From ad88473f46ade580e91a059f2b6d8c1231450b2f Mon Sep 17 00:00:00 2001 From: eks-bot Date: Wed, 31 Jul 2024 21:17:06 +0000 Subject: [PATCH] aws-vpc-cni: v1.18.3 --- stable/aws-vpc-cni/Chart.yaml | 4 +-- stable/aws-vpc-cni/README.md | 8 ++--- .../crds/customresourcedefinition.yaml | 34 +++++++++++++++++++ stable/aws-vpc-cni/templates/configmap.yaml | 2 +- stable/aws-vpc-cni/templates/daemonset.yaml | 3 ++ stable/aws-vpc-cni/values.yaml | 26 ++++++++++++-- 6 files changed, 66 insertions(+), 11 deletions(-) diff --git a/stable/aws-vpc-cni/Chart.yaml b/stable/aws-vpc-cni/Chart.yaml index 9e647dcb8..e843f15fb 100644 --- a/stable/aws-vpc-cni/Chart.yaml +++ b/stable/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.18.2 -appVersion: "v1.18.2" +version: 1.18.3 +appVersion: "v1.18.3" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/stable/aws-vpc-cni/README.md b/stable/aws-vpc-cni/README.md index 6562a6420..aea9b8611 100644 --- a/stable/aws-vpc-cni/README.md +++ b/stable/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.18.2` | +| `image.tag` | Image tag | `v1.18.3` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.18.2` | +| `init.image.tag` | Image tag | `v1.18.3` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -77,6 +77,7 @@ The following table lists the configurable parameters for this chart and their d | `nodeAgent.image.pullPolicy` | Container pull policy | `IfNotPresent` | | `nodeAgent.securityContext` | Node Agent container Security context | `capabilities: add: - "NET_ADMIN" privileged: true` | | `nodeAgent.enableCloudWatchLogs` | Enable CW logging for Node Agent | `false` | + `nodeAgent.networkPolicyAgentLogFileLocation` | Log File location of Network Policy Agent | `/var/log/aws-routed-eni/network-policy-agent.log` | | `nodeAgent.enablePolicyEventLogs` | Enable policy decision logs for Node Agent | `false` | | `nodeAgent.metricsBindAddr` | Node Agent port for metrics | `8162` | | `nodeAgent.healthProbeBindAddr` | Node Agent port for health probes | `8163` | @@ -125,14 +126,11 @@ done kubectl -n kube-system annotate --overwrite configmap amazon-vpc-cni meta.helm.sh/release-name=aws-vpc-cni kubectl -n kube-system annotate --overwrite configmap amazon-vpc-cni meta.helm.sh/release-namespace=kube-system kubectl -n kube-system label --overwrite configmap amazon-vpc-cni app.kubernetes.io/managed-by=Helm -``` Kubernetes recommends using server-side apply for more control over the field manager. After adopting the chart resources, you can run the following command to apply the chart: - ``` helm template aws-vpc-cni --include-crds --namespace kube-system eks/aws-vpc-cni --set originalMatchLabels=true | kubectl apply --server-side --force-conflicts --field-manager Helm -f - ``` ## Migrate from Helm v2 to Helm v3 - You can use the [Helm 2to3 plugin](https://github.com/helm/helm-2to3) to migrate releases from Helm v2 to Helm v3. For a more detailed explanation with some examples about this migration plugin, refer to Helm blog post: [How to migrate from Helm v2 to Helm v3](https://helm.sh/blog/migrate-from-helm-v2-to-helm-v3/). diff --git a/stable/aws-vpc-cni/crds/customresourcedefinition.yaml b/stable/aws-vpc-cni/crds/customresourcedefinition.yaml index e277aff87..9592c2964 100644 --- a/stable/aws-vpc-cni/crds/customresourcedefinition.yaml +++ b/stable/aws-vpc-cni/crds/customresourcedefinition.yaml @@ -14,6 +14,40 @@ spec: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true + description: ENIConfig is the Schema for the eniconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ENIConfigSpec defines the desired state of ENIConfig + properties: + securityGroups: + items: + type: string + type: array + subnet: + type: string + required: + - subnet + type: object + status: + description: ENIConfigStatus defines the observed state of ENIConfig + type: object names: plural: eniconfigs singular: eniconfig diff --git a/stable/aws-vpc-cni/templates/configmap.yaml b/stable/aws-vpc-cni/templates/configmap.yaml index f79dd58be..a3ebea0f4 100644 --- a/stable/aws-vpc-cni/templates/configmap.yaml +++ b/stable/aws-vpc-cni/templates/configmap.yaml @@ -7,7 +7,7 @@ metadata: {{ include "aws-vpc-cni.labels" . | indent 4 }} binaryData: 10-aws.conflist: {{ .Values.cniConfig.fileContents | b64enc }} -{{- end -}} +{{- end }} --- apiVersion: v1 kind: ConfigMap diff --git a/stable/aws-vpc-cni/templates/daemonset.yaml b/stable/aws-vpc-cni/templates/daemonset.yaml index 07eb1797f..b011f681a 100644 --- a/stable/aws-vpc-cni/templates/daemonset.yaml +++ b/stable/aws-vpc-cni/templates/daemonset.yaml @@ -82,6 +82,9 @@ spec: {{- range $key, $value := .Values.env }} - name: {{ $key }} value: {{ $value | quote }} +{{- end }} +{{- with .Values.extraEnv }} + {{- toYaml .| nindent 12 }} {{- end }} - name: MY_NODE_NAME valueFrom: diff --git a/stable/aws-vpc-cni/values.yaml b/stable/aws-vpc-cni/values.yaml index e25c94e79..8340c9f80 100644 --- a/stable/aws-vpc-cni/values.yaml +++ b/stable/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.18.2 + tag: v1.18.3 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.18.2 + tag: v1.18.3 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -65,6 +65,7 @@ image: # See https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables env: ADDITIONAL_ENI_TAGS: "{}" + ANNOTATE_POD_IP: "false" AWS_VPC_CNI_NODE_PORT_SUPPORT: "true" AWS_VPC_ENI_MTU: "9001" AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "false" @@ -85,9 +86,28 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.18.2" + VPC_CNI_VERSION: "v1.18.3" NETWORK_POLICY_ENFORCING_MODE: "standard" +# Add env from configMap or from secrets +# - name: ENV_VAR1 +# valueFrom: +# configMapKeyRef: +# name: example-config +# key: ENV_VAR1 +# - name: ENV_VAR2 +# valueFrom: +# configMapKeyRef: +# name: example-config +# key: ENV_VAR2 +# - name: SECRET_VAR1 +# valueFrom: +# secretKeyRef: +# name: example-secret +# key: SECRET_VAR1 +extraEnv: [] + + # this flag enables you to use the match label that was present in the original daemonset deployed by EKS # You can then annotate and label the original aws-node resources and 'adopt' them into a helm release originalMatchLabels: false