Merge branch 'main' into network-interface-support

Author: ryan-mist

hack/release/common.sh

@@ -194,15 +194,15 @@ removeOldWebsiteDirectories() {
   # preview, docs, and v1.0 are special directories that we always propagate into the set of directory options
   # Keep the v1.0 version around while we are supporting v1beta1 migration
   # Drop it once we no longer want to maintain the v1.00 version in the docs
-  last_n_versions=$(find website/content/en/* -maxdepth 0 -type d -name "*" | grep -v "preview\|docs\|v1.0" | sort | tail -n "${n}")
+  last_n_versions=$(find website/content/en/* -maxdepth 0 -type d -name "*" | grep -v "preview\|docs\|v1.0" | sort -V | tail -n "${n}")
   last_n_versions+=$(echo -e "\nwebsite/content/en/preview")
   last_n_versions+=$(echo -e "\nwebsite/content/en/docs")
   last_n_versions+=$(echo -e "\nwebsite/content/en/v1.0")
   all=$(find website/content/en/* -maxdepth 0 -type d -name "*")
 
   ## symmetric difference
   # shellcheck disable=SC2086
-  comm -3 <(sort <<< ${last_n_versions}) <(sort <<< ${all}) | tr -d '\t' | xargs -r -n 1 rm -r
+  comm -3 <(sort <<< "${last_n_versions}") <(sort <<< "${all}") | tr -d '\t' | xargs -r -n 1 rm -r
 }
 
 editWebsiteConfig() {

pkg/controllers/nodeclass/validation.go

@@ -273,26 +273,38 @@ func (v *Validation) validateRunInstancesAuthorization(
 	tags map[string]string,
 	launchTemplate *launchtemplate.LaunchTemplate,
 ) (result reconcile.Result, err error) {
-	runInstancesInput := getRunInstancesInput(nodeClass, tags, launchTemplate)
-	// Adding NopRetryer to avoid aggressive retry when rate limited
-	if _, err = v.ec2api.RunInstances(ctx, runInstancesInput, func(o *ec2.Options) {
-		o.Retryer = aws.NopRetryer{}
-	}); awserrors.IgnoreDryRunError(err) != nil {
-		// If we get InstanceProfile NotFound, but we have a resolved instance profile in the status,
-		// this means there is most likely an eventual consistency issue and we just need to requeue
-		if awserrors.IsInstanceProfileNotFound(err) || awserrors.IsRateLimitedError(err) || awserrors.IsServerError(err) {
-			return reconcile.Result{Requeue: true}, nil
-		}
-		if awserrors.IgnoreUnauthorizedOperationError(err) != nil {
-			// Dry run should only ever return UnauthorizedOperation or DryRunOperation so if we receive any other error
-			// it would be an unexpected state
-			return reconcile.Result{}, fmt.Errorf("validating ec2:RunInstances authorization, %w", err)
+	// We use the first subnet's error to determine the outcome. Mixed-error scenarios across subnets
+	// are unlikely in practice since authorization policies are not subnet-specific, and transient
+	// failures on individual subnets are already handled by the early-exit-on-success pattern.
+	var firstSubnetErr error
+	for i, subnet := range nodeClass.Status.Subnets {
+		runInstancesInput := getRunInstancesInput(tags, launchTemplate, nodeClass.NetworkInterfaces(), &subnet)
+		if _, err = v.ec2api.RunInstances(ctx, runInstancesInput, func(o *ec2.Options) {
+			// Adding NopRetryer to avoid aggressive retry when rate limited
+			o.Retryer = aws.NopRetryer{}
+		}); awserrors.IgnoreDryRunError(err) != nil {
+			if i == 0 {
+				firstSubnetErr = err
+			}
+		} else {
+			// if any of them succeed, we can exit early
+			return reconcile.Result{}, nil
 		}
-		log.FromContext(ctx).Error(err, "unauthorized to call ec2:RunInstances")
-		v.updateCacheOnFailure(nodeClass, tags, ConditionReasonRunInstancesAuthFailed)
-		return reconcile.Result{RequeueAfter: requeueAfterTime}, nil
 	}
-	return reconcile.Result{}, nil
+
+	// If we get InstanceProfile NotFound, but we have a resolved instance profile in the status,
+	// this means there is most likely an eventual consistency issue and we just need to requeue
+	if awserrors.IsInstanceProfileNotFound(firstSubnetErr) || awserrors.IsRateLimitedError(firstSubnetErr) || awserrors.IsServerError(firstSubnetErr) {
+		return reconcile.Result{Requeue: true}, nil
+	}
+	if awserrors.IgnoreUnauthorizedOperationError(firstSubnetErr) != nil {
+		// Dry run should only ever return UnauthorizedOperation or DryRunOperation so if we receive any other error
+		// it would be an unexpected state
+		return reconcile.Result{}, fmt.Errorf("validating ec2:RunInstances authorization, %w", firstSubnetErr)
+	}
+	log.FromContext(ctx).Error(firstSubnetErr, "unauthorized to call ec2:RunInstances")
+	v.updateCacheOnFailure(nodeClass, tags, ConditionReasonRunInstancesAuthFailed)
+	return reconcile.Result{RequeueAfter: requeueAfterTime}, nil
 }
 
