From 79474ffc0b24ae052cc0c0ee8e425c7536c66e1e Mon Sep 17 00:00:00 2001 From: Peter Rifel Date: Fri, 7 Jun 2019 16:05:55 -0700 Subject: [PATCH] Upgrade AWS VPC CNI provider to 1.5.0 Released a few days ago: https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.5.0 --- docs/networking.md | 1 + pkg/apis/kops/networking.go | 2 +- pkg/model/iam/iam_builder.go | 1 + .../k8s-1.12.yaml.template | 28 +++++++++++++++---- .../pkg/fi/cloudup/bootstrapchannelbuilder.go | 2 +- 5 files changed, 26 insertions(+), 8 deletions(-) diff --git a/docs/networking.md b/docs/networking.md index 04d5e27d0b..b4b5e97d55 100644 --- a/docs/networking.md +++ b/docs/networking.md @@ -358,6 +358,7 @@ $ kops create cluster \ "ec2:DescribeInstances", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", "tag:TagResources" ], "Resource": [ diff --git a/pkg/apis/kops/networking.go b/pkg/apis/kops/networking.go index 1a866672e8..0a4f9f8f28 100644 --- a/pkg/apis/kops/networking.go +++ b/pkg/apis/kops/networking.go @@ -139,7 +139,7 @@ type RomanaNetworkingSpec struct { // AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking type AmazonVPCNetworkingSpec struct { // The container image name to use, which by default is: - // 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.0.0 + // 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0 ImageName string `json:"imageName,omitempty"` } diff --git a/pkg/model/iam/iam_builder.go b/pkg/model/iam/iam_builder.go index d2a4fd6ad6..89f0ee7be8 100644 --- a/pkg/model/iam/iam_builder.go +++ b/pkg/model/iam/iam_builder.go @@ -875,6 +875,7 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice, "ec2:DescribeInstances", "ec2:ModifyNetworkInterfaceAttribute", "ec2:AssignPrivateIpAddresses", + "ec2:UnassignPrivateIpAddresses", "tag:TagResources", }), Resource: resource, diff --git a/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template b/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template index 99d44a49f9..dca70de0b9 100644 --- a/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template +++ b/upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template @@ -1,5 +1,5 @@ -# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.3.3/config/v1.3/aws-k8s-cni.yaml - +# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.5.0/config/v1.5/aws-k8s-cni.yaml +--- apiVersion: rbac.authorization.k8s.io/v1 kind: ClusterRole metadata: @@ -59,15 +59,28 @@ spec: metadata: labels: k8s-app: aws-node - annotations: - scheduler.alpha.kubernetes.io/critical-pod: '' spec: + priorityClassName: system-node-critical + affinity: + nodeAffinity: + requiredDuringSchedulingIgnoredDuringExecution: + nodeSelectorTerms: + - matchExpressions: + - key: "beta.kubernetes.io/os" + operator: In + values: + - linux + - key: "beta.kubernetes.io/arch" + operator: In + values: + - amd64 serviceAccountName: aws-node hostNetwork: true tolerations: - operator: Exists containers: - - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.3.3" }}" + - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0" }}" + imagePullPolicy: Always ports: - containerPort: 61678 name: metrics @@ -118,7 +131,10 @@ metadata: spec: scope: Cluster group: crd.k8s.amazonaws.com - version: v1alpha1 + versions: + - name: v1alpha1 + served: true + storage: true names: plural: eniconfigs singular: eniconfig diff --git a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go index aaf384f96f..90c3c274fd 100644 --- a/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go +++ b/upup/pkg/fi/cloudup/bootstrapchannelbuilder.go @@ -1061,7 +1061,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri if b.cluster.Spec.Networking.AmazonVPC != nil { key := "networking.amazon-vpc-routed-eni" - version := "1.3.3-kops.1" + version := "1.5.0-kops.1" { id := "k8s-1.7"