chore: cleanup unneeded logic for EOL versions (#2382)

Author: fletcherw

nodeadm/internal/kubelet/config.go

@@ -208,54 +208,28 @@ func (ksc *kubeletConfig) withNodeIp(cfg *api.NodeConfig, flags map[string]strin
 	return nil
 }
 
-func (ksc *kubeletConfig) withVersionToggles(cfg *api.NodeConfig, flags map[string]string) {
-	// TODO: remove when 1.26 is EOL
-	if semver.Compare(cfg.Status.KubeletVersion, "v1.27.0") < 0 {
-		// --container-runtime flag is gone in 1.27+
-		flags["container-runtime"] = "remote"
-		// --container-runtime-endpoint moved to kubelet config start from 1.27
-		// https://github.com/kubernetes/kubernetes/blob/master/CHANGELOG/CHANGELOG-1.27.md?plain=1#L1800-L1801
-		flags["container-runtime-endpoint"] = ksc.ContainerRuntimeEndpoint
-	}
-
-	// TODO: Remove this during 1.27 EOL
-	// Enable Feature Gate for KubeletCredentialProviders in versions less than 1.28 since this feature flag was removed in 1.28.
-	if semver.Compare(cfg.Status.KubeletVersion, "v1.28.0") < 0 {
-		ksc.FeatureGates["KubeletCredentialProviders"] = true
-	}
-
-	// for K8s versions that suport API Priority & Fairness, increase our API server QPS
-	// in 1.27, the default is already increased to 50/100, so use the higher defaults
-	if semver.Compare(cfg.Status.KubeletVersion, "v1.27.0") < 0 {
-		ksc.KubeAPIQPS = ptr.Int(10)
-		ksc.KubeAPIBurst = ptr.Int(20)
-	}
-
+func (ksc *kubeletConfig) withVersionToggles(cfg *api.NodeConfig) {
 	// EKS enables DRA on 1.33+
 	if semver.Compare(cfg.Status.KubeletVersion, "v1.33.0") >= 0 {
 		ksc.FeatureGates["DynamicResourceAllocation"] = true
 	}
 }
 
 func (ksc *kubeletConfig) withCloudProvider(cfg *api.NodeConfig, flags map[string]string) {
-	if semver.Compare(cfg.Status.KubeletVersion, "v1.26.0") >= 0 {
-		// ref: https://github.com/kubernetes/kubernetes/pull/121367
-		flags["cloud-provider"] = "external"
-		// provider ID needs to be specified when the cloud provider is external
-		ksc.ProviderID = ptr.String(getProviderId(cfg.Status.Instance.AvailabilityZone, cfg.Status.Instance.ID))
-		var nodeName string
-		if api.IsFeatureEnabled(api.InstanceIdNodeName, cfg.Spec.FeatureGates) {
-			zap.L().Info("Opt-in Instance Id naming strategy")
-			nodeName = cfg.Status.Instance.ID
-		} else {
-			// the name of the Node object default to EC2 PrivateDnsName
-			// see: https://github.com/awslabs/amazon-eks-ami/pull/1264
-			nodeName = cfg.Status.Instance.PrivateDNSName
-		}
-		flags["hostname-override"] = nodeName
+	// ref: https://github.com/kubernetes/kubernetes/pull/121367
+	flags["cloud-provider"] = "external"
+	// provider ID needs to be specified when the cloud provider is external
+	ksc.ProviderID = ptr.String(getProviderId(cfg.Status.Instance.AvailabilityZone, cfg.Status.Instance.ID))
+	var nodeName string
+	if api.IsFeatureEnabled(api.InstanceIdNodeName, cfg.Spec.FeatureGates) {
+		zap.L().Info("Opt-in Instance Id naming strategy")
+		nodeName = cfg.Status.Instance.ID
 	} else {
-		flags["cloud-provider"] = "aws"
+		// the name of the Node object default to EC2 PrivateDnsName
+		// see: https://github.com/awslabs/amazon-eks-ami/pull/1264
+		nodeName = cfg.Status.Instance.PrivateDNSName
 	}
+	flags["hostname-override"] = nodeName
 }
 
 // When the DefaultReservedResources flag is enabled, override the kubelet
@@ -314,7 +288,7 @@ func (k *kubelet) GenerateKubeletConfig(cfg *api.NodeConfig) (*kubeletConfig, er
 		return nil, err
 	}
 
-	kubeletConfig.withVersionToggles(cfg, k.flags)
+	kubeletConfig.withVersionToggles(cfg)
 	kubeletConfig.withCloudProvider(cfg, k.flags)
 	kubeletConfig.withDefaultReservedResources(cfg, k.resources)
 	kubeletConfig.withImageServiceEndpoint(cfg, k.resources)

nodeadm/internal/kubelet/config_test.go

@@ -3,7 +3,6 @@ package kubelet
 import (
 	"testing"
 
-	"github.com/aws/smithy-go/ptr"
 	"github.com/awslabs/amazon-eks-ami/nodeadm/internal/api"
 	"github.com/awslabs/amazon-eks-ami/nodeadm/internal/containerd"
 	"github.com/stretchr/testify/assert"
@@ -14,24 +13,18 @@ func TestKubeletCredentialProvidersFeatureFlag(t *testing.T) {
 		kubeletVersion string
 		expectedValue  *bool
 	}{
-		{kubeletVersion: "v1.27.0", expectedValue: ptr.Bool(true)},
-		{kubeletVersion: "v1.28.0", expectedValue: nil},
+		{kubeletVersion: "v1.28.0"},
 	}
 
 	for _, test := range tests {
-		kubetConfig := defaultKubeletSubConfig()
+		kubeletConfig := defaultKubeletSubConfig()
 		nodeConfig := api.NodeConfig{
 			Status: api.NodeConfigStatus{
 				KubeletVersion: test.kubeletVersion,
 			},
 		}
-		kubetConfig.withVersionToggles(&nodeConfig, make(map[string]string))
-		kubeletCredentialProviders, present := kubetConfig.FeatureGates["KubeletCredentialProviders"]
-		if test.expectedValue == nil && present {
-			t.Errorf("KubeletCredentialProviders shouldn't be set for versions %s", test.kubeletVersion)
-		} else if test.expectedValue != nil && *test.expectedValue != kubeletCredentialProviders {
-			t.Errorf("expected %v but got %v for KubeletCredentialProviders feature gate", *test.expectedValue, kubeletCredentialProviders)
-		}
+		kubeletConfig.withVersionToggles(&nodeConfig)
+		assert.NotContainsf(t, kubeletConfig.FeatureGates, "KubeletCredentialProviders", "KubeletCredentialProviders shouldn't be set for versions %s", test.kubeletVersion)
 	}
 }
 
@@ -40,58 +33,19 @@ func TestContainerRuntime(t *testing.T) {
 		kubeletVersion           string
 		expectedContainerRuntime *string
 	}{
-		{kubeletVersion: "v1.26.0", expectedContainerRuntime: ptr.String("remote")},
-		{kubeletVersion: "v1.27.0", expectedContainerRuntime: nil},
-		{kubeletVersion: "v1.28.0", expectedContainerRuntime: nil},
+		{kubeletVersion: "v1.28.0"},
 	}
 
 	for _, test := range tests {
-		kubeletAruments := make(map[string]string)
-		kubetConfig := defaultKubeletSubConfig()
+		kubeletConfig := defaultKubeletSubConfig()
 		nodeConfig := api.NodeConfig{
 			Status: api.NodeConfigStatus{
 				KubeletVersion: test.kubeletVersion,
 			},
 		}
-		kubetConfig.withVersionToggles(&nodeConfig, kubeletAruments)
-		containerRuntime, present := kubeletAruments["container-runtime"]
-		if test.expectedContainerRuntime == nil {
-			if present {
-				t.Errorf("container-runtime shouldn't be set for versions %s", test.kubeletVersion)
-			} else {
-				assert.Equal(t, containerd.ContainerRuntimeEndpoint, kubetConfig.ContainerRuntimeEndpoint)
-			}
-		} else if test.expectedContainerRuntime != nil {
-			if *test.expectedContainerRuntime != containerRuntime {
-				t.Errorf("expected %v but got %s for container-runtime", *test.expectedContainerRuntime, containerRuntime)
-			} else {
-				assert.Equal(t, containerd.ContainerRuntimeEndpoint, kubeletAruments["container-runtime-endpoint"])
-			}
-		}
-	}
-}
+		kubeletConfig.withVersionToggles(&nodeConfig)
 
