CHANGELOG, chart, and manifest updates for VPC CNI v1.15.1 (#2610)

aws · Oct 10, 2023 · e82795a · e82795a
1 parent 9f61b23
commit e82795a
Show file tree

Hide file tree

Showing 19 changed files with 101 additions and 71 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,27 @@
 # Changelog
 
+## v1.15.1
+
+* Bug - [Do not patch CNINode for custom networking unless SGPP is enabled](https://github.com/aws/amazon-vpc-cni-k8s/pull/2591) (@jdn5126 )
+* Bug - [Pass CNINode scheme to k8s client only](https://github.com/aws/amazon-vpc-cni-k8s/pull/2570) (@jdn5126 )
+* Bug - [fix(chart): Switch base64 encoded cniConfig.fileContents to the binaryData](https://github.com/aws/amazon-vpc-cni-k8s/pull/2552) (@VLZZZ )
+* Cleanup - [chore: remove refs to deprecated io/ioutil](https://github.com/aws/amazon-vpc-cni-k8s/pull/2541) (@testwill )
+* Documentation - [Update example table 'Pod per Prefixes' value](https://github.com/aws/amazon-vpc-cni-k8s/pull/2573) (@rlaisqls )
+* Documentation - [Bandwidth plugin with NP is currently unsupported](https://github.com/aws/amazon-vpc-cni-k8s/pull/2572) (@jayanthvn )
+* Documentation - [Update the use of privileged flag in aws-vpc-cni manifest](https://github.com/aws/amazon-vpc-cni-k8s/pull/2555) (@jaydeokar )
+* Improvement - [Dependabot Updates](https://github.com/aws/amazon-vpc-cni-k8s/pull/2605) (@jdn5126 )
+* Improvement - [Update Golang Builder image](https://github.com/aws/amazon-vpc-cni-k8s/pull/2586) (@jdn5126 )
+* Improvement - [Add ENABLE_V4_EGRESS env var to control IPv4 egress in IPv6 clusters](https://github.com/aws/amazon-vpc-cni-k8s/pull/2577) (@jdn5126 )
+* Improvement - [Reduce API calls](https://github.com/aws/amazon-vpc-cni-k8s/pull/2575) (@jchen6585 )
+* Improvement - [Add cni version to userAgent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2566) (@jchen6585 )
+* Improvement - [bump controller runtime to 0.16.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2548) (@jchen6585 )
+* Improvement - [Instance limits api pkg](https://github.com/aws/amazon-vpc-cni-k8s/pull/2528) (@jchen6585 )
+* Improvement - [Mimic VPC-RC limit struture](https://github.com/aws/amazon-vpc-cni-k8s/pull/2516) (@jchen6585 )
+* Metrics - [rename warm pool metrics](https://github.com/aws/amazon-vpc-cni-k8s/pull/2569) (@lnhanks )
+* Metrics - [Only metrics](https://github.com/aws/amazon-vpc-cni-k8s/pull/2557) (@lnhanks )
+* Testing - [Remove self-managed node group from custom-networking suite](https://github.com/aws/amazon-vpc-cni-k8s/pull/2590) (@jdn5126 )
+* Testing - [Integration test cleanup: Security Groups for Pods](https://github.com/aws/amazon-vpc-cni-k8s/pull/2547) (@jdn5126 )
+
 ## v1.15.0
 
 * Feature - [Add support for VPC Resource Controller's CNINode (reintroduce #2442)](https://github.com/aws/amazon-vpc-cni-k8s/pull/2503) (@haouc )

diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-vpc-cni
-version: 1.15.0
-appVersion: "v1.15.0"
+version: 1.15.1
+appVersion: "v1.15.1"
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md
@@ -43,15 +43,15 @@ The following table lists the configurable parameters for this chart and their d
 | `enableWindowsIpam`     | Enable windows support for your cluster                 | `false`                             |
 | `enableNetworkPolicy`   | Enable Network Policy Controller and Agent for your cluster | `false`                         |
 | `fullnameOverride`      | Override the fullname of the chart                      | `aws-node`                          |
-| `image.tag`             | Image tag                                               | `v1.15.0`                           |
+| `image.tag`             | Image tag                                               | `v1.15.1`                           |
 | `image.domain`          | ECR repository domain                                   | `amazonaws.com`                     |
 | `image.region`          | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `image.endpoint`        | ECR repository endpoint to use.                         | `ecr`                               |
 | `image.account`         | ECR repository account number                           | `602401143452`                      |
 | `image.pullPolicy`      | Container pull policy                                   | `IfNotPresent`                      |
 | `image.override`        | A custom docker image to use                            | `nil`                               |
 | `imagePullSecrets`      | Docker registry pull secret                             | `[]`                                |
-| `init.image.tag`        | Image tag                                               | `v1.15.0`                           |
+| `init.image.tag`        | Image tag                                               | `v1.15.1`                           |
 | `init.image.domain`     | ECR repository domain                                   | `amazonaws.com`                     |
 | `init.image.region`     | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `init.image.endpoint`   | ECR repository endpoint to use.                         | `ecr`                               |
@@ -62,14 +62,15 @@ The following table lists the configurable parameters for this chart and their d
 | `init.securityContext`  | Init container Security context                         | `privileged: true`                  |
 | `originalMatchLabels`   | Use the original daemonset matchLabels                  | `false`                             |
 | `nameOverride`          | Override the name of the chart                          | `aws-node`                          |
-| `nodeAgent.image.tag`   | Image tag for Node Agent                                | `v1.0.2`                            |
+| `nodeAgent.image.tag`   | Image tag for Node Agent                                | `v1.0.4`                            |
 | `nodeAgent.image.domain`| ECR repository domain                                   | `amazonaws.com`                     |
 | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `nodeAgent.image.endpoint`   | ECR repository endpoint to use.                    | `ecr`                               |
 | `nodeAgent.image.account`    | ECR repository account number                      | `602401143452`                      |
 | `nodeAgent.image.pullPolicy` | Container pull policy                              | `IfNotPresent`                      |
-| `nodeAgent.securityContext`  | Node Agent container Security context              | `capabilities: add: - "NET_ADMIN" privileged: true`  |
+| `nodeAgent.securityContext`  | Node Agent container Security context              | `capabilities: add: - "NET_ADMIN" privileged: true` |
 | `nodeAgent.enableCloudWatchLogs`  | Enable CW logging for Node Agent              | `false`                             |
+| `nodeAgent.enablePolicyEventLogs` | Enable policy decision logs for Node Agent    | `false`                             |
 | `nodeAgent.metricsBindAddr` | Node Agent port for metrics                         | `8162`                              |
 | `nodeAgent.healthProbeBindAddr` | Node Agent port for health probes               | `8163`                              |
 | `nodeAgent.enableIpv6`  | Enable IPv6 support for Node Agent                      | `false`                             |
@@ -81,7 +82,7 @@ The following table lists the configurable parameters for this chart and their d
 | `podLabels`             | Labels to add to each pod                               | `{}`                                |
 | `priorityClassName`     | Name of the priorityClass                               | `system-node-critical`              |
 | `resources`             | Resources for containers in pod                         | `requests.cpu: 25m`                 |
-| `securityContext`       | Container Security context                              | `capabilities: add: - "NET_ADMIN" - "NET_RAW"`  |
+| `securityContext`       | Container Security context                              | `capabilities: add: - "NET_ADMIN" - "NET_RAW"` |
 | `serviceAccount.name`   | The name of the ServiceAccount to use                   | `nil`                               |
 | `serviceAccount.create` | Specifies whether a ServiceAccount should be created    | `true`                              |
 | `serviceAccount.annotations` | Specifies the annotations for ServiceAccount       | `{}`                                |

diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml
@@ -128,6 +128,7 @@ spec:
             - --enable-ipv6={{ .Values.nodeAgent.enableIpv6 }}
             - --enable-network-policy={{ .Values.enableNetworkPolicy }}
             - --enable-cloudwatch-logs={{ .Values.nodeAgent.enableCloudWatchLogs }}
+            - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }}
             - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }}
             - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }}
           resources:

diff --git a/charts/aws-vpc-cni/test.yaml b/charts/aws-vpc-cni/test.yaml
@@ -6,7 +6,7 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.15.0
+    tag: v1.15.1
     region: us-west-2
     pullPolicy: Always
     # Set to use custom image
@@ -18,7 +18,7 @@ init:
 
