v1.12.1-rc3 Release

v1.12.1-rc3

Changes since v1.12.1-rc1:

• Bug - Fix Crypto package vulnerability (@jaydeokar )
• Bug - Fix Crypto package vulnerability (@jaydeokar )

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.12.1-rc3/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.12.1-rc3
amazon-k8s-cni:v1.12.1-rc3

v1.12.1-rc1 Release

v1.12.1-rc1

Changes since v1.12.0:

• Bug - Cleanup pod networking resources when IPAMD is unreachable to prevent rule leaking.
  (@jdn5126 )
• Improvement - Move VPC CNI and VPC CNI init images to use EKS minimal base image.
  (@jdn5126 )
• Improvement - Updating helm chart as per helm v3 standard (@jaydeokar )
• Improvement - Update golang to 1.19.2 (@jayanthvn )
• Testing - Fixes to automation runs (@jdn5126 )
• Feature - Reporting EC2 API calls metrics through CNI metrics helper (@jaydeokar)
• Feature - Added resources block to cni-metrics-helper helm chart (@jcogilvie )
• Feature - CLUSTER_ENDPOINT can now be specified to allow the VPC CNI to initialize before kube-proxy has finished setting up cluster IP routes (@bwagner5 )
• Testing - Fix environment variable name in update-cni-image script @sushrk
• Documentation - Update troubleshooting docs for node operating system(@jdn5126 )
• Cleanup - Merging makefile and go.mod from test directory to root directory (@jerryhe1999 )
• Bug - Skip add-on installation when an add-on information is not available(@sushrk )
• Bug - Add missing rules when NodePort support is disabled(@antoninbas )
• Bug - Fix logging in publisher package (@jdn5126 )

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.12.1-rc1/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.12.1-rc1
amazon-k8s-cni:v1.12.1-rc1

v1.12.0

v1.12.0

This new version removes dependency on CRI socket(e.g. dockershim.sock).

🚨 🚨 🚨 Action Required For Upgrading

1. To upgrade to VPC CNI >=v1.12.0, you must upgrade to VPC CNI >=v1.7.x first. We recommend that you update one minor version at a time.
2. aws-vpc-cni Helm chart v1.2.0 is released with VPC CNI v1.12.0, thus no longer supports the cri.hostPath.path. If you need to install a VPC CNI <v1.12.0 with helm chart, a aws-vpc-cni Helm chart with version <v1.2.0 should be used.

Changes since v1.11.4:

• Improvement - switch to use state file for IP allocation pool management (@M00nF1sh )
• Improvement - explicitly request NET_RAW capabilities in CNI manifests (@JingmingGuo )
• Improvement - Reduce startup latency by removing some unneeded sleeps (@bwagner5 )
• Bug - Remove extra decrement of totalIP count (@jayanthvn )
• New Instance Support - Add trn1 limits (@cartermckinnon )
• Documentation - Update readme with slack channel (@jayanthvn )
• Documentation - Fix ENIConfig keys in values.yaml (@chotiwat )
• Testing - fix metrics-helper test to detach role policy early (@sushrk )
• Testing - Use GetNodes in metrics-helper; explicitly install latest addon (@jdn5126 )
• Testing - refine all github workflows (@M00nF1sh )
• Testing - Resolve flakiness in IPAMD warm target tests (@jdn5126 )
• Testing - VPC CNI Integration Test Fixes (@jdn5126 )
• Testing - Update CNI canary integration test and cleanup for ginkgo v2 (@jdn5126 )

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.12.0/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.12.0
amazon-k8s-cni:v1.12.0

v1.11.4

v1.11.4

Changes since v1.11.3:

• Improvement - update aws-node clusterrole permissions (@sushrk)
• Improvement - IPAMD optimizations and makefile changes (@jayanthvn)
• Documentation - Fix minor typo on documentation (@guikcd)
• Documentation - Fixing prefixes per ENI value in example (@mkarakas)
• New release - multus manifest for release v3.9.0-eksbuild.2 (@sushrk)
• Bug - Setting AWS_VPC_K8S_CNI_RANDOMIZESNAT to the default value (@vgunapati)
• New instance support - Updated new instances (@jayanthvn)

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.11.4/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.11.4
amazon-k8s-cni:v1.11.4

v1.11.4 Release Candidate 1

v1.11.4-rc1

Changes since v1.11.3:

• Improvement - update aws-node clusterrole permissions (@sushrk)
• Improvement - IPAMD optimizations and makefile changes (@jayanthvn)
• Documentation - Fix minor typo on documentation (@guikcd)
• Documentation - Fixing prefixes per ENI value in example (@mkarakas)
• New release - multus manifest for release v3.9.0-eksbuild.2 (@sushrk)
• Bug - Setting AWS_VPC_K8S_CNI_RANDOMIZESNAT to the default value (@vgunapati)
• New instance support - Updated new instances (@jayanthvn)

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.11.4-rc1/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.11.4-rc1
amazon-k8s-cni:v1.11.4-rc1

v1.11.3

This is a patch release containing improvements and bug-fixes.

