Skip to content

Commit

Permalink
Introduce a new environment variable ECS_EXCLUDE_IPV6_PORTBINDING
Browse files Browse the repository at this point in the history
  • Loading branch information
chienhanlin committed Sep 13, 2021
1 parent 0c1e813 commit 113c257
Show file tree
Hide file tree
Showing 9 changed files with 30 additions and 10 deletions.
20 changes: 13 additions & 7 deletions agent/api/ecsclient/client.go
Original file line number Diff line number Diff line change
Expand Up @@ -413,7 +413,7 @@ func (client *APIECSClient) SubmitTaskStateChange(change api.TaskStateChange) er

containerEvents := make([]*ecs.ContainerStateChange, len(change.Containers))
for i, containerEvent := range change.Containers {
containerEvents[i] = client.buildContainerStateChangePayload(containerEvent)
containerEvents[i] = client.buildContainerStateChangePayload(containerEvent, client.config.IPv6PortBindingExcluded.Enabled())
}

req.Containers = containerEvents
Expand Down Expand Up @@ -454,7 +454,7 @@ func (client *APIECSClient) buildManagedAgentStateChangePayload(change api.Manag
}
}

func (client *APIECSClient) buildContainerStateChangePayload(change api.ContainerStateChange) *ecs.ContainerStateChange {
func (client *APIECSClient) buildContainerStateChangePayload(change api.ContainerStateChange, iPv6PortBindingExcluded bool) *ecs.ContainerStateChange {
statechange := &ecs.ContainerStateChange{
ContainerName: aws.String(change.ContainerName),
}
Expand Down Expand Up @@ -487,27 +487,33 @@ func (client *APIECSClient) buildContainerStateChangePayload(change api.Containe
exitCode := int64(aws.IntValue(change.ExitCode))
statechange.ExitCode = aws.Int64(exitCode)
}
networkBindings := make([]*ecs.NetworkBinding, len(change.PortBindings))
for i, binding := range change.PortBindings {

networkBindings := []*ecs.NetworkBinding{}
for _, binding := range change.PortBindings {
if binding.BindIP == "::" && iPv6PortBindingExcluded {
seelog.Debugf("To exclude IPv6 port bindings: %v as IPv6 port bindings is requested to be excluded", binding)
continue
}

hostPort := int64(binding.HostPort)
containerPort := int64(binding.ContainerPort)
bindIP := binding.BindIP
protocol := binding.Protocol.String()

networkBindings[i] = &ecs.NetworkBinding{
networkBindings = append(networkBindings, &ecs.NetworkBinding{
BindIP: aws.String(bindIP),
ContainerPort: aws.Int64(containerPort),
HostPort: aws.Int64(hostPort),
Protocol: aws.String(protocol),
}
})
}
statechange.NetworkBindings = networkBindings

return statechange
}

func (client *APIECSClient) SubmitContainerStateChange(change api.ContainerStateChange) error {
pl := client.buildContainerStateChangePayload(change)
pl := client.buildContainerStateChangePayload(change, client.config.IPv6PortBindingExcluded.Enabled())
if pl == nil {
return nil
}
Expand Down
7 changes: 4 additions & 3 deletions agent/api/ecsclient/client_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -84,9 +84,10 @@ func NewMockClient(ctrl *gomock.Controller,

return NewMockClientWithConfig(ctrl, ec2Metadata, additionalAttributes,
&config.Config{
Cluster: configuredCluster,
AWSRegion: "us-east-1",
InstanceAttributes: additionalAttributes,
Cluster: configuredCluster,
AWSRegion: "us-east-1",
InstanceAttributes: additionalAttributes,
IPv6PortBindingExcluded: config.BooleanDefaultFalse{Value: config.ExplicitlyDisabled},
})
}

Expand Down
3 changes: 3 additions & 0 deletions agent/config/config.go
Original file line number Diff line number Diff line change
Expand Up @@ -591,6 +591,7 @@ func environmentConfig() (Config, error) {
FSxWindowsFileServerCapable: parseFSxWindowsFileServerCapability(),
External: parseBooleanDefaultFalseConfig("ECS_EXTERNAL"),
EnableRuntimeStats: parseBooleanDefaultFalseConfig("ECS_ENABLE_RUNTIME_STATS"),
IPv6PortBindingExcluded: parseBooleanDefaultFalseConfig("ECS_EXCLUDE_IPV6_PORTBINDING"),
}, err
}

