Releases: aws/amazon-vpc-cni-k8s
v1.5.7 Release
v1.5.7
The CNI v1.5.7 release finally add the last piece needed to complete #246 and close #662. Both of them caused by having a too old version of iptables in the base image.
- Improvement - New AL2 base image with iptables-1.8.2 (@mogren)
- Improvement - Set the
-buildmode=pieflag for the binaries (@mogren) - Improvement - Disable IPv6 RA and ICMP redirects on host-side veth (@anguslees)
The cni-metrics-helper has also been updated to use the latest AL2 base image.
To use version v1.5.7 of the AWS CNI in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5.7/config/v1.5/aws-k8s-cni.yaml
To use version v1.5.7 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5.7/config/v1.5/cni-metrics-helper.yaml
v1.6.0 Release
This release adds a lot of new improvements and some long anticipated features. The most disruptive change is that ipamd now needs the CRI socket mounted in the pod instead of calling the docker API directly.
Note! If you edit an existing aws-node deployment, make sure to mount /var/run/dockershim.sock correctly!
A big thanks to everyone who contributed to this release: @adammw, @ajayk, @asheldon, @chendotjs, @dkeightley, @drakedevel, @euank, @gavinbunney, @jacksontj, @jaypipes, @Jeffwan, @nckturner, @nithu0115, @rudoi, @tatatodd, @totahuanocotl, @rewiko, @yorg1st, @uruddarraju and @Zyqsempai.
v1.6.0 Changelog
- Feature - Add fallback to fetch limits from EC2 API (#782, @mogren)
- Feature - Additional tags to ENI (#734, @nithu0115)
- Feature - Add support for a 'no manage' tag (#726, @euank)
- Feature - Use CRI to obtain pod sandbox IDs instead of Kubernetes API (#714, @drakedevel)
- Feature - Add support for listening on unix socket for introspection endpoint (#713, @adammw)
- Feature - Add MTU to the plugin config (#676, @mogren)
- Feature - Clean up leaked ENIs on startup (#624, @mogren)
- Feature - Introduce a minimum target for ENI IPs (#612, @asheldon)
- Feature - Allow peered VPC CIDRs to be excluded from SNAT (#520, @totahuanocotl, @rewiko, @yorg1st)
- Feature - Get container ID from kube rather than docker (#371, @rudoi)
- Improvement - Place binaries in cmd/ and packages in pkg/ (#815, @jaypipes)
- Improvement - De-dupe calls to DescribeNetworkInterfaces (#808, @jaypipes)
- Improvement - Update RollingUpdate strategy to allow 10% unavailable (#805, @gavinbunney)
- Improvement - Bump github.com/vishvananda/netlink version from 1.0.0 to 1.1.0 (#802, @ajayk)
- Improvement - Adding node affinity for Fargate (#792, @nithu0115)
- Improvement - Force ENI/IP reconciliation to delete from the datastore (#754, @tatatodd)
- Improvement - Use dockershim.sock for CRI (#751, @mogren)
- Improvement - Treating ErrUnknownPod from ipamd to be a noop (#750, @uruddarraju)
- Improvement - Copy CNI plugin and config in entrypoint not agent (#735, @jaypipes)
- Improvement - Adding m6g instance types (#742, Srini Ramabadran)
- Improvement - Remove deprecated session.New method (#729, @nithu0115)
- Improvement - Scope watch on "pods" to only pods associated with the local node (#716, @jacksontj)
- Improvement - Update ENI limits to match documentation (#710, @mogren)
- Improvement - Reduce image layers and strip debug flags (#699, @mogren)
- Improvement - Add run-integration-tests.sh script (#698, @nckturner)
- Improvement - Return the error from ipamd to plugin (#688, @mogren)
- Improvement - Bump aws-sdk-go to v1.23.13 (#681, @mogren)
- Improvement - Add support for m5n/m5dn/r5n/r5dn instances (#657, @Jeffwan)
- Improvement - Add IPs to the first ENI on startup (#648, @mogren)
- Improvement - Add shutdown listener (#645, @mogren)
- Improvement - Made timeouts exponential (#640, @Zyqsempai)
- Improvement - Remove vendor folder (#635, @mogren)
- Improvement - Update protobuf to v1.3.2 (#633, @mogren)
- Improvement - Reduce log level to Trace for the most common Debug lines (#631, @mogren)
- Improvement - Bump grpc version to v1.23.1 (#629, @mogren)
- Improvement - Add inCoolingPeriod for AddressInfo (#627, @chendotjs)
- Improvement - Added retryNbackoff for tagENI method (#626, @nithu0115)
- Improvement - Update backoff code from upstream and use when detaching ENIs (#623, @mogren)
- Improvement - Update kubeconfig lookup with eksctl clusters (#513, @dkeightley)
- Improvement - Fix introspection port in troubleshooting docs (#512, @drakedevel)
- Bug fix - Log security groups correctly (#646, @mogren)
- Bug fix - Fix WARM_ENI_TARGET=0 (#587, @mogren)
To use version v1.6.0 of the AWS CNI in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/aws-k8s-cni.yaml
To use version v1.6.0 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/cni-metrics-helper.yaml
v1.6.0 Release Candidate 6
Sixth and final release candidate of CNI v1.6.0. Changes include fetching IP and ENI limits for unknown instance types from the EC2 API, a reduction in number of calls made to DescribeNetworkInterfaces, faster roll outs for large clusters and some package cleanup.