 func (*Validation) requiredConditions() []string {
@@ -336,9 +348,10 @@ func (v *Validation) clearCacheEntries(nodeClass *v1.EC2NodeClass) {
 }
 
 func getRunInstancesInput(
-	nodeClass *v1.EC2NodeClass,
 	tags map[string]string,
 	launchTemplate *launchtemplate.LaunchTemplate,
+	networkInterfaces []*v1.NetworkInterface,
+	subnet *v1.Subnet,
 ) *ec2.RunInstancesInput {
 	return &ec2.RunInstancesInput{
 		DryRun:   lo.ToPtr(true),
@@ -349,7 +362,7 @@ func getRunInstancesInput(
 			Version:            lo.ToPtr("$Latest"),
 		},
 		InstanceType:      ec2types.InstanceType(launchTemplate.InstanceTypes[0].Name),
-		NetworkInterfaces: getNetworkInterfacesInput(nodeClass),
+		NetworkInterfaces: getNetworkInterfacesInput(networkInterfaces, subnet),
 		TagSpecifications: []ec2types.TagSpecification{
 			{
 				ResourceType: ec2types.ResourceTypeInstance,
@@ -508,21 +521,21 @@ func getAMICompatibleInstanceTypes(instanceTypes []*cloudprovider.InstanceType,
 	return selectedInstanceTypes
 }
 
-func getNetworkInterfacesInput(nodeClass *v1.EC2NodeClass) []ec2types.InstanceNetworkInterfaceSpecification {
+func getNetworkInterfacesInput(ncNetworkInterfaces []*v1.NetworkInterface, subnet *v1.Subnet) []ec2types.InstanceNetworkInterfaceSpecification {
 	defaultInterface := []ec2types.InstanceNetworkInterfaceSpecification{
 		{
 			DeviceIndex: lo.ToPtr[int32](0),
-			SubnetId:    lo.ToPtr(nodeClass.Status.Subnets[0].ID),
+			SubnetId:    lo.ToPtr(subnet.ID),
 		},
 	}
-	networkInterfaces := lo.Ternary(nodeClass.NetworkInterfaces() == nil,
+	networkInterfaces := lo.Ternary(ncNetworkInterfaces == nil,
 		defaultInterface,
-		lo.Map(nodeClass.NetworkInterfaces(), func(networkInterface *v1.NetworkInterface, _ int) ec2types.InstanceNetworkInterfaceSpecification {
+		lo.Map(ncNetworkInterfaces, func(networkInterface *v1.NetworkInterface, _ int) ec2types.InstanceNetworkInterfaceSpecification {
 			return ec2types.InstanceNetworkInterfaceSpecification{
 				NetworkCardIndex: lo.ToPtr(networkInterface.NetworkCardIndex),
 				DeviceIndex:      lo.ToPtr(networkInterface.DeviceIndex),
 				InterfaceType:    lo.ToPtr(string(networkInterface.InterfaceType)),
-				SubnetId:         lo.ToPtr(nodeClass.Status.Subnets[0].ID),
+				SubnetId:         lo.ToPtr(subnet.ID),
 			}
 		}))
 	return networkInterfaces

