Releases: aws/amazon-vpc-cni-k8s
v1.7.4 Release
This is a patch release to address issue #1241 where the CNI will fail to start on kernels older than 4.6.
The issue is caused by the init container assuming that the net.ipv4.tcp_early_demux
key will be present. The early TCP demux change that breaks TCP connections from kubelet to pods using per pod security groups was added in kernel 3.6, but the flag to disable it was not added until 4.6. This means using TCP health checks for per pod security groups requires at least Linux kernel 4.6.
Changes since v1.7.3
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.7.4
amazon-k8s-cni:v1.7.4
To use version v1.7.4 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/cni-metrics-helper.yaml
v1.7.3 Release
This is a patch release to address issue #1212 which affects clusters that use the AWS EKS Per Pod Security Group feature.
The only reason to use this version over v1.7.2 is to be able to turn off tcp_early_demux
to unblock host TCP communication to pods on the same node using Per Pod SG, such as liveness/readiness checks. Using this version and setting DISABLE_TCP_EARLY_DEMUX
to true
in the initContainer config will slightly increase the latency for node local TCP connections.
This fix does NOT turn off tcp_early_demux
by default since it is only needed when you need local TCP connectivity to pods using the security groups for pods on the same node.
Changes since v1.7.2
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.3/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.7.3
amazon-k8s-cni:v1.7.3
To use version v1.7.3 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.3/config/v1.7/cni-metrics-helper.yaml
v1.7.2 Release
This is a patch release to address issues #737, #964, #989, #1070, #1094, #1100, #1101, and #1148. This also includes a version bump of Calico to v3.15.1 and some minor cleanups.
Changes since v1.7.1
- Bug - Avoid deleting ENIs being created by older CNI versions (#1109, @jayanthvn)
- Bug - Handle stale IMDS metadata for secondary IPs (#1177, @mogren)
- Bug - Mount /run/xtables.lock to prevent unwanted race conditions (#1186, @kgtw)
- Bug - Make a deep copy for introspection (#1179, @mogren)
- Bug - Wait for ENI and secondary IPs (#1174, @mogren)
- Improvement - Update Calico images to v3.15.1 & set routeSource=WorkloadIPs for v1.7 (#1182, @realgaurav)
- Improvement - Update Calico to v3.15.1 & set routeSource=WorkloadIPs (#1165, @realgaurav)
- Improvement - Clean up go lint warnings (#1162, @mogren)
- Improvement - Update SG on secondary ENIs (#1098, @jayanthvn)
- Improvement - Fix device number and update table name the device index (#1071, @mogren)
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.2/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.7.2
amazon-k8s-cni:v1.7.2
To use version v1.7.2 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.2/config/v1.7/cni-metrics-helper.yaml
v1.7.2 Release Candidate 1
This is a patch release to address issues #737, #964, #989, #1070, #1094, #1100, #1101, and #1148. This also includes a version bump of Calico to v3.15.1 and some minor cleanups.
Changes since v1.7.1
- Bug - Avoid deleting ENIs being created by older CNI versions (#1109, @jayanthvn)
- Bug - Handle stale IMDS metadata for secondary IPs (#1177, @mogren)
- Bug - Mount /run/xtables.lock to prevent unwanted race conditions (#1186, @kgtw)
- Bug - Make a deep copy for introspection (#1179, @mogren)
- Bug - Wait for ENI and secondary IPs (#1174, @mogren)
- Improvement - Update Calico images to v3.15.1 & set routeSource=WorkloadIPs for v1.7 (#1182, @realgaurav)
- Improvement - Update Calico to v3.15.1 & set routeSource=WorkloadIPs (#1165, @realgaurav)
- Improvement - Clean up go lint warnings (#1162, @mogren)
- Improvement - Update SG on secondary ENIs (#1098, @jayanthvn)
- Improvement - Fix device number and update table name the device index (#1071, @mogren)
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/release-candidate/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.7.2-rc1
amazon-k8s-cni:v1.7.2-rc1
To use version v1.7.2-rc1 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/release-candidate/cni-metrics-helper.yaml
v1.7.1 Release
This is a patch release to address issue #1159, Calico deletes routes with v1.7.0. This was fixed in PR #1166 .
Changes since v1.7.0
- Bug - Calico deletes routes when using CNI v1.7.0 (#1166, @jayanthvn)
- Improvement - enable manual override for VERSION in images (#1156, @nprab428)
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.1/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.7.1
To use version v1.7.1 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.1/config/v1.7/cni-metrics-helper.yaml
v1.7.0 Release
This is a feature rich release adding a lot of new improvements. The biggest changes are #972 - where we start storing IPAM state in a file and use this across restarts and #955 - to copy portmap
and loopback
binaries and set up rp_filter
in an init-container. Because of these changes, upgrades should not be done by just editing the image tag.
Warning! If you use Calico, please use v1.7.1 instead because of issue #1159.
Thanks to all the contributors - @anguslees, @bnapolitan, @gyuho, @mogren, @nithu0115, @nprab428, @saiteja313, @willejs, @SaranBalaji90, @anguslees, @abhinavmpandey08, @bnapolitan!
Full changelog
- Improvement - Use install command instead of cp (#1061, @mogren)
- Improvement - Updated manifest configs with default env vars (#1057, @saiteja313)
- Improvement - Default to random-fully (#1048, @mogren)
- Improvement - Update probe settings (#1028, @mogren)
- Improvement - Added warning if delete on termination is set to false for the primary ENI (#1024, @jayanthvn)
- Improvement - Use sed as a stream editor and redirect to file (#1069, @willejs)
- Improvement - JSON output format for the entrypoint script (#1066, @jayanthvn)
- Improvement - Limit scope of logs writable by ipamd container (#987, @anguslees)
- Improvement - Autogenerate per-region YAML manifests from a common template (#986, @anguslees)
- Improvement - Persist IPAM state to local file and use across restarts (#972, @anguslees)
- Improvement - Add init container (#955, @mogren)
- Improvement - Refresh subnet/CIDR information periodically (#903, @nithu0115)
- Improvement - Add ipamd changes for sg support (#1126, @mogren)
- Improvement - Add support to setup pod network using VLANss (#1125, @SaranBalaji90)
- Improvement - Improve CRI->checkpoint logic in the face of downgrades (#1123, @anguslees)
- Improvement - Slash and burn unused code (#1115, @anguslees)
- Improvement - Remove references to unused metadata owner-id (#1111, @anguslees)
- Improvement - Remove old pre-1.3 migration code (#1110, @anguslees)
- Improvement - Enable log config for the metrics agent (#1104, @mogren)
- Improvement - Refactor ENI limit struct (#1035, @mogren)
- Docs - Changed data type for variables in README (#1116, @abhinavmpandey08)
- Docs - Fix docs links for cni-metrics-agent (#1072, @mogren)
- Bug - Make metrics-helper docker logging statement multi-arch compatible (#1067, @nprab428)
- Bug - Use limits from API for g4dn.16xlarge (#1086, @mogren)
- Testing - scripts/lib: bump up tester to v1.4.0 (#1065, @gyuho)
- Testing - Create script to run all release tests (#1106, @bnapolitan)
- Testing - Add parallel testing to conformance (#1018, @bnapolitan)
- Testing - Cache go packages in CircleCI (#1017, @bnapolitan)
- Testing - Create roles by default for e2e test cluster creation (#994, @bnapolitan)
- Testing - Cover bottlerocket cluster test (#1096, @bnapolitan)
- Testing - Introduce automated performance testing (#1068, @bnapolitan)
To update your cluster to use this release in one of your clusters, you should download the sample aws-node daemonset config and edit it to match your region and settings, or alternatively for us-west-2
just:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.0/config/v1.7/aws-k8s-cni.yaml
To verify the update:
kubectl describe ds aws-node -n kube-system | grep Image | cut -d ":" -f 2-3
602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.0
To use version v1.7.0 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.0/config/v1.7/cni-metrics-helper.yaml
v1.6.3 Release
The most important change in this release is a fix for #1008, the CNI pod crashloopbackoff due to incorrect instance metadata while fetching ENI issue, fixed in PR #1011.
Note! If you edit an existing v1.5.x CNI deployment, make sure to mount /var/run/dockershim.sock correctly!
Changes since v1.6.2
- Bug - Handle stale instance metadata (#1011, @mogren)
- Improvement - Add support for c5a and c5ad (#1003, @mogren)
- Improvement - Make the aws-cni-support.sh executable (#1007, @jayanthvn)
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.3/config/v1.6/aws-k8s-cni.yaml
If you instead edit your current deployment, make sure to mount /var/run/dockershim.sock
correctly!
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.3
To use version v1.6.3 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.3/config/v1.6/cni-metrics-helper.yaml
v1.7.0 Release Candidate 2
Second release candidate for CNI v1.7.0
. This pre-release image is only available in us-west-2
.
Additional changes since v1.7.0-rc1
:
- Improvement - Add ipamd changes for sg support (#1126, @mogren)
- Improvement - Add support to setup pod network using VLANss (#1125, @SaranBalaji90)
- Improvement - Improve CRI->checkpoint logic in the face of downgrades (#1123, @anguslees)
- Docs - Changed data type for variables in README (#1116, @abhinavmpandey08)
- Improvement - Slash and burn unused code (#1115, @anguslees)
- Improvement - Remove references to unused metadata
owner-id
(#1111, @anguslees) - Improvement - Remove old pre-1.3 migration code (#1110, @anguslees)
- Testing - Create script to run all release tests (#1106, @bnapolitan)
- Improvement - Enable log config for the metrics agent (#1104, @mogren)
- Improvement - Refactor ENI limit struct (#1035, @mogren)
- Testing - Cover bottlerocket cluster test (#1096, @bnapolitan)
- Testing - Introduce automated performance testing (#1068, @bnapolitan)
Thanks to everyone who contributed to this release; @SaranBalaji90, @anguslees, @abhinavmpandey08 and @bnapolitan!
If you want to test this release candidate in one of your clusters, you can use this sample aws-node
daemonset config:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe ds aws-node -n kube-system | grep Image | cut -d ":" -f 2-3
602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.0-rc2
602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.0-rc2
v1.6.4 Release
This is a patch release to address issue #711, Duplicate IP getting assigned during IPAMD restart. This was fixed in PR #1118.
Changes since v1.6.3
- Bug - Use docker/CRI to discover pods at node init(#1118 , @fawadkhaliq / @anguslees)
- Improvement - ARM64 support (through improved build setup and ECR manifest)
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni:v1.6.4
To use version v1.6.4 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/cni-metrics-helper.yaml
v1.6.4 Release Candidate 1
First release candidate for CNI v1.6.4. This pre-release image is only available in us-west-2.
The main reason for this patch release to address issue #711 by cherry picking the fix in PR #972 to the 1.6 branch.
Bug - Use docker/CRI to discover pods at node init(#1118 , @fawadkhaliq / @anguslees )
If you want to test this release candidate in one of your clusters, you can use this sample aws-node daemonset config:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/aws-k8s-cni.yaml
Verify the update:
kubectl describe ds aws-node -n kube-system | grep Image | cut -d ":" -f 2-3
602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.4-rc1
To test version v1.6.4-rc1 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/cni-metrics-helper.yaml