kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #9786 from MoShitrit/vpc-cni-1.7.0 

Upgrade AWS VPC CNI to 1.7.0
This commit is contained in:
Kubernetes Prow Robot 2020-08-19 20:25:25 -07:00 committed by GitHub
parent 899c43b23a 9bd7a350eb
commit 90fc25a25d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 215 additions and 71 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

99
upup/models/bindata.go
View File

@ -3922,7 +3922,7 @@ func cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s112YamlTemplate() (*as
return a, nil return a, nil
} }
var _cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplate = []byte(`# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/aws-k8s-cni.yaml var _cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplate = []byte(`# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -3939,9 +3939,12 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- pods - pods
- nodes
- namespaces - namespaces
verbs: ["list", "watch", "get"] verbs: ["list", "watch", "get"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch", "get", "update"]
- apiGroups: ["extensions"] - apiGroups: ["extensions"]
resources: resources:
- daemonsets - daemonsets
@ -3969,9 +3972,11 @@ subjects:
namespace: kube-system namespace: kube-system
--- ---
kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet
metadata: metadata:
labels:
k8s-app: aws-node
name: aws-node name: aws-node
namespace: kube-system namespace: kube-system
labels: labels:
@ -4013,7 +4018,7 @@ spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
containers: containers:
- image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.4" }}" - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.0" }}"
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 61678 - containerPort: 61678
@ -4022,24 +4027,50 @@ spec:
readinessProbe: readinessProbe:
exec: exec:
command: ["/app/grpc-health-probe", "-addr=:50051"] command: ["/app/grpc-health-probe", "-addr=:50051"]
initialDelaySeconds: 35 initialDelaySeconds: 1
livenessProbe: livenessProbe:
exec: exec:
command: ["/app/grpc-health-probe", "-addr=:50051"] command: ["/app/grpc-health-probe", "-addr=:50051"]
initialDelaySeconds: 35 initialDelaySeconds: 60
env: env:
- name: CLUSTER_NAME - name: CLUSTER_NAME
value: {{ ClusterName }} value: {{ ClusterName }}
- name: AWS_VPC_K8S_CNI_LOGLEVEL - name: ADDITIONAL_ENI_TAGS
value: DEBUG value: '{}'
- name: AWS_VPC_K8S_CNI_VETHPREFIX - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: eni value: "true"
- name: AWS_VPC_ENI_MTU - name: AWS_VPC_ENI_MTU
value: "9001" value: "9001"
- name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER
value: "false"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: ENABLE_POD_ENI
value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME - name: MY_NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: WARM_ENI_TARGET
value: "1"
{{- range .Networking.AmazonVPC.Env }} {{- range .Networking.AmazonVPC.Env }}
- name: {{ .Name }} - name: {{ .Name }}
value: "{{ .Value }}" value: "{{ .Value }}"
@ -4048,34 +4079,50 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
securityContext: securityContext:
privileged: true capabilities:
add:
- NET_ADMIN
volumeMounts: volumeMounts:
- mountPath: /host/opt/cni/bin - mountPath: /host/opt/cni/bin
name: cni-bin-dir name: cni-bin-dir
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/var/log - mountPath: /host/var/log/aws-routed-eni
name: log-dir name: log-dir
- mountPath: /var/run/docker.sock - mountPath: /var/run/aws-node
name: dockersock name: run-dir
- mountPath: /var/run/dockershim.sock - mountPath: /var/run/dockershim.sock
name: dockershim name: dockershim
initContainers:
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.0
imagePullPolicy: Always
name: aws-vpc-cni-init
resources: {}
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
volumes: volumes:
- name: cni-bin-dir - hostPath:
hostPath:
path: /opt/cni/bin path: /opt/cni/bin
- name: cni-net-dir name: cni-bin-dir
hostPath: - hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: log-dir name: cni-net-dir
hostPath: - hostPath:
path: /var/log
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: dockershim
hostPath:
path: /var/run/dockershim.sock path: /var/run/dockershim.sock
name: dockershim
- hostPath:
path: /var/log/aws-routed-eni
type: DirectoryOrCreate
name: log-dir
- hostPath:
path: /var/run/aws-node
type: DirectoryOrCreate
name: run-dir
--- ---
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1beta1

