Skip to content

feat: auto-tag managed ERDMA ENIs for terway coexistence#28

Open
BSWANG wants to merge 1 commit into
AliyunContainerService:mainfrom
BSWANG:main
Open

feat: auto-tag managed ERDMA ENIs for terway coexistence#28
BSWANG wants to merge 1 commit into
AliyunContainerService:mainfrom
BSWANG:main

Conversation

@BSWANG

@BSWANG BSWANG commented Jun 25, 2026

Copy link
Copy Markdown
Member

Summary

  • All ERDMA ENIs managed by this controller are now automatically tagged with terway.alibabacloud.com/excluded=true (+ instance-id), so that terway can recognize and skip them without any user-side eni_tag_filter configuration.
  • ENIs created by this controller additionally carry the existing creator=alibabacloud-erdma-controller tag (set at CreateNetworkInterface time). Pre-bound or converted ENIs only get the excluded + instance-id tags to avoid misleading ownership claims.
  • Existing nodes get their ENI tags backfilled on the next reconcile after controller upgrade (dedup'd in-memory, at most one TagResources call per ENI per process lifetime).
  • RAM policy now requires ecs:TagResources.

Test plan

  • go build ./internal/controller/... passes
  • go test ./internal/controller/... passes (existing + new TestEnsureEriTagsEmptyInputIsNoop)
  • e2e: add a multi-CardIndex node without pre-bound ENIs → verify created ENIs carry all 3 tags
  • e2e: add a node with ECS-console pre-bound ERDMA ENIs → verify only excluded + instance-id tags are added (no creator)
  • e2e: upgrade controller on existing cluster → verify backfill runs once, tags appear on existing ENIs

All ERDMA ENIs managed by this controller are now automatically tagged
with terway.alibabacloud.com/excluded=true (+ instance-id), so that
terway can recognize and skip them without any user-side eni_tag_filter
configuration.

ENIs created by this controller additionally carry the existing
creator=alibabacloud-erdma-controller tag (set at CreateNetworkInterface
time). Pre-bound or converted ENIs only get the excluded + instance-id
tags to avoid misleading ownership claims.

Existing nodes get their ENI tags backfilled on the next reconcile after
controller upgrade (dedup'd in-memory, at most one TagResources call per
ENI per process lifetime).

RAM policy now requires ecs:TagResources.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant