From 965f89f4ef02c564a216ea98c031362fe26515e6 Mon Sep 17 00:00:00 2001
From: Senthil Kumaran <senthilx@amazon.com>
Date: Tue, 4 Jun 2024 12:35:45 -0700
Subject: [PATCH] Changelog and Updated CNI Charts for v1.18.2 Release (#2942)

* Update charts, config for Release v1.18.2.

* Updated CNI and Metrics Helper Yaml file.

    ```
    make generate-cni-yaml
    /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s//scripts/generate-cni-yaml.sh
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 15.3M  100 15.3M    0     0  28.4M      0 --:--:-- --:--:-- --:--:-- 28.3M
    Generated aws-vpc-cni and cni-metrics-helper manifest resources files in:
        - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/aws-k8s-cni
        - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/cni-metrics-helper
    ```

* Updated Changelog.
---
 CHANGELOG.md                                  | 40 +++++++++++++++++++
 charts/aws-vpc-cni/Chart.yaml                 |  2 +-
 charts/aws-vpc-cni/README.md                  |  6 +--
 charts/aws-vpc-cni/values.yaml                |  8 ++--
 charts/cni-metrics-helper/Chart.yaml          |  2 +-
 charts/cni-metrics-helper/README.md           |  2 +-
 charts/cni-metrics-helper/values.yaml         |  2 +-
 config/master/aws-k8s-cni-cn.yaml             | 20 +++++-----
 config/master/aws-k8s-cni-us-gov-east-1.yaml  | 20 +++++-----
 config/master/aws-k8s-cni-us-gov-west-1.yaml  | 20 +++++-----
 config/master/aws-k8s-cni.yaml                | 20 +++++-----
 config/master/cni-metrics-helper-cn.yaml      | 15 +++++--
 .../cni-metrics-helper-us-gov-east-1.yaml     | 15 +++++--
 .../cni-metrics-helper-us-gov-west-1.yaml     | 15 +++++--
 config/master/cni-metrics-helper.yaml         | 15 +++++--
 scripts/generate-cni-yaml.sh                  |  4 +-
 scripts/run-cni-release-tests.sh              |  6 +--
 17 files changed, 148 insertions(+), 64 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 138cd97ac5..2393d8f85d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,45 @@
 # Changelog
 
