Find pods which IP is not part of a ENI attached to the one of the cluster EC2 instances (for AWS CNI plugin)

find-orphan-pods.rb

#!/usr/bin/env ruby
require "json"
require "aws-sdk-ec2"

# Usage: bundle exec ruby find-orphan-pods.rb <cluster-name>
# NOTE: make user to point kubectl to the right context!
#
# Returns a list of pods which aren't using an attached ENI and so don't have
# network connectivity

CLUSTER_NAME = ARGV[0]

def get_pods
  JSON.parse(`kubectl get pods --all-namespaces -o json`)["items"]
end

def get_pod_ip(pod)
  pod["status"]["podIP"]
end

def get_pod_ips(pods)
  pods.map do |pod|
    get_pod_ip(pod)
  end
end

def get_eni_ips
  ec2_client = Aws::EC2::Client.new

  # get ec2 instances
  instances = ec2_client.describe_instances(
    filters:[
      { name: 'tag-key', values: ['eks:cluster-name'] },
      { name: 'tag-value', values: [CLUSTER_NAME] }
    ]
  ).reservations.map(&:instances).flatten

  # get network_interfaces
  enis = instances.map do |instance|
    instance.network_interfaces
  end

  # get ips from network_interfaces
  enis.flatten.map do |eni|
    eni.private_ip_addresses.map(&:private_ip_address)
  end.flatten
end

pods = get_pods()
orphan_ips = get_pod_ips(pods) - get_eni_ips()

if orphan_ips.empty?
  puts "No pods are using orphan IP"
else
  puts "Found pods with orphan IP"
  puts
  puts "IP, NAMESPACE, NAME, STATUS"
  orphan_ips.each do |ip|
    filtered_pods = pods.select do |pod|
      get_pod_ip(pod) == ip
    end

    filtered_pods.each do |pod|
      namespace = pod["metadata"]["namespace"]
      name = pod["metadata"]["name"]
      status = pod["status"]["phase"]
      puts "#{ip}, #{namespace}, #{name}, #{status}"
    end
  end
end