 	mockClusterName       = "cluster-name"
 	mockNodeID            = "i-00000000000000001"
-	mockClusterNameTagKey = fmt.Sprintf(config.ClusterNameTagKeyFormat, mockClusterName)
+	mockClusterNameTagKey = config.VPCCNIClusterNameKey
 
 	mockNetworkInterfaceId1 = "eni-000000000000000"
 	mockNetworkInterfaceId2 = "eni-000000000000001"
@@ -60,7 +60,7 @@ var (
 			},
 			{
 				Name:   aws.String("tag:" + mockClusterNameTagKey),
-				Values: []string{config.ClusterNameTagValue},
+				Values: []string{mockClusterName},
 			},
 		},
 	}
@@ -144,16 +144,53 @@ func TestENICleaner_DeleteLeakedResources(t *testing.T) {
 				return mockClusterENICleaner.ENICleaner, mockClusterENICleaner
 			},
 			prepare: func(f *fields) {
+				commonFilters := CommonNetworkInterfaceFilters
+				vpcFilter := ec2types.Filter{
+					Name:   aws.String("vpc-id"),
+					Values: []string{mockVpcId},
+				}
+
+				firstOrFilter := ec2types.Filter{
+					Name:   aws.String("tag:" + config.VPCCNIClusterNameKey),
+					Values: []string{mockClusterName},
+				}
+
+				secondOrFilter := ec2types.Filter{
+					Name:   aws.String("tag:" + fmt.Sprintf(config.VPCRCClusterNameTagKeyFormat, mockClusterName)),
+					Values: []string{config.VPCRCClusterNameTagValue},
+				}
+
+				filtersWithFirstTag := append(append(commonFilters, vpcFilter), firstOrFilter)
+				filtersWithSecondTag := append(append(commonFilters, vpcFilter), secondOrFilter)
 				gomock.InOrder(
-					// Return network interface 1 and 2 in first cycle
-					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(mockClusterTagInput).
-						Return(NetworkInterfacesWith1And2, nil),
+					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(
+						&ec2.DescribeNetworkInterfacesInput{
+							Filters: filtersWithFirstTag,
+						},
+					).Return(NetworkInterfacesWith1And2, nil),
+
+					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(
+						&ec2.DescribeNetworkInterfacesInput{
+							Filters: filtersWithSecondTag,
+						},
+					).Return([]*ec2types.NetworkInterface{}, nil),
+
 					// Return network interface 1 and 3 in the second cycle
-					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(mockClusterTagInput).
-						Return(NetworkInterfacesWith1And3, nil),
-					// Expect to delete the network interface 1
+					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(
+						&ec2.DescribeNetworkInterfacesInput{
+							Filters: filtersWithFirstTag,
+						},
+					).Return(NetworkInterfacesWith1And3, nil),
+
+					f.mockEC2Wrapper.EXPECT().DescribeNetworkInterfacesPagesWithRetry(
+						&ec2.DescribeNetworkInterfacesInput{
+							Filters: filtersWithSecondTag,
+						},
+					).Return([]*ec2types.NetworkInterface{}, nil),
+
 					f.mockEC2Wrapper.EXPECT().DeleteNetworkInterface(
-						&ec2.DeleteNetworkInterfaceInput{NetworkInterfaceId: &mockNetworkInterfaceId1}).Return(nil, nil),
+						&ec2.DeleteNetworkInterfaceInput{NetworkInterfaceId: &mockNetworkInterfaceId1},
+					).Return(nil, nil),
 				)
 			},
 			assertFirstCall: func(f *fields) {

pkg/aws/ec2/api/helper.go

@@ -69,8 +69,8 @@ func NewEC2APIHelper(ec2Wrapper EC2Wrapper, clusterName string) EC2APIHelper {
 	// Set the key and value of the cluster name tag which will be used to tag all the network interfaces created by
 	// the controller
 	clusterNameTag = ec2types.Tag{
-		Key:   aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, clusterName)),
-		Value: aws.String(config.ClusterNameTagValue),
+		Key:   aws.String(fmt.Sprintf(config.VPCRCClusterNameTagKeyFormat, clusterName)),
+		Value: aws.String(config.VPCRCClusterNameTagValue),
 	}
 	return &ec2APIHelper{ec2Wrapper: ec2Wrapper}
 }

