Master to Release-1.20 changes

CHANGELOG.md

@@ -1,5 +1,14 @@
 # Changelog
 
+## v1.20.4
+
+* Updating SNAT variable documentation by @jaydeokar in https://github.com/aws/amazon-vpc-cni-k8s/pull/3439
+* Bump the k8s-dependencies group with 5 updates by @dependabot[bot] in https://github.com/aws/amazon-vpc-cni-k8s/pull/3426
+* Bump the aws-dependencies group with 11 updates by @dependabot[bot] in https://github.com/aws/amazon-vpc-cni-k8s/pull/3424
+* Optimize ENI slot reservation for non-supported instance type by @phuhung273 in https://github.com/aws/amazon-vpc-cni-k8s/pull/3250
+* Include all plugins for Multus by @jaydeokar in https://github.com/aws/amazon-vpc-cni-k8s/pull/3470
+* fix: format string bug in GetPodMTU error logging by @dcoppa in https://github.com/aws/amazon-vpc-cni-k8s/pull/3471
+
 ## v1.20.3
 
 * chore: update VPC IP resource limits by @github-actions[bot] in https://github.com/aws/amazon-vpc-cni-k8s/pull/3441

Makefile

@@ -292,7 +292,6 @@ docker-metrics-test:     ## Run metrics helper unit test suite in a container.
 plugins: FETCH_VERSION=1.7.1
 plugins: FETCH_URL=https://github.com/containernetworking/plugins/archive/refs/tags/v$(FETCH_VERSION).tar.gz
 plugins: VISIT_URL=https://github.com/containernetworking/plugins/tree/v$(FETCH_VERSION)/plugins/
-plugins: CORE_PLUGINS = bandwidth host-local loopback portmap sbr
 plugins:   ## Fetch the CNI plugins
 	@echo "Fetching Container networking plugins v$(FETCH_VERSION) from upstream release"
 	@echo
@@ -303,9 +302,7 @@ plugins:   ## Fetch the CNI plugins
 	curl -s -L $(FETCH_URL) | tar xzf - -C $(CORE_PLUGIN_TMP)
 	cd $(CORE_PLUGIN_TMP)/plugins-$(FETCH_VERSION) && ./build_linux.sh
 	cp -a $(CORE_PLUGIN_TMP)/plugins-$(FETCH_VERSION)/LICENSE $(CORE_PLUGIN_DIR)
-	for PLUGIN in $(CORE_PLUGINS); do \
-			cp -a $(CORE_PLUGIN_TMP)/plugins-$(FETCH_VERSION)/bin/$$PLUGIN $(CORE_PLUGIN_DIR); \
-	done
+	cp -a $(CORE_PLUGIN_TMP)/plugins-$(FETCH_VERSION)/bin/* $(CORE_PLUGIN_DIR)
 	rm -rf $(CORE_PLUGIN_TMP)
 
 ##@ Debug script

README.md

@@ -68,9 +68,9 @@ For help, please consider the following venues (in order):
 For all Kubernetes releases, *we recommend installing the latest VPC CNI release*. The following table denotes our *oldest* recommended
 VPC CNI version for each actively supported Kubernetes release.
 
-| Kubernetes Release | 1.33     | 1.32     | 1.31     | 1.30     | 1.29     | 1.28     | 1.27     | 1.26     |
-| ------------------ | -------- | -------- | -------- | -------- | -------- | -------- | -------- | -------- |
-| VPC CNI Version    | v1.17.1+ | v1.17.1+ | v1.16.4+ | v1.16.0+ | v1.14.1+ | v1.13.4+ | v1.12.5+ | v1.12.0+ |
+| Kubernetes Release | 1.33     | 1.32     | 1.31     | 1.30     | 1.29     | 1.28     |
+| ------------------ | -------- | -------- | -------- | -------- | -------- | -------- |
+| VPC CNI Version    | v1.17.1+ | v1.17.1+ | v1.16.4+ | v1.16.0+ | v1.14.1+ | v1.13.4+ |
 
 ## Version Upgrade
 
@@ -236,9 +236,7 @@ Default: `false`
 
 Specifies whether an external NAT gateway should be used to provide SNAT of secondary ENI IP addresses. If set to `true`, the
 SNAT `iptables` rule and off\-VPC IP rule are not applied, and these rules are removed if they have already been applied.
-Disable SNAT if you need to allow inbound communication to your pods from external VPNs, direct connections, and external VPCs,
-and your pods do not need to access the Internet directly via an Internet Gateway. However, your nodes must be running in a
-private subnet and connected to the internet through an AWS NAT Gateway or another external NAT device.
+SNAT can be disabled in scenarios where pods need direct access to external networks (such as VPN, Direct Connect, or other VPCs) without NAT translation, and where pods are not expected to require direct Internet access via an Internet Gateway. When SNAT is disabled, nodes are typically placed in private subnets, with outbound Internet connectivity provided through an AWS NAT Gateway or another external NAT device.
 