+## v1.18.2
+
+* Enhancement - [Improve "cni-metrics-helper" setup experience](https://github.com/aws/amazon-vpc-cni-k8s/pull/2874) (@guessi)
+* Enhancement - [Filter Managed ENI.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2895) (@orsenthil)
+* Enhancement - [Soak Test for CNI.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2915) (@orsenthil)
+* Enhancement - [Switch to counter type metic for awscni_no_available_ip_addresses](https://github.com/aws/amazon-vpc-cni-k8s/pull/2919) (@liptanbiswas)
+* Enhancement - [Expose network policy log file location to be configured using helm](https://github.com/aws/amazon-vpc-cni-k8s/pull/2925) (@orsenthil)
+
+* Bugfix      - [Add correct labels to CNI metrics chart.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2889) (@orsenthil)
+* Bugfix      - [Skip Soak Test while running other tests.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2922) (@orsenthil)
+
+* Cleanup    - [remove unused Dockerfile](https://github.com/aws/amazon-vpc-cni-k8s/pull/2869) (@sushrk)
+* Cleanup    - [CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release](https://github.com/aws/amazon-vpc-cni-k8s/pull/2876) (@jchen6585)
+* Cleanup    - [Fix merge conflicts from release-1.18 to master](https://github.com/aws/amazon-vpc-cni-k8s/pull/2881) (@jchen6585)
+* Cleanup     - [Added information on the build troubleshooting.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2890) (@orsenthil)
+* Cleanup     - [Remove unused code in vpc cni init and vpc cni binary](https://github.com/aws/amazon-vpc-cni-k8s/pull/2891) (@orsenthil)
+* Cleanup     - [Merge release-1.18 to master after v1.18.1 release](https://github.com/aws/amazon-vpc-cni-k8s/pull/2914) (@jchen6585)
+
+* Dependency - [Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2864) (@dependabot)
+* Dependency - [Bump github.com/stretchr/testify from 1.8.4 to 1.9.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2863) (@dependabot)
+* Dependency-  [Bump github.com/prometheus/common from 0.48.0 to 0.52.2](https://github.com/aws/amazon-vpc-cni-k8s/pull/2866) (@dependabot)i
+* Dependency - [Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2862) (@dependabot)
+* Dependency - [Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2859) (@dependabot)
+* Dependency - [Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2860)  (@dependabot)
+* Dependency - [Update Kops test for 1.30](https://github.com/aws/amazon-vpc-cni-k8s/pull/2868) (@jchen6585)
+* Dependency - [Update .go-version to 1.22.2 to fix CVE reports](https://github.com/aws/amazon-vpc-cni-k8s/pull/2870) (@orsenthil)
+* Dependency  - [Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent](https://github.com/aws/amazon-vpc-cni-k8s/pull/2898) (@dependabot)
+* Dependency  - [Update .go-version to fix GO-2024-2824](https://github.com/aws/amazon-vpc-cni-k8s/pull/2911) (@orsenthil)
+* Dependency  - [Bump github.com/aws/amazon-vpc-resource-controller-k8s from 1.4.1 to 1.5.0](https://github.com/aws/amazon-vpc-cni-k8s/pull/2910) (@dependabot)
+* Dependency  - [Update ENI Limits.](https://github.com/aws/amazon-vpc-cni-k8s/pull/2920) (@orsenthil)
+* Dependency  - [Update golang to go1.22.3](https://github.com/aws/amazon-vpc-cni-k8s/pull/2924) (@orsenthil)
+* Dependency  - [Bump k8s.io/api from 0.29.3 to 0.30.1](https://github.com/aws/amazon-vpc-cni-k8s/pull/2918) (@dependabot)
+
+
+**New Contributors**
+
+* @kwohlfahrt made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2841
+* @guessi made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2874
+* @liptanbiswas made their first contribution in https://github.com/aws/amazon-vpc-cni-k8s/pull/2919
+
 ## v1.18.1
 
 * Bug - [Mount /run/xtables.lock as FileOrCreate in Helm chart](https://github.com/aws/amazon-vpc-cni-k8s/pull/2841) (@kwohlfahrt)
diff --git a/charts/aws-vpc-cni/Chart.yaml b/charts/aws-vpc-cni/Chart.yaml
index 326db0431b..2af43c6218 100644
--- a/charts/aws-vpc-cni/Chart.yaml
+++ b/charts/aws-vpc-cni/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-vpc-cni
 version: 1.18.1
-appVersion: "v1.18.1"
+appVersion: "v1.18.2"
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s
diff --git a/charts/aws-vpc-cni/README.md b/charts/aws-vpc-cni/README.md
index 155b127f30..8edef24de5 100644
--- a/charts/aws-vpc-cni/README.md
+++ b/charts/aws-vpc-cni/README.md
@@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d
 | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation   | `3`                                 |
 | `branchENICooldown`     | Number of seconds that branch ENIs remain in cooldown   | `60`                                |
 | `fullnameOverride`      | Override the fullname of the chart                      | `aws-node`                          |
-| `image.tag`             | Image tag                                               | `v1.18.1`                           |
+| `image.tag`             | Image tag                                               | `v1.18.2`                           |
 | `image.domain`          | ECR repository domain                                   | `amazonaws.com`                     |
 | `image.region`          | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `image.endpoint`        | ECR repository endpoint to use.                         | `ecr`                               |
@@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d
 | `image.pullPolicy`      | Container pull policy                                   | `IfNotPresent`                      |
 | `image.override`        | A custom docker image to use                            | `nil`                               |
 | `imagePullSecrets`      | Docker registry pull secret                             | `[]`                                |
-| `init.image.tag`        | Image tag                                               | `v1.18.1`                           |
+| `init.image.tag`        | Image tag                                               | `v1.18.2`                           |
 | `init.image.domain`     | ECR repository domain                                   | `amazonaws.com`                     |
 | `init.image.region`     | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `init.image.endpoint`   | ECR repository endpoint to use.                         | `ecr`                               |
@@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d
 | `originalMatchLabels`   | Use the original daemonset matchLabels                  | `false`                             |
 | `nameOverride`          | Override the name of the chart                          | `aws-node`                          |
 | `nodeAgent.enabled`     | If the Node Agent container should be created           | `true`                              |
-| `nodeAgent.image.tag`   | Image tag for Node Agent                                | `v1.1.1`                            |
+| `nodeAgent.image.tag`   | Image tag for Node Agent                                | `v1.1.2`                            |
 | `nodeAgent.image.domain`| ECR repository domain                                   | `amazonaws.com`                     |
 | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `nodeAgent.image.endpoint`   | ECR repository endpoint to use.                    | `ecr`                               |
diff --git a/charts/aws-vpc-cni/values.yaml b/charts/aws-vpc-cni/values.yaml
index a984109d31..e25c94e791 100644
--- a/charts/aws-vpc-cni/values.yaml
+++ b/charts/aws-vpc-cni/values.yaml
@@ -8,7 +8,7 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.18.1
+    tag: v1.18.2
     domain: amazonaws.com
     region: us-west-2
     endpoint: ecr
@@ -27,7 +27,7 @@ init:
 nodeAgent:
   enabled: true
   image:
-    tag: v1.1.1
+    tag: v1.1.2
     domain: amazonaws.com
     region: us-west-2
     endpoint: ecr
@@ -51,7 +51,7 @@ nodeAgent:
   resources: {}
 