pkg/aws/ec2/api/helper_test.go

@@ -83,8 +83,8 @@ var (
 	}
 
 	defaultClusterNameTag = ec2types.Tag{
-		Key:   aws.String(fmt.Sprintf(config.ClusterNameTagKeyFormat, clusterName)),
-		Value: aws.String(config.ClusterNameTagValue),
+		Key:   aws.String(fmt.Sprintf(config.VPCRCClusterNameTagKeyFormat, clusterName)),
+		Value: aws.String(config.VPCRCClusterNameTagValue),
 	}
 
 	createNetworkInterfaceInput = &ec2.CreateNetworkInterfaceInput{

pkg/aws/ec2/api/wrapper.go

@@ -761,6 +761,7 @@ func (e *ec2Wrapper) DescribeNetworkInterfacesPagesWithRetry(input *ec2.Describe
 				attemptInterfaces = append(attemptInterfaces, &ec2types.NetworkInterface{
 					NetworkInterfaceId: nwInterface.NetworkInterfaceId,
 					TagSet:             nwInterface.TagSet,
+					Attachment:         nwInterface.Attachment,
 				})
 			}
 

pkg/config/type.go

@@ -57,18 +57,16 @@ const (
 
 // EC2 Tags
 const (
-	ControllerTagPrefix = "vpcresources.k8s.aws/"
-	VLandIDTag          = ControllerTagPrefix + "vlan-id"
-	TrunkENIIDTag       = ControllerTagPrefix + "trunk-eni-id"
-
-	ClusterNameTagKeyFormat = "kubernetes.io/cluster/%s"
-	ClusterNameTagValue     = "owned"
-
+	ControllerTagPrefix                 = "vpcresources.k8s.aws/"
+	VLandIDTag                          = ControllerTagPrefix + "vlan-id"
+	TrunkENIIDTag                       = ControllerTagPrefix + "trunk-eni-id"
+	VPCRCClusterNameTagKeyFormat        = "kubernetes.io/cluster/%s"
+	VPCRCClusterNameTagValue            = "owned"
 	NetworkInterfaceOwnerTagKey         = "eks:eni:owner"
 	NetworkInterfaceOwnerTagValue       = "eks-vpc-resource-controller"
 	NetworkInterfaceOwnerVPCCNITagValue = "amazon-vpc-cni"
 	NetworkInterfaceNodeIDKey           = "node.k8s.amazonaws.com/instance_id"
-	CNINodeClusterNameKey               = "cluster.k8s.amazonaws.com/name"
+	VPCCNIClusterNameKey                = "cluster.k8s.amazonaws.com/name"
 )
 
 const (
@@ -129,7 +127,7 @@ var (
 	// CoolDownPeriod is the time to let kube-proxy propagates IP tables rules before assigning the resource back to new pod
 	CoolDownPeriod = time.Second * 30
 	// ENICleanUpInterval is the time interval between each dangling ENI clean up task
-	ENICleanUpInterval = time.Minute * 30
+	ENICleanUpInterval = time.Minute * 2
 )
 
 // ResourceConfig is the configuration for each resource type

pkg/k8s/wrapper.go

@@ -260,7 +260,7 @@ func (k *k8sWrapper) CreateCNINode(node *v1.Node, clusterName string) error {
 		},
 		Spec: rcv1alpha1.CNINodeSpec{
 			Tags: map[string]string{
-				fmt.Sprintf(config.CNINodeClusterNameKey): clusterName,
+				fmt.Sprintf(config.VPCCNIClusterNameKey): clusterName,
 			},
 		},
 	}

test/integration/cninode/cninode_test.go

@@ -190,7 +190,7 @@ func VerifyCNINodeFields(cniNode *v1alpha1.CNINode) {
 	// For maps, ContainElement searches through the map's values.
 	By("verifying cluster name tag is set")
 	Expect(cniNode.Spec.Tags).To(ContainElement(frameWork.Options.ClusterName))
-	Expect(config.CNINodeClusterNameKey).To(BeKeyOf(cniNode.Spec.Tags))
+	Expect(config.VPCCNIClusterNameKey).To(BeKeyOf(cniNode.Spec.Tags))
 
 	By("verifying node OS label is set")
 	Expect(cniNode.ObjectMeta.Labels).To(ContainElement(config.OSLinux))