CHANGELOG.md

Changelog

v1.16.2

• Bug - Refactor IPTable Rules (@jchen6585 )
• Bug - log for DelNetworkReply now differentiates between IPv4 and IPv6 addr… (@zachdorame )
• Dependency - revert CNI spec to 0.4.0 (@jdn5126 )
• Dependency - update crypto to patch CVE-2023-48795 (@haouc )
• Dependency - Dependabot updates: aws-sdk-go, containernetworking/plugins, go-logr, grpc, k8s.io/cli-runtime (@jdn5126 )
• Enhancement - Iptables mock (@jchen6585 )

v1.16.0

• Bug - check if ipv4Addr or ipv6Addr is empty before calling AnnotatePod() (@zachdorame )
• Bug - Fix enabling of Metrics and Introspection Endpoint (@jdn5126 )
• Cleanup - swicth grpc deprecated method to new method (@Icarus9913 )
• Cleanup - swicth k8s deprecated method to new method (@Icarus9913 )
• Dependency - Update golang.org/x/crypto to v0.17.0 (@jdn5126 )
• Dependency - Bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (@dependabot )
• Dependency - Update upstream CNI plugins to v1.4.0 (@jdn5126 )
• Documentation - Remove hard-coded comment for primary intf (@jdn5126 )
• Documentation - Fix Infof/Debugf/Errors to use correct function names (@dims )
• Feature - Add parameters for tuning revisionHistory and securityContext (@bodgit )
• Feature - Manifest for Multus 4.0.2 thick plugin support (@jdn5126 )
• Feature - IPv6 Security Groups for Pods Support (@jdn5126 )
• Feature - Prometheus metrics scraping from CNI metrics helper (@jayanthvn )
• Improvement - add instance types (@jchen6585 )
• Improvement - Update CHANGELOG, charts, and manifests for v1.15.5 release; update aws-vpc-cni ConfigMap default settings (@jdn5126 )
• Improvement - adding feature flags to configmap charts (@haouc )
• Improvement - No need to set accept_ra or accept_redirects for non-primary interfaces (@jdn5126 )
• Improvement - Simplify IPv6 Gateway Calculation (@jdn5126 )

v1.15.5

• Bug - Add watch permission for CNINode resource (@jdn5126 )
• Improvement - Upgrade go from 1.21.4 to 1.21.5 (@jchen6585 )
• Improvement - Dependabot Golang updates, test agent fix (@jdn5126 )
• Improvement - Bump aws-sdk-go to v1.48.2 (@jchen6585 )

v1.15.4

• Documentation - Update prefix-and-ip-target.md (@nicolajknudsen )
• Feature - Upgrade CNI spec from 0.4.0 to 1.0.0 (@jdn5126 )
• Improvement - Upgrade go from 1.21.3 to 1.21.4 (@jdn5126 )
• Improvement - Refactor AllocENI (#2640) (@jchen6585 )
• Improvement - Update Golang Dependencies (@jdn5126 )
• Improvement - generate-limits (@dougbyrne )

v1.15.3

• Bug - Fully address CVE-2023-44487 (@jdn5126 )
• Improvement - feat(chart): Made node agent optional (@stevehipwell )
• Improvement - Update Golang to 1.21.3 (@jdn5126 )
• Improvement - Go module updates and Golang builder image update (@jdn5126 )

v1.15.1

• Bug - Do not patch CNINode for custom networking unless SGPP is enabled (@jdn5126 )
• Bug - Pass CNINode scheme to k8s client only (@jdn5126 )
• Bug - fix(chart): Switch base64 encoded cniConfig.fileContents to the binaryData (@VLZZZ )
• Cleanup - chore: remove refs to deprecated io/ioutil (@testwill )
• Documentation - Update example table 'Pod per Prefixes' value (@rlaisqls )
• Documentation - Bandwidth plugin with NP is currently unsupported (@jayanthvn )
• Documentation - Update the use of privileged flag in aws-vpc-cni manifest (@jaydeokar )
• Improvement - Dependabot Updates (@jdn5126 )
• Improvement - Update Golang Builder image (@jdn5126 )
• Improvement - Add ENABLE_V4_EGRESS env var to control IPv4 egress in IPv6 clusters (@jdn5126 )
• Improvement - Reduce API calls (@jchen6585 )
• Improvement - Add cni version to userAgent (@jchen6585 )
• Improvement - bump controller runtime to 0.16.1 (@jchen6585 )
• Improvement - Instance limits api pkg (@jchen6585 )
• Improvement - Mimic VPC-RC limit struture (@jchen6585 )
• Metrics - rename warm pool metrics (@lnhanks )
• Metrics - Only metrics (@lnhanks )
• Testing - Remove self-managed node group from custom-networking suite (@jdn5126 )
• Testing - Integration test cleanup: Security Groups for Pods (@jdn5126 )

v1.15.0

• Feature - Add support for VPC Resource Controller's CNINode (reintroduce #2442) (@haouc )
• Feature - Add DISABLE_CONTAINER_V6 to disable IPv6 networking in container network namespaces (@jdn5126 )
• Feature - IP_COOLDOWN_PERIOD environment variable for ip cooldown period configuration (@jchen6585 )
• Improvement - Fix test kubeconfig, upgrade helm (@jdn5126 )
• Improvement - Update instance limits for upcoming vpc-cni release (@jchen6585 )
• Improvement - Upgrade controller-runtime to v0.15.0 (@jdn5126 )

v1.14.1

• Improvement - Update aws-eks-nodeagent image version to v1.0.2 (@jayanthvn)

v1.14.0

• Feature - v1.14.0 introduces Kubernetes Network Policy support. This is accomplished via the aws-eks-nodeagent container, which is now present in the aws-node pod.