 image:
-  tag: v1.18.1
+  tag: v1.18.2
   domain: amazonaws.com
   region: us-west-2
   endpoint: ecr
@@ -85,7 +85,7 @@ env:
   ENABLE_IPv4: "true"
   ENABLE_IPv6: "false"
   ENABLE_SUBNET_DISCOVERY: "true"
-  VPC_CNI_VERSION: "v1.18.1"
+  VPC_CNI_VERSION: "v1.18.2"
   NETWORK_POLICY_ENFORCING_MODE: "standard"
 
 # this flag enables you to use the match label that was present in the original daemonset deployed by EKS
diff --git a/charts/cni-metrics-helper/Chart.yaml b/charts/cni-metrics-helper/Chart.yaml
index 5bc50145c8..1ddce40bb3 100644
--- a/charts/cni-metrics-helper/Chart.yaml
+++ b/charts/cni-metrics-helper/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: cni-metrics-helper
 version: 1.18.1
-appVersion: v1.18.1
+appVersion: v1.18.2
 description: A Helm chart for the AWS VPC CNI Metrics Helper
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s
diff --git a/charts/cni-metrics-helper/README.md b/charts/cni-metrics-helper/README.md
index fa6b08cf37..09637235cf 100644
--- a/charts/cni-metrics-helper/README.md
+++ b/charts/cni-metrics-helper/README.md
@@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d
 | -------------------------------|---------------------------------------------------------------|-------------------------------------|
 | `affinity`                     | Map of node/pod affinities                                    | `{}`                                |
 | `fullnameOverride`             | Override the fullname of the chart                            | `cni-metrics-helper`                |
-| `image.tag`                    | Image tag                                                     | `v1.18.1`                           |
+| `image.tag`                    | Image tag                                                     | `v1.18.2`                           |
 | `image.domain`                 | ECR repository domain                                         | `amazonaws.com`                     |
 | `image.region`                 | ECR repository region to use. Should match your cluster       | `us-west-2`                         |
 | `image.account`                | ECR repository account number                                 | `602401143452`                      |
diff --git a/charts/cni-metrics-helper/values.yaml b/charts/cni-metrics-helper/values.yaml
index 26758efac1..edf99213c0 100644
--- a/charts/cni-metrics-helper/values.yaml
+++ b/charts/cni-metrics-helper/values.yaml
@@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper
 
 image:
   region: us-west-2
-  tag: v1.18.1
+  tag: v1.18.2
   account: "602401143452"
   domain: "amazonaws.com"
   # Set to use custom image
diff --git a/config/master/aws-k8s-cni-cn.yaml b/config/master/aws-k8s-cni-cn.yaml
index 75f1bdd95e..5e47fb81ab 100644
--- a/config/master/aws-k8s-cni-cn.yaml
+++ b/config/master/aws-k8s-cni-cn.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -297,7 +297,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -343,7 +343,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -363,7 +363,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -384,7 +384,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.1
+        image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.18.2
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -405,7 +405,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.1
+          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.18.2
           ports:
             - containerPort: 61678
               name: metrics
@@ -469,7 +469,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.18.1"
+              value: "v1.18.2"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -504,7 +504,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.1
+          image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon/aws-network-policy-agent:v1.1.2
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -516,6 +516,7 @@ spec:
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
             - --enable-policy-event-logs=false
+            - --log-file=/var/log/aws-routed-eni/network-policy-agent.log
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
             - --conntrack-cache-cleanup-period=300
@@ -557,6 +558,7 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+          type: FileOrCreate
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/config/master/aws-k8s-cni-us-gov-east-1.yaml b/config/master/aws-k8s-cni-us-gov-east-1.yaml
index 19f4344e31..42b7493257 100644
--- a/config/master/aws-k8s-cni-us-gov-east-1.yaml
+++ b/config/master/aws-k8s-cni-us-gov-east-1.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -297,7 +297,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -343,7 +343,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -363,7 +363,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -384,7 +384,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1
+        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -405,7 +405,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.1
+          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.18.2
           ports:
             - containerPort: 61678
               name: metrics
@@ -469,7 +469,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.18.1"
+              value: "v1.18.2"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -504,7 +504,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1
+          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -516,6 +516,7 @@ spec:
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
             - --enable-policy-event-logs=false
+            - --log-file=/var/log/aws-routed-eni/network-policy-agent.log
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
             - --conntrack-cache-cleanup-period=300
@@ -557,6 +558,7 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+          type: FileOrCreate
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/config/master/aws-k8s-cni-us-gov-west-1.yaml b/config/master/aws-k8s-cni-us-gov-west-1.yaml
index 4d23b6d3b6..895ccbe439 100644
--- a/config/master/aws-k8s-cni-us-gov-west-1.yaml
+++ b/config/master/aws-k8s-cni-us-gov-west-1.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -297,7 +297,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -343,7 +343,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -363,7 +363,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -384,7 +384,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.1
+        image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.18.2
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -405,7 +405,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.1
+          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.18.2
           ports:
             - containerPort: 61678
               name: metrics
@@ -469,7 +469,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.18.1"
+              value: "v1.18.2"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -504,7 +504,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1
+          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -516,6 +516,7 @@ spec:
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
             - --enable-policy-event-logs=false
+            - --log-file=/var/log/aws-routed-eni/network-policy-agent.log
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
             - --conntrack-cache-cleanup-period=300
@@ -557,6 +558,7 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+          type: FileOrCreate
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/config/master/aws-k8s-cni.yaml b/config/master/aws-k8s-cni.yaml
index a251eb4951..a4c3788a03 100644
--- a/config/master/aws-k8s-cni.yaml
+++ b/config/master/aws-k8s-cni.yaml
@@ -266,7 +266,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -278,7 +278,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -297,7 +297,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -343,7 +343,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -363,7 +363,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -384,7 +384,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1
+        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.2
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -405,7 +405,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.2
           ports:
             - containerPort: 61678
               name: metrics
@@ -469,7 +469,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.18.1"
+              value: "v1.18.2"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -504,7 +504,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.2
           env:
             - name: MY_NODE_NAME
               valueFrom:
@@ -516,6 +516,7 @@ spec:
             - --enable-network-policy=false
