kubernetes
/
kops
mirror of https://github.com/kubernetes/kops.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #10126 from hakman/aws-vpc-cni-reset 

Align AWS VPC CNI manifest with upstream
This commit is contained in:
Kubernetes Prow Robot 2020-10-28 05:23:56 -07:00 committed by GitHub
parent 5700af84ac 112221e354
commit fdc56efdff
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 504 additions and 480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

446
upup/models/bindata.go
View File

@ -4359,229 +4359,241 @@ func cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s112YamlTemplate() (*as
var _cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplate = []byte(`# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml var _cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplate = []byte(`# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml
--- ---
apiVersion: rbac.authorization.k8s.io/v1 "apiVersion": "rbac.authorization.k8s.io/v1"
kind: ClusterRole "kind": "ClusterRoleBinding"
metadata: "metadata":
name: aws-node "name": "aws-node"
rules: "roleRef":
- apiGroups: "apiGroup": "rbac.authorization.k8s.io"
- crd.k8s.amazonaws.com "kind": "ClusterRole"
resources: "name": "aws-node"
"subjects":
- "kind": "ServiceAccount"
"name": "aws-node"
"namespace": "kube-system"
---
"apiVersion": "rbac.authorization.k8s.io/v1"
"kind": "ClusterRole"
"metadata":
"name": "aws-node"
"rules":
- "apiGroups":
- "crd.k8s.amazonaws.com"
"resources":
- "eniconfigs"
"verbs":
- "get"
- "list"
- "watch"
- "apiGroups":
- ""
"resources":
- "pods"
- "namespaces"
"verbs":
- "list"
- "watch"
- "get"
- "apiGroups":
- ""
"resources":
- "nodes"
"verbs":
- "list"
- "watch"
- "get"
- "update"
- "apiGroups":
- "extensions"
- "apps"
"resources":
- "*" - "*"
verbs: "verbs":
- "*" - "list"
- apiGroups: [""] - "watch"
resources:
- pods
- namespaces
verbs: ["list", "watch", "get"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch", "get", "update"]
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
--- ---
apiVersion: v1 "apiVersion": "apiextensions.k8s.io/v1beta1"
kind: ServiceAccount "kind": "CustomResourceDefinition"
metadata: "metadata":
name: aws-node "name": "eniconfigs.crd.k8s.amazonaws.com"
namespace: kube-system "spec":
"group": "crd.k8s.amazonaws.com"
"names":
"kind": "ENIConfig"
"plural": "eniconfigs"
"singular": "eniconfig"
"scope": "Cluster"
"versions":
- "name": "v1alpha1"
"served": true
"storage": true
--- ---
apiVersion: rbac.authorization.k8s.io/v1 "apiVersion": "apps/v1"
kind: ClusterRoleBinding "kind": "DaemonSet"
metadata: "metadata":
name: aws-node "labels":
roleRef: "k8s-app": "aws-node"
apiGroup: rbac.authorization.k8s.io "name": "aws-node"
kind: ClusterRole "namespace": "kube-system"
name: aws-node "spec":
subjects: "selector":
- kind: ServiceAccount "matchLabels":
name: aws-node "k8s-app": "aws-node"
namespace: kube-system "template":
"metadata":
--- "labels":
apiVersion: apps/v1 "k8s-app": "aws-node"
kind: DaemonSet "spec":
metadata: "affinity":
labels: "nodeAffinity":
k8s-app: aws-node "requiredDuringSchedulingIgnoredDuringExecution":
name: aws-node "nodeSelectorTerms":
namespace: kube-system - "matchExpressions":
labels: - "key": "kubernetes.io/os"
k8s-app: aws-node "operator": "In"
spec: "values":
updateStrategy: - "linux"
type: RollingUpdate - "key": "kubernetes.io/arch"
rollingUpdate: "operator": "In"
maxUnavailable: "10%" "values":
selector: - "amd64"
matchLabels: - "arm64"
k8s-app: aws-node - "key": "eks.amazonaws.com/compute-type"
template: "operator": "NotIn"
metadata: "values":
labels: - "fargate"
k8s-app: aws-node "containers":
spec: - "env":
priorityClassName: system-node-critical - "name": "ADDITIONAL_ENI_TAGS"
affinity: "value": "{}"
nodeAffinity: - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT"
requiredDuringSchedulingIgnoredDuringExecution: "value": "true"
nodeSelectorTerms: - "name": "AWS_VPC_ENI_MTU"
- matchExpressions: "value": "9001"
- key: "kubernetes.io/os" - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER"
operator: In "value": "false"
values: - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG"
- linux "value": "false"
- key: "kubernetes.io/arch" - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT"
operator: In "value": "false"
values: