Garvin Pang

We are noticing that kubelet runs pretty close to when iptables restore runs. Due to the close proximity, we notice there are nodes with FORWARD DROP that came back from...

An update on the issue I raise. It seems like, for us, an iptable save was performed prior to startup of the node which meant we saved FORWARD DROP. On...

Not exactly. This is for if you already gave your EC2 Instance an IAM instance profile with an IAM role, this PR will pick up that IAM role

leverage the existing cred retrieval behavior https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/credentials.html#credentials-chain

This isn't on EKS so we don't really have an ARN. However looking at the code I no longer know for sure why pod wasn't found however I do believe...

I believe you are correct, looking at the logs I believe the pod datastore is synced prior to node controller starting. I do believe something is wrong but I can't...

However I think without fully finding the root cause, I am wondering if it make sense for VPC RC to perform destructive actions based purely on cached state of the...

> We have considered querying API server directly to list pods and bypass the cache previously. However, at large scale, list calls are quite expensive on the API server, etcd,...

I notice this: https://github.com/aws/amazon-vpc-resource-controller-k8s/blob/7acb50c6d8bb1ed11d151a38ed361e1128743f34/pkg/k8s/pod/converter.go#L59 which wasn't there in v1.4.6 https://github.com/aws/amazon-vpc-resource-controller-k8s/blob/v1.4.6/pkg/k8s/pod/converter.go#L59 Is this the issue? Are we skipping pods because we are referring to the address the same address where the...

Updated the AWS ticket with what we believe is the issue