 nodeAgent:
   image:
-    tag: v1.0.2
+    tag: v1.0.4
     region: us-west-2
     pullPolicy: Always
     # Set to use custom image
@@ -29,11 +29,12 @@ nodeAgent:
       - "NET_ADMIN"
     privileged: true
   enableCloudWatchLogs: "false"
+  enablePolicyEventLogs: "false"
   enableIpv6: "false"
 
 image:
   region: us-west-2
-  tag: v1.15.0
+  tag: v1.15.1
   pullPolicy: Always
   # Set to use custom image
   # override: "repo/org/image:tag"

diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml
@@ -8,7 +8,7 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.15.0
+    tag: v1.15.1
     domain: amazonaws.com
     region: us-west-2
     endpoint: ecr
@@ -25,7 +25,7 @@ init:
 
 nodeAgent:
   image:
-    tag: v1.0.2
+    tag: v1.0.4
     domain: amazonaws.com
     region: us-west-2
     endpoint: ecr
@@ -40,12 +40,13 @@ nodeAgent:
       - "NET_ADMIN"
     privileged: true
   enableCloudWatchLogs: "false"
+  enablePolicyEventLogs: "false"
   enableIpv6: "false"
   metricsBindAddr: "8162"
   healthProbeBindAddr: "8163"
 
 image:
-  tag: v1.15.0
+  tag: v1.15.1
   domain: amazonaws.com
   region: us-west-2
   endpoint: ecr
@@ -78,7 +79,7 @@ env:
   DISABLE_NETWORK_RESOURCE_PROVISIONING: "false"
   ENABLE_IPv4: "true"
   ENABLE_IPv6: "false"
-  VPC_CNI_VERSION: "v1.15.0"
+  VPC_CNI_VERSION: "v1.15.1"
 
 # this flag enables you to use the match label that was present in the original daemonset deployed by EKS
 # You can then annotate and label the original aws-node resources and 'adopt' them into a helm release

diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: cni-metrics-helper
-version: 1.15.0
-appVersion: v1.15.0
+version: 1.15.1
+appVersion: v1.15.1
 description: A Helm chart for the AWS VPC CNI Metrics Helper
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md
@@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d
 |------------------------------|---------------------------------------------------------------|--------------------|
 | fullnameOverride             | Override the fullname of the chart                            | cni-metrics-helper |
 | image.region                 | ECR repository region to use. Should match your cluster       | us-west-2          |
-| image.tag                    | Image tag                                                     | v1.15.0            |
+| image.tag                    | Image tag                                                     | v1.15.1            |
 | image.account                | ECR repository account number                                 | 602401143452       |
 | image.domain                 | ECR repository domain                                         | amazonaws.com      |
 | env.USE_CLOUDWATCH           | Whether to export CNI metrics to CloudWatch                   | true               |

diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml
@@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper
 
 image:
   region: us-west-2
-  tag: v1.15.0
+  tag: v1.15.1
   account: "602401143452"
   domain: "amazonaws.com"
   # Set to use custom image

diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -292,7 +292,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -338,7 +338,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -358,7 +358,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -379,7 +379,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.0
+        image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.1
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -400,7 +400,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.0
+          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.1
           ports:
             - containerPort: 61678
               name: metrics
@@ -460,7 +460,7 @@ spec:
             - name: ENABLE_PREFIX_DELEGATION
               value: "false"
             - name: VPC_CNI_VERSION
-              value: "v1.15.0"
+              value: "v1.15.1"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -495,7 +495,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.2
+          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.4
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -506,6 +506,7 @@ spec:
             - --enable-ipv6=false
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
+            - --enable-policy-event-logs=false
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
           resources:

diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -292,7 +292,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -338,7 +338,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -358,7 +358,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.15.0"
+    app.kubernetes.io/version: "v1.15.1"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -379,7 +379,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.0
+        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.1
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -400,7 +400,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.0
+          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.1
           ports:
             - containerPort: 61678
               name: metrics
@@ -460,7 +460,7 @@ spec:
             - name: ENABLE_PREFIX_DELEGATION
               value: "false"
             - name: VPC_CNI_VERSION
-              value: "v1.15.0"
+              value: "v1.15.1"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -495,7 +495,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.2
+          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.4
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -506,6 +506,7 @@ spec:
             - --enable-ipv6=false
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
+            - --enable-policy-event-logs=false
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
           resources: