Merge master to release-1.18 (#3049)

* Mount /run/xtables.lock as FileOrCreate (#2841)

Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state.

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* remove unused Dockerfile (#2869)

* remove unused Dockerfile

* update golang and dependencies to fix CVE

* Update Kops test for 1.30 (#2868)

Co-authored-by: Joseph Chen <[email protected]>

* Update .go-version to 1.22.2 to fix CVE reports. (#2870)

* CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876)

Co-authored-by: Joseph Chen <[email protected]>

* Update changelogs and charts for v1.18.0 release (#2858) (#2881)

Co-authored-by: Joseph Chen <[email protected]>

* Improve "cni-metrics-helper" setup experience (#2874)

Co-authored-by: Senthil Kumaran <[email protected]>

* Add correct labels to CNI metrics chart. (#2889)

* Added information on the build troubleshooting. (#2890)

* Remove unused code in vpc cni init and vpc cni binary. (#2891)

* Bump golang.org/x/sys from 0.18.0 to 0.19.0 in /test/agent (#2898)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.18.0 to 0.19.0.
- [Commits](https://github.com/golang/sys/compare/v0.18.0...v0.19.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Filter Managed ENI. (#2895)

If the SG reconcile loop runs before the ENI/IP reconcile loop it will modify the security groups as the ENI/IP reconcile hasn't had a chance to check the tags on the ENI yet.

Without relying on cache, when the SG reconcile is run, it will not update the ENI with the node.k8s.amazonaws.com/no_manage: true tag

* Merge release-1.18 to master after v1.18.1 release (#2914)

* Update changelogs and charts for v1.18.0 release (#2858)

Co-authored-by: Joseph Chen <[email protected]>

* Resolve merge conflicts from master to release 1.18 (#2885)

* Mount /run/xtables.lock as FileOrCreate (#2841)

Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state.

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* remove unused Dockerfile (#2869)

* remove unused Dockerfile

* update golang and dependencies to fix CVE

* Update Kops test for 1.30 (#2868)

Co-authored-by: Joseph Chen <[email protected]>

* Update .go-version to 1.22.2 to fix CVE reports. (#2870)

* CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876)

Co-authored-by: Joseph Chen <[email protected]>

* Update changelogs and charts for v1.18.0 release (#2858) (#2881)

Co-authored-by: Joseph Chen <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>

* Merge master to release-1.18 for v1.18.1 release (#2882)

* Mount /run/xtables.lock as FileOrCreate (#2841)

Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state.

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* remove unused Dockerfile (#2869)

* remove unused Dockerfile

* update golang and dependencies to fix CVE

* Update Kops test for 1.30 (#2868)

Co-authored-by: Joseph Chen <[email protected]>

* Update .go-version to 1.22.2 to fix CVE reports. (#2870)

* CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876)

Co-authored-by: Joseph Chen <[email protected]>

* Update changelogs and charts for v1.18.0 release (#2858) (#2881)

Co-authored-by: Joseph Chen <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>

* CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894)

Co-authored-by: Joseph Chen <[email protected]>

* Fix metrics readme

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>

* Update .go-version to fix GO-2024-2824 (#2911)

* Soak Test for CNI. (#2915)

* Soak Test for CNI.

Soak Test runs a fundamental test, like connectivity across pods
launched in both primary and secondary eni interfaces.

It launches pods, tests connectivity, tears them down, and repeats this
process for 1 hour. The run time configurable with how long we want to
run the soak test.

This test helps in discoverying race condition issues, compatiblity
issues with underlying AMI.

* Fix for make check.

* Bump github.com/aws/amazon-vpc-resource-controller-k8s (#2910)

Bumps [github.com/aws/amazon-vpc-resource-controller-k8s](https://github.com/aws/amazon-vpc-resource-controller-k8s) from 1.4.1 to 1.5.0.
- [Release notes](https://github.com/aws/amazon-vpc-resource-controller-k8s/releases)
- [Commits](https://github.com/aws/amazon-vpc-resource-controller-k8s/compare/v1.4.1...v1.5.0)

---
updated-dependencies:
- dependency-name: github.com/aws/amazon-vpc-resource-controller-k8s
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update ENI Limits. (#2920)

* Skip Soak Test while running other tests. (#2922)

* Update golang to go1.22.3 (#2924)

* Bump k8s.io/api from 0.29.3 to 0.30.1 (#2918)

Bumps [k8s.io/api](https://github.com/kubernetes/api) from 0.29.3 to 0.30.1.
- [Commits](https://github.com/kubernetes/api/compare/v0.29.3...v0.30.1)

---
updated-dependencies:
- dependency-name: k8s.io/api
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Switch to counter for awscni_no_available_ip_addresses (#2919)

Co-authored-by: Liptan Biswas <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>

* Expose network policy log file location to be configured using helm (#2925)

* Expose network policy log file location to be configured using helm
chart values.

* Updated log file location name.

* Merge release branch release_1.18 (#2929)

* Update changelogs and charts for v1.18.0 release (#2858)

Co-authored-by: Joseph Chen <[email protected]>

* Resolve merge conflicts from master to release 1.18 (#2885)

* Mount /run/xtables.lock as FileOrCreate (#2841)

Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state.

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* remove unused Dockerfile (#2869)

* remove unused Dockerfile

* update golang and dependencies to fix CVE

* Update Kops test for 1.30 (#2868)

Co-authored-by: Joseph Chen <[email protected]>

* Update .go-version to 1.22.2 to fix CVE reports. (#2870)

* CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876)

Co-authored-by: Joseph Chen <[email protected]>

* Update changelogs and charts for v1.18.0 release (#2858) (#2881)

Co-authored-by: Joseph Chen <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>

* Merge master to release-1.18 for v1.18.1 release (#2882)

* Mount /run/xtables.lock as FileOrCreate (#2841)

Otherwise, if the file doesn't already exist on the host at startup, it will be created as a directory. This breaks (among other things) `kube-proxy`, which leads to the AWS CNI not being able to reach the API-server, which leads to the node being stuck in `NotReady` state.

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.14.0 to 2.17.1 (#2864)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.14.0 to 2.17.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.14.0...v2.17.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/stretchr/testify from 1.8.4 to 1.9.0 (#2863)

Bumps [github.com/stretchr/testify](https://github.com/stretchr/testify) from 1.8.4 to 1.9.0.
- [Release notes](https://github.com/stretchr/testify/releases)
- [Commits](https://github.com/stretchr/testify/compare/v1.8.4...v1.9.0)

---
updated-dependencies:
- dependency-name: github.com/stretchr/testify
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/common from 0.48.0 to 0.52.2 (#2866)

Bumps [github.com/prometheus/common](https://github.com/prometheus/common) from 0.48.0 to 0.52.2.
- [Release notes](https://github.com/prometheus/common/releases)
- [Commits](https://github.com/prometheus/common/compare/v0.48.0...v0.52.2)

---
updated-dependencies:
- dependency-name: github.com/prometheus/common
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.2 to 3.14.3 (#2862)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.2 to 3.14.3.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.2...v3.14.3)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.17.0 to 0.18.0 in /test/agent (#2859)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.17.0 to 0.18.0.
- [Commits](https://github.com/golang/sys/compare/v0.17.0...v0.18.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/plugins from 1.4.0 to 1.4.1 (#2860)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.0...v1.4.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* remove unused Dockerfile (#2869)

* remove unused Dockerfile

* update golang and dependencies to fix CVE

* Update Kops test for 1.30 (#2868)

Co-authored-by: Joseph Chen <[email protected]>

* Update .go-version to 1.22.2 to fix CVE reports. (#2870)

* CHANGELOG, chart, and manifest changes following VPC CNI v1.18.0 release (#2876)

Co-authored-by: Joseph Chen <[email protected]>

* Update changelogs and charts for v1.18.0 release (#2858) (#2881)

Co-authored-by: Joseph Chen <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>

* CHANGELOG, chart, and manifest updates for v1.18.1 release (#2894)

Co-authored-by: Joseph Chen <[email protected]>

---------

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>

* Helpful Make target to login to public ECR. (#2934)

* Skip Static Canary in run-integration-test in Github. (#2935)

* Run Kops Test Separately to triage failures. (#2936)

* Bump go.uber.org/zap from 1.26.0 to 1.27.0 (#2938)

Bumps [go.uber.org/zap](https://github.com/uber-go/zap) from 1.26.0 to 1.27.0.
- [Release notes](https://github.com/uber-go/zap/releases)
- [Changelog](https://github.com/uber-go/zap/blob/master/CHANGELOG.md)
- [Commits](https://github.com/uber-go/zap/compare/v1.26.0...v1.27.0)

---
updated-dependencies:
- dependency-name: go.uber.org/zap
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golang.org/x/sys from 0.19.0 to 0.20.0 in /test/agent (#2937)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.19.0 to 0.20.0.
- [Commits](https://github.com/golang/sys/compare/v0.19.0...v0.20.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Merge Changes from release-1.18 to master (#2944)

* Changelog and Updated CNI Charts for v1.18.2 Release (#2942)

* Update charts, config for Release v1.18.2.