             - --enable-cloudwatch-logs=false
             - --enable-policy-event-logs=false
+            - --log-file=/var/log/aws-routed-eni/network-policy-agent.log
             - --metrics-bind-addr=:8162
             - --health-probe-bind-addr=:8163
             - --conntrack-cache-cleanup-period=300
@@ -557,6 +558,7 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+          type: FileOrCreate
       affinity:
         nodeAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
diff --git a/config/master/cni-metrics-helper-cn.yaml b/config/master/cni-metrics-helper-cn.yaml
index de49632ecd..70f1cd8c48 100644
--- a/config/master/cni-metrics-helper-cn.yaml
+++ b/config/master/cni-metrics-helper-cn.yaml
@@ -8,13 +8,17 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: cni-metrics-helper/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: cni-metrics-helper
+  labels:
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups: [""]
     resources:
@@ -30,7 +34,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -48,6 +52,9 @@ metadata:
   namespace: kube-system
   labels:
     k8s-app: cni-metrics-helper
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   revisionHistoryLimit: 10
   selector:
@@ -56,6 +63,8 @@ spec:
   template:
     metadata:
       labels:
+        app.kubernetes.io/name: cni-metrics-helper
+        app.kubernetes.io/instance: cni-metrics-helper
         k8s-app: cni-metrics-helper
     spec:
       containers:
@@ -69,5 +78,5 @@ spec:
         - name: USE_PROMETHEUS
           value: "false"
         name: cni-metrics-helper
-        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.1"
+        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.18.2"
       serviceAccountName: cni-metrics-helper
diff --git a/config/master/cni-metrics-helper-us-gov-east-1.yaml b/config/master/cni-metrics-helper-us-gov-east-1.yaml
index 07f1de7329..071d9c5876 100644
--- a/config/master/cni-metrics-helper-us-gov-east-1.yaml
+++ b/config/master/cni-metrics-helper-us-gov-east-1.yaml
@@ -8,13 +8,17 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: cni-metrics-helper/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: cni-metrics-helper
+  labels:
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups: [""]
     resources:
@@ -30,7 +34,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -48,6 +52,9 @@ metadata:
   namespace: kube-system
   labels:
     k8s-app: cni-metrics-helper
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   revisionHistoryLimit: 10
   selector:
@@ -56,6 +63,8 @@ spec:
   template:
     metadata:
       labels:
+        app.kubernetes.io/name: cni-metrics-helper
+        app.kubernetes.io/instance: cni-metrics-helper
         k8s-app: cni-metrics-helper
     spec:
       containers:
@@ -69,5 +78,5 @@ spec:
         - name: USE_PROMETHEUS
           value: "false"
         name: cni-metrics-helper
-        image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.1"
+        image: "151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/cni-metrics-helper:v1.18.2"
       serviceAccountName: cni-metrics-helper
diff --git a/config/master/cni-metrics-helper-us-gov-west-1.yaml b/config/master/cni-metrics-helper-us-gov-west-1.yaml
index 48e17af476..8c4fd73e53 100644
--- a/config/master/cni-metrics-helper-us-gov-west-1.yaml
+++ b/config/master/cni-metrics-helper-us-gov-west-1.yaml
@@ -8,13 +8,17 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: cni-metrics-helper/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: cni-metrics-helper
+  labels:
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups: [""]
     resources:
@@ -30,7 +34,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -48,6 +52,9 @@ metadata:
   namespace: kube-system
   labels:
     k8s-app: cni-metrics-helper
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   revisionHistoryLimit: 10
   selector:
@@ -56,6 +63,8 @@ spec:
   template:
     metadata:
       labels:
+        app.kubernetes.io/name: cni-metrics-helper
+        app.kubernetes.io/instance: cni-metrics-helper
         k8s-app: cni-metrics-helper
     spec:
       containers:
@@ -69,5 +78,5 @@ spec:
         - name: USE_PROMETHEUS
           value: "false"
         name: cni-metrics-helper
-        image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.1"
+        image: "013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/cni-metrics-helper:v1.18.2"
       serviceAccountName: cni-metrics-helper
diff --git a/config/master/cni-metrics-helper.yaml b/config/master/cni-metrics-helper.yaml
index 4263fe5e4f..9e7a7d654d 100644
--- a/config/master/cni-metrics-helper.yaml
+++ b/config/master/cni-metrics-helper.yaml
@@ -8,13 +8,17 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 ---
 # Source: cni-metrics-helper/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
   name: cni-metrics-helper
+  labels:
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 rules:
   - apiGroups: [""]
     resources:
@@ -30,7 +34,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.18.1"
+    app.kubernetes.io/version: "v1.18.2"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -48,6 +52,9 @@ metadata:
   namespace: kube-system
   labels:
     k8s-app: cni-metrics-helper
+    app.kubernetes.io/name: cni-metrics-helper
+    app.kubernetes.io/instance: cni-metrics-helper
+    app.kubernetes.io/version: "v1.18.2"
 spec:
   revisionHistoryLimit: 10
   selector:
@@ -56,6 +63,8 @@ spec:
   template:
     metadata:
       labels:
+        app.kubernetes.io/name: cni-metrics-helper
+        app.kubernetes.io/instance: cni-metrics-helper
         k8s-app: cni-metrics-helper
     spec:
       containers:
@@ -69,5 +78,5 @@ spec:
         - name: USE_PROMETHEUS
           value: "false"
         name: cni-metrics-helper
-        image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1"
+        image: "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2"
       serviceAccountName: cni-metrics-helper
diff --git a/scripts/generate-cni-yaml.sh b/scripts/generate-cni-yaml.sh
index 1c515ce856..baf144dc6e 100755
--- a/scripts/generate-cni-yaml.sh
+++ b/scripts/generate-cni-yaml.sh
@@ -8,8 +8,8 @@ HELM_VERSION="3.14.2"
 NAMESPACE="kube-system"
 