 #### `AWS_VPC_K8S_CNI_RANDOMIZESNAT`
 

charts/aws-vpc-cni/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-vpc-cni
-version: 1.20.3
-appVersion: "v1.20.3" 
+version: 1.20.4
+appVersion: "v1.20.4" 
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

charts/aws-vpc-cni/README.md

@@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d
 | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation   | `3`                                 |
 | `branchENICooldown`     | Number of seconds that branch ENIs remain in cooldown   | `60`                                |
 | `fullnameOverride`      | Override the fullname of the chart                      | `aws-node`                          |
-| `image.tag`             | Image tag                                               | `v1.20.3`                           |
+| `image.tag`             | Image tag                                               | `v1.20.4`                           |
 | `image.domain`          | ECR repository domain                                   | `amazonaws.com`                     |
 | `image.region`          | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `image.endpoint`        | ECR repository endpoint to use.                         | `ecr`                               |
@@ -57,7 +57,7 @@ The following table lists the configurable parameters for this chart and their d
 | `image.overrideRepository` | Repository override for the image (does not change the tag) | `nil`                        |
 | `image.override`        | A custom docker image to use                            | `nil`                               |
 | `imagePullSecrets`      | Docker registry pull secret                             | `[]`                                |
-| `init.image.tag`        | Image tag                                               | `v1.20.3`                           |
+| `init.image.tag`        | Image tag                                               | `v1.20.4`                           |
 | `init.image.domain`     | ECR repository domain                                   | `amazonaws.com`                     |
 | `init.image.region`     | ECR repository region to use. Should match your cluster | `us-west-2`                         |
 | `init.image.endpoint`   | ECR repository endpoint to use.                         | `ecr`                               |

charts/aws-vpc-cni/values.yaml

@@ -8,7 +8,7 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.20.3
+    tag: v1.20.4
     domain: amazonaws.com
     region: us-west-2
     endpoint: ecr
@@ -56,7 +56,7 @@ nodeAgent:
   resources: {}
 
 image:
-  tag: v1.20.3
+  tag: v1.20.4
   domain: amazonaws.com
   region: us-west-2
   endpoint: ecr
@@ -92,7 +92,7 @@ env:
   ENABLE_IPv4: "true"
   ENABLE_IPv6: "false"
   ENABLE_SUBNET_DISCOVERY: "true"
-  VPC_CNI_VERSION: "v1.20.3"
+  VPC_CNI_VERSION: "v1.20.4"
   NETWORK_POLICY_ENFORCING_MODE: "standard"
   ENABLE_IMDS_ONLY_MODE: "false"
   ENABLE_MULTI_NIC: "false"

charts/cni-metrics-helper/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v2
 name: cni-metrics-helper
-version: 1.20.3
-appVersion: v1.20.3
+version: 1.20.4
+appVersion: v1.20.4
 description: A Helm chart for the AWS VPC CNI Metrics Helper
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

charts/cni-metrics-helper/README.md

@@ -60,7 +60,7 @@ The following table lists the configurable parameters for this chart and their d
 | -------------------------------|---------------------------------------------------------------|-------------------------------------|
 | `affinity`                     | Map of node/pod affinities                                    | `{}`                                |
 | `fullnameOverride`             | Override the fullname of the chart                            | `cni-metrics-helper`                |
-| `image.tag`                    | Image tag                                                     | `v1.20.3`                           |
+| `image.tag`                    | Image tag                                                     | `v1.20.4`                           |
 | `image.domain`                 | ECR repository domain                                         | `amazonaws.com`                     |
 | `image.region`                 | ECR repository region to use. Should match your cluster       | `us-west-2`                         |
 | `image.account`                | ECR repository account number                                 | `602401143452`                      |

charts/cni-metrics-helper/values.yaml

@@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper
 
 image:
   region: us-west-2
-  tag: v1.20.3
+  tag: v1.20.4
   account: "602401143452"
   domain: "amazonaws.com"
   # Set to use custom image

config/master/aws-k8s-cni-us-gov-east-1.yaml

@@ -300,7 +300,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -312,7 +312,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -331,7 +331,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -377,7 +377,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -397,7 +397,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -418,7 +418,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.20.3
+        image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni-init:v1.20.4
         imagePullPolicy: Always
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
@@ -440,7 +440,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.20.3
+          image: 151742754352.dkr.ecr.us-gov-east-1.amazonaws.com/amazon-k8s-cni:v1.20.4
           ports:
             - containerPort: 61678
               name: metrics
@@ -508,7 +508,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.20.3"
+              value: "v1.20.4"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET

config/master/aws-k8s-cni-us-gov-west-1.yaml

@@ -300,7 +300,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -312,7 +312,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -331,7 +331,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -377,7 +377,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -397,7 +397,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -418,7 +418,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.20.3
+        image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni-init:v1.20.4
         imagePullPolicy: Always
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
@@ -440,7 +440,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.20.3
+          image: 013241004608.dkr.ecr.us-gov-west-1.amazonaws.com/amazon-k8s-cni:v1.20.4
           ports:
             - containerPort: 61678
               name: metrics
@@ -508,7 +508,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.20.3"
+              value: "v1.20.4"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET

config/master/aws-k8s-cni.yaml

@@ -300,7 +300,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -312,7 +312,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -331,7 +331,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -377,7 +377,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -397,7 +397,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -418,7 +418,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.20.3
+        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.20.4
         imagePullPolicy: Always
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
@@ -440,7 +440,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.20.3
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.20.4
           ports:
             - containerPort: 61678
               name: metrics
@@ -508,7 +508,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.20.3"
+              value: "v1.20.4"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET

config/master/cni-metrics-helper-cn.yaml

@@ -8,7 +8,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 ---
 # Source: cni-metrics-helper/templates/clusterrole.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -18,7 +18,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 rules:
   - apiGroups: [""]
     resources:
@@ -34,7 +34,7 @@ metadata:
   labels:
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -54,7 +54,7 @@ metadata:
     k8s-app: cni-metrics-helper
     app.kubernetes.io/name: cni-metrics-helper
     app.kubernetes.io/instance: cni-metrics-helper
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.20.4"
 spec:
   revisionHistoryLimit: 10
   selector:
@@ -78,5 +78,5 @@ spec:
         - name: USE_PROMETHEUS
           value: "false"
         name: cni-metrics-helper
-        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.20.3"
+        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/cni-metrics-helper:v1.20.4"
       serviceAccountName: cni-metrics-helper