* Updated CNI and Metrics Helper Yaml file.

    ```
    make generate-cni-yaml
    /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s//scripts/generate-cni-yaml.sh
      % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                     Dload  Upload   Total   Spent    Left  Speed
    100 15.3M  100 15.3M    0     0  28.4M      0 --:--:-- --:--:-- --:--:-- 28.3M
    Generated aws-vpc-cni and cni-metrics-helper manifest resources files in:
        - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/aws-k8s-cni
        - /local/home/senthilx/go/src/github.com/aws/amazon-vpc-cni-k8s/scripts/../build/cni-rel-yamls/v1.18.2/cni-metrics-helper
    ```

* Updated Changelog.

* Fix the Charts Version for v1.18.2 (#2943)

Helm Charts are fixed in eks-charts.

https://github.com/aws/eks-charts/pull/1115
https://github.com/aws/eks-charts/pull/1115

* Update .go-version to 1.22.4 (#2950)

* disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)

* disable leaked ENI cleanup routine when vpc-resource-controller is deployed

* update helm version

---------

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/cni from 1.1.2 to 1.2.0 (#2901)

Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.1.2 to 1.2.0.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.1.2...v1.2.0)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Update test options default value and help. (#2955)

* Bump sigs.k8s.io/controller-runtime from 0.17.0 to 0.18.4 (#2962)

Bumps [sigs.k8s.io/controller-runtime](https://github.com/kubernetes-sigs/controller-runtime) from 0.17.0 to 0.18.4.
- [Release notes](https://github.com/kubernetes-sigs/controller-runtime/releases)
- [Changelog](https://github.com/kubernetes-sigs/controller-runtime/blob/main/RELEASE.md)
- [Commits](https://github.com/kubernetes-sigs/controller-runtime/compare/v0.17.0...v0.18.4)

---
updated-dependencies:
- dependency-name: sigs.k8s.io/controller-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump k8s.io/cli-runtime from 0.29.0 to 0.30.2 (#2965)

Bumps [k8s.io/cli-runtime](https://github.com/kubernetes/cli-runtime) from 0.29.0 to 0.30.2.
- [Commits](https://github.com/kubernetes/cli-runtime/compare/v0.29.0...v0.30.2)

---
updated-dependencies:
- dependency-name: k8s.io/cli-runtime
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump helm.sh/helm/v3 from 3.14.3 to 3.15.2 (#2964)

Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.14.3 to 3.15.2.
- [Release notes](https://github.com/helm/helm/releases)
- [Commits](https://github.com/helm/helm/compare/v3.14.3...v3.15.2)

---
updated-dependencies:
- dependency-name: helm.sh/helm/v3
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [cni-metrics-helper] Expose container port when enabling prometheus metrics (#2957)

To scrape Prometheus metrics using the Prometheus Operator's PodMonitor,
container ports must be exposed via PodSpec.

Signed-off-by: Tsubasa Nagasawa <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>

* Subnet Discovery - Unfilled ENI fix (#2954)

Co-authored-by: Joseph Chen <[email protected]>

* Refactor static canary tests. (#2966)

- Remove any config changes to aws-node pod in BeforeSuite.
- Remove dependency on multiple EC2 apis.

* Upgrade to latest versions of GitHub actions (#2952)

* Upgrade to latest versions of GitHub actions
* Enable GH action updater

* Update the APISpec Schema definition for ENIConfig. (#2969)

* Update the APISpec Schema definition for ENIConfig.
* removed the required property for security groups.

* Use ECR Mirror for Curl Test Image. (#2956)

* misc/10-aws.conflist: use __MTU__ variable for IPv4 egress-cni too (#2951)

* Bump github.com/aws/aws-sdk-go from 1.51.32 to 1.54.11 (#2976)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.51.32 to 1.54.11.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.51.32...v1.54.11)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/go-logr/logr from 1.4.1 to 1.4.2 (#2975)

Bumps [github.com/go-logr/logr](https://github.com/go-logr/logr) from 1.4.1 to 1.4.2.
- [Release notes](https://github.com/go-logr/logr/releases)
- [Changelog](https://github.com/go-logr/logr/blob/master/CHANGELOG.md)
- [Commits](https://github.com/go-logr/logr/compare/v1.4.1...v1.4.2)

---
updated-dependencies:
- dependency-name: github.com/go-logr/logr
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1 (#2972)

Bumps [github.com/prometheus/client_golang](https://github.com/prometheus/client_golang) from 1.19.0 to 1.19.1.
- [Release notes](https://github.com/prometheus/client_golang/releases)
- [Changelog](https://github.com/prometheus/client_golang/blob/main/CHANGELOG.md)
- [Commits](https://github.com/prometheus/client_golang/compare/v1.19.0...v1.19.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_golang
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golang.org/x/sys from 0.20.0 to 0.21.0 in /test/agent (#2977)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.20.0 to 0.21.0.
- [Commits](https://github.com/golang/sys/compare/v0.20.0...v0.21.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/containernetworking/plugins from 1.4.1 to 1.5.1 (#2974)

Bumps [github.com/containernetworking/plugins](https://github.com/containernetworking/plugins) from 1.4.1 to 1.5.1.
- [Release notes](https://github.com/containernetworking/plugins/releases)
- [Commits](https://github.com/containernetworking/plugins/compare/v1.4.1...v1.5.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/plugins
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Add unit test and readme update for POD_MTU/ AWS_VPC_ENI_MTU for Egress plugin behavior. (#2979)

* Add unit test and readme update for AWS_VPC_ENI_MTU for Egress plugin behavior.

* Added Coverage for IPV6 Egress Env Var.

* Addressed review comment.

* Update .go-version (#2981)

* Add extraEnv for add additional env from configmap or secrets to daemonset (#2946)

Co-authored-by: Senthil Kumaran <[email protected]>

* bpr: fix templating bug on helm when cniconfig is enabled (#2983)

Co-authored-by: bpramanick <[email protected]>

* Update vpc_ip_resource_limit.go link in README.md (#2986)

* Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)" (#2987)

* Revert "disable leaked eni cleanup routine when vpc-resource-controller is deployed (#2854)"

This reverts commit 9fdcb5f96c56154f5cfaaec2ea049e6c5bb14979.

* Fix go.mod dependencies.

* updating iam doc with subnet policy (#2992)

* updating iam doc

* adding describe subnet to scoped down policy

* Bump github.com/docker/docker (#2996)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 25.0.5+incompatible to 26.1.4+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v25.0.5...v26.1.4)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump golang.org/x/sys from 0.21.0 to 0.22.0 in /test/agent (#3005)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.21.0 to 0.22.0.
- [Commits](https://github.com/golang/sys/compare/v0.21.0...v0.22.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/onsi/gomega from 1.33.1 to 1.34.1 (#3002)

Bumps [github.com/onsi/gomega](https://github.com/onsi/gomega) from 1.33.1 to 1.34.1.
- [Release notes](https://github.com/onsi/gomega/releases)
- [Changelog](https://github.com/onsi/gomega/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/gomega/compare/v1.33.1...v1.34.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/gomega
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Document the Multi Card Support Limitation. (#3006)

* Document the Multi Card Support Limitation.

* Update the information on multi-card instance type.

* Bump github.com/aws/aws-sdk-go from 1.54.11 to 1.55.5 (#3000)

Bumps [github.com/aws/aws-sdk-go](https://github.com/aws/aws-sdk-go) from 1.54.11 to 1.55.5.
- [Release notes](https://github.com/aws/aws-sdk-go/releases)
- [Commits](https://github.com/aws/aws-sdk-go/compare/v1.54.11...v1.55.5)

---
updated-dependencies:
- dependency-name: github.com/aws/aws-sdk-go
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/onsi/ginkgo/v2 from 2.19.0 to 2.19.1 (#3001)

Bumps [github.com/onsi/ginkgo/v2](https://github.com/onsi/ginkgo) from 2.19.0 to 2.19.1.
- [Release notes](https://github.com/onsi/ginkgo/releases)
- [Changelog](https://github.com/onsi/ginkgo/blob/master/CHANGELOG.md)
- [Commits](https://github.com/onsi/ginkgo/compare/v2.19.0...v2.19.1)

---
updated-dependencies:
- dependency-name: github.com/onsi/ginkgo/v2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump k8s.io/client-go from 0.30.2 to 0.30.3 (#3003)

Bumps [k8s.io/client-go](https://github.com/kubernetes/client-go) from 0.30.2 to 0.30.3.
- [Changelog](https://github.com/kubernetes/client-go/blob/master/CHANGELOG.md)
- [Commits](https://github.com/kubernetes/client-go/compare/v0.30.2...v0.30.3)

---
updated-dependencies:
- dependency-name: k8s.io/client-go
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/containernetworking/cni from 1.2.0 to 1.2.3 (#3004)

Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 1.2.0 to 1.2.3.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](https://github.com/containernetworking/cni/compare/v1.2.0...v1.2.3)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* fix: init.image.pullPolicy and nodeAgent.image.pullPolicy not being respect (#3010)

Signed-off-by: zyue110026 <[email protected]>

* Bump github.com/docker/docker (#3011)

Bumps [github.com/docker/docker](https://github.com/docker/docker) from 26.1.4+incompatible to 26.1.5+incompatible.
- [Release notes](https://github.com/docker/docker/releases)
- [Commits](https://github.com/docker/docker/compare/v26.1.4...v26.1.5)

---
updated-dependencies:
- dependency-name: github.com/docker/docker
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Update kops version and k8s version (#3012)

* Bug fix: Ensure exact IP match between IMDS and local datastore. (#3033)

* adding function to compare list

* adding ut for functions

* go fmt

* Bump golang.org/x/sys from 0.22.0 to 0.24.0 in /test/agent (#3027)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.24.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.24.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 in /test/agent (#3026)

Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/coreos/go-iptables/releases)
- [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-iptables
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/vishvananda/netlink from 1.1.0 to 1.3.0 in /test/agent (#3025)

Bumps [github.com/vishvananda/netlink](https://github.com/vishvananda/netlink) from 1.1.0 to 1.3.0.
- [Release notes](https://github.com/vishvananda/netlink/releases)
- [Commits](https://github.com/vishvananda/netlink/compare/v1.1.0...v1.3.0)

---
updated-dependencies:
- dependency-name: github.com/vishvananda/netlink
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Bump github.com/prometheus/client_model from 0.6.0 to 0.6.1 (#3024)

Bumps [github.com/prometheus/client_model](https://github.com/prometheus/client_model) from 0.6.0 to 0.6.1.
- [Release notes](https://github.com/prometheus/client_model/releases)
- [Commits](https://github.com/prometheus/client_model/compare/v0.6.0...v0.6.1)

---
updated-dependencies:
- dependency-name: github.com/prometheus/client_model
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump github.com/coreos/go-iptables from 0.7.0 to 0.8.0 (#3020)

Bumps [github.com/coreos/go-iptables](https://github.com/coreos/go-iptables) from 0.7.0 to 0.8.0.
- [Release notes](https://github.com/coreos/go-iptables/releases)
- [Commits](https://github.com/coreos/go-iptables/compare/v0.7.0...v0.8.0)

---
updated-dependencies:
- dependency-name: github.com/coreos/go-iptables
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <[email protected]>

* Bump golang.org/x/sys from 0.22.0 to 0.25.0 (#3037)

Bumps [golang.org/x/sys](https://github.com/golang/sys) from 0.22.0 to 0.25.0.
- [Commits](https://github.com/golang/sys/compare/v0.22.0...v0.25.0)

---
updated-dependencies:
- dependency-name: golang.org/x/sys
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Fix fetching enimetadata (#3035)

* Fix fetching enimetadata for efa-only enis

* Fix format

* Fix and add tests

* fix format

* Add comments

---------

Co-authored-by: Jayanth Varavani <[email protected]>

* Changelog, Chart Versions and Config Version update for CNI Release v… (#3029)

* Changelog, Chart Versions and Config Version update for CNI Release v1.18.3 (#2994)

* CNI Release v1.18.3

* Added Changelog categories.

* Update CHANGELOG.md

Fix incomplete sentence.

* test branch without addon

---------

Co-authored-by: Senthil Kumaran <[email protected]>

* Bump google.golang.org/protobuf from 1.34.1 to 1.34.2 (#3023)

Bumps google.golang.org/protobuf from 1.34.1 to 1.34.2.

---
updated-dependencies:
- dependency-name: google.golang.org/protobuf
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Revert "Fix fetching enimetadata (#3035)" (#3042)

This reverts commit eb7a9bd6c4b785c8b145d926be1da798de23d0ad.