v1.13.4

• Bug - RefreshSecurityGroups must be called after unmanaged ENIs are set (@jdn5126 )
• Bug - Fix event recorder initialization and add check to log (@jdn5126 )

v1.13.3

• Bug - Decrease memory usage by K8S Clients (@jdn5126 )
• Documentation - update docs and CNI logging (@jdn5126 )
• Improvement - Updates instance limits including c7gn (@mmerkes )

v1.13.2

• Bug - Sync node security groups to cache before node initialization (@jdn5126 )
• Improvement - Fix hard-coded nitro instance types: p4de.24xlarge and c7g.metal (@jdn5126 )
• Improvement - Upgrade to Go 1.20 and apply dependabot updates
• Improvement - Set iptables mode automatically and deprecate ENABLE_NFTABLES (@jdn5126 )
• Improvement - Upgrade client-go and controller-runtime modules (@jdn5126 )

v1.13.0

• Bug - Increase datastore pool at startup (@jdn5126 )
• Bug - Deallocate IP address according to warm IP target when multiple enis are present (@bikashmishra100 )
• Bug - Return success from CNI DEL when IPAMD is unreachable (@jdn5126 )
• Bug - Fix for aws-vpc-cni chart with tolerations to produce syntax valid yaml (@Bourne-ID )
• Bug - adding ip check for annotatePod in ipamd (@jerryhe1999 )
• Feature - Introduce DISABLE_LEAKED_ENI_CLEANUP to disable leaked ENI cleanup task (@jdn5126 )
• Feature - Add IPv6 egress support to eks IPv4 cluster (@wanyufe )
• Feature - feat(chart): Refactored image template logic for endpoint flexibility (@stevehipwell )
• Feature - add AWS_EC2_ENDPOINT variable for custom endpoint (@jihunseol )
• Improvement - Refactor egress-v4-cni plugin to support unit testing (@wanyufe )
• Improvement - Update instance limits and core plugins version in preparation for upcoming VPC CNI release (@jdn5126 )
• Improvement - refactoring eniconfig func to only take node as parameter (@haouc )
• Improvement - Remove go mod download from Dockerfiles (@jdn5126 )
• Improvement - Add apiVersion to MY_NODE_NAME (@jdn5126 )
• Improvement - install all core CNI plugins via init container (@jdn5126 )
• Improvement - Make all the aws vpc cni environmental variables case insensitive (@jerryhe1999 )
• Improvement - resource limit on init container in eks addon (@pdeva )
• Testing - Add integration test for POD v4/v6 egress traffic (@wanyufe )

v1.12.6

• Bug - Fix MTU parameter in egress-v4-cni plugin (@jdn5126 )
• Documentation - Fixing the log message to be meaningful (@rajeeshckr )
• Improvement - Add bmn-sf1.metal instance support (@vpineda1996 )
• Improvement - Support routing to external IPs behind service (@jdn5126 )
• Improvement - Use Go 1.19; fix egress-v4-cni MTU parsing, update containerd (@jdn5126 )
• Improvement - Added enviroment variable to allow ipamd to manage the ENIs on a non schedulable node (@rajeeshckr )
• Improvement - Use GET for IAM Permissions event; update controller-runtime from 0.13.1 to 0.14.4 and client-go from v0.25.5 to v0.26.1 (@jdn5126 )
• Improvement - Remove old checkpoint migration logic; update containerd version (@jdn5126 )

v1.12.5

• Bug - Handle private IP exceeded error (@jayanthvn )
• Documentation - doc: document AWS_VPC_K8S_CNI_LOGLEVEL for cni-metric-helper helm chart (@csantanapr )
• Documentation - Added cni-metrics-helper docs (@0xquark )
• Improvement - Update golang builder image (@jdn5126 )
• Improvement - Update golang builder image (@jdn5126 )
• Improvement - run make generate-limits (@jdn5126 )
• Improvement - Add M7g, R7g instance (@Issacwww )
• Improvement - Update client-go and k8s packages (@jaydeokar )
• Improvement - Refactor cni-metrics-helper chart for eks charts release (@jdn5126 )
• Improvement - fix: Upgrade to golang.org/x/[email protected] (@ellistarn )

v1.12.2

• Bug - Cherry-pick prometheus/client_golang module update to address CVE (@jdn5126 )
• Improvement - Minimal base image for cni-metrics-helper minimal base image (@jdn5126 )

v1.12.1

• Bug - Cleanup pod networking resources when IPAMD is unreachable to prevent rule leaking. (@jdn5126 )
• Bug - Skip add-on installation when an add-on information is not available (@sushrk )
• Bug - Add missing rules when NodePort support is disabled(@antoninbas )
• Bug - Fix logging in publisher package (@jdn5126 )
• Bug - Fix Crypto package vulnerability (@jaydeokar )
• Bug - Fix Crypto package vulnerability (@jaydeokar )
• Cleanup - Merging makefile and go.mod from test directory to root directory (@jerryhe1999 )
• Documentation - Update troubleshooting docs for node operating system (@jdn5126 )
• Feature - Reporting EC2 API calls metrics through CNI metrics helper (@jaydeokar )
• Feature - Added resources block to cni-metrics-helper helm chart (@jcogilvie )
• Feature - CLUSTER_ENDPOINT can now be specified to allow the VPC CNI to initialize before kube-proxy has finished setting up cluster IP routes (@bwagner5 )
• Improvement - Move VPC CNI and VPC CNI init images to use EKS minimal base image. (@jdn5126 )
• Improvement - Updating helm chart as per helm v3 standard (@jaydeokar )
• Improvement - Update golang to 1.19.2 (@jayanthvn )
• Testing - Fixes to automation runs (@jdn5126 )
• Testing - Fix environment variable name in update-cni-image script (@sushrk )

v1.12.0

• Bug - Remove extra decrement of totalIP count (@jayanthvn )
• Documentation - Update readme with slack channel (@jayanthvn )
• Documentation - Fix ENIConfig keys in values.yaml (@chotiwat )
• Improvement - switch to use state file for IP allocation pool management (@M00nF1sh )
• Improvement - explicitly request NET_RAW capabilities in CNI manifests (@JingmingGuo )
• Improvement - Reduce startup latency by removing some unneeded sleeps (@bwagner5 )
• New Instance Support - Add trn1 limits (@cartermckinnon )
• Testing - fix metrics-helper test to detach role policy early (@sushrk )
• Testing - Use GetNodes in metrics-helper; explicitly install latest addon (@jdn5126 )
• Testing - refine all github workflows (@M00nF1sh )
• Testing - Resolve flakiness in IPAMD warm target tests (@jdn5126 )
• Testing - VPC CNI Integration Test Fixes (@jdn5126 )
• Testing - Update CNI canary integration test and cleanup for ginkgo v2 (@jdn5126 )

v1.11.5

• Bug - Handle pod deletion when PrevResult has VLAN 0 (@jdn5126 )

v1.11.4

• Improvement - update aws-node clusterrole permissions (@sushrk)
• Improvement - IPAMD optimizations and makefile changes (@jayanthvn)
• Documentation - Fix minor typo on documentation (@guikcd)
• Documentation - Fixing prefixes per ENI value in example (@mkarakas)
• New release - multus manifest for release v3.9.0-eksbuild.2 (@sushrk)
• Bug - Setting AWS_VPC_K8S_CNI_RANDOMIZESNAT to the default value (@vgunapati)
• New instance support - Updated new instances (@jayanthvn)

v1.11.3

• Improvement - Increase cpu requests limit (@vikasmb)
• Bugfix - Re-use logger instance (@vikasmb)
• Improvement - Add event recorder utils to raise aws-node pod events (@sushrk)
• Improvement - chart: Add extraVolumes and extraVolumeMounts (@jkroepke)
• Bugfix - Fix cni panic due to pod.Annotations is a nil map (@Downager)

v1.11.2

• Improvement - Updated golang to Go 1.18 (@orsenthil)
• Improvement - Updated containernetworking/cni version to 0.8.1 to address CVE-2021-20206 (@orsenthil)
• Improvement - Updated CNI Plugins to v1.1.1 (@orsenthil)

v1.11.1

Was Skipped

v1.11.0

• Feature - Support new SGPP standard mode (@M00nF1sh )
• Feature - IPv4 Randomize SNAT support for IPv6 pods (@achevuru)
• Feature - Respect existing ENIConfig label if set on node (@backjo)
• Improvement - Timeout and reconcile when checking API server connectivity (@prateekgogia)
• Improvement - Improve startup performance of IPAMD (@backjo)
• Improvement - Record pod metadata and allocationTime in IP allocation state file (@M00nF1sh )
• Bug - Fixes node label error handling & revert to use update for node label update (@jayanthvn, @M00nF1sh ) (#1959)
• Bug - IPAMD throw an error on configuration validation failure (@veshij)
• Cleanup - refactoring DataStore.GetStats to simplify adding new fields (@veshij)

v1.10.3

• Improvement - Upgrade AWS SDK GO (@jayanthvn)
• Improvement - C7g instances support (@jayanthvn)
• Improvement - Enable Prefix Delegation on Bare metal instances (@achevuru)
• Bugfix - Fix dependabot high sev issue caused by GoGo protobuf (@jayanthvn)
• Bugfix - Fixed empty netns bug (@cgchinmay)

v1.10.2

• Improvement - Fetch Region and CLUSTER_ID information from cni-metrics-helper env (@cgchinmay )
• Improvement - Add VlanId in the cmdAdd Result struct (@cgchinmay )
• Improvement - Update Insufficient IP address logic in ipamd (@cgchinmay )
• Improvement - go version updated to 1.17 (@cgchinmay )
• Improvement - use public ecr for AL2 (@vikasmb )
• Improvement - remove set -x from bash, add -Ss to curl (@skpy )
• Bug - Fix condition for disable provisioning (@jayanthvn )

v1.10.1

• Bug - Use IMDSv2 token when fetching node ip in entrypoint (#1727, @chlunde)

v1.10.0

• Feature - IPv6 Support (#1587, @achevuru)
• Enhancement - Handle delays tied to V6 interfaces (#1631, @achevuru)
• Enhancement - Support for Bandwidth Plugin (#1560, @jayanthvn)
• Enhancement - Knob to enable bandwidth plugin (#1580, @jayanthvn)
• Testing - IPv6 Integration test suite (#1658, @achevuru)

v1.9.3

• Improvement - Update golang (#1665, @jayanthvn)
• Improvement - Pod startup latency with Calico and EKS (#1629, @jayanthvn)
• Bug - Make error count granular (#1651, @jayanthvn)
• Bug - ServiceAccount should precede DaemonSet in yaml aws (#1637, @sramabad1)
• Testing - Enable unit tests upon PR to release branch (#1684, @vikasmb)
• Testing - Upgrade EKS cluster version (#1680, @vikasmb)

v1.9.1

• Enhancement - Support DISABLE_NETWORK_RESOURCE_PROVISIONING (#1586, @jayanthvn)
• Enhancement - Allow reconciler retry for InsufficientCIDR EC2 error (#1585, @jayanthvn)
• Enhancement - Support for setting no_manage=false (#1607, @jayanthvn)
• Enhancement - Support for m6i instances (#1601, @causton81)
• Bug - Fallback for get hypervisor type and eni ipv4 limits (#1616, @jayanthvn)
• Bug - fix typo and regenerate limits file (#1597, @jayanthvn)
• Testing - UTs for no_manage=false (#1612, @jayanthvn)
• Testing - Run integration test on release branch (#1615, @vikasmb)

v1.9.0

• Enhancement - EC2 sdk model override (#1508, @jayanthvn)
• Enhancement - Prefix Delegation feature support (#1516, @jayanthvn)
• Enhancement - Header formatting for env variable (#1522, @jayanthvn)
• Enhancement - non-nitro instances init issues (#1527, @jayanthvn)
• Enhancement - Add metrics for total prefix count and ips used per cidr (#1530, @jayanthvn)
• Enhancement - Update documentation for PD (#1540, @jayanthvn)
• Enhancement - Update SDK Go version (#1544, @jayanthvn)

v1.8.0

• Bug - Use symmetric return path for non-VPC traffic - alternate solution (#1475, @kishorj)
• Bug - Gracefully handle failed ENI SG update (#1341, @jayanthvn)
• Bug - Fix CNI crashing when there is no available IP addresses (#1499, @M00nF1sh)
• Bug - Use primary ENI SGs if SG is null for Custom networking (#1259, @jayanthvn)
• Bug - Don't cache dynamic VPC IPv4 CIDR info (#1113, @anguslees)
• Improvement - Address Excessive API Server calls from CNI Pods (#1419, @achevuru)
• Improvement - refine ENI tagging logic (#1482, @M00nF1sh)
• Improvement - Change tryAssignIPs to assign up to configured WARM_IP_TARGET (#1279, @jacksontj)
• Improvement - Use regional STS endpoint (#1332, @nithu0115)
• Improvement - Update containernetworking dependencies (#1200, @mogren)
• Improvement - Split Calico manifest into two (#1410, @caseydavenport)
• Improvement - Update Calico manifest to support ARM & AMD (#1282, @jayanthvn)
• Improvement - Auto gen of AWS CNI, metrics helper and calico artifacts through helm (#1271, @jayanthvn)
• Improvement - Refactor EC2 Metadata IMDS code (#1225, @anguslees)
• Improvement - Unnecessary logging for each CNI invocation (#1469, @jayanthvn)
• Improvement - New instance types (#1463, @jayanthvn)
• Improvement - Use 'exec' ENTRYPOINTs (#1432, @anguslees)
• Improvement - Fix logging texts for ENI cleanup (#1209, @mogren)
• Improvement - Remove Duplicated vlan IPTable rules (#1208, @mogren)
• Improvement - Minor code cleanup (#1198, @mogren)
• HelmChart - Adding flags to support overriding container runtime endpoint. (#1443, @haouc)
• HelmChart - Add podLabels to amazon-vpc-cni chart (#1440, @haouc)
• HelmChart - Add workflow to sync aws-vpc-cni helm chart to eks-charts (#1430, @fawadkhaliq)
• Testing - Remove validation of VPC CIDRs from ip rules (#1476, @kishorj)
• Testing - Updated agent version (#1474, @cgchinmay)
• Testing - Fix for CI failure (#1470, @achevuru)
• Testing - Binary for mtu and veth prefix check (#1458, @cgchinmay)
• Testing - add test to verify cni-metrics-helper puts metrics to CW (#1461, @abhipth)
• Testing - add e2e test for security group for pods (#1459, @abhipth)
• Testing - Added Test cases for EnvVars check on CNI daemonset (#1431, @cgchinmay)
• Testing - add test to verify host networking setup & cleanup (#1457, @abhipth)
• Testing - Runners failing because of docker permissions (#1456, @jayanthvn)
• Testing - decouple test helper input struct from netlink library (#1455, @abhipth)
• Testing - add custom networking e2e test suite (#1445, @abhipth)
• Testing - add integration test for ipamd env variables (#1453, @abhipth)
• Testing - add agent for testing pod networking (#1448, @abhipth)
• Testing - fix format of commited code to fix unit test step (#1449, @abhipth)
• Testing - Unblocks Github Action Integration Tests (#1435, @couralex6)
• Testing - add warm ENI/IP target integration tests (#1438, @abhipth)
• Testing - add service connectivity test (#1436, @abhipth)
• Testing - add network connectivity test (#1424, @abhipth)
• Testing - add ginkgo automation framework (#1416, @abhipth)
• Testing - Add some test coverage to allocating ENIs (#1234, @mogren)
• Testing - Add some minimal tests to metrics (#1228, @mogren)

v1.7.10

• Improvement - Multi card support - Prevent route override for primary ENI across multi-cards ENAs (#1396 , @jayanthvn)

