Query IMDS over IPv6 if no IPv4 interface address

[johngmyers]

Issue

Description

Queries IMDS over IPv6 if there is no non-loopback IPv4 interface address.

Checklist

• Added tests that cover your change (if possible)
• Added/modified documentation as required (such as the README.md, or the docs directory)
• Manually tested
• Made sure the title of the PR is a good description that can go into the release notes

BONUS POINTS checklist: complete for good vibes and maybe prizes?! 🤯

• Backfilled missing tests for code in same general area 🎉
• Refactored something and made the world a better place 🌟

[codecov-commenter]

Codecov Report

Base: 54.12% // Head: 54.12% // No change to project coverage 👍

Coverage data is based on head (3c8839c) compared to base (b20f899).
Patch has no changes to coverable lines.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2453   +/-   ##
=======================================
  Coverage   54.12%   54.12%           
=======================================
  Files         144      144           
  Lines        8268     8268           
=======================================
  Hits         4475     4475           
  Misses       3469     3469           
  Partials      324      324           

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

☔ View full report at Codecov.
📢 Do you have feedback about the report comment? Let us know in this issue.

[kishorj]

in case of error, why not return right away?
Are there situations where the net.InterfaceAddrs() return error, but we still want to continue processing?

[johngmyers]

The idea was to avoid any negative effects in existing cases. So if the process doesn't have permission to enumerate the interfaces, it would assume IPv4.

[M00nF1sh]

i think this check is a bit hacky.
maybe just upgrade the sdk and let users specify AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE env variable via helm chart?

[johngmyers]

Why should users have to specify AWS_EC2_METADATA_SERVICE_ENDPOINT_MODE at all?

[M00nF1sh]

this is a good catch :D

[k8s-triage-robot]

The Kubernetes project currently lacks enough contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle stale
• Mark this issue or PR as rotten with /lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle stale

[k8s-triage-robot]

The Kubernetes project currently lacks enough active contributors to adequately respond to all issues and PRs.

This bot triages issues and PRs according to the following rules:

• After 90d of inactivity, lifecycle/stale is applied
• After 30d of inactivity since lifecycle/stale was applied, lifecycle/rotten is applied
• After 30d of inactivity since lifecycle/rotten was applied, the issue is closed

You can:

• Mark this issue or PR as fresh with /remove-lifecycle rotten
• Close this issue or PR with /close
• Offer to help out with Issue Triage

Please send feedback to sig-contributor-experience at kubernetes/community.

/lifecycle rotten

[johngmyers]

/remove-lifecycle rotten

[olemarkus]

/lgtm

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: johngmyers, kishorj, olemarkus

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [kishorj]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[M00nF1sh]

to be honest, i still don't think we should do this from the controller. It should be AWSSDK-GO to automatically detect IMDS if necessary.

And this detection feels hacky to me as well, e.g. you might have IMDS only available in ipv6 but the container have some other ipv4 addresses as well(e.g. cni's dummy ipv4 addresses for ipv6 only mode).
Would be better to follow AWSSDK's practice to have the explicitly configure knob before AWSSDK have automatic detection mechanism.

[johngmyers]

I would also prefer this be done in AWSSDK-GO, but aws-sdk has stated, without any explanation or discussion, that they are not going to do that. So this would need to be done client-by-client. The PR aws/aws-sdk-go#4234 has gotten no attention in months.

The container having non-loopback IPv4 addresses is an obscure corner case and is not negatively impacted by this change. Such unusual situations can still be handled by setting the environment variable.