Skip to content

Commit

Permalink
release updates for VPC CNI v1.15.3 (#2636)
Browse files Browse the repository at this point in the history
  • Loading branch information
jdn5126 authored Oct 30, 2023
1 parent ea430a0 commit 16ac22b
Show file tree
Hide file tree
Showing 18 changed files with 86 additions and 98 deletions.
7 changes: 7 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,5 +1,12 @@
# Changelog

## v1.15.3

* Bug - [Fully address CVE-2023-44487](https://github.com/aws/amazon-vpc-cni-k8s/pull/2626) (@jdn5126 )
* Improvement - [feat(chart): Made node agent optional](https://github.com/aws/amazon-vpc-cni-k8s/pull/2623) (@stevehipwell )
* Improvement - [Update Golang to 1.21.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2616) (@jdn5126 )
* Improvement - [Go module updates and Golang builder image update](https://github.com/aws/amazon-vpc-cni-k8s/pull/2615) (@jdn5126 )

## v1.15.1

* Bug - [Do not patch CNINode for custom networking unless SGPP is enabled](https://github.com/aws/amazon-vpc-cni-k8s/pull/2591) (@jdn5126 )
Expand Down
4 changes: 2 additions & 2 deletions charts/aws-vpc-cni/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v1
name: aws-vpc-cni
version: 1.15.1
appVersion: "v1.15.1"
version: 1.15.3
appVersion: "v1.15.3"
description: A Helm chart for the AWS VPC CNI
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
home: https://github.com/aws/amazon-vpc-cni-k8s
Expand Down
6 changes: 3 additions & 3 deletions charts/aws-vpc-cni/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -43,15 +43,15 @@ The following table lists the configurable parameters for this chart and their d
| `enableWindowsIpam` | Enable windows support for your cluster | `false` |
| `enableNetworkPolicy` | Enable Network Policy Controller and Agent for your cluster | `false` |
| `fullnameOverride` | Override the fullname of the chart | `aws-node` |
| `image.tag` | Image tag | `v1.15.1` |
| `image.tag` | Image tag | `v1.15.3` |
| `image.domain` | ECR repository domain | `amazonaws.com` |
| `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` |
| `image.endpoint` | ECR repository endpoint to use. | `ecr` |
| `image.account` | ECR repository account number | `602401143452` |
| `image.pullPolicy` | Container pull policy | `IfNotPresent` |
| `image.override` | A custom docker image to use | `nil` |
| `imagePullSecrets` | Docker registry pull secret | `[]` |
| `init.image.tag` | Image tag | `v1.15.1` |
| `init.image.tag` | Image tag | `v1.15.3` |
| `init.image.domain` | ECR repository domain | `amazonaws.com` |
| `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` |
| `init.image.endpoint` | ECR repository endpoint to use. | `ecr` |
Expand All @@ -64,7 +64,7 @@ The following table lists the configurable parameters for this chart and their d
| `originalMatchLabels` | Use the original daemonset matchLabels | `false` |
| `nameOverride` | Override the name of the chart | `aws-node` |
| `nodeAgent.enabled` | If the Node Agent container should be created | `true` |
| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.4` |
| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.0.5` |
| `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` |
| `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` |
| `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` |
Expand Down
10 changes: 6 additions & 4 deletions charts/aws-vpc-cni/templates/daemonset.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -104,13 +104,13 @@ spec:
name: cni-bin-dir
- mountPath: /host/etc/cni/net.d
name: cni-net-dir
{{- if .Values.cniConfig.enabled }}
{{- if .Values.cniConfig.enabled }}
# The dockerfile copies the baked in config to this location, so overwrite it with ours.
# The entrypoint process will then copy our config to /host/etc/cni/net.d on boot.
- name: cni-config
mountPath: /app/10-aws.conflist
subPath: 10-aws.conflist
{{- end }}
{{- end }}
- mountPath: /host/var/log/aws-routed-eni
name: log-dir
- mountPath: /var/run/aws-node
Expand Down Expand Up @@ -145,8 +145,10 @@ spec:
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
{{- if .Values.nodeAgent.enabled }}
- mountPath: /sys/fs/bpf
name: bpf-pin-path
{{- end }}
- mountPath: /var/log/aws-routed-eni
name: log-dir
- mountPath: /var/run/aws-node
Expand All @@ -164,11 +166,11 @@ spec:
- name: cni-net-dir
hostPath:
path: /etc/cni/net.d
{{- if .Values.cniConfig.enabled }}
{{- if .Values.cniConfig.enabled }}
- name: cni-config
configMap:
name: {{ include "aws-vpc-cni.fullname" . }}
{{- end }}
{{- end }}
- name: log-dir
hostPath:
path: /var/log/aws-routed-eni
Expand Down
7 changes: 4 additions & 3 deletions charts/aws-vpc-cni/test.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ nameOverride: aws-node