* Revert test script changes in canary and integration test (#3045)

* Filter for interfaces with no ip info (#3047)

* Filter for interfaces with no ip info

* code refactor

* Donot return for missing ipv6

---------

Signed-off-by: dependabot[bot] <[email protected]>
Signed-off-by: Tsubasa Nagasawa <[email protected]>
Signed-off-by: zyue110026 <[email protected]>
Co-authored-by: Kai Wohlfahrt <[email protected]>
Co-authored-by: Senthil Kumaran <[email protected]>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Sushmitha Ravikumar <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: Joseph Chen <[email protected]>
Co-authored-by: guessi <[email protected]>
Co-authored-by: Jay Deokar <[email protected]>
Co-authored-by: Liptan Biswas <[email protected]>
Co-authored-by: Liptan Biswas <[email protected]>
Co-authored-by: Tsubasa Nagasawa <[email protected]>
Co-authored-by: Victor Morales <[email protected]>
Co-authored-by: Benjamin Knofe <[email protected]>
Co-authored-by: Gawsoft <[email protected]>
Co-authored-by: B Pramanick <[email protected]>
Co-authored-by: bpramanick <[email protected]>
Co-authored-by: hayden <[email protected]>
Co-authored-by: Yash Thakkar <[email protected]>
Co-authored-by: zyue110026 <[email protected]>
Co-authored-by: Zach Dorame-Barajas <[email protected]>
Co-authored-by: Jayanth Varavani <[email protected]>

pkg/awsutils/awsutils.go

@@ -604,6 +604,53 @@ func (cache *EC2InstanceMetadataCache) getENIMetadata(eniMAC string) (ENIMetadat
 
 	log.Debugf("Found ENI: %s, MAC %s, device %d", eniID, eniMAC, deviceNum)
 
+	// Get IMDS fields for the interface
+	macImdsFields, err := cache.imds.GetMACImdsFields(ctx, eniMAC)
+	if err != nil {
+		awsAPIErrInc("GetMACImdsFields", err)
+		return ENIMetadata{}, err
+	}
+	ipInfoAvailable := false
+	// Efa-only interfaces do not have any ipv4s or ipv6s associated with it. If we don't find any local-ipv4 or ipv6 info in imds we assume it to be efa-only interface and validate this later via ec2 call
+	for _, field := range macImdsFields {
+		if field == "local-ipv4s" {
+			imdsIPv4s, err := cache.imds.GetLocalIPv4s(ctx, eniMAC)
+			if err != nil {
+				awsAPIErrInc("GetLocalIPv4s", err)
+				return ENIMetadata{}, err
+			}
+			if len(imdsIPv4s) > 0 {
+				ipInfoAvailable = true
+				log.Debugf("Found IPv4 addresses associated with interface. This is not efa-only interface")
+				break
+			}
+		}
+		if field == "ipv6s" {
+			imdsIPv6s, err := cache.imds.GetIPv6s(ctx, eniMAC)
+			if err != nil {
+				awsAPIErrInc("GetIPv6s", err)
+			} else if len(imdsIPv6s) > 0 {
+				ipInfoAvailable = true
+				log.Debugf("Found IPv6 addresses associated with interface. This is not efa-only interface")
+				break
+			}
+		}
+	}
+
+	if !ipInfoAvailable {
+		return ENIMetadata{
+			ENIID:          eniID,
+			MAC:            eniMAC,
+			DeviceNumber:   deviceNum,
+			SubnetIPv4CIDR: "",
+			IPv4Addresses:  make([]*ec2.NetworkInterfacePrivateIpAddress, 0),
+			IPv4Prefixes:   make([]*ec2.Ipv4PrefixSpecification, 0),
+			SubnetIPv6CIDR: "",
+			IPv6Addresses:  make([]*ec2.NetworkInterfaceIpv6Address, 0),
+			IPv6Prefixes:   make([]*ec2.Ipv6PrefixSpecification, 0),
+		}, nil
+	}
+
 	// Get IPv4 and IPv6 addresses assigned to interface
 	cidr, err := cache.imds.GetSubnetIPv4CIDRBlock(ctx, eniMAC)
 	if err != nil {
@@ -1356,9 +1403,16 @@ func (cache *EC2InstanceMetadataCache) DescribeAllENIs() (DescribeAllENIsResult,
 		if interfaceType == "trunk" {
 			trunkENI = eniID
 		}
-		if interfaceType == "efa" {
+		if interfaceType == "efa" || interfaceType == "efa-only" {
 			efaENIs[eniID] = true
 		}
+		if interfaceType != "efa-only" {
+			if len(eniMetadata.IPv4Addresses) == 0 {
+				log.Errorf("Missing IP addresses from IMDS. Non efa-only interface should have IP address associated with it %s", eniID)
+				outOfSyncErr := errors.New("DescribeAllENIs: No IPv4 address found")
+				return DescribeAllENIsResult{}, outOfSyncErr
+			}
+		}
 		// Check IPv4 addresses
 		logOutOfSyncState(eniID, eniMetadata.IPv4Addresses, ec2res.PrivateIpAddresses)
 		tagMap[eniMetadata.ENIID] = convertSDKTagsToTags(ec2res.TagSet)

pkg/awsutils/awsutils_test.go

@@ -80,16 +80,19 @@ const (
 	eni2ID               = "eni-12341234"
 	metadataVPCIPv4CIDRs = "192.168.0.0/16	100.66.0.0/1"
 	myNodeName           = "testNodeName"
+	imdsMACFields        = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block local-ipv4s ipv4-prefix ipv6-prefix"
+	imdsMACFieldsEfaOnly = "security-group-ids subnet-id vpc-id vpc-ipv4-cidr-blocks device-number interface-id subnet-ipv4-cidr-block ipv4-prefix ipv6-prefix"
 )
 
 func testMetadata(overrides map[string]interface{}) FakeIMDS {
 	data := map[string]interface{}{
-		metadataAZ:           az,
-		metadataLocalIP:      localIP,
-		metadataInstanceID:   instanceID,
-		metadataInstanceType: instanceType,
-		metadataMAC:          primaryMAC,
-		metadataMACPath:      primaryMAC,
+		metadataAZ:                   az,
+		metadataLocalIP:              localIP,
+		metadataInstanceID:           instanceID,
+		metadataInstanceType:         instanceType,
+		metadataMAC:                  primaryMAC,
+		metadataMACPath:              primaryMAC,
+		metadataMACPath + primaryMAC: imdsMACFields,
 		metadataMACPath + primaryMAC + metadataDeviceNum:  eni1Device,
 		metadataMACPath + primaryMAC + metadataInterface:  primaryeniID,
 		metadataMACPath + primaryMAC + metadataSGs:        sgs,
@@ -109,12 +112,13 @@ func testMetadata(overrides map[string]interface{}) FakeIMDS {
 
 func testMetadataWithPrefixes(overrides map[string]interface{}) FakeIMDS {
 	data := map[string]interface{}{
-		metadataAZ:           az,
-		metadataLocalIP:      localIP,
-		metadataInstanceID:   instanceID,
-		metadataInstanceType: instanceType,
-		metadataMAC:          primaryMAC,
-		metadataMACPath:      primaryMAC,
+		metadataAZ:                   az,
+		metadataLocalIP:              localIP,
+		metadataInstanceID:           instanceID,
+		metadataInstanceType:         instanceType,
+		metadataMAC:                  primaryMAC,
+		metadataMACPath:              primaryMAC,
+		metadataMACPath + primaryMAC: imdsMACFields,
 		metadataMACPath + primaryMAC + metadataDeviceNum:    eni1Device,
 		metadataMACPath + primaryMAC + metadataInterface:    primaryeniID,
 		metadataMACPath + primaryMAC + metadataSGs:          sgs,
@@ -203,7 +207,8 @@ func TestInitWithEC2metadataErr(t *testing.T) {
 
 func TestGetAttachedENIs(t *testing.T) {
 	mockMetadata := testMetadata(map[string]interface{}{
-		metadataMACPath: primaryMAC + " " + eni2MAC,
+		metadataMACPath:                                primaryMAC + " " + eni2MAC,
+		metadataMACPath + eni2MAC:                      imdsMACFields,
 		metadataMACPath + eni2MAC + metadataDeviceNum:  eni2Device,
 		metadataMACPath + eni2MAC + metadataInterface:  eni2ID,
 		metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR,
@@ -217,9 +222,26 @@ func TestGetAttachedENIs(t *testing.T) {
 	}
 }
 
