diff --git a/pkg/addons/default/assets/aws-node.yaml b/pkg/addons/default/assets/aws-node.yaml index fdd796d3c6..e2e539c0fc 100644 --- a/pkg/addons/default/assets/aws-node.yaml +++ b/pkg/addons/default/assets/aws-node.yaml @@ -54,256 +54,6 @@ spec: plural: eniconfigs singular: eniconfig kind: ENIConfig ---- -apiVersion: apiextensions.k8s.io/v1 -kind: CustomResourceDefinition -metadata: - annotations: - controller-gen.kubebuilder.io/version: v0.11.3 - labels: - app.kubernetes.io/name: amazon-network-policy-controller-k8s - name: policyendpoints.networking.k8s.aws -spec: - group: networking.k8s.aws - names: - kind: PolicyEndpoint - listKind: PolicyEndpointList - plural: policyendpoints - singular: policyendpoint - scope: Namespaced - versions: - - name: v1alpha1 - schema: - openAPIV3Schema: - description: PolicyEndpoint is the Schema for the policyendpoints API - properties: - apiVersion: - description: |- - APIVersion defines the versioned schema of this representation of an object. - Servers should convert recognized schemas to the latest internal value, and - may reject unrecognized values. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources - type: string - kind: - description: |- - Kind is a string value representing the REST resource this object represents. - Servers may infer this from the endpoint the client submits requests to. - Cannot be updated. - In CamelCase. - More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds - type: string - metadata: - type: object - spec: - description: PolicyEndpointSpec defines the desired state of PolicyEndpoint - properties: - egress: - description: Egress is the list of egress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - domainName: - description: |- - DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only) - Note: This field should only be used in egress rules, not ingress - pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$ - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: |- - Endport specifies the port range port to endPort - port must be defined and an integer, endPort > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - type: object - type: array - ingress: - description: Ingress is the list of ingress rules containing resolved - network addresses - items: - description: EndpointInfo defines the network endpoint information - for the policy ingress/egress - properties: - cidr: - description: CIDR is the network address(s) of the endpoint - type: string - domainName: - description: |- - DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only) - Note: This field should only be used in egress rules, not ingress - pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$ - type: string - except: - description: Except is the exceptions to the CIDR ranges mentioned - above. - items: - type: string - type: array - ports: - description: Ports is the list of ports - items: - description: Port contains information about the transport - port/protocol - properties: - endPort: - description: |- - Endport specifies the port range port to endPort - port must be defined and an integer, endPort > port - format: int32 - type: integer - port: - description: Port specifies the numerical port for the - protocol. If empty applies to all ports - format: int32 - type: integer - protocol: - default: TCP - description: Protocol specifies the transport protocol, - default TCP - type: string - type: object - type: array - type: object - type: array - podIsolation: - description: |- - PodIsolation specifies whether the pod needs to be isolated for a - particular traffic direction Ingress or Egress, or both. If default isolation is not - specified, and there are no ingress/egress rules, then the pod is not isolated - from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes. - items: - description: |- - PolicyType string describes the NetworkPolicy type - This type is beta-level in 1.8 - type: string - type: array - podSelector: - description: PodSelector is the podSelector from the policy resource - properties: - matchExpressions: - description: matchExpressions is a list of label selector requirements. - The requirements are ANDed. - items: - description: |- - A label selector requirement is a selector that contains values, a key, and an operator that - relates the key and values. - properties: - key: - description: key is the label key that the selector applies - to. - type: string - operator: - description: |- - operator represents a key's relationship to a set of values. - Valid operators are In, NotIn, Exists and DoesNotExist. - type: string - values: - description: |- - values is an array of string values. If the operator is In or NotIn, - the values array must be non-empty. If the operator is Exists or DoesNotExist, - the values array must be empty. This array is replaced during a strategic - merge patch. - items: - type: string - type: array - x-kubernetes-list-type: atomic - required: - - key - - operator - type: object - type: array - x-kubernetes-list-type: atomic - matchLabels: - additionalProperties: - type: string - description: |- - matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels - map is equivalent to an element of matchExpressions, whose key field is "key", the - operator is "In", and the values array contains only "value". The requirements are ANDed. - type: object - type: object - x-kubernetes-map-type: atomic - podSelectorEndpoints: - description: |- - PodSelectorEndpoints contains information about the pods - matching the podSelector - items: - description: PodEndpoint defines the summary information for the - pods - properties: - hostIP: - description: HostIP is the IP address of the host the pod is - currently running on - type: string - name: - description: Name is the pod name - type: string - namespace: - description: Namespace is the pod namespace - type: string - podIP: - description: PodIP is the IP address of the pod - type: string - required: - - hostIP - - name - - namespace - - podIP - type: object - type: array - policyRef: - description: PolicyRef is a reference to the Kubernetes NetworkPolicy - resource. - properties: - name: - description: Name is the name of the Policy - type: string - namespace: - description: Namespace is the namespace of the Policy - type: string - required: - - name - - namespace - type: object - required: - - policyRef - type: object - status: - description: PolicyEndpointStatus defines the observed state of PolicyEndpoint - type: object - type: object - served: true - storage: true - subresources: - status: {} --- # Source: aws-vpc-cni/templates/serviceaccount.yaml @@ -316,7 +66,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.21.1" + app.kubernetes.io/version: "v1.22.1" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -328,7 +78,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.21.1" + app.kubernetes.io/version: "v1.22.1" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -347,7 +97,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.21.1" + app.kubernetes.io/version: "v1.22.1" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -397,7 +147,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.21.1" + app.kubernetes.io/version: "v1.22.1" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -417,7 +167,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.21.1" + app.kubernetes.io/version: "v1.22.1" spec: updateStrategy: rollingUpdate: @@ -438,7 +188,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.21.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.22.1 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -460,7 +210,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.21.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.22.1 ports: - containerPort: 61678 name: metrics @@ -528,7 +278,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.21.1" + value: "v1.22.1" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -563,7 +313,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.3.1 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.3.5 imagePullPolicy: Always ports: - containerPort: 8162 @@ -583,6 +333,7 @@ spec: - --metrics-bind-addr=:8162 - --health-probe-bind-addr=:8163 - --conntrack-cache-cleanup-period=300 + - --conntrack-cache-table-size=524288 - --log-level=debug resources: requests: diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go index 1c5ca65e54..86d37cae43 100644 --- a/pkg/addons/default/aws_node_test.go +++ b/pkg/addons/default/aws_node_test.go @@ -61,7 +61,7 @@ var _ = Describe("AWS Node", func() { Describe("UpdateAWSNode", func() { var preUpdateAwsNode *v1.DaemonSet - const expectedVersion = "v1.21.1" + const expectedVersion = "v1.22.1" const expectedNodeAgentVersion = "v1.3.1" BeforeEach(func() { loadSamples(rawClient, "testdata/sample-1.15.json")