init:
image:
tag: v1.15.1
tag: v1.15.3
region: us-west-2
pullPolicy: Always
# Set to use custom image
Expand All @@ -17,8 +17,9 @@ init:
privileged: true

nodeAgent:
enabled: true
image:
tag: v1.0.4
tag: v1.0.5
region: us-west-2
pullPolicy: Always
# Set to use custom image
Expand All @@ -34,7 +35,7 @@ nodeAgent:

image:
region: us-west-2
tag: v1.15.1
tag: v1.15.3
pullPolicy: Always
# Set to use custom image
# override: "repo/org/image:tag"
Expand Down
30 changes: 4 additions & 26 deletions charts/aws-vpc-cni/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@ nameOverride: aws-node

init:
image:
tag: v1.15.1
tag: v1.15.3
domain: amazonaws.com
region: us-west-2
endpoint: ecr
Expand All @@ -27,7 +27,7 @@ init:
nodeAgent:
enabled: true
image:
tag: v1.0.4
tag: v1.0.5
domain: amazonaws.com
region: us-west-2
endpoint: ecr
Expand All @@ -48,30 +48,8 @@ nodeAgent:
healthProbeBindAddr: "8163"
resources: {}

nodeAgent:
image:
tag: v1.0.4
domain: amazonaws.com
region: us-west-2
endpoint: ecr
account: "602401143452"
pullPolicy: Always
# Set to use custom image
override:
# override: "repo/org/image:tag"
securityContext:
capabilities:
add:
- "NET_ADMIN"
privileged: true
enableCloudWatchLogs: "false"
enablePolicyEventLogs: "false"
enableIpv6: "false"
metricsBindAddr: "8162"
healthProbeBindAddr: "8163"

image:
tag: v1.15.1
tag: v1.15.3
domain: amazonaws.com
region: us-west-2
endpoint: ecr
Expand Down Expand Up @@ -104,7 +82,7 @@ env:
DISABLE_NETWORK_RESOURCE_PROVISIONING: "false"
ENABLE_IPv4: "true"
ENABLE_IPv6: "false"
VPC_CNI_VERSION: "v1.15.1"
VPC_CNI_VERSION: "v1.15.3"

# this flag enables you to use the match label that was present in the original daemonset deployed by EKS
# You can then annotate and label the original aws-node resources and 'adopt' them into a helm release
Expand Down
4 changes: 2 additions & 2 deletions charts/cni-metrics-helper/Chart.yaml
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
apiVersion: v2
name: cni-metrics-helper
version: 1.15.1
appVersion: v1.15.1
version: 1.15.3
appVersion: v1.15.3
description: A Helm chart for the AWS VPC CNI Metrics Helper
icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
home: https://github.com/aws/amazon-vpc-cni-k8s
Expand Down
2 changes: 1 addition & 1 deletion charts/cni-metrics-helper/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ The following table lists the configurable parameters for this chart and their d
|------------------------------|---------------------------------------------------------------|--------------------|
| fullnameOverride | Override the fullname of the chart | cni-metrics-helper |
| image.region | ECR repository region to use. Should match your cluster | us-west-2 |
| image.tag | Image tag | v1.15.1 |
| image.tag | Image tag | v1.15.3 |
| image.account | ECR repository account number | 602401143452 |
| image.domain | ECR repository domain | amazonaws.com |
| env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true |
Expand Down
2 changes: 1 addition & 1 deletion charts/cni-metrics-helper/values.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper

image:
region: us-west-2
tag: v1.15.1
tag: v1.15.3
account: "602401143452"
domain: "amazonaws.com"
# Set to use custom image
Expand Down
20 changes: 10 additions & 10 deletions config/master/aws-k8s-cni-cn.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# Source: crds/customresourcedefinition.yaml
# Source: aws-vpc-cni/crds/customresourcedefinition.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -266,7 +266,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
---
# Source: aws-vpc-cni/templates/configmap.yaml
apiVersion: v1
Expand All @@ -278,7 +278,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
data:
enable-windows-ipam: "false"
enable-network-policy-controller: "false"
Expand All @@ -292,7 +292,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
rules:
- apiGroups:
- crd.k8s.amazonaws.com
Expand Down Expand Up @@ -338,7 +338,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand All @@ -358,7 +358,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
spec:
updateStrategy:
rollingUpdate:
Expand All @@ -379,7 +379,7 @@ spec:
hostNetwork: true
initContainers:
- name: aws-vpc-cni-init
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.1
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.15.3
env:
- name: DISABLE_TCP_EARLY_DEMUX
value: "false"
Expand All @@ -400,7 +400,7 @@ spec:
{}
containers:
- name: aws-node
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.1
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.15.3
ports:
- containerPort: 61678
name: metrics
Expand Down Expand Up @@ -460,7 +460,7 @@ spec:
- name: ENABLE_PREFIX_DELEGATION
value: "false"
- name: VPC_CNI_VERSION
value: "v1.15.1"
value: "v1.15.3"
- name: WARM_ENI_TARGET
value: "1"
- name: WARM_PREFIX_TARGET
Expand Down Expand Up @@ -495,7 +495,7 @@ spec:
- mountPath: /run/xtables.lock
name: xtables-lock
- name: aws-eks-nodeagent
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.4
image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.0.5
env:
- name: MY_NODE_NAME
valueFrom:
Expand Down
20 changes: 10 additions & 10 deletions config/master/aws-k8s-cni-us-gov-east-1.yaml
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
---
# Source: crds/customresourcedefinition.yaml
# Source: aws-vpc-cni/crds/customresourcedefinition.yaml
apiVersion: apiextensions.k8s.io/v1
kind: CustomResourceDefinition
metadata:
Expand Down Expand Up @@ -266,7 +266,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
---
# Source: aws-vpc-cni/templates/configmap.yaml
apiVersion: v1
Expand All @@ -278,7 +278,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
data:
enable-windows-ipam: "false"
enable-network-policy-controller: "false"
Expand All @@ -292,7 +292,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
rules:
- apiGroups:
- crd.k8s.amazonaws.com
Expand Down Expand Up @@ -338,7 +338,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
Expand All @@ -358,7 +358,7 @@ metadata:
app.kubernetes.io/name: aws-node
app.kubernetes.io/instance: aws-vpc-cni
k8s-app: aws-node
app.kubernetes.io/version: "v1.15.1"
app.kubernetes.io/version: "v1.15.3"
spec:
updateStrategy:
rollingUpdate:
Expand All @@ -379,7 +379,7 @@ spec:
hostNetwork: true
initContainers:
- name: aws-vpc-cni-init
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.1
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.15.3
env:
- name: DISABLE_TCP_EARLY_DEMUX
value: "false"
Expand All @@ -400,7 +400,7 @@ spec:
{}
containers:
- name: aws-node
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.1
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.15.3
ports:
- containerPort: 61678
name: metrics
Expand Down Expand Up @@ -460,7 +460,7 @@ spec:
- name: ENABLE_PREFIX_DELEGATION
value: "false"
- name: VPC_CNI_VERSION
value: "v1.15.1"
value: "v1.15.3"
- name: WARM_ENI_TARGET
value: "1"
- name: WARM_PREFIX_TARGET
Expand Down Expand Up @@ -495,7 +495,7 @@ spec:
- mountPath: /run/xtables.lock
name: xtables-lock
- name: aws-eks-nodeagent
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.4
image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.0.5
env:
- name: MY_NODE_NAME
valueFrom:
Expand Down
Loading

0 comments on commit 16ac22b

Please sign in to comment.