+func TestGetAttachedENIsWithEfaOnly(t *testing.T) {
+	mockMetadata := testMetadata(map[string]interface{}{
+		metadataMACPath:                                primaryMAC + " " + eni2MAC,
+		metadataMACPath + eni2MAC:                      imdsMACFieldsEfaOnly,
+		metadataMACPath + eni2MAC + metadataDeviceNum:  eni2Device,
+		metadataMACPath + eni2MAC + metadataInterface:  eni2ID,
+		metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR,
+	})
+
+	cache := &EC2InstanceMetadataCache{imds: TypedIMDS{mockMetadata}}
+	ens, err := cache.GetAttachedENIs()
+	if assert.NoError(t, err) {
+		assert.Equal(t, len(ens), 2)
+	}
+}
+
 func TestGetAttachedENIsWithPrefixes(t *testing.T) {
 	mockMetadata := testMetadata(map[string]interface{}{
-		metadataMACPath: primaryMAC + " " + eni2MAC,
+		metadataMACPath:                                  primaryMAC + " " + eni2MAC,
+		metadataMACPath + eni2MAC:                        imdsMACFields,
 		metadataMACPath + eni2MAC + metadataDeviceNum:    eni2Device,
 		metadataMACPath + eni2MAC + metadataInterface:    eni2ID,
 		metadataMACPath + eni2MAC + metadataSubnetCIDR:   subnetCIDR,
@@ -343,6 +365,7 @@ func TestDescribeAllENIs(t *testing.T) {
 			Attachment: &ec2.NetworkInterfaceAttachment{
 				NetworkCardIndex: aws.Int64(0),
 			},
+			NetworkInterfaceId: aws.String(primaryeniID),
 		}},
 	}
 
@@ -357,7 +380,7 @@ func TestDescribeAllENIs(t *testing.T) {
 		awsErr  error
 		expErr  error
 	}{
-		{"Success DescribeENI", map[string]TagMap{"": {"foo": "foo-value"}}, 1, nil, nil},
+		{"Success DescribeENI", map[string]TagMap{"eni-00000000": {"foo": "foo-value"}}, 1, nil, nil},
 		{"Not found error", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no 'eni-xxx'", nil), expectedError},
 		{"Not found, no message", nil, maxENIEC2APIRetries, awserr.New("InvalidNetworkInterfaceID.NotFound", "no message", nil), noMessageError},
 		{"Other error", nil, maxENIEC2APIRetries, err, err},
@@ -1006,7 +1029,8 @@ func TestEC2InstanceMetadataCache_waitForENIAndIPsAttached(t *testing.T) {
 			}
 			fmt.Println("eniips", eniIPs)
 			mockMetadata := testMetadata(map[string]interface{}{
-				metadataMACPath: primaryMAC + " " + eni2MAC,
+				metadataMACPath:                                primaryMAC + " " + eni2MAC,
+				metadataMACPath + eni2MAC:                      imdsMACFields,
 				metadataMACPath + eni2MAC + metadataDeviceNum:  eni2Device,
 				metadataMACPath + eni2MAC + metadataInterface:  eni2ID,
 				metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR,
@@ -1101,7 +1125,8 @@ func TestEC2InstanceMetadataCache_waitForENIAndPrefixesAttached(t *testing.T) {
 				eniPrefixes = ""
 			}
 			mockMetadata := testMetadata(map[string]interface{}{
-				metadataMACPath: primaryMAC + " " + eni2MAC,
+				metadataMACPath:                                primaryMAC + " " + eni2MAC,
+				metadataMACPath + eni2MAC:                      imdsMACFields,
 				metadataMACPath + eni2MAC + metadataDeviceNum:  eni2Device,
 				metadataMACPath + eni2MAC + metadataInterface:  eni2ID,
 				metadataMACPath + eni2MAC + metadataSubnetCIDR: subnetCIDR,

pkg/awsutils/imds.go

@@ -136,6 +136,24 @@ func (imds TypedIMDS) GetMACs(ctx context.Context) ([]string, error) {
 	return list, err
 }
 
+// GetMACImdsFields returns the imds fields present for a MAC
+func (imds TypedIMDS) GetMACImdsFields(ctx context.Context, mac string) ([]string, error) {
+	key := fmt.Sprintf("network/interfaces/macs/%s", mac)
+	list, err := imds.getList(ctx, key)
+	if err != nil {
+		if imdsErr, ok := err.(*imdsRequestError); ok {
+			log.Warnf("%v", err)
+			return nil, imdsErr.err
+		}
+		return nil, err
+	}
+	// Remove trailing /
+	for i, item := range list {
+		list[i] = strings.TrimSuffix(item, "/")
+	}
+	return list, err
+}
+
 // GetInterfaceID returns the ID of the network interface.
 func (imds TypedIMDS) GetInterfaceID(ctx context.Context, mac string) (string, error) {
 	key := fmt.Sprintf("network/interfaces/macs/%s/interface-id", mac)