99
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
View File

@ -1,4 +1,4 @@
# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.6.4/config/v1.6/aws-k8s-cni.yaml # Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml
--- ---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
@ -15,9 +15,12 @@ rules:
- apiGroups: [""] - apiGroups: [""]
resources: resources:
- pods - pods
- nodes
- namespaces - namespaces
verbs: ["list", "watch", "get"] verbs: ["list", "watch", "get"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch", "get", "update"]
- apiGroups: ["extensions"] - apiGroups: ["extensions"]
resources: resources:
- daemonsets - daemonsets
@ -45,9 +48,11 @@ subjects:
namespace: kube-system namespace: kube-system
--- ---
kind: DaemonSet
apiVersion: apps/v1 apiVersion: apps/v1
kind: DaemonSet
metadata: metadata:
labels:
k8s-app: aws-node
name: aws-node name: aws-node
namespace: kube-system namespace: kube-system
labels: labels:
@ -89,7 +94,7 @@ spec:
tolerations: tolerations:
- operator: Exists - operator: Exists
containers: containers:
- image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.4" }}" - image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.0" }}"
imagePullPolicy: Always imagePullPolicy: Always
ports: ports:
- containerPort: 61678 - containerPort: 61678
@ -98,24 +103,50 @@ spec:
readinessProbe: readinessProbe:
exec: exec:
command: ["/app/grpc-health-probe", "-addr=:50051"] command: ["/app/grpc-health-probe", "-addr=:50051"]
initialDelaySeconds: 35 initialDelaySeconds: 1
livenessProbe: livenessProbe:
exec: exec:
command: ["/app/grpc-health-probe", "-addr=:50051"] command: ["/app/grpc-health-probe", "-addr=:50051"]
initialDelaySeconds: 35 initialDelaySeconds: 60
env: env:
- name: CLUSTER_NAME - name: CLUSTER_NAME
value: {{ ClusterName }} value: {{ ClusterName }}
- name: AWS_VPC_K8S_CNI_LOGLEVEL - name: ADDITIONAL_ENI_TAGS
value: DEBUG value: '{}'
- name: AWS_VPC_K8S_CNI_VETHPREFIX - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: eni value: "true"
- name: AWS_VPC_ENI_MTU - name: AWS_VPC_ENI_MTU
value: "9001" value: "9001"
- name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER
value: "false"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: ENABLE_POD_ENI
value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME - name: MY_NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: WARM_ENI_TARGET
value: "1"
{{- range .Networking.AmazonVPC.Env }} {{- range .Networking.AmazonVPC.Env }}
- name: {{ .Name }} - name: {{ .Name }}
value: "{{ .Value }}" value: "{{ .Value }}"
@ -124,34 +155,50 @@ spec:
requests: requests:
cpu: 10m cpu: 10m
securityContext: securityContext:
privileged: true capabilities:
add:
- NET_ADMIN
volumeMounts: volumeMounts:
- mountPath: /host/opt/cni/bin - mountPath: /host/opt/cni/bin
name: cni-bin-dir name: cni-bin-dir
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/var/log - mountPath: /host/var/log/aws-routed-eni
name: log-dir name: log-dir
- mountPath: /var/run/docker.sock - mountPath: /var/run/aws-node
name: dockersock name: run-dir
- mountPath: /var/run/dockershim.sock - mountPath: /var/run/dockershim.sock
name: dockershim name: dockershim
initContainers:
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.0
imagePullPolicy: Always
name: aws-vpc-cni-init
resources: {}
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
volumes: volumes:
- name: cni-bin-dir - hostPath:
hostPath:
path: /opt/cni/bin path: /opt/cni/bin
- name: cni-net-dir name: cni-bin-dir
hostPath: - hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
- name: log-dir name: cni-net-dir
hostPath: - hostPath:
path: /var/log
- name: dockersock
hostPath:
path: /var/run/docker.sock
- name: dockershim
hostPath:
path: /var/run/dockershim.sock path: /var/run/dockershim.sock
name: dockershim
- hostPath:
path: /var/log/aws-routed-eni
type: DirectoryOrCreate
name: log-dir
- hostPath:
path: /var/run/aws-node
type: DirectoryOrCreate
name: run-dir
--- ---
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: apiextensions.k8s.io/v1beta1