pkg/controllers/nodeclass/validation_test.go

@@ -263,14 +263,23 @@ var _ = Describe("NodeClass Validation Status Controller", func() {
 			Entry("should update status condition as NotReady when RunInstances unauthorized", func() {
 				awsEnv.EC2API.RunInstancesBehavior.Error.Set(&smithy.GenericAPIError{
 					Code: "UnauthorizedOperation",
-				}, fake.MaxCalls(1))
+				}, fake.MaxCalls(4))
 			}, nodeclass.ConditionReasonRunInstancesAuthFailed),
 			Entry("should update status condition as NotReady when CreateLaunchTemplate unauthorized", func() {
 				awsEnv.EC2API.CreateLaunchTemplateBehavior.Error.Set(&smithy.GenericAPIError{
 					Code: "UnauthorizedOperation",
 				}, fake.MaxCalls(1))
 			}, nodeclass.ConditionReasonCreateLaunchTemplateAuthFailed),
 		)
+		It("should succeed RunInstances validation when first subnet returns 500 but another subnet succeeds", func() {
+			// Fail the first RunInstances call (first subnet) with a server error,
+			// then let subsequent calls (remaining subnets) succeed via the default dry-run path
+			awsEnv.EC2API.RunInstancesBehavior.Error.Set(fmt.Errorf("InternalError"), fake.MaxCalls(1))
+			ExpectApplied(ctx, env.Client, nodeClass)
+			ExpectObjectReconciled(ctx, env.Client, controller, nodeClass)
+			nodeClass = ExpectExists(ctx, env.Client, nodeClass)
+			Expect(nodeClass.StatusConditions().Get(v1.ConditionTypeValidationSucceeded).IsTrue()).To(BeTrue())
+		})
 		Context("Windows AMI Validation", func() {
 			DescribeTable(
 				"should fallback to static instance types when windows ami is used",