 MAKEFILEPATH=$SCRIPTPATH/../Makefile
-VPC_CNI_VERSION="v1.18.1"
-NODE_AGENT_VERSION="v1.1.1"
+VPC_CNI_VERSION="v1.18.2"
+NODE_AGENT_VERSION="v1.1.2"
 BUILD_DIR=$SCRIPTPATH/../build/cni-rel-yamls/$VPC_CNI_VERSION
 
 REGIONS_FILE=$SCRIPTPATH/../charts/regions.json
diff --git a/scripts/run-cni-release-tests.sh b/scripts/run-cni-release-tests.sh
index 309410be11..0abf53b4ed 100755
--- a/scripts/run-cni-release-tests.sh
+++ b/scripts/run-cni-release-tests.sh
@@ -10,7 +10,7 @@
 # NG_LABEL_KEY: nodegroup label key, default "kubernetes.io/os"
 # NG_LABEL_VAL: nodegroup label val, default "linux"
 # RUN_DEVEKS_TEST: Set this variable for tests to run on a deveks cluster
-# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1"
+# CNI_METRICS_HELPER: cni metrics helper image tag, default "602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2"
 # TEST_IMAGE_REGISTRY: the registry in test-infra-* accounts where e2e test images are stored
 set -e
 
@@ -37,9 +37,9 @@ function run_integration_test() {
   echo "cni test took $((SECONDS - START)) seconds."
 
   if [[ ! -z $PROD_IMAGE_REGISTRY ]]; then
-    CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.1"
+    CNI_METRICS_HELPER="$PROD_IMAGE_REGISTRY/cni-metrics-helper:v1.18.2"
   else
-    CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.1}"
+    CNI_METRICS_HELPER="${CNI_METRICS_HELPER:=602401143452.dkr.ecr.us-west-2.amazonaws.com/cni-metrics-helper:v1.18.2}"
   fi
 
   REPO_NAME=$(echo $CNI_METRICS_HELPER | cut -d ":" -f 1)