Expand Down Expand Up @@ -623,6 +624,7 @@ func (cfg *Config) String() string {
"ContainerCreateTimeout: %v, "+
"DependentContainersPullUpfront: %v, "+
"TaskCPUMemLimit: %v, "+
"IPv6PortBindingExcluded: %v, "+
"%s",
cfg.Cluster,
cfg.AWSRegion,
Expand All @@ -640,6 +642,7 @@ func (cfg *Config) String() string {
cfg.ContainerCreateTimeout,
cfg.DependentContainersPullUpfront,
cfg.TaskCPUMemLimit,
cfg.IPv6PortBindingExcluded,
cfg.platformString(),
)
}
2 changes: 2 additions & 0 deletions agent/config/config_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -157,6 +157,7 @@ func TestEnvironmentConfig(t *testing.T) {
defer setTestEnv("ECS_CGROUP_CPU_PERIOD", "")
defer setTestEnv("ECS_PULL_DEPENDENT_CONTAINERS_UPFRONT", "true")()
defer setTestEnv("ECS_ENABLE_RUNTIME_STATS", "true")()
defer setTestEnv("ECS_EXCLUDE_IPV6_PORTBINDING", "true")()
additionalLocalRoutesJSON := `["1.2.3.4/22","5.6.7.8/32"]`
setTestEnv("ECS_AWSVPC_ADDITIONAL_LOCAL_ROUTES", additionalLocalRoutesJSON)
setTestEnv("ECS_ENABLE_CONTAINER_METADATA", "true")
Expand Down Expand Up @@ -214,6 +215,7 @@ func TestEnvironmentConfig(t *testing.T) {
assert.Equal(t, []string{"efsAuth"}, conf.VolumePluginCapabilities)
assert.True(t, conf.DependentContainersPullUpfront.Enabled(), "Wrong value for DependentContainersPullUpfront")
assert.True(t, conf.EnableRuntimeStats.Enabled(), "Wrong value for EnableRuntimeStats")
assert.True(t, conf.IPv6PortBindingExcluded.Enabled(), "Wrong value for IPv6PortBindingExcluded")
}

func TestTrimWhitespaceWhenCreating(t *testing.T) {
Expand Down
1 change: 1 addition & 0 deletions agent/config/config_unix.go
Original file line number Diff line number Diff line change
Expand Up @@ -97,6 +97,7 @@ func DefaultConfig() Config {
FSxWindowsFileServerCapable: false,
RuntimeStatsLogFile: defaultRuntimeStatsLogFile,
EnableRuntimeStats: BooleanDefaultFalse{Value: NotSet},
IPv6PortBindingExcluded: BooleanDefaultFalse{Value: ExplicitlyDisabled},
}
}

Expand Down
1 change: 1 addition & 0 deletions agent/config/config_unix_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -72,6 +72,7 @@ func TestConfigDefault(t *testing.T) {
assert.False(t, cfg.DependentContainersPullUpfront.Enabled(), "Default DependentContainersPullUpfront set incorrectly")
assert.False(t, cfg.PollMetrics.Enabled(), "ECS_POLL_METRICS default should be false")
assert.False(t, cfg.EnableRuntimeStats.Enabled(), "Default EnableRuntimeStats set incorrectly")
assert.False(t, cfg.IPv6PortBindingExcluded.Enabled(), "Default IPv6PortBindingExcluded set incorrectly")
}

// TestConfigFromFile tests the configuration can be read from file
Expand Down
1 change: 1 addition & 0 deletions agent/config/config_windows.go
Original file line number Diff line number Diff line change
Expand Up @@ -136,6 +136,7 @@ func DefaultConfig() Config {
CNIPluginsPath: filepath.Join(ecsBinaryDir, defaultCNIPluginDirName),
RuntimeStatsLogFile: filepath.Join(ecsRoot, defaultRuntimeStatsLogFile),
EnableRuntimeStats: BooleanDefaultFalse{Value: NotSet},
IPv6PortBindingExcluded: BooleanDefaultFalse{Value: ExplicitlyDisabled},
}
}

Expand Down
1 change: 1 addition & 0 deletions agent/config/config_windows_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ func TestConfigDefault(t *testing.T) {
assert.Equal(t, DefaultImagePullTimeout, cfg.ImagePullTimeout, "Default ImagePullTimeout set incorrectly")
assert.False(t, cfg.DependentContainersPullUpfront.Enabled(), "Default DependentContainersPullUpfront set incorrectly")
assert.False(t, cfg.EnableRuntimeStats.Enabled(), "Default EnableRuntimeStats set incorrectly")
assert.False(t, cfg.IPv6PortBindingExcluded.Enabled(), "Default IPv6PortBindingExcluded set incorrectly")
}

func TestConfigIAMTaskRolesReserves80(t *testing.T) {
Expand Down
4 changes: 4 additions & 0 deletions agent/config/types.go
Original file line number Diff line number Diff line change
Expand Up @@ -349,4 +349,8 @@ type Config struct {
// EnableRuntimeStats specifies if pprof should be enabled through the agent introspection port. By default, this configuration
// is set to false and can be overridden by means of the ECS_ENABLE_RUNTIME_STATS environment variable.
EnableRuntimeStats BooleanDefaultFalse

// IPv6PortBindingExcluded specifies whether agent should exclude IPv6 port bindings reported from docker. This configuration
// is set to false by default, and can be overridden by the ECS_EXCLUDE_IPV6_PORTBINDING environment variable.
IPv6PortBindingExcluded BooleanDefaultFalse
}

0 comments on commit 113c257

Please sign in to comment.