Upgrade AWS VPC CNI provider to 1.5.0

Released a few days ago: https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.5.0
2019-06-07 16:05:55 -07:00 · 2019-06-07 16:05:55 -07:00 · 79474ffc0b
parent 02cb57ee7b
commit 79474ffc0b
5 changed files with 26 additions and 8 deletions
--- a/docs/networking.md
+++ b/docs/networking.md
@ -358,6 +358,7 @@ $ kops create cluster \
      "ec2:DescribeInstances",
      "ec2:ModifyNetworkInterfaceAttribute",
      "ec2:AssignPrivateIpAddresses",
+      "ec2:UnassignPrivateIpAddresses",
      "tag:TagResources"
    ],
    "Resource": [
--- a/pkg/apis/kops/networking.go
+++ b/pkg/apis/kops/networking.go
@ -139,7 +139,7 @@ type RomanaNetworkingSpec struct {
 // AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking
 type AmazonVPCNetworkingSpec struct {
 	// The container image name to use, which by default is:
-	// 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.0.0
+	// 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
 	ImageName string `json:"imageName,omitempty"`
 }

--- a/pkg/model/iam/iam_builder.go
+++ b/pkg/model/iam/iam_builder.go
@ -875,6 +875,7 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
 				"ec2:DescribeInstances",
 				"ec2:ModifyNetworkInterfaceAttribute",
 				"ec2:AssignPrivateIpAddresses",
+				"ec2:UnassignPrivateIpAddresses",
 				"tag:TagResources",
 			}),
 			Resource: resource,
--- a/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template
+++ b/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template
@ -1,5 +1,5 @@
-# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.3.3/config/v1.3/aws-k8s-cni.yaml
-
+# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.5.0/config/v1.5/aws-k8s-cni.yaml
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@ -59,15 +59,28 @@ spec:
    metadata:
      labels:
        k8s-app: aws-node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
    spec:
+      priorityClassName: system-node-critical
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "beta.kubernetes.io/os"
+                    operator: In
+                    values:
+                      - linux
+                  - key: "beta.kubernetes.io/arch"
+                    operator: In
+                    values:
+                      - amd64
      serviceAccountName: aws-node
      hostNetwork: true
      tolerations:
      - operator: Exists
      containers:
-      - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.3.3" }}"
+      - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0" }}"
+        imagePullPolicy: Always
        ports:
        - containerPort: 61678
          name: metrics
@ -118,7 +131,10 @@ metadata:
 spec:
  scope: Cluster
  group: crd.k8s.amazonaws.com
-  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
  names:
    plural: eniconfigs
    singular: eniconfig
--- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
+++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
@ -1061,7 +1061,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri

 	if b.cluster.Spec.Networking.AmazonVPC != nil {
 		key := "networking.amazon-vpc-routed-eni"
-		version := "1.3.3-kops.1"
+		version := "1.5.0-kops.1"

 		{
 			id := "k8s-1.7"