v1.7.9

• Improvement - Adds http timeout to aws sessions (#1370 , @couralex6)
• Improvement - Switch calico to be deployed with the Tigera operator (#1297 by @tmjd)
• Improvement - Update calico to v3.17.1 (#1328 , @lwr20)
• Improvement - update plugins to v0.9.0 (#1362 , @fr0stbyte)
• Improvement - update github.com/containernetworking/plugins to v0.9.0 (#1350 , @fr0stbyte)
• Bug - Fix regex match for getting primary interface (#1311 , @jayanthvn)
• Bug - Output to stderr when no log file path is passed (#1275 , @couralex6)
• Bug - Fix deletion of hostVeth rule for pods using security group (#1376 , @SaranBalaji90)

v1.7.8

• Improvement - Replace DescribeNetworkInterfaces with paginated version (#1333, @haouc)

v1.7.7

• Bug - Rearrange Pod deletion workflow (#1315, @SaranBalaji90)

v1.7.6

• Improvement - Avoid detaching EFA ENIs (#1237 , @mogren)
• Improvement - Add t4g instance type (#1219 , @mogren)
• Improvement - Add p4d.24xlarge instance type (#1238 , @mogren)
• Improvement - Update calico to v3.16.2 (#1235 , @lwr20)
• Improvement - Update readme on stdout support for plugin log file (#1251 , @jayanthvn)
• Bug - Make p3dn.24xlarge examples more realistic (#1263 , @mogren)
• Bug - Make sure we have space for a trunk ENI (#1210 , @mogren)
• Bug - Update README for DISABLE_TCP_EARLY_DEMUX (#1273 , @SaranBalaji90)
• Bug - Update p4 instance limits (#1289 , @jayanthvn)

v1.7.5

• Bug - Match primary ENI IP correctly (#1247 , @mogren)

v1.7.4

• Bug - Ignore error on enabling TCP early demux for old kernels (#1242, @mogren)

v1.7.3

• Bug - Add support to toggle TCP early demux (#1212, @SaranBalaji90)

v1.7.2

• Bug - Avoid deleting ENIs being created by older CNI versions (#1109, @jayanthvn)
• Bug - Add iptables fix and update to v1.7.x (#1187, @mogren)
• Bug - Handle stale IMDS metadata for secondary IPs (#1177, @mogren)
• Bug - Mount /run/xtables.lock to prevent unwanted race conditions (#1186, @kgtw)
• Bug - Make a deep copy for introspection (#1179, @mogren)
• Bug - Wait for ENI and secondary IPs (#1174, @mogren)
• Improvement - Update Calico images to v3.15.1 & set routeSource=WorkloadIPs for v1.7 (#1182, @realgaurav)
• Improvement - Update Calico to v3.15.1 & set routeSource=WorkloadIPs (#1165, @realgaurav)
• Improvement - Clean up go lint warnings (#1162, @mogren)
• Improvement - Update SG on secondary ENIs (#1098, @jayanthvn)
• Improvement - Fix device number and update table name the device index (#1071, @mogren)

v1.7.1

• Bug - Calico deletes routes when using CNI v1.7.0 (#1166, @jayanthvn)
• Improvement - enable manual override for VERSION in images (#1156, @nprab428)

v1.7.0

• Improvement - Reject version skew between gRPC client and server (#1141, @anguslees)
• Improvement - Write to IPAM checkpoint file immediately after reading from CRI (#1140, @anguslees)
• Improvement - Fix a log message (#1138, @anguslees)
• Improvement - Add ipamd changes for sg support (#1126, @mogren)
• Improvement - Add support to setup pod network using VLANss (#1125, @SaranBalaji90)
• Improvement - Improve CRI->checkpoint logic in the face of downgrades (#1123, @anguslees)
• Improvement - Slash and burn unused code (#1115, @anguslees)
• Improvement - Remove references to unused metadata owner-id (#1111, @anguslees)
• Improvement - Remove old pre-1.3 migration code (#1110, @anguslees)
• Improvement - Enable log config for the metrics agent (#1104, @mogren)
• Improvement - Refactor ENI limit struct (#1035, @mogren)
• Improvement - Use sed as a stream editor and redirect to file (#1069, @willejs)
• Improvement - JSON output format for the entrypoint script (#1066, @jayanthvn)
• Improvement - Use install command instead of cp (#1061, @mogren)
• Improvement - Updated manifest configs with default env vars (#1057, @saiteja313)
• Improvement - Default to random-fully (#1048, @mogren)
• Improvement - Update probe settings (#1028, @mogren)
• Improvement - Added warning if delete on termination is set to false for the primary ENI (#1024, @jayanthvn)
• Improvement - Limit scope of logs writable by ipamd container (#987, @anguslees)
• Improvement - Autogenerate per-region YAML manifests from a common template (#986, @anguslees)
• Improvement - Persist IPAM state to local file and use across restarts (#972, @anguslees)
• Improvement - Add init container (#955, @mogren)
• Improvement - Refresh subnet/CIDR information periodically (#903, @nithu0115)
• Docs - Changed data type for variables in README (#1116, @abhinavmpandey08)
• Docs - Fix docs links for cni-metrics-agent (#1072, @mogren)
• Testing - Create script to run all release tests (#1106, @bnapolitan)
• Testing - Cover bottlerocket cluster test (#1096, @bnapolitan)
• Testing - Introduce automated performance testing (#1068, @bnapolitan)
• Testing - scripts/lib: bump up tester to v1.4.0 (#1065, @gyuho)
• Testing - Add parallel testing to conformance (#1018, @bnapolitan)
• Testing - Cache go packages in CircleCI (#1017, @bnapolitan)
• Testing - Create roles by default for e2e test cluster creation (#994, @bnapolitan)
• Bug - Use limits from API for g4dn.16xlarge (#1086, @mogren)
• Bug - Make metrics-helper docker logging statement multi-arch compatible (#1067, @nprab428)

v1.6.3

• Bug - Handle stale instance metadata (#1011, @mogren)
• Improvement - Add support for c5a and c5ad (#1003, @mogren)
• Improvement - Make the aws-cni-support.sh executable (#1007, @jayanthvn)

v1.6.2

• Bug - Add WithNoProxy to ignore proxies in gRPC connections when using unix sockets (#980, @nithu0115)
• Improvement - Fix order of file copies in entrypoint.sh (#935, @dthorsen)
• Improvement - Check all errors and log appropriately (#939, @mogren)
• Improvement - Add MTU and RPFilter configs to debug (#954, @mogren)
• Improvement - Bump aws-k8s-tester to v1.2.2 (#978, @gyuho)
• Improvement - Add context and user agent to EC2 requests (#979, @mogren)
• Improvement - Update limits for m6g, c6g and r6g (#996, @mogren)

v1.6.1

• Feature - Support architecture targeted builds (#837, @jahkeup)
• Feature - Zap logger (#824, @nithu0115)
• Improvement - Run conformance test as part of PR/Release certification (#851, @SaranBalaji90)
• Improvement - Use eks:cluster-name as clusterId (#856, @groodt)
• Improvement - Bump Calico to v3.13.0 (#857, @lmm)
• Improvement - Use go.mod version of mockgen (#863, @anguslees)
• Improvement - Mock /proc/sys (#870, @anguslees)
• Improvement - Replace debug script with updated script from EKS AMI (#864, @mogren)
• Improvement - Update cluster-proportional-autoscaler to 1.7.1 (#885, @ricardochimal)
• Improvement - Remove unnecessary/incorrect ClusterRole resource (#883, @anguslees)
• Improvement - Disable IPv6 RA and ICMP redirects (#897, @anguslees)
• Improvement - scripts/lib/aws.sh: use "aws-k8s-tester" v1.0.0 (#900, @gyuho)
• Improvement - Configure rp_filter based on env variable (#902, @SaranBalaji90)
• Improvement - Less verbose logging (#908, @mogren)
• Improvement - Reduce number of calls to EC2 API (#909, @mogren)
• Improvement - Bump containernetworking dependencies (#916, @mogren)
• Improvement - Use -buildmode=pie for binaries (#919, @mogren)
• Bug - Add missing permissions in typha-cpha sa (Calico) (#892, @marcincuber)
• Bug - Fix logging to stdout (#904, @mogren)
• Bug - Ensure non-nil Attachment in getENIAttachmentID (#915, @jaypipes)

v1.6.0

• Feature - Add fallback to fetch limits from EC2 API (#782, @mogren)
• Feature - Additional tags to ENI (#734, @nithu0115)
• Feature - Add support for a 'no manage' tag (#726, @euank)
• Feature - Use CRI to obtain pod sandbox IDs instead of Kubernetes API (#714, @drakedevel)
• Feature - Add support for listening on unix socket for introspection endpoint (#713, @adammw)
• Feature - Add MTU to the plugin config (#676, @mogren)
• Feature - Clean up leaked ENIs on startup (#624, @mogren)
• Feature - Introduce a minimum target for ENI IPs (#612, @asheldon)
• Feature - Allow peered VPC CIDRs to be excluded from SNAT (#520, @totahuanocotl, @rewiko, @yorg1st)
• Feature - Get container ID from kube rather than docker (#371, @rudoi)
• Improvement - Make entrypoint script fail if any step fails (#839, @drakedevel)
• Improvement - Place binaries in cmd/ and packages in pkg/ (#815, @jaypipes)
• Improvement - De-dupe calls to DescribeNetworkInterfaces (#808, @jaypipes)
• Improvement - Update RollingUpdate strategy to allow 10% unavailable (#805, @gavinbunney)
• Improvement - Bump github.com/vishvananda/netlink version from 1.0.0 to 1.1.0 (#802, @ajayk)
• Improvement - Adding node affinity for Fargate (#792, @nithu0115)
• Improvement - Force ENI/IP reconciliation to delete from the datastore (#754, @tatatodd)
• Improvement - Use dockershim.sock for CRI (#751, @mogren)
• Improvement - Treating ErrUnknownPod from ipamd to be a noop and not returning error (#750, @uruddarraju)
• Improvement - Copy CNI plugin and config in entrypoint not agent (#735, @jaypipes)
• Improvement - Adding m6g instance types (#742, Srini Ramabadran)
• Improvement - Remove deprecated session.New method (#729, @nithu0115)
• Improvement - Scope watch on "pods" to only pods associated with the local node (#716, @jacksontj)
• Improvement - Update ENI limits to match documentation (#710, @mogren)
• Improvement - Reduce image layers and strip debug flags (#699, @mogren)
• Improvement - Add run-integration-tests.sh script (#698, @nckturner)
• Improvement - Return the error from ipamd to plugin (#688, @mogren)
• Improvement - Bump aws-sdk-go to v1.23.13 (#681, @mogren)
• Improvement - Add support for m5n/m5dn/r5n/r5dn instances (#657, @Jeffwan)
• Improvement - Add IPs to the first ENI on startup (#648, @mogren)
• Improvement - Add shutdown listener (#645, @mogren)
• Improvement - Made timeouts exponential (#640, @Zyqsempai)
• Improvement - Remove vendor folder (#635, @mogren)
• Improvement - Update protobuf to v1.3.2 (#633, @mogren)
• Improvement - Reduce log level to Trace for the most common Debug lines (#631, @mogren)
• Improvement - Bump grpc version to v1.23.1 (#629, @mogren)
• Improvement - Add inCoolingPeriod for AddressInfo (#627, @chendotjs)
• Improvement - Added retryNbackoff for tagENI method (#626, @nithu0115)
• Improvement - Update backoff code from upstream and use when detaching ENIs (#623, @mogren)
• Improvement - Update kubeconfig lookup with eksctl clusters (#513, @dkeightley)
• Improvement - Fix introspection port in troubleshooting docs (#512, @drakedevel)
• Bug fix - Log security groups correctly (#646, @mogren)
• Bug fix - Fix WARM_ENI_TARGET=0 (#587, @mogren)

v1.5.7

• Improvement - New AL2 image with iptables-1.8.2 (@mogren)
• Improvement - Enable the -buildmode=pie flag for the binaries (@mogren)
• Improvement - Disable IPv6 RA and ICMP redirects on host-side veth (@anguslees)

v1.5.6

• arm64 preview custom build

v1.5.5

• Bug fix - Revert "Return delete success for pods that never got scheduled" (#672, @mogren)
• Improvement - Add support for r5dn instance family (#656, @mogren)
• Improvement - Add support for m5n/m5dn/r5n instances (#657, @Jeffwan)
• Improvement - Update cni-metrics-helper to v1.5.5 (#672, @mogren)
• Improvement - Reduce image layers and strip debug flags (#699, @mogren)

v1.5.4

• Improvement - Add support for g4dn instance family (#621, @mogren)
• Improvement - Set cniVersion in the config to 0.3.1 (required for Kubernetes 1.16) (#605, @mogren)
• Bug fix - Return delete success for pods that never got scheduled (#623, @mogren)

v1.5.3

• Bug fix - Copy the binary and config after ipamd is ready (#576, @mogren)
• Improvement - Update Calico version to v3.8.1 (#554, @lmm)
• Improvement - Add env var to override introspection bind address (#501, @jacksontj)
• Improvement - Remove unused env variable (#578, @mogren)
• Improvement - Exit early if MAC address doesn't match (#582, @mogren)

v1.5.2

• Bug fix - Fix formatting flag (#521, @uthark)
• Bug fix - Fix formatting issue (#524, @uthark)
• Bug fix - Detach ENI before deleting (#538, @uthark)
• Improvement - Adding healthz endpoint to IPamD (#548, @nithu0115)
• Improvement - Adding new m5 and r5 instances (#518, @mogren)
• Improvement - t3a.small only have 2 ENIs (#543, @mogren)
• Improvement - Updating AWS Go SDK version (#549, Nordlund, Eric)
• Improvement - Reduce the wait time when checking for pods without IPs (#552, @mogren)
• Improvement - Update start script to wait for ipamd health (#552, @mogren)
• Improvement - Hide health check output (#569, @mogren)
• Improvement - Support c5.12xlarge and c5.24xlarge (#510, @mogren)

v1.5.1

• Bug fix - Ignore namespace for custom eniconfig watch (#561, @mogren)

v1.5.0

• Bug fix - Fix spelling on annotation (#482, @forsberg)
• Bug fix - Avoid using force detach of ENIs (#458, @mogren)
• Bug fix - Flush logs before exiting (#451, @venkatesh-eb)
• Improvement - Add IPs to existing ENIs first (#487, @mogren)
• Improvement - Added error handling for GetENIipLimit (#484, @Zyqsempai)
• Improvement - Moved all GetEnv's calls to init step (#445, @Zyqsempai)
• Improvement - On start up, wait for pods with no IP (#480, @mogren)
• Improvement - Don't modify maxENI (#472, @nckturner)
• Improvement - Improve WARM_IP_TARGET handling (#461, @nckturner)
• Improvement - Update logging format to align messages (#473, @mogren)
• Improvement - Added -W (wait for xlock's) flag to iptables commands (#439, @Zyqsempai)
• Improvement - Remove error message from Prometheus labels (#467, @bboreham)
• Improvement - Update instance types (#459, @mogren)

v1.4.1

• Feature - Add flag to disable metrics and introspection (#436, @mogren)
• Bug fix - Adding additional CRD for Calico that was missing (#410, @wmorgan6796)
• Improvement - Update CNI metrics (#413, @mogren)

v1.4.0

• Feature - Add an environment variable to limit the number of ENIs (#251, @pdbogen)
  • Makes it possible to limit how many ENIs that are allocated per node.
• Feature - Randomize outgoing port for connections in the SNAT iptables rule (#246, @taylorb-syd)
  • To avoid a race condition when using SNAT, select ports randomly instead of sequentially.
• Feature - ENIConfig set by custom annotation or label names (#280, @etopeter)
  • Enables users to set a custom annotation or label key to define ENIConfig name.
• Improvement - Update Calico to 3.3.6 (#368, @2ffs2nns)
• Improvement - Add new instance types (#366, @mogren)
  • Adds m5ad and r5ad families.
• Improvement - Actually enable prometheus metrics (#361, @mogren)
• Improvement - Retry LinkByMac when link not found (#360, @peterbroadhurst)
  • Sometimes it takes a few seconds for a new ENI to be available, so we retry 5 times.
• Improvement - Run yum clean all to reduce image size (#351, @mogren)
• Improvement - Renaming Prometheus metrics with "awscni_" prefix (#348, @max-rocket-internet)
• Improvement - Allow configuring docker image when running make (#178, @mikkeloscar)
• Improvement - Add support for stdout logging (#342, @rudoi)
  • Adds the environment variable AWS_VPC_K8S_CNI_LOG_FILE that can be set to stdout or a file path.
• Improvement - Some cleanups related to #234 (#244, @mogren)
• Improvement - Use apps/v1 for DaemonSet (#341, @errordeveloper)
• Improvement - Clean up aws-cni-support.sh and update the documentation (#320, @mogren)
• Improvement - Fix tiny typo in log message (#323, #324, @ankon)
• Improvement - Collect rp_filter from all network interface in aws-cni-support.sh (#338, @nak3)
• Improvement - Use device number 0 for primary device in unit test (#247, @nak3)
• Improvement - Collect iptables -nvL -t mangle in support script (#304, @nak3)
• Improvement - Return the err from f.Close() (#249, @mogren)
• Improvement - Explicitly set the IP on secondary ENIs (#271, @ewbankkit)
  • Fixes IP bug on older kernels.
• Improvement - Update instance ENI and IP mapping table (#275, @hmizuma)
  • Adds a1 and c5n instances. (Already included in v1.3.2)
• Improvement - Add ENI entries for p3dn.24xlarge instance (#274, @hmizuma)
  • p3dn.24xlarge was already included in v1.3.2
• Improvement - Use InClusterConfig when CreateKubeClient() was called without args (#293, @nak3)
• Improvement - Expose configuration variables via ipamD to make it debug friendly (#287, @nak3)
• Improvement - Allow cross compile on different platform (#292, @nak3)
• Improvement - Add changes to support multiple platform build (#286, @mbartsch)
  • arm64 build support
• Improvement - Improve setup advice in README around ENI / IP (#276 @sftim)
• Improvement - Use unix.RT_TABLE_MAIN for main routing table number (#269, @nak3)
• Improvement - Detect if mockgen and goimports are in the path (#278, @nak3)
• Improvement - Increment IP address safely (#258, @nak3)
  • Calculate the gateway IP in a safe way.
• Improvement - Remove unused options from rpc.proto (#252, @nak3)
• Improvement - Add missing unit tests execution to Makefile (#253, @nak3)
• Improvement - Bump TravisCI to use 1.11 (#243, @mogren)
• Bug fix - Fix typos in json types for ENIConfig (#393, @tiffanyfay)
• Bug fix - Avoid unbound variable error in aws-cni-support.sh (#382, @StevenACoffman)
• Bug fix - Output CIDR in correct format (#267, @nak3)
• Bug fix - Use replace when adding host route (#367, @mogren)
• Bug fix - Update k8sapi to use operator-framework inClusterConfig (#364, @tiffanyfay)
  • If the environment variables are missing, fall back to DNS lookup.
• Bug fix - Set mainENIRule mask (#340, @tustvold)
  • In order to match the connmark correctly, we need to mask it out when checking.
• Bug fix - Use primary interface to add iptables for connmark entry (#305, @nak3)
• Bug fix - Stop wrapping and returning nil (#245, @nak3)
• Bug fix - Fix return path of NodePort traffic when using Calico network policy (#263, @ikatson)
• Bug fix - Remove scope: Cluster from spec.names (#199, @rickardrosen)
• Bug fix - Remove unneeded spec entry in v1.3 manifest (#262, @hmizuma)
• Bug fix - Add formatter to errors.Wrapf in driver (#241, @nak3)

v1.3.3

• Feature - Add ENI entries for a1 and c5n instance families

v1.3.2

• Bug fix - Fix max pods for p3dn.24xlarge
• Bug fix - Bump CNI to latest 1.3 version

v1.3.1

• Feature - Add ENI entries for p3dn.24xlarge
• Bug fix - Restrict p3dn.24xlarge to 31 IPs/ENI

v1.3.0

• Feature - Add logic to handle multiple VPC CIDRs
• Improvement - Update instance types
• Improvement - Add retry for plumbing route entry
• Improvement - Update vpc_ip_resource_limit.go
• Improvement - Add support for g3s.xlarge machines
• Improvement - Fixing t3.xl and t3.2xl eni numbers
• Improvement - Configure MTU of ENI and veths to 9001
• Bug fix - Update containerPort in the spec
• Bug fix - cleanup the host route when perform CNI delete

1.2.1

• Bug fix - Add missing calico.yaml to 1.2
• Bug fix - Do not watch eniconfig CRD if cni is not configured to use pod config
• Bug fix - Fixed typo in aws-k8s-cni.yaml
• Bug fix - Add logic to dynamically discover primary interface name

1.2.0

• Feature - Add hostPort support #153
• Feature - Add a configuration knob to allow Pod to use different VPC SecurityGroups and Subnet #165
• Feature - Fix return path of NodePort traffic #130
• Improvement - Add more error messages during initialization #174
• Improvement - Check to make it is a Pod object #170
• Improvement - Maintain the right number of ENIs and its IP addresses in WARM-IP pool #169
• Improvement - Add support for more instance types: r5, r5d, z1d, t3 #145

1.1.0

• Feature - Versioning with git SHA #106
• Feature - Ability to configure secondary IP preallocation (#125)
• Feature - Allow pods communicate with outside VPC without NAT#81
• Improvement - Added travis CI support #116, #117, #118
• Improvement - Modify toleration to make aws-node schedule-able on all nodes #128
• Improvement - Move from TagResources to CreateTags for ENI Tagging #129
• Improvement - Updated troubleshooting guidelines
• Bug Fix - Release IP to datastore upon failure #127

1.0.0

Initial release of amazon-vpc-cni-k8s a cni plugin for use with Kubernetes that uses ENIs and secondary ip addresses.

See the README for additional information.