Recent versions of IPAMD are run with no command environment
thefirstofthe300 opened this issue · 2 comments
What happened:
I set the AWS_REGION=us-iso-east-1 environment variable. IPAMD appears to be running using the EC2 instances metadata since the EC2 instance is in the us-east-1 region. The reason for this strange use case is to test our software in a normal AWS account against an environment which emulates the airgapped ISO regions.
What you expected to happen:
IPAMD to run using us-iso-east-1 as the region.
How to reproduce it (as minimally and precisely as possible):
Set AWS_REGION on VPC CNI v1.14.1 to a region other than the EC2 instances region.
Looking at the way that IPAMD is started, the container environment appears to be getting dropped when starting IPAMD:
https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.14.1/cmd/aws-vpc-cni/main.go#L383-L390
https://pkg.go.dev/os/exec#example-Command-Environment
Environment:
- Kubernetes version (use
kubectl version):
Kustomize Version: v4.5.7
Server Version: version.Info{Major:"1", Minor:"23", GitVersion:"v1.23.17", GitCommit:"953be8927218ec8067e1af2641e540238ffd7576", GitTreeState:"clean", BuildDate:"2023-02-22T13:27:46Z", GoVersion:"go1.19.6", Compiler:"gc", Platform:"linux/amd64"}```
- CNI Version: v1.14.1
- OS (e.g: `cat /etc/os-release`): Ubuntu 22.04
Upon further reading of the Go docs, I'm not sure this is a bug since a nil Env slice will result in the parent process's environment being utilized: https://cs.opensource.google/go/go/+/refs/tags/go1.21.1:src/os/exec/exec.go;l=161-169
I still have the issue of not being able to set my AWS region but that's because it's hard coded to use the region provided by the IMDS: https://github.com/aws/amazon-vpc-cni-k8s/blob/master/pkg/awsutils/awsutils.go#L400-L404
⚠️ COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.