Upgrade AWS VPC CNI provider to 1.5.0

Released a few days ago: https://github.com/aws/amazon-vpc-cni-k8s/releases/tag/v1.5.0

docs/networking.md

@@ -358,6 +358,7 @@ $ kops create cluster \
       "ec2:DescribeInstances",
       "ec2:ModifyNetworkInterfaceAttribute",
       "ec2:AssignPrivateIpAddresses",
+      "ec2:UnassignPrivateIpAddresses",
       "tag:TagResources"
     ],
     "Resource": [

pkg/apis/kops/networking.go

@@ -139,7 +139,7 @@ type RomanaNetworkingSpec struct {
 // AmazonVPCNetworkingSpec declares that we want Amazon VPC CNI networking
 type AmazonVPCNetworkingSpec struct {
 	// The container image name to use, which by default is:
-	// 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.0.0
+	// 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0
 	ImageName string `json:"imageName,omitempty"`
 }
 

pkg/model/iam/iam_builder.go

@@ -875,6 +875,7 @@ func addAmazonVPCCNIPermissions(p *Policy, resource stringorslice.StringOrSlice,
 				"ec2:DescribeInstances",
 				"ec2:ModifyNetworkInterfaceAttribute",
 				"ec2:AssignPrivateIpAddresses",
+				"ec2:UnassignPrivateIpAddresses",
 				"tag:TagResources",
 			}),
 			Resource: resource,

upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.12.yaml.template

@@ -1,5 +1,5 @@
-# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.3.3/config/v1.3/aws-k8s-cni.yaml
+# Vendored from https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.5.0/config/v1.5/aws-k8s-cni.yaml
-
+---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: ClusterRole
 metadata:
@@ -59,15 +59,28 @@ spec:
     metadata:
       labels:
         k8s-app: aws-node
-      annotations:
-        scheduler.alpha.kubernetes.io/critical-pod: ''
     spec:
+      priorityClassName: system-node-critical
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+              - matchExpressions:
+                  - key: "beta.kubernetes.io/os"
+                    operator: In
+                    values:
+                      - linux
+                  - key: "beta.kubernetes.io/arch"
+                    operator: In
+                    values:
+                      - amd64
       serviceAccountName: aws-node
       hostNetwork: true
       tolerations:
       - operator: Exists
       containers:
-      - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:1.3.3" }}"
+      - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.5.0" }}"
+        imagePullPolicy: Always
         ports:
         - containerPort: 61678
           name: metrics
@@ -118,7 +131,10 @@ metadata:
 spec:
   scope: Cluster
   group: crd.k8s.amazonaws.com
-  version: v1alpha1
+  versions:
+  - name: v1alpha1
+    served: true
+    storage: true
   names:
     plural: eniconfigs
     singular: eniconfig

upup/pkg/fi/cloudup/bootstrapchannelbuilder.go

@@ -1061,7 +1061,7 @@ func (b *BootstrapChannelBuilder) buildManifest() (*channelsapi.Addons, map[stri
 
 	if b.cluster.Spec.Networking.AmazonVPC != nil {
 		key := "networking.amazon-vpc-routed-eni"
-		version := "1.3.3-kops.1"
+		version := "1.5.0-kops.1"
 
 		{
 			id := "k8s-1.7"