Note! This release is not yet meant for production use, it is still being tested.
Note! The release candidate images are only available in us-west-2
- Add fallback to fetch limits from EC2 API (#782)
- Add node anti-affinity for Fargate (#792)
- De-dupe calls to DescribeNetworkInterfaces (#809)
- Update RollingUpdate strategy to allow 10% unavailable (#805)
- Place binaries in cmd/ and packages in pkg/ (#815)
If you want to test this release candidate in your own cluster, you need to make a new deployment aws-node daemonset:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/aws-k8s-cni.yaml
If you instead edit your current deployment, make sure to mount /var/run/dockershim.sock correctly!
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.0-rc6
To use version v1.6.0 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/cni-metrics-helper.yaml
v1.6.0 Release Candidate 5
Fifth release candidate of CNI v1.6.0. Changes include using the CRI socket to read sandbox ID for each container, support for adding custom tags to the ENIs, improved reconcile function for force detached ENIs, a no manage tag for ENIs, and reduce scope for the pod watcher.
Note! This release is not yet meant for production use, it is still being tested.
Note! The release candidate images are only available in us-west-2
Changes since v1.6.0-rc4
- Feature - Use CRI to obtain pod sandbox IDs instead of Kubernetes API (#714, @drakedevel)
- Feature - Use dockershim.sock for CRI (#751, @mogren)
- Feature - Add support for listening on unix socket for introspection endpoint (#713, @adammw)
- Feature - Additional tags to ENI (#734, @nithu0115)
- Improvement - Force ENI/IP reconciliation to delete from the datastore (#754, @tatatodd)
- Improvement - Treat delete of an unknown pod as a success (#750, @uruddarraju)
- Improvement - copy CNI plugin and config in entrypoint not agent (#735, @jaypipes)
- Improvement - Adding m6g instance types (#742, Srini Ramabadran)
- Improvement - Remove deprecated session.New method (#729, @nithu0115)
- Improvement - Add support for a 'no manage' tag (#726, @euank)
- Improvement - Scope watch on "pods" to only pods associated with the local node (#716, @jacksontj)
- Improvement - Update ENI limits to match documentation (#710, @mogren)
If you want to test this release candidate in your own cluster, you need to make a new deployment aws-node daemonset:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/aws-k8s-cni.yaml
If you instead edit your current deployment, make sure to mount /var/run/dockershim.sock correctly!
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.0-rc5
To use version v1.6.0 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6/config/v1.6/cni-metrics-helper.yaml
v1.5.5 Release
This release reverts the change that caused ip rules to disappear in v1.5.4. The only other changes are the addition of new instance types and reducing the size of the CNI binaries by stripping debug flags.
The base AL2 image has been updated for the CNI and a new cni-metrics-helper released.
v1.5.5
- Bug fix - Revert "Return delete success for pods that never got scheduled" (#672, @mogren)
- Improvement - Add support for r5dn instance family (#656, @mogren)
- Improvement - Add support for m5n/m5dn/r5n instances (#657, @Jeffwan)
- Improvement - Update cni-metrics-helper to v1.5.5 (#672, @mogren)
- Improvement - Reduce image layers and strip debug flags (#699, @mogren)
All changes compared to the release-1.5 branch: release-1.5...release-1.5.5
To use version v1.5.5 of the AWS CNI in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5.5/config/v1.5/aws-k8s-cni.yaml
To use version v1.5.5 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.5.5/config/v1.5/cni-metrics-helper.yaml
v1.6.0 Release Candidate 4
Fourth release candidate of CNI v1.6.0. Changes include adding a minimum target for ENI IPs when using WARM_IP_TARGET and fixing the AWS_VPC_ENI_MTU environment variable. It also has a fix for the issue with disappearing ip rules that exists in in v1.5.4 and the image was rebuilt on the latest AL2 image.
