Kops - try computeMetadata for external IP before using ifconfig.co

rifelpet · rifelpet · commit e6f344b99641 · 2020-02-25T20:24:59.000-06:00
This logic was removed from kops-e2e-runner.sh because it wasnt falling back properly after the computeMetadata requests would fail due to workload identity being enabled on the cluster.
Now that we can use a ServiceAccount on our prow jobs that will enable access to the computeMetadata URLs, we can try to use it first before ifconfig.co.

We've also been getting occasionally blocked from ifconfig.co, presumably due to high volume, so this will help with test flakes.

The prow jobs are not yet configured with a service account but this logic can be added independently of that.
diff --git a/kubetest/kops.go b/kubetest/kops.go
@@ -26,6 +26,7 @@ import (
 	"io/ioutil"
 	"log"
 	"math/rand"
+	"net"
 	"os"
 	"os/exec"
 	"os/user"
@@ -47,6 +48,8 @@ import (
 // kopsAWSMasterSize is the default ec2 instance type for kops on aws
 const kopsAWSMasterSize = "c5.large"
 
+const externalIPURL = "http://metadata.google.internal/computeMetadata/v1/instance/network-interfaces/0/access-configs/0/external-ip"
+
 var (
 
 	// kops specific flags.
@@ -399,8 +402,12 @@ func (k kops) Up() error {
 	}
 	if k.adminAccess == "" {
 		var b bytes.Buffer
-		if err := httpRead("https://v4.ifconfig.co", &b); err != nil {
-			return err
+		err := httpReadWithHeaders(externalIPURL, map[string]string{"Metadata-Flavor": "Google"}, &b)
+		if err != nil || net.ParseIP(strings.TrimSpace(b.String())) == nil {
+			b.Reset()
+			if err := httpRead("https://v4.ifconfig.co", &b); err != nil {
+				return err
+			}
 		}
 		externalIP := strings.TrimSpace(b.String()) + "/32"
 		log.Printf("Using external IP for admin access: %v", externalIP)
diff --git a/kubetest/util.go b/kubetest/util.go
@@ -37,6 +37,32 @@ func init() {
 	httpTransport.RegisterProtocol("file", http.NewFileTransport(http.Dir("/")))
 }
 
+// Essentially curl url | writer including request headers
+func httpReadWithHeaders(url string, headers map[string]string, writer io.Writer) error {
+	log.Printf("curl %s", url)
+	c := &http.Client{Transport: httpTransport}
+	req, err := http.NewRequest("GET", url, nil)
+	if err != nil {
+		return err
+	}
+	for k, v := range headers {
+		req.Header.Add(k, v)
+	}
+	r, err := c.Do(req)
+	if err != nil {
+		return err
+	}
+	defer r.Body.Close()
+	if r.StatusCode >= 400 {
+		return fmt.Errorf("%v returned %d", url, r.StatusCode)
+	}
+	_, err = io.Copy(writer, r.Body)
+	if err != nil {
+		return err
+	}
+	return nil
+}
+
 // Essentially curl url | writer
 func httpRead(url string, writer io.Writer) error {
 	log.Printf("curl %s", url)