2
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml
View File

@ -105,7 +105,7 @@ spec:
- id: k8s-1.16 - id: k8s-1.16
kubernetesVersion: '>=1.16.0' kubernetesVersion: '>=1.16.0'
manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml
manifestHash: a684d4e135aac56ad28d56570999e605317e870b manifestHash: 8279e7bffce848b7cd30e87e5c7c5c64c5955e4c
name: networking.amazon-vpc-routed-eni name: networking.amazon-vpc-routed-eni
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"

86
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/networking.amazon-vpc-routed-eni-k8s-1.16.yaml
View File

@ -13,12 +13,20 @@ rules:
- "" - ""
resources: resources:
- pods - pods
- nodes
- namespaces - namespaces
verbs: verbs:
- list - list
- watch - watch
- get - get
- apiGroups:
- ""
resources:
- nodes
verbs:
- list
- watch
- get
- update
- apiGroups: - apiGroups:
- extensions - extensions
resources: resources:
@ -90,28 +98,54 @@ spec:
- env: - env:
- name: CLUSTER_NAME - name: CLUSTER_NAME
value: minimal.example.com value: minimal.example.com
- name: AWS_VPC_K8S_CNI_LOGLEVEL - name: ADDITIONAL_ENI_TAGS
value: DEBUG value: '{}'
- name: AWS_VPC_K8S_CNI_VETHPREFIX - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: eni value: "true"
- name: AWS_VPC_ENI_MTU - name: AWS_VPC_ENI_MTU
value: "9001" value: "9001"
- name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER
value: "false"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: ENABLE_POD_ENI
value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME - name: MY_NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: WARM_ENI_TARGET
value: "1"
- name: WARM_IP_TARGET - name: WARM_IP_TARGET
value: "10" value: "10"
- name: AWS_VPC_K8S_CNI_LOGLEVEL - name: AWS_VPC_K8S_CNI_LOGLEVEL
value: debug value: debug
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.4 image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.0
imagePullPolicy: Always imagePullPolicy: Always
livenessProbe: livenessProbe:
exec: exec:
command: command:
- /app/grpc-health-probe - /app/grpc-health-probe
- -addr=:50051 - -addr=:50051
initialDelaySeconds: 35 initialDelaySeconds: 60
name: aws-node name: aws-node
ports: ports:
- containerPort: 61678 - containerPort: 61678
@ -121,24 +155,38 @@ spec:
command: command:
- /app/grpc-health-probe - /app/grpc-health-probe
- -addr=:50051 - -addr=:50051
initialDelaySeconds: 35 initialDelaySeconds: 1
resources: resources:
requests: requests:
cpu: 10m cpu: 10m
securityContext: securityContext:
privileged: true capabilities:
add:
- NET_ADMIN
volumeMounts: volumeMounts:
- mountPath: /host/opt/cni/bin - mountPath: /host/opt/cni/bin
name: cni-bin-dir name: cni-bin-dir
- mountPath: /host/etc/cni/net.d - mountPath: /host/etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- mountPath: /host/var/log - mountPath: /host/var/log/aws-routed-eni
name: log-dir name: log-dir
- mountPath: /var/run/docker.sock - mountPath: /var/run/aws-node
name: dockersock name: run-dir
- mountPath: /var/run/dockershim.sock - mountPath: /var/run/dockershim.sock
name: dockershim name: dockershim
hostNetwork: true hostNetwork: true
initContainers:
- image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.0
imagePullPolicy: Always
name: aws-vpc-cni-init
resources: {}
securityContext:
privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts:
- mountPath: /host/opt/cni/bin
name: cni-bin-dir
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: aws-node serviceAccountName: aws-node
tolerations: tolerations:
@ -150,15 +198,17 @@ spec:
- hostPath: - hostPath:
path: /etc/cni/net.d path: /etc/cni/net.d
name: cni-net-dir name: cni-net-dir
- hostPath:
path: /var/log
name: log-dir
- hostPath:
path: /var/run/docker.sock
name: dockersock
- hostPath: - hostPath:
path: /var/run/dockershim.sock path: /var/run/dockershim.sock
name: dockershim name: dockershim
- hostPath:
path: /var/log/aws-routed-eni
type: DirectoryOrCreate
name: log-dir
- hostPath:
path: /var/run/aws-node
type: DirectoryOrCreate
name: run-dir
updateStrategy: updateStrategy:
rollingUpdate: rollingUpdate:
maxUnavailable: 10% maxUnavailable: 10%