Note! This release is not yet meant for production use, it is still being tested.
Note! The release candidate images are only available in us-west-2
Changes since v1.6.0-rc3
- 05878e6 - Add support for m5n/m5dn/r5n/r5dn instances (@Jeffwan)
- 1aadc78 - Avoid trying tearing down NS, fixing
ip ruleissue (@mogren) - 02ecdf5 - Introduce a minimum target for ENI IPs (#612) (@asheldon)
- cdcae63 - Bump aws-sdk-go to v1.23.13 (@mogren)
- f3da448 - Add MTU to the plugin config (@mogren)
If you want to test this release candidate in your own cluster, patch the aws-node daemonset:
kubectl patch daemonset aws-node \
-n kube-system \
-p '{"spec": {"template": {"spec": {"containers": [{"image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0-rc4","name":"aws-node"}]}}}}'
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.0-rc4
v1.5.5 Release Candidate 1
First release candidate for the v1.5.5 branch.
Note! This release candidate is not meant for production use, it is still being tested.
Some important changes since v1.5.4:
- Bug fix - Revert "Return delete success for pods that never got scheduled" (#667, @mogren)
- Improvement - Add support for r5dn instance family (#656, @mogren)
- Improvement - Add support for m5n/m5dn/r5n instances (#657, @Jeffwan)
- Improvement - Update cni-metrics-helper to v1.5.5 (#672, @mogren)
If you want to test this release candidate in your own cluster, patch the aws-node daemonset:
kubectl patch daemonset aws-node \
-n kube-system \
-p '{"spec": {"template": {"spec": {"containers": [{"image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.5-rc1","name":"aws-node"}]}}}}'
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.5.5-rc1
v1.6.0 Release Candidate 3
Third release candidate of CNI v1.6.0. Changes include adding the AWS_VPC_ENI_MTU environment variable, shutting down cleanly when updating the CNI or draining a node, and adding IPs to the ENI on new nodes before making them Ready.
Note! This release is not yet meant for production use, it is still being tested.
Changes since v1.6.0-rc2
- e42eefb - Update protobuf to v1.3.2 (@mogren)
- f49837a - Add environment variable to configure MTU (@mogren)
- d7af28c - Add shutdown listener (@mogren)
- f31d7d7 - Add IPs to the first ENI on startup (@mogren)
If you want to test this release candidate in your own cluster, patch the aws-node daemonset:
kubectl patch daemonset aws-node \
-n kube-system \
-p '{"spec": {"template": {"spec": {"containers": [{"image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0-rc3","name":"aws-node"}]}}}}'
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.0-rc3
v1.6.0 Release Candidate 2
Second release candidate for the v1.6.0 branch.
Note! This release is not yet meant for production use, it is still being tested.
Changes since v1.6.0-rc1
- 79b7fd2 Clean up leaked ENIs on startup (@mogren)
- 547e736 Added
retryNbackofffor tagENI method (@nithu0115) - 1ab8a1d Return delete success for pods that never got scheduled (@mogren)
- 08401ed Update backoff code from upstream and use when detaching ENIs (@mogren)
- 8e734eb Add support for g4dn instance family (@mogren)
If you want to test this release candidate in your own cluster, patch the aws-node daemonset:
kubectl patch daemonset aws-node \
-n kube-system \
-p '{"spec": {"template": {"spec": {"containers": [{"image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.0-rc2","name":"aws-node"}]}}}}'
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.0-rc2
v1.5.4 Release
Note! We root caused that issue #641 related to ip rules being deleted was introduced by #623, so we still recommend staying on v1.5.3 until v1.5.5 has been released.
This release adds support for the g4dn instance family.
v1.5.4
- Improvement - Add support for g4dn instance family (#621, @mogren)
- Improvement - Set cniVersion in the config to 0.3.1 (required for Kubernetes 1.16) (#605, @mogren)
- Bug fix - Return delete success for pods that never got scheduled (#623, @mogren)