website/assets/js/offline-search.js

@@ -0,0 +1,250 @@
+// Adapted from code by Matt Walters https://www.mattwalters.net/posts/2018-03-28-hugo-and-lunr/
+// Modified to filter search results to only show those from the currently selected version.
+
+(function ($) {
+    'use strict';
+
+    // Detect the current version from the URL path.
+    // The first path segment is typically the version (e.g., "v1.9", "preview", "docs").
+    // On the homepage (no path segments), default to "docs" (the latest version's content).
+    function getCurrentVersion() {
+        const pathSegments = window.location.pathname.split('/').filter(Boolean);
+        if (pathSegments.length > 0) {
+            return pathSegments[0];
+        }
+        // On the homepage, default to showing results from the latest version ("docs")
+        return 'docs';
+    }
+
+    // Extract the version prefix from a search result ref (e.g., "/v1.9/concepts/..." -> "v1.9").
+    function getVersionFromRef(ref) {
+        const segments = ref.split('/').filter(Boolean);
+        if (segments.length > 0) {
+            return segments[0];
+        }
+        return '';
+    }
+
+    // Filter results to only include those from the current version.
+    function filterToCurrentVersion(results, currentVersion) {
+        if (!currentVersion) {
+            return results;
+        }
+
+        return results.filter((r) => {
+            const resultVersion = getVersionFromRef(r.ref);
+            return resultVersion === currentVersion;
+        });
+    }
+
+    $(document).ready(function () {
+        const $searchInput = $('.td-search input');
+
+        //
+        // Options for popover
+        //
+
+        $searchInput.data('html', true);
+        $searchInput.data('placement', 'bottom');
+        $searchInput.data(
+            'template',
+            '<div class="td-offline-search-results popover" role="tooltip"><div class="arrow"></div><h3 class="popover-header"></h3><div class="popover-body"></div></div>'
+        );
+
+        //
+        // Register handler
+        //
+
+        $searchInput.on('change', (event) => {
+            render($(event.target));
+
+            // Hide keyboard on mobile browser
+            $searchInput.blur();
+        });
+
+        // Prevent reloading page by enter key on sidebar search.
+        $searchInput.closest('form').on('submit', () => {
+            return false;
+        });
+
+        //
+        // Lunr
+        //
+
+        let idx = null; // Lunr index
+        const resultDetails = new Map(); // Will hold the data for the search results (titles and summaries)
+
+        // Set up for an Ajax call to request the JSON data file that is created by Hugo's build process
+        $.ajax($searchInput.data('offline-search-index-json-src')).then(
+            (data) => {
+                idx = lunr(function () {
+                    this.ref('ref');
+
+                    // If you added more searchable fields to the search index, list them here.
+                    // Here you can specify searchable fields to the search index - e.g. individual toxonomies for you project
+                    // With "boost" you can add weighting for specific (default weighting without boost: 1)
+                    this.field('title', { boost: 5 });
+                    this.field('categories', { boost: 3 });
+                    this.field('tags', { boost: 3 });
+                    // this.field('projects', { boost: 3 }); // example for an individual toxonomy called projects
+                    this.field('description', { boost: 2 });
+                    this.field('body');
+
+                    data.forEach((doc) => {
+                        this.add(doc);
+
+                        resultDetails.set(doc.ref, {
+                            title: doc.title,
+                            excerpt: doc.excerpt,
+                        });
+                    });
+                });
+
+                $searchInput.trigger('change');
+            }
+        );
+
+        const render = ($targetSearchInput) => {
+            // Dispose the previous result
+            $targetSearchInput.popover('dispose');
+
+            //
+            // Search
+            //
+
+            if (idx === null) {
+                return;
+            }
+
+            const searchQuery = $targetSearchInput.val();
+            if (searchQuery === '') {
+                return;
+            }
+
+            const rawResults = idx
+                .query((q) => {
+                    const tokens = lunr.tokenizer(searchQuery.toLowerCase());
+                    tokens.forEach((token) => {
+                        const queryString = token.toString();
+                        q.term(queryString, {
+                            boost: 100,
+                        });
+                        q.term(queryString, {
+                            wildcard:
+                                lunr.Query.wildcard.LEADING |
+                                lunr.Query.wildcard.TRAILING,
+                            boost: 10,
+                        });
+                        q.term(queryString, {
+                            editDistance: 2,
+                        });
+                    });
+                });
+
+            // Filter to current version FIRST, then slice to max results.
+            // This ensures we get the full set of relevant results for the
+            // selected version instead of slicing across all versions first.
+            const currentVersion = getCurrentVersion();
+            const results = filterToCurrentVersion(rawResults, currentVersion)
+                .slice(
+                    0,
+                    $targetSearchInput.data('offline-search-max-results')
+                );
+
+            //
+            // Make result html
+            //
+
+            const $html = $('<div>');
+
+            $html.append(
+                $('<div>')
+                    .css({
+                        display: 'flex',
+                        justifyContent: 'space-between',
+                        marginBottom: '1em',
+                    })
+                    .append(
+                        $('<span>')
+                            .text('Search results')
+                            .css({ fontWeight: 'bold' })
+                    )
+                    .append(
+                        $('<span>')
+                            .addClass('td-offline-search-results__close-button')
+                    )
+            );
+
+            const $searchResultBody = $('<div>').css({
+                maxHeight: `calc(100vh - ${
+                    $targetSearchInput.offset().top -
+                    $(window).scrollTop() +
+                    180
+                }px)`,
+                overflowY: 'auto',
+            });
+            $html.append($searchResultBody);
+
+            if (results.length === 0) {
+                $searchResultBody.append(
+                    $('<p>').text(`No results found for query "${searchQuery}"`)
+                );
+            } else {
+                results.forEach((r) => {
+                    const doc = resultDetails.get(r.ref);
+                    const href =
+                        $searchInput.data('offline-search-base-href') +
+                        r.ref.replace(/^\//, '');
+
+                    const resultVersion = getVersionFromRef(r.ref);
+                    const $entry = $('<div>').addClass('mt-4');
+
+                    // Show version badge and path
+                    const $meta = $('<small>').addClass('d-block text-muted');
+                    if (resultVersion) {
+                        const $versionBadge = $('<span>')
+                            .text(resultVersion)
+                            .css({
+                                display: 'inline-block',
+                                padding: '0 0.4em',
+                                marginRight: '0.5em',
+                                fontSize: '0.85em',
+                                fontWeight: '600',
+                                borderRadius: '3px',
+                                backgroundColor: resultVersion === currentVersion ? '#0d6efd' : '#6c757d',
+                                color: '#fff',
+                            });
+                        $meta.append($versionBadge);
+                    }
+                    $meta.append(document.createTextNode(r.ref));
+                    $entry.append($meta);
+
+                    $entry.append(
+                        $('<a>')
+                            .addClass('d-block')
+                            .css({
+                                fontSize: '1.2rem',
+                            })
+                            .attr('href', href)
+                            .text(doc.title)
+                    );
+
+                    $entry.append($('<p>').text(doc.excerpt));
+
+                    $searchResultBody.append($entry);
+                });
+            }
+
+            $targetSearchInput.on('shown.bs.popover', () => {
+                $('.td-offline-search-results__close-button').on('click', () => {
+                    $targetSearchInput.val('');
+                    $targetSearchInput.trigger('change');
+                });
+            });
+
+            $targetSearchInput
+                .data('content', $html[0])
+                .popover('show');
+        };
+    });
+})(jQuery);