What's Changed

Changelog for 1.11.3

• Improvement - Increase cpu requests limit (@vikasmb)
• Improvement - Add event recorder utils to raise aws-node pod events (@sushrk)
• Improvement - chart: Add extraVolumes and extraVolumeMounts (@jkroepke)
• Improvement - Prevent allocate/free ENIs when node is marked noSchedule (@jayanthvn)
• Bug - Fix cni panic due to pod.Annotations is a nil map (@Downager)
• Bug - Re-use logger instance (@vikasmb)

Thanks to all the contributors - @sushrk, @Downager, @jkroepke, @vikasmb , @jayanthvn

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.11.3/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.11.3
amazon-k8s-cni:v1.11.3

v1.11.2

This release updates Golang to 1.18, and updates containernetworking cni version to 0.8.1 and containernetworking CNI plugin binaries to v1.1.1

v1.11.2

• Improvement - Updated golang to Go 1.18 (@orsenthil)
• Improvement - Updated containernetworking/cni version to 0.8.1 to address CVE-2021-20206 (@orsenthil)
• Improvement - Updated CNI Plugins to v1.1.1 (@orsenthil)

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.11.2/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.11.2
amazon-k8s-cni:v1.11.2

v1.11.0

This release introduces an optional new mode for Security groups for pods feature along with other improvements.

EKS documentation suggests to add the ENIConfig label for identifying your worker nodes with "ENI_CONFIG_LABEL_DEF=failure-domain.beta.kubernetes.io/zone". This is to select an ENIConfig based upon availability zone and would need to create an ENIConfig custom resource for each availability zone (e.g. us-east-1a). But the sample default ENIConfig generated by helm used to build the ENIConfig by default using the format REGION + USER-SUPPLIED-NAME which is not inline with the documentation. PR #1918 is included in this release to keep the documentation inline with the sample configs and also provide flexibility if there is no need to follow AZ naming recommendation.

Changes since v1.10.3:

• Feature - Support new SGPP standard mode (@M00nF1sh )
• Feature - IPv4 Randomize SNAT support for IPv6 pods (@achevuru)
• Feature - Respect existing ENIConfig label if set on node (@backjo)
• Improvement - Timeout and reconcile when checking API server connectivity
  (@prateekgogia)
• Improvement - Improve startup performance of IPAMD (@backjo)
• Improvement - Record pod metadata and allocationTime in IP allocation state file (@M00nF1sh )
• Bug - Fixes node label error handling & revert to use update for node label update (@jayanthvn, @M00nF1sh )
  (#1959)
• Bug - IPAMD throw an error on configuration validation failure (@veshij)
• Cleanup - refactoring DataStore.GetStats to simplify adding new fields (@veshij)

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.11.0/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.11.0
amazon-k8s-cni:v1.11.0

v1.10.2 Release

v1.10.2

Important
v1.10.2 have a known issue that might leak IP addresses under certain edge condition. See: #1939 for details.

Changes since v1.10.2:

• Improvement - Fetch Region and CLUSTER_ID information from cni-metrics-helper env (@cgchinmay )
• Improvement - Add VlanId in the cmdAdd Result struct. This will fix the Issue of incorrectly teardown of Pod Network when using Security Groups. For Reference: #1644 (@cgchinmay )
• Improvement - Update Insufficient IP address logic in ipamd (@cgchinmay )
• Improvement - go version updated to 1.17 (@cgchinmay )
• Improvement - use public ecr for AL2 (@vikasmb )
• Improvement - remove set -x from bash, add -Ss to curl (@skpy )
• Bug - Fix condition for disable provisioning (@jayanthvn )

Thanks to all the contributors ❤️ !!!

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.10.2/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.10.2
amazon-k8s-cni:v1.10.2

Release 1.10.1

v1.10.1

Release Notes:

v1.10.1 removes IMDSv1 dependency from VPC CNI.

• Bug - Remove IMDSv1 Dependency(#1743, @chlunde)

To apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.10.1/config/master/aws-k8s-cni.yaml

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2                                                   
amazon-k8s-cni-init:v1.10.1
amazon-k8s-cni:v1.10.1

Note:

Amazon EKS does not yet support IPv6. You can follow progress on this feature by subscribing to the issue for EKS IPv6 support on the containers roadmap.