diff --git a/CHANGELOG.md b/CHANGELOG.md index 7bdbac5f8d..295cf070bd 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,12 @@ # Changelog +## v1.15.5 + +* Bug - [Add watch permission for CNINode resource](https://github.com/aws/amazon-vpc-cni-k8s/pull/2681) (@jdn5126 ) +* Improvement - [Upgrade go from 1.21.4 to 1.21.5](https://github.com/aws/amazon-vpc-cni-k8s/pull/2707) (@jchen6585 ) +* Improvement - [Dependabot Golang updates, test agent fix](https://github.com/aws/amazon-vpc-cni-k8s/pull/2698) (@jdn5126 ) +* Improvement - [Bump aws-sdk-go to v1.48.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2674) (@jchen6585 ) + ## v1.15.4 * Documentation - [Update prefix-and-ip-target.md](https://github.com/aws/amazon-vpc-cni-k8s/pull/2658) (@nicolajknudsen ) diff --git a/Makefile b/Makefile index 909d7cb160..e18ab3b26c 100644 --- a/Makefile +++ b/Makefile @@ -274,7 +274,7 @@ docker-metrics-test: ## Run metrics helper unit test suite in a container. make metrics-unit-test # Fetch the CNI plugins -plugins: FETCH_VERSION=1.3.0 +plugins: FETCH_VERSION=1.4.0 plugins: FETCH_URL=https://github.com/containernetworking/plugins/releases/download/v$(FETCH_VERSION)/cni-plugins-$(GOOS)-$(GOARCH)-v$(FETCH_VERSION).tgz plugins: VISIT_URL=https://github.com/containernetworking/plugins/tree/v$(FETCH_VERSION)/plugins/ plugins: ## Fetch the CNI plugins diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml index bf3040f2d6..ed241f5c16 100644 --- a/charts/aws-vpc-cni/Chart.yaml +++ b/charts/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.15.4 -appVersion: "v1.15.4" +version: 1.15.5 +appVersion: "v1.15.5" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md index 0b53dea1ae..64246178c6 100644 --- a/charts/aws-vpc-cni/README.md +++ b/charts/aws-vpc-cni/README.md @@ -42,8 +42,13 @@ The following table lists the configurable parameters for this chart and their d | `env` | List of environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) | | `enableWindowsIpam` | Enable windows support for your cluster | `false` | | `enableNetworkPolicy` | Enable Network Policy Controller and Agent for your cluster | `false` | +| `enableWindowsPrefixDelegation` | Enable windows prefix delegation support for your cluster | `false` | +| `warmWindowsPrefixTarget` | Warm prefix target value for Windows prefix delegation | `0` | +| `warmWindowsIPTarget` | Warm IP target value for Windows prefix delegation | `1` | +| `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | +| `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.15.4` | +| `image.tag` | Image tag | `v1.15.5` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -51,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.15.4` | +| `init.image.tag` | Image tag | `v1.15.5` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -64,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.6` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.7` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -75,6 +80,7 @@ The following table lists the configurable parameters for this chart and their d | `nodeAgent.enablePolicyEventLogs` | Enable policy decision logs for Node Agent | `false` | | `nodeAgent.metricsBindAddr` | Node Agent port for metrics | `8162` | | `nodeAgent.healthProbeBindAddr` | Node Agent port for health probes | `8163` | +| `nodeAgent.conntrackCacheCleanupPeriod` | Cleanup interval for network policy agent conntrack cache | 300 | | `nodeAgent.enableIpv6` | Enable IPv6 support for Node Agent | `false` | | `nodeAgent.resources` | Node Agent resources, will defualt to .Values.resources if not set | `{}` | | `extraVolumes` | Array to add extra volumes | `[]` | diff --git a/charts/aws-vpc-cni/templates/configmap.yaml b/charts/aws-vpc-cni/templates/configmap.yaml index 9dfed6924c..f79dd58be4 100644 --- a/charts/aws-vpc-cni/templates/configmap.yaml +++ b/charts/aws-vpc-cni/templates/configmap.yaml @@ -19,3 +19,8 @@ metadata: data: enable-windows-ipam: {{ .Values.enableWindowsIpam | quote }} enable-network-policy-controller: {{ .Values.enableNetworkPolicy | quote }} + enable-windows-prefix-delegation: {{ .Values.enableWindowsPrefixDelegation | quote }} + warm-prefix-target: {{ .Values.warmWindowsPrefixTarget | quote }} + warm-ip-target: {{ .Values.warmWindowsIPTarget | quote }} + minimum-ip-target: {{ .Values.minimumWindowsIPTarget | quote }} + branch-eni-cooldown: {{ .Values.branchENICooldown | quote }} diff --git a/charts/aws-vpc-cni/templates/daemonset.yaml b/charts/aws-vpc-cni/templates/daemonset.yaml index ab3b44a40a..d9f85db5d1 100644 --- a/charts/aws-vpc-cni/templates/daemonset.yaml +++ b/charts/aws-vpc-cni/templates/daemonset.yaml @@ -136,6 +136,7 @@ spec: - --enable-policy-event-logs={{ .Values.nodeAgent.enablePolicyEventLogs }} - --metrics-bind-addr={{ include "aws-vpc-cni.nodeAgentMetricsBindAddr" . }} - --health-probe-bind-addr={{ include "aws-vpc-cni.nodeAgentHealthProbeBindAddr" . }} + - --conntrack-cache-cleanup-period={{ .Values.nodeAgent.conntrackCacheCleanupPeriod }} {{- with default .Values.resources .Values.nodeAgent.resources }} resources: {{- toYaml . | nindent 12 }} diff --git a/charts/aws-vpc-cni/test.yaml b/charts/aws-vpc-cni/test.yaml deleted file mode 100644 index 58ffb9ff15..0000000000 --- a/charts/aws-vpc-cni/test.yaml +++ /dev/null @@ -1,175 +0,0 @@ -# Test values for aws-vpc-cni. -# This is a YAML-formatted file. -# Declare variables to be passed into your templates. -# -nameOverride: aws-node - -init: - image: - tag: v1.15.4 - region: us-west-2 - pullPolicy: Always - # Set to use custom image - # override: "repo/org/image:tag" - env: - DISABLE_TCP_EARLY_DEMUX: "false" - securityContext: - privileged: true - -nodeAgent: - enabled: true - image: - tag: v1.0.6 - region: us-west-2 - pullPolicy: Always - # Set to use custom image - # override: - securityContext: - capabilities: - add: - - "NET_ADMIN" - privileged: true - enableCloudWatchLogs: "false" - enableIpv6: "false" - -image: - region: us-west-2 - tag: v1.15.4 - pullPolicy: Always - # Set to use custom image - # override: "repo/org/image:tag" - -# The CNI supports a number of environment variable settings -# See https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables -env: - ADDITIONAL_ENI_TAGS: "{}" - AWS_VPC_CNI_NODE_PORT_SUPPORT: "true" - AWS_VPC_ENI_MTU: "9001" - AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "false" - AWS_VPC_K8S_CNI_EXTERNALSNAT: "false" - AWS_VPC_K8S_CNI_LOG_FILE: "/host/var/log/aws-routed-eni/ipamd.log" - AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG - AWS_VPC_K8S_CNI_RANDOMIZESNAT: "prng" - AWS_VPC_K8S_CNI_VETHPREFIX: eni - AWS_VPC_K8S_PLUGIN_LOG_FILE: "/var/log/aws-routed-eni/plugin.log" - AWS_VPC_K8S_PLUGIN_LOG_LEVEL: DEBUG - DISABLE_INTROSPECTION: "false" - DISABLE_METRICS: "false" - ENABLE_POD_ENI: "false" - ENABLE_PREFIX_DELEGATION: "false" - WARM_ENI_TARGET: "1" - WARM_PREFIX_TARGET: "1" - -# this flag enables you to use the match label that was present in the original daemonset deployed by EKS -# You can then annotate and label the original aws-node resources and 'adopt' them into a helm release -originalMatchLabels: false - -cniConfig: - enabled: false - fileContents: "" - -imagePullSecrets: [] - -fullnameOverride: "aws-node" - -priorityClassName: system-node-critical - -podSecurityContext: {} - -podAnnotations: {} - -securityContext: - capabilities: - add: - - "NET_ADMIN" - - "NET_RAW" - -serviceAccount: - # Specifies whether a service account should be created - create: true - # The name of the service account to use. - # If not set and create is true, a name is generated using the fullname template - name: - annotations: {} - # eks.amazonaws.com/role-arn: arn:aws:iam::AWS_ACCOUNT_ID:role/IAM_ROLE_NAME - -livenessProbe: - exec: - command: - - /app/grpc-health-probe - - '-addr=:50051' - initialDelaySeconds: 60 - -readinessProbe: - exec: - command: - - /app/grpc-health-probe - - '-addr=:50051' - initialDelaySeconds: 1 - -resources: - requests: - cpu: 10m - -updateStrategy: - type: RollingUpdate - rollingUpdate: - maxUnavailable: "10%" - -nodeSelector: {} - -tolerations: - - operator: Exists - -affinity: - nodeAffinity: - requiredDuringSchedulingIgnoredDuringExecution: - nodeSelectorTerms: - - matchExpressions: - - key: "beta.kubernetes.io/os" - operator: In - values: - - linux - - key: "beta.kubernetes.io/arch" - operator: In - values: - - amd64 - - arm64 - - key: "eks.amazonaws.com/compute-type" - operator: NotIn - values: - - fargate - - matchExpressions: - - key: "kubernetes.io/os" - operator: In - values: - - linux - - key: "kubernetes.io/arch" - operator: In - values: - - amd64 - - arm64 - - key: "eks.amazonaws.com/compute-type" - operator: NotIn - values: - - fargate - -eniConfig: - # Specifies whether ENIConfigs should be created - create: false - region: us-west-2 - subnets: - # Key identifies the AZ - # Value contains the subnet ID and security group IDs within that AZ - # a: - # id: subnet-123 - # securityGroups: - # - sg-123 - # b: - # id: subnet-456 - # securityGroups: - # - sg-456 - # c: - # id: subnet-789 - # securityGroups: - # - sg-789 diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml index 1c17ee9431..3f9e98fd66 100644 --- a/charts/aws-vpc-cni/values.yaml +++ b/charts/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.15.4 + tag: v1.15.5 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.0.6 + tag: v1.0.7 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -46,10 +46,11 @@ nodeAgent: enableIpv6: "false" metricsBindAddr: "8162" healthProbeBindAddr: "8163" + conntrackCacheCleanupPeriod: 300 resources: {} image: - tag: v1.15.4 + tag: v1.15.5 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -82,14 +83,24 @@ env: DISABLE_NETWORK_RESOURCE_PROVISIONING: "false" ENABLE_IPv4: "true" ENABLE_IPv6: "false" - VPC_CNI_VERSION: "v1.15.4" + VPC_CNI_VERSION: "v1.15.5" # this flag enables you to use the match label that was present in the original daemonset deployed by EKS # You can then annotate and label the original aws-node resources and 'adopt' them into a helm release originalMatchLabels: false -enableWindowsIpam: "false" +# Settings for aws-vpc-cni ConfigMap +# - Network Policy settings enableNetworkPolicy: "false" +# - Windows settings +enableWindowsIpam: "false" +# - Windows Prefix Delegation settings +enableWindowsPrefixDelegation: "false" +warmWindowsPrefixTarget: 0 +warmWindowsIPTarget: 1 +minimumWindowsIPTarget: 3 +# - Security Groups for Pods settings +branchENICooldown: 60 cniConfig: enabled: false diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml index d9574b2c9b..da00f942d3 100644 --- a/charts/cni-metrics-helper/Chart.yaml +++ b/charts/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 1.15.4 -appVersion: v1.15.4 +version: 1.15.5 +appVersion: v1.15.5 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md index fe738b9310..5204f42314 100644 --- a/charts/cni-metrics-helper/README.md +++ b/charts/cni-metrics-helper/README.md @@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d |------------------------------|---------------------------------------------------------------|--------------------| | fullnameOverride | Override the fullname of the chart | cni-metrics-helper | | image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.15.4 | +| image.tag | Image tag | v1.15.5 | | image.account | ECR repository account number | 602401143452 | | image.domain | ECR repository domain | amazonaws.com | | env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml index 7b28798405..7187f21266 100644 --- a/charts/cni-metrics-helper/values.yaml +++ b/charts/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.15.4 + tag: v1.15.5 account: "602401143452" domain: "amazonaws.com" # Set to use custom image diff --git a/cmd/aws-vpc-cni-init/main.go b/cmd/aws-vpc-cni-init/main.go index e89da82404..c3c77a9189 100644 --- a/cmd/aws-vpc-cni-init/main.go +++ b/cmd/aws-vpc-cni-init/main.go @@ -117,10 +117,7 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err // Check if IPv6 egress support is enabled in IPv4 cluster. ipv6EgressEnabled := utils.GetBoolAsStringEnvVar(envEgressV6, defaultEnableIPv6Egress) if enableIPv6 || ipv6EgressEnabled { - // For IPv6, the following sysctls are set: - // 1. forwarding defaults to 1 - // 2. accept_ra defaults to 2 - // 3. accept_redirects defaults to 1 + // Enable IPv6 forwarding on all interfaces by default entry := "net/ipv6/conf/all/forwarding" err = procSys.Set(entry, "1") if err != nil { @@ -129,25 +126,6 @@ func configureIPv6Settings(procSys procsyswrapper.ProcSys, primaryIF string) err val, _ := procSys.Get(entry) log.Infof("Updated %s to %s", entry, val) - // accept_ra must be set to 2 so that RA routes are installed by the kernel on secondary ENIs - // For IPv6, this setting must be inherited by the trunk ENI. It must be set here as IPAMD does - // not have permission to set sysctl values. - entry = "net/ipv6/conf/default/accept_ra" - err = procSys.Set(entry, "2") - if err != nil { - return errors.Wrap(err, "Failed to set IPv6 accept Router Advertisements to 2") - } - val, _ = procSys.Get(entry) - log.Infof("Updated %s to %s", entry, val) - - entry = "net/ipv6/conf/default/accept_redirects" - err = procSys.Set(entry, "1") - if err != nil { - return errors.Wrap(err, "Failed to enable IPv6 accept redirects") - } - val, _ = procSys.Get(entry) - log.Infof("Updated %s to %s", entry, val) - // For the primary ENI in IPv6, sysctls are set to: // 1. forwarding=1 // 2. accept_ra=2 diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml index ce9eea4b1b..f701157a30 100644 --- a/config/master/aws-k8s-cni-cn.yaml +++ b/config/master/aws-k8s-cni-cn.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.4 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.4 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.6 + image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml index 2299840c1f..4acc18045e 100644 --- a/config/master/aws-k8s-cni-us-gov-east-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml index 9d1b232ec7..8f81fa81a8 100644 --- a/config/master/aws-k8s-cni-us-gov-west-1.yaml +++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml index 097b55c069..046e1557d0 100644 --- a/config/master/aws-k8s-cni.yaml +++ b/config/master/aws-k8s-cni.yaml @@ -266,7 +266,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,10 +278,15 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" + enable-windows-prefix-delegation: "false" + warm-prefix-target: "0" + warm-ip-target: "1" + minimum-ip-target: "3" + branch-eni-cooldown: "60" --- # Source: aws-vpc-cni/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -292,7 +297,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -338,7 +343,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -358,7 +363,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" spec: updateStrategy: rollingUpdate: @@ -379,7 +384,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.15.4 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.15.5 env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -400,7 +405,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.15.4 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.15.5 ports: - containerPort: 61678 name: metrics @@ -460,7 +465,7 @@ spec: - name: ENABLE_PREFIX_DELEGATION value: "false" - name: VPC_CNI_VERSION - value: "v1.15.4" + value: "v1.15.5" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -495,7 +500,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.6 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.0.7 env: - name: MY_NODE_NAME valueFrom: @@ -509,6 +514,7 @@ spec: - --enable-policy-event-logs=false - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 + - --conntrack-cache-cleanup-period=300 resources: requests: cpu: 25m diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml index 84de255af1..4142a16161 100644 --- a/config/master/cni-metrics-helper-cn.yaml +++ b/config/master/cni-metrics-helper-cn.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.15.4" + image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml index 9dec1986bf..c201da45f9 100644 --- a/config/master/cni-metrics-helper-us-gov-east-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml index b663b96c00..12d7fd0451 100644 --- a/config/master/cni-metrics-helper-us-gov-west-1.yaml +++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml index be5afbbf31..c23cf0a7c8 100644 --- a/config/master/cni-metrics-helper.yaml +++ b/config/master/cni-metrics-helper.yaml @@ -8,7 +8,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" --- # Source: cni-metrics-helper/templates/clusterrole.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -30,7 +30,7 @@ metadata: labels: app.kubernetes.io/name: cni-metrics-helper app.kubernetes.io/instance: cni-metrics-helper - app.kubernetes.io/version: "v1.15.4" + app.kubernetes.io/version: "v1.15.5" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -69,5 +69,5 @@ spec: - name: USE_PROMETHEUS value: "false" name: cni-metrics-helper - image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4" + image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5" serviceAccountName: cni-metrics-helper diff --git a/go.mod b/go.mod index 2009478c15..03cac8312b 100644 --- a/go.mod +++ b/go.mod @@ -4,7 +4,7 @@ go 1.21 require ( github.com/apparentlymart/go-cidr v1.1.0 - github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231201202736-d8c395ad1491 + github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 github.com/aws/aws-sdk-go v1.48.10 github.com/containernetworking/cni v1.1.2 @@ -49,12 +49,13 @@ require ( github.com/Masterminds/semver/v3 v3.2.1 // indirect github.com/Masterminds/sprig/v3 v3.2.3 // indirect github.com/Masterminds/squirrel v1.5.4 // indirect - github.com/Microsoft/hcsshim v0.11.0 // indirect + github.com/Microsoft/hcsshim v0.11.4 // indirect github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.2.0 // indirect github.com/chai2010/gettext-go v1.0.2 // indirect - github.com/containerd/containerd v1.7.6 // indirect + github.com/containerd/containerd v1.7.11 // indirect + github.com/containerd/log v0.1.0 // indirect github.com/cyphar/filepath-securejoin v0.2.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/docker/cli v24.0.6+incompatible // indirect @@ -69,6 +70,7 @@ require ( github.com/evanphx/json-patch/v5 v5.6.0 // indirect github.com/exponent-io/jsonpath v0.0.0-20151013193312-d6023ce2651d // indirect github.com/fatih/color v1.13.0 // indirect + github.com/felixge/httpsnoop v1.0.3 // indirect github.com/fsnotify/fsnotify v1.6.0 // indirect github.com/go-errors/errors v1.4.2 // indirect github.com/go-gorp/gorp/v3 v3.1.0 // indirect @@ -136,16 +138,18 @@ require ( github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 // indirect github.com/xeipuuv/gojsonschema v1.2.0 // indirect github.com/xlab/treeprint v1.2.0 // indirect - go.opentelemetry.io/otel v1.14.0 // indirect - go.opentelemetry.io/otel/trace v1.14.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 // indirect + go.opentelemetry.io/otel v1.19.0 // indirect + go.opentelemetry.io/otel/metric v1.19.0 // indirect + go.opentelemetry.io/otel/trace v1.19.0 // indirect go.starlark.net v0.0.0-20230525235612-a134d8f9ddca // indirect go.uber.org/multierr v1.11.0 // indirect golang.org/x/crypto v0.14.0 // indirect golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 // indirect golang.org/x/oauth2 v0.11.0 // indirect golang.org/x/sync v0.4.0 // indirect - golang.org/x/term v0.13.0 // indirect - golang.org/x/text v0.13.0 // indirect + golang.org/x/term v0.15.0 // indirect + golang.org/x/text v0.14.0 // indirect golang.org/x/time v0.3.0 // indirect golang.org/x/tools v0.14.0 // indirect gomodules.xyz/jsonpatch/v2 v2.4.0 // indirect @@ -170,8 +174,8 @@ require ( replace gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 => gopkg.in/yaml.v3 v3.0.1 -// Cannot be removed until all dependencies use crypto library v0.14.0 or higher -replace golang.org/x/crypto => golang.org/x/crypto v0.14.0 +// Cannot be removed until all dependencies use crypto library v0.17.0 or higher +replace golang.org/x/crypto => golang.org/x/crypto v0.17.0 // Cannot be removed until all dependencies use net library v0.17.0 or higher replace golang.org/x/net => golang.org/x/net v0.17.0 diff --git a/go.sum b/go.sum index 62fe78169a..a8bd1090e7 100644 --- a/go.sum +++ b/go.sum @@ -21,8 +21,8 @@ github.com/Masterminds/squirrel v1.5.4 h1:uUcX/aBc8O7Fg9kaISIUsHXdKuqehiXAMQTYX8 github.com/Masterminds/squirrel v1.5.4/go.mod h1:NNaOrjSoIDfDA40n7sr2tPNZRfjzjA400rg+riTZj10= github.com/Microsoft/go-winio v0.6.1 h1:9/kr64B9VUZrLm5YYwbGtUJnMgqWVOdUAXu6Migciow= github.com/Microsoft/go-winio v0.6.1/go.mod h1:LRdKpFKfdobln8UmuiYcKPot9D2v6svN5+sAH+4kjUM= -github.com/Microsoft/hcsshim v0.11.0 h1:7EFNIY4igHEXUdj1zXgAyU3fLc7QfOKHbkldRVTBdiM= -github.com/Microsoft/hcsshim v0.11.0/go.mod h1:OEthFdQv/AD2RAdzR6Mm1N1KPCztGKDurW1Z8b8VGMM= +github.com/Microsoft/hcsshim v0.11.4 h1:68vKo2VN8DE9AdN4tnkWnmdhqdbpUFM8OF3Airm7fz8= +github.com/Microsoft/hcsshim v0.11.4/go.mod h1:smjE4dvqPX9Zldna+t5FG3rnoHhaB7QYxPRqGcpAD9w= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d h1:UrqY+r/OJnIp5u0s1SbQ8dVfLCZJsnvazdBP5hS4iRs= github.com/Shopify/logrus-bugsnag v0.0.0-20171204204709-577dee27f20d/go.mod h1:HI8ITrYtUY+O+ZhtlqUnD8+KwNPOyugEhfP9fdUIaEQ= github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc/go.mod h1:LOuyumcjzFXgccqObfd/Ljyb9UuFJ6TxHnclSeseNhc= @@ -33,8 +33,8 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5 h1:0CwZNZbxp69SHPd github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkYZB8zMSxRWpUBQtwG5a7fFgvEO+odwuTv2gs= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535 h1:4daAzAu0S6Vi7/lbWECcX0j45yZReDZ56BQsrVBOEEY= github.com/asaskevich/govalidator v0.0.0-20200428143746-21a406dcc535/go.mod h1:oGkLhpf+kjZl6xBf758TQhh5XrAeiJv/7FRz/2spLIg= -github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231201202736-d8c395ad1491 h1:iWVPopSSbIQki4c35000NXqLjbzpW1PiTXp7Iz6fXGY= -github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231201202736-d8c395ad1491/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= +github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b h1:xCQo9O4BIwuLhrQAqamsvhfgjBiSOo83uDMMSivRsnw= +github.com/aws/amazon-vpc-cni-k8s/test/agent v0.0.0-20231212223725-21c4bd73015b/go.mod h1:NvS1b2fBgkUvAWgBF8h0aRaVVoUeIlpUMnlTW2wIqik= github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1 h1:43uJXFNTjk5Gzi2Qpqk30ycaaE7DOVvBDKi35wzsrsQ= github.com/aws/amazon-vpc-resource-controller-k8s v1.4.1/go.mod h1:tXPJP0SFdkVa7ALghDjThtavyYnP0MKO8V0ZHlDNCU8= github.com/aws/aws-sdk-go v1.48.10 h1:0LIFG3wp2Dt6PsxKWCg1Y1xRrn2vZnW5/gWdgaBalKg= @@ -63,10 +63,12 @@ github.com/chzyer/test v0.0.0-20180213035817-a1ea475d72b1/go.mod h1:Q3SI9o4m/ZMn github.com/client9/misspell v0.3.4/go.mod h1:qj6jICC3Q7zFZvVWo7KLAzC3yx5G7kyvSDkc90ppPyw= github.com/containerd/cgroups v1.1.0 h1:v8rEWFl6EoqHB+swVNjVoCJE8o3jX7e8nqBGPLaDFBM= github.com/containerd/cgroups v1.1.0/go.mod h1:6ppBcbh/NOOUU+dMKrykgaBnK9lCIBxHqJDGwsa1mIw= -github.com/containerd/containerd v1.7.6 h1:oNAVsnhPoy4BTPQivLgTzI9Oleml9l/+eYIDYXRCYo8= -github.com/containerd/containerd v1.7.6/go.mod h1:SY6lrkkuJT40BVNO37tlYTSnKJnP5AXBc0fhx0q+TJ4= +github.com/containerd/containerd v1.7.11 h1:lfGKw3eU35sjV0aG2eYZTiwFEY1pCzxdzicHP3SZILw= +github.com/containerd/containerd v1.7.11/go.mod h1:5UluHxHTX2rdvYuZ5OJTC5m/KJNs0Zs9wVoJm9zf5ZE= github.com/containerd/continuity v0.4.2 h1:v3y/4Yz5jwnvqPKJJ+7Wf93fyWoCB3F5EclWG023MDM= github.com/containerd/continuity v0.4.2/go.mod h1:F6PTNCKepoxEaXLQp3wDAjygEnImnZ/7o4JzpodfroQ= +github.com/containerd/log v0.1.0 h1:TCJt7ioM2cr/tfR8GPbGf9/VRAX8D2B4PjzCpfX540I= +github.com/containerd/log v0.1.0/go.mod h1:VRRf09a7mHDIRezVKTRCrOq78v577GXq3bSa3EhrzVo= github.com/containernetworking/cni v1.1.2 h1:wtRGZVv7olUHMOqouPpn3cXJWpJgM6+EUl31EQbXALQ= github.com/containernetworking/cni v1.1.2/go.mod h1:sDpYKmGVENF3s6uvMvGgldDWeG8dMxakj/u+i9ht9vw= github.com/containernetworking/plugins v1.2.0 h1:SWgg3dQG1yzUo4d9iD8cwSVh1VqI+bP7mkPDoSfP9VU= @@ -447,10 +449,14 @@ github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f h1 github.com/yvasiyarov/newrelic_platform_go v0.0.0-20140908184405-b21fdbd4370f/go.mod h1:GlGEuHIJweS1mbCqG+7vt2nvWLzLLnRHbXz5JKd/Qbg= go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= -go.opentelemetry.io/otel v1.14.0 h1:/79Huy8wbf5DnIPhemGB+zEPVwnN6fuQybr/SRXa6hM= -go.opentelemetry.io/otel v1.14.0/go.mod h1:o4buv+dJzx8rohcUeRmWUZhqupFvzWis188WlggnNeU= -go.opentelemetry.io/otel/trace v1.14.0 h1:wp2Mmvj41tDsyAJXiWDWpfNsOiIyd38fy85pyKcFq/M= -go.opentelemetry.io/otel/trace v1.14.0/go.mod h1:8avnQLK+CG77yNLUae4ea2JDQ6iT+gozhnZjy/rw9G8= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0 h1:x8Z78aZx8cOF0+Kkazoc7lwUNMGy0LrzEMxTm4BbTxg= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.45.0/go.mod h1:62CPTSry9QZtOaSsE3tOzhx6LzDhHnXJ6xHeMNNiM6Q= +go.opentelemetry.io/otel v1.19.0 h1:MuS/TNf4/j4IXsZuJegVzI1cwut7Qc00344rgH7p8bs= +go.opentelemetry.io/otel v1.19.0/go.mod h1:i0QyjOq3UPoTzff0PJB2N66fb4S0+rSbSB15/oyH9fY= +go.opentelemetry.io/otel/metric v1.19.0 h1:aTzpGtV0ar9wlV4Sna9sdJyII5jTVJEvKETPiOKwvpE= +go.opentelemetry.io/otel/metric v1.19.0/go.mod h1:L5rUsV9kM1IxCj1MmSdS+JQAcVm319EUrDVLrt7jqt8= +go.opentelemetry.io/otel/trace v1.19.0 h1:DFVQmlVbfVeOuBRrwdtaehRrWiL1JoVs9CPIQ1Dzxpg= +go.opentelemetry.io/otel/trace v1.19.0/go.mod h1:mfaSyvGyEJEI0nyV2I4qhNQnbBOUUmYZpYojqMnX2vo= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca h1:VdD38733bfYv5tUZwEIskMM93VanwNIi5bIKnDrJdEY= go.starlark.net v0.0.0-20230525235612-a134d8f9ddca/go.mod h1:jxU+3+j+71eXOW14274+SmmuW82qJzl6iZSeqEtTGds= go.uber.org/atomic v1.7.0/go.mod h1:fEN4uk6kAWBTFdckzkM89CLk9XfWZrxpCo0nPH17wJc= @@ -463,8 +469,8 @@ go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN8 go.uber.org/zap v1.24.0/go.mod h1:2kMP+WWQ8aoFoedH3T2sq6iJ2yDWpHbP0f6MQbS9Gkg= go.uber.org/zap v1.26.0 h1:sI7k6L95XOKS281NhVKOFCUNIvv9e0w4BF8N3u+tCRo= go.uber.org/zap v1.26.0/go.mod h1:dtElttAiwGvoJ/vj4IwHBS/gXsEu/pZ50mUIRWuG0so= -golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc= -golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4= +golang.org/x/crypto v0.17.0 h1:r8bRNjWL3GshPW3gkd+RpvzWrZAwPS49OmTGZ/uhM4k= +golang.org/x/crypto v0.17.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0 h1:pVgRXcIictcr+lBQIFeiwuwtDIs4eL21OuM9nyAADmo= golang.org/x/exp v0.0.0-20230315142452-642cacee5cc0/go.mod h1:CxIveKay+FTh1D0yPZemJVgC/95VzuuOLq5Qi4xnoYc= @@ -525,13 +531,15 @@ golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc= golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20220526004731-065cf7ba2467/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= -golang.org/x/term v0.13.0 h1:bb+I9cTfFazGW51MZqBVmZy7+JEJMouUHTUSKVQLBek= golang.org/x/term v0.13.0/go.mod h1:LTmsnFJwVN6bCy1rVCoS+qHT1HhALEFxKncY3WNNh4U= +golang.org/x/term v0.15.0 h1:y/Oo/a/q3IXu26lQgl04j/gjuBDOBlx7X6Om1j2CPW4= +golang.org/x/term v0.15.0/go.mod h1:BDl952bC7+uMoWR75FIrCDx79TPU9oHkTZ9yRbYOrX0= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= -golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k= golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE= +golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ= +golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU= golang.org/x/time v0.3.0 h1:rg5rLMjNzMS1RkNLzCG38eapWhnYLFYXDXj2gOlr8j4= golang.org/x/time v0.3.0/go.mod h1:tRJNPiyCQ0inRvYxbN9jk5I+vvW/OXSQhTDSoE431IQ= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= diff --git a/misc/eni-max-pods.txt b/misc/eni-max-pods.txt index 0ebc39f9e8..70f9a59bc9 100644 --- a/misc/eni-max-pods.txt +++ b/misc/eni-max-pods.txt @@ -231,6 +231,7 @@ d3en.6xlarge 58 d3en.8xlarge 78 d3en.xlarge 10 dl1.24xlarge 737 +dl2q.24xlarge 737 f1.16xlarge 394 f1.2xlarge 58 f1.4xlarge 234 @@ -725,6 +726,8 @@ r7iz.32xlarge 737 r7iz.4xlarge 234 r7iz.8xlarge 234 r7iz.large 29 +r7iz.metal-16xl 737 +r7iz.metal-32xl 737 r7iz.xlarge 58 t1.micro 4 t2.2xlarge 44 diff --git a/pkg/ipamd/rpc_handler.go b/pkg/ipamd/rpc_handler.go index 0eca3e07bc..16c73ec9fd 100644 --- a/pkg/ipamd/rpc_handler.go +++ b/pkg/ipamd/rpc_handler.go @@ -203,9 +203,16 @@ func (s *server) AddNetwork(ctx context.Context, in *rpc.AddNetworkRequest) (*rp if s.ipamContext.enablePodIPAnnotation { // On ADD, we pass empty string as there is no IP being released - err = s.ipamContext.AnnotatePod(in.K8S_POD_NAME, in.K8S_POD_NAMESPACE, vpccniPodIPKey, ipv4Addr, "") - if err != nil { - log.Errorf("Failed to add the pod annotation: %v", err) + if ipv4Addr != "" { + err = s.ipamContext.AnnotatePod(in.K8S_POD_NAME, in.K8S_POD_NAMESPACE, vpccniPodIPKey, ipv4Addr, "") + if err != nil { + log.Errorf("Failed to add the pod annotation: %v", err) + } + } else if ipv6Addr != "" { + err = s.ipamContext.AnnotatePod(in.K8S_POD_NAME, in.K8S_POD_NAMESPACE, vpccniPodIPKey, ipv6Addr, "") + if err != nil { + log.Errorf("Failed to add the pod annotation: %v", err) + } } } resp := rpc.AddNetworkReply{ diff --git a/pkg/vpc/vpc_ip_resource_limit.go b/pkg/vpc/vpc_ip_resource_limit.go index ed215a80f1..d9c172dd3d 100644 --- a/pkg/vpc/vpc_ip_resource_limit.go +++ b/pkg/vpc/vpc_ip_resource_limit.go @@ -2738,6 +2738,20 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "dl2q.24xlarge": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "nitro", + IsBareMetal: false, + }, "f1.16xlarge": { ENILimit: 8, IPv4Limit: 50, @@ -9879,6 +9893,34 @@ var instanceNetworkingLimits = map[string]InstanceTypeLimits{ HypervisorType: "nitro", IsBareMetal: false, }, + "r7iz.metal-16xl": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, + "r7iz.metal-32xl": { + ENILimit: 15, + IPv4Limit: 50, + DefaultNetworkCardIndex: 0, + NetworkCards: []NetworkCard{ + { + MaximumNetworkInterfaces: 15, + NetworkCardIndex: 0, + }, + + }, + HypervisorType: "unknown", + IsBareMetal: true, + }, "r7iz.xlarge": { ENILimit: 4, IPv4Limit: 15, diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh index 604e7840fc..51f423eb9d 100755 --- a/scripts/generate-cni-yaml.sh +++ b/scripts/generate-cni-yaml.sh @@ -8,8 +8,8 @@ HELM_VERSION="3.13.2" NAMESPACE="kube-system" MAKEFILEPATH=$SCRIPTPATH/../Makefile -VPC_CNI_VERSION="v1.15.4" -NODE_AGENT_VERSION="v1.0.6" +VPC_CNI_VERSION="v1.15.5" +NODE_AGENT_VERSION="v1.0.7" BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION REGIONS_FILE=$SCRIPTPATH/../charts/regions.json diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh index 50b0faeb2b..cf2f8f5cc7 100755 --- a/scripts/run-cni-release-tests.sh +++ b/scripts/run-cni-release-tests.sh @@ -10,7 +10,7 @@ # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os" # NG_LABEL_VAL: nodegroup label val, default "linux" # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster -# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4" +# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5" # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored set -e @@ -37,9 +37,9 @@ function run_integration_test() { echo "cni test took $((SECONDS - START)) seconds." if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then - CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.15.4" + CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.15.5" else - CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.4}" + CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.15.5}" fi REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1) diff --git a/test/framework/resources/agent/traffic_tester.go b/test/framework/resources/agent/traffic_tester.go index c56171bcf8..1be40be92c 100644 --- a/test/framework/resources/agent/traffic_tester.go +++ b/test/framework/resources/agent/traffic_tester.go @@ -128,7 +128,7 @@ func (t *TrafficTest) TestTraffic() (float64, error) { if err != nil { return 0, fmt.Errorf("pod list %v validation failed %v", podList, err) } - fmt.Fprintln(GinkgoWriter, "successfully validated the server pod list") + fmt.Fprintln(GinkgoWriter, "successfully validated the client pod list") } metricServerIP := metricServerPod.Status.PodIP diff --git a/test/framework/utils/const.go b/test/framework/utils/const.go index c8f0d61b87..3a96cb4e1c 100644 --- a/test/framework/utils/const.go +++ b/test/framework/utils/const.go @@ -24,7 +24,7 @@ const ( MultusContainerName = "kube-multus" // See https://gallery.ecr.aws/eks/aws-vpc-cni-test-helper - TestAgentImage = "networking-e2e-test-images/aws-vpc-cni-test-helper:d8c395ad" + TestAgentImage = "networking-e2e-test-images/aws-vpc-cni-test-helper:20231212" BusyBoxImage = "networking-e2e-test-images/busybox:latest" NginxImage = "networking-e2e-test-images/nginx:1.25.2" NetCatImage = "networking-e2e-test-images/netcat-openbsd:v1.0" diff --git a/test/helm/helm-lint.sh b/test/helm/helm-lint.sh index 0652910891..acf6e93c67 100755 --- a/test/helm/helm-lint.sh +++ b/test/helm/helm-lint.sh @@ -46,12 +46,12 @@ echo "========================================================================== echo " Generate Template w/ Helm v3" echo "==============================================================================" -helm template aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/test.yaml" > /dev/null +helm template aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/values.yaml" > /dev/null echo "==============================================================================" echo " Generate Template w/ Helm v2" echo "==============================================================================" -helm2 template --name aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/test.yaml" > /dev/null +helm2 template --name aws-vpc-cni "${HELM_DIR}/aws-vpc-cni" --debug --namespace=kube-system -f "${HELM_DIR}/aws-vpc-cni/values.yaml" > /dev/null echo "✅ Helm template generation for v2 and v3 have successfully completed!"