-func TestKubeAPILimits(t *testing.T) {
-	var tests = []struct {
-		kubeletVersion       string
-		expectedKubeAPIQS    *int
-		expectedKubeAPIBurst *int
-	}{
-		{kubeletVersion: "v1.26.0", expectedKubeAPIQS: ptr.Int(10), expectedKubeAPIBurst: ptr.Int(20)},
-		{kubeletVersion: "v1.27.0", expectedKubeAPIQS: nil, expectedKubeAPIBurst: nil},
-		{kubeletVersion: "v1.28.0", expectedKubeAPIQS: nil, expectedKubeAPIBurst: nil},
-	}
-
-	for _, test := range tests {
-		kubetConfig := defaultKubeletSubConfig()
-		nodeConfig := api.NodeConfig{
-			Status: api.NodeConfigStatus{
-				KubeletVersion: test.kubeletVersion,
-			},
-		}
-		kubetConfig.withVersionToggles(&nodeConfig, make(map[string]string))
-		assert.Equal(t, test.expectedKubeAPIQS, kubetConfig.KubeAPIQPS)
-		assert.Equal(t, test.expectedKubeAPIBurst, kubetConfig.KubeAPIBurst)
+		assert.Equal(t, containerd.ContainerRuntimeEndpoint, kubeletConfig.ContainerRuntimeEndpoint)
 	}
 }
 
@@ -100,9 +54,8 @@ func TestProviderID(t *testing.T) {
 		kubeletVersion        string
 		expectedCloudProvider string
 	}{
-		{kubeletVersion: "v1.25.0", expectedCloudProvider: "aws"},
-		{kubeletVersion: "v1.26.0", expectedCloudProvider: "external"},
-		{kubeletVersion: "v1.27.0", expectedCloudProvider: "external"},
+		{kubeletVersion: "v1.28.0"},
+		{kubeletVersion: "v1.33.0"},
 	}
 
 	nodeConfig := api.NodeConfig{
@@ -116,14 +69,12 @@ func TestProviderID(t *testing.T) {
 	providerId := getProviderId(nodeConfig.Status.Instance.AvailabilityZone, nodeConfig.Status.Instance.ID)
 
 	for _, test := range tests {
-		kubeletAruments := make(map[string]string)
-		kubetConfig := defaultKubeletSubConfig()
+		kubeletArguments := make(map[string]string)
+		kubeletConfig := defaultKubeletSubConfig()
 		nodeConfig.Status.KubeletVersion = test.kubeletVersion
-		kubetConfig.withCloudProvider(&nodeConfig, kubeletAruments)
-		assert.Equal(t, test.expectedCloudProvider, kubeletAruments["cloud-provider"])
-		if kubeletAruments["cloud-provider"] == "external" {
-			assert.Equal(t, *kubetConfig.ProviderID, providerId)
-			// TODO assert that the --hostname-override == PrivateDnsName
-		}
+		kubeletConfig.withCloudProvider(&nodeConfig, kubeletArguments)
+		assert.Equal(t, "external", kubeletArguments["cloud-provider"])
+		assert.Equal(t, providerId, *kubeletConfig.ProviderID)
+		// TODO assert that the --hostname-override == PrivateDnsName
 	}
 }

nodeadm/internal/kubelet/daemon.go

@@ -35,7 +35,7 @@ func (k *kubelet) Configure(cfg *api.NodeConfig) error {
 	if err := k.writeKubeconfig(cfg); err != nil {
 		return err
 	}
-	if err := k.writeImageCredentialProviderConfig(cfg); err != nil {
+	if err := k.writeImageCredentialProviderConfig(); err != nil {
 		return err
 	}
 	if err := writeClusterCaCert(cfg.Spec.Cluster.CertificateAuthority); err != nil {

nodeadm/internal/kubelet/image-credential-provider.go

@@ -9,10 +9,8 @@ import (
 	"path/filepath"
 	"text/template"
 
-	"github.com/awslabs/amazon-eks-ami/nodeadm/internal/api"
 	"github.com/awslabs/amazon-eks-ami/nodeadm/internal/util"
 	"go.uber.org/zap"
-	"golang.org/x/mod/semver"
 )
 
 const (
@@ -32,7 +30,7 @@ var (
 	imageCredentialProviderConfigPath   = path.Join(imageCredentialProviderRoot, imageCredentialProviderConfig)
 )
 
