From 827f4f0a646ae4ba83042ee9baa186816d1a14d6 Mon Sep 17 00:00:00 2001 From: michaelbeaumont <2266568+michaelbeaumont@users.noreply.github.com> Date: Thu, 31 Oct 2024 05:03:07 +0000 Subject: [PATCH] update aws-node to v1.18.6 --- pkg/addons/default/assets/aws-node.yaml | 60 ++++++++++++++++++++----- pkg/addons/default/aws_node_test.go | 2 +- 2 files changed, 51 insertions(+), 11 deletions(-) diff --git a/pkg/addons/default/assets/aws-node.yaml b/pkg/addons/default/assets/aws-node.yaml index a251eb4951..33da410656 100644 --- a/pkg/addons/default/assets/aws-node.yaml +++ b/pkg/addons/default/assets/aws-node.yaml @@ -16,6 +16,40 @@ spec: openAPIV3Schema: type: object x-kubernetes-preserve-unknown-fields: true + description: ENIConfig is the Schema for the eniconfigs API + properties: + apiVersion: + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources + type: string + kind: + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds + type: string + metadata: + type: object + spec: + description: ENIConfigSpec defines the desired state of ENIConfig + properties: + securityGroups: + items: + type: string + type: array + subnet: + type: string + required: + - subnet + type: object + status: + description: ENIConfigStatus defines the observed state of ENIConfig + type: object names: plural: eniconfigs singular: eniconfig @@ -266,7 +300,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.6" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -278,7 +312,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.6" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -297,7 +331,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.6" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -311,7 +345,7 @@ rules: - apiGroups: [""] resources: - pods - verbs: ["list", "watch", "get"] + verbs: ["list", "watch", "get", "patch"] - apiGroups: [""] resources: - nodes @@ -343,7 +377,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.6" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -363,7 +397,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.18.1" + app.kubernetes.io/version: "v1.18.6" spec: updateStrategy: rollingUpdate: @@ -384,7 +418,8 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.18.6 + imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX value: "false" @@ -405,7 +440,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.18.6 ports: - containerPort: 61678 name: metrics @@ -430,6 +465,8 @@ spec: env: - name: ADDITIONAL_ENI_TAGS value: "{}" + - name: ANNOTATE_POD_IP + value: "false" - name: AWS_VPC_CNI_NODE_PORT_SUPPORT value: "true" - name: AWS_VPC_ENI_MTU @@ -469,7 +506,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.18.1" + value: "v1.18.6" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -504,7 +541,8 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.1.4 + imagePullPolicy: Always env: - name: MY_NODE_NAME valueFrom: @@ -516,6 +554,7 @@ spec: - --enable-network-policy=false - --enable-cloudwatch-logs=false - --enable-policy-event-logs=false + - --log-file=/var/log/aws-routed-eni/network-policy-agent.log - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 @@ -557,6 +596,7 @@ spec: - name: xtables-lock hostPath: path: /run/xtables.lock + type: FileOrCreate affinity: nodeAffinity: requiredDuringSchedulingIgnoredDuringExecution: diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go index d7de3cd751..d67486c4a1 100644 --- a/pkg/addons/default/aws_node_test.go +++ b/pkg/addons/default/aws_node_test.go @@ -61,7 +61,7 @@ var _ = Describe("AWS Node", func() { Describe("UpdateAWSNode", func() { var preUpdateAwsNode *v1.DaemonSet - const expectedVersion = "v1.18.1" + const expectedVersion = "v1.18.6" BeforeEach(func() { loadSamples(rawClient, "testdata/sample-1.15.json")