NVIDIA / holodeck / 23802721477
48%

DEFAULT BRANCH: main
Ran
Jobs 1
Files 65
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 45.633% (-0.2%) from 45.798%
23802721477

push

github

web-flow 
fix: HA NLB hairpin routing and cleanup (#746) (#762)

* fix: switch HA NLB to internal scheme to fix hairpin routing (#746)

The internet-facing NLB resolves to a public IP. When control-plane
nodes connect to it after kubeconfig switchover, the hairpin routing
(node → IGW → NLB → same node) is not supported by AWS NLBs, causing
i/o timeouts on port 6443.

Switch to an internal NLB which gets a private VPC IP, routing traffic
directly within the VPC. Also remove the NLB DNS propagation wait since
internal NLBs resolve immediately via VPC DNS.

Fixes #746

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

* fix: use local API server on CP nodes to avoid NLB hairpin (#746)

AWS NLBs drop traffic when a registered target connects through the
NLB and gets routed back to itself (hairpin/loopback). This happens
on every control-plane node since they are all NLB targets.

Stop patching admin.conf to use the NLB endpoint on the init node.
On joining CP nodes, patch admin.conf to use localhost:6443 instead
of the NLB. The kubeadm-config ConfigMap still points to the NLB
so joining nodes and workers discover the correct endpoint.

Fixes #746

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

* fix: add NLB cleanup to periodic VPC cleaner

The periodic cleanup utility (pkg/cleanup) only handles EC2 resources
(instances, security groups, subnets, IGW, VPC). When HA clusters
create NLBs, the NLB ENIs in subnets block subnet and VPC deletion
with DependencyViolation errors.

Add ELBv2 client to the Cleaner and delete load balancers (with their
listeners and target groups) as the first step in VPC cleanup, before
instance termination. Include a 30s wait after NLB deletion for ENI
detachment.

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

---------

Signed-off-by: Carlos Eduardo Arango Gutierrez <eduardoa@nvidia.com>

16 of 85 new or added lines in 1 file covered. (18.82%)

4995 of 10946 relevant lines covered (45.63%)

0.51 hits per line

New Missed Lines in Diff

Lines Coverage File
69
64.4
 -8.02% pkg/cleanup/cleanup.go
Jobs
ID Job ID Ran Files Coverage
1 23802721477.1 65
45.63
 GitHub Action Run
Source Files on build 23802721477