-func (k *kubelet) writeImageCredentialProviderConfig(cfg *api.NodeConfig) error {
+func (k *kubelet) writeImageCredentialProviderConfig() error {
 	// fallback default for image credential provider binary if not overridden
 	ecrCredentialProviderBinPath := path.Join(imageCredentialProviderRoot, "ecr-credential-provider")
 	if binPath, set := os.LookupEnv(ecrCredentialProviderBinPathEnvironmentName); set {
@@ -43,7 +41,7 @@ func (k *kubelet) writeImageCredentialProviderConfig(cfg *api.NodeConfig) error
 		return err
 	}
 
-	config, err := generateImageCredentialProviderConfig(cfg, ecrCredentialProviderBinPath)
+	config, err := generateImageCredentialProviderConfig(ecrCredentialProviderBinPath)
 	if err != nil {
 		return err
 	}
@@ -60,17 +58,13 @@ type imageCredentialProviderTemplateVars struct {
 	EcrProviderName    string
 }
 
-func generateImageCredentialProviderConfig(cfg *api.NodeConfig, ecrCredentialProviderBinPath string) ([]byte, error) {
+func generateImageCredentialProviderConfig(ecrCredentialProviderBinPath string) ([]byte, error) {
 	templateVars := imageCredentialProviderTemplateVars{
-		EcrProviderName: filepath.Base(ecrCredentialProviderBinPath),
-	}
-	if semver.Compare(cfg.Status.KubeletVersion, "v1.27.0") < 0 {
-		templateVars.ConfigApiVersion = "kubelet.config.k8s.io/v1alpha1"
-		templateVars.ProviderApiVersion = "credentialprovider.kubelet.k8s.io/v1alpha1"
-	} else {
-		templateVars.ConfigApiVersion = "kubelet.config.k8s.io/v1"
-		templateVars.ProviderApiVersion = "credentialprovider.kubelet.k8s.io/v1"
+		EcrProviderName:    filepath.Base(ecrCredentialProviderBinPath),
+		ConfigApiVersion:   "kubelet.config.k8s.io/v1",
+		ProviderApiVersion: "credentialprovider.kubelet.k8s.io/v1",
 	}
+
 	var buf bytes.Buffer
 	if err := imageCredentialProviderTemplate.Execute(&buf, templateVars); err != nil {
 		return nil, err

nodeadm/test/e2e/cases/image-credential-provider/expected-image-credential-provider-config-126.json

@@ -9,12 +9,6 @@ source /helpers.sh
 mock::aws
 wait::dbus-ready
 
-mock::kubelet 1.26.0
-
-nodeadm init --skip run --config-source file://config.yaml
-
-assert::json-files-equal /etc/eks/image-credential-provider/config.json expected-image-credential-provider-config-126.json
-
 mock::kubelet 1.27.0
 
 nodeadm init --skip run --config-source file://config.yaml

nodeadm/test/e2e/cases/image-credential-provider/run.sh

@@ -26,7 +26,6 @@
     "clusterDomain": "cluster.local",
     "containerRuntimeEndpoint": "unix:///run/containerd/containerd.sock",
     "featureGates": {
-        "KubeletCredentialProviders": true,
         "RotateKubeletServerCertificate": true
     },
     "hairpinMode": "hairpin-veth",

nodeadm/test/e2e/cases/kubelet-config-new-instance-type/expected-kubelet-config.json

@@ -9,7 +9,7 @@ source /helpers.sh
 config_path=/tmp/aemm-default-config.json
 cat /etc/aemm-default-config.json | jq '.metadata.values."instance-type" = "mock-type.large" | .dynamic.values."instance-identity-document".instanceType = "mock-type.large"' | tee ${config_path}
 mock::aws ${config_path}
-mock::kubelet 1.27.0
+mock::kubelet 1.28.0
 wait::dbus-ready
 
 for config in config.*; do

nodeadm/test/e2e/cases/kubelet-config-new-instance-type/run.sh

@@ -26,7 +26,6 @@
     "clusterDomain": "cluster.local",
     "containerRuntimeEndpoint": "unix:///run/containerd/containerd.sock",
     "featureGates": {
-        "KubeletCredentialProviders": true,
         "RotateKubeletServerCertificate": true
     },
     "hairpinMode": "hairpin-veth",

nodeadm/test/e2e/cases/kubelet-config-set-empty/expected-kubelet-config.json

@@ -7,7 +7,7 @@ set -o pipefail
 source /helpers.sh
 
 mock::aws
-mock::kubelet 1.27.0
+mock::kubelet 1.28.0
 wait::dbus-ready
 
 # this test covers cases where the user wants to utilize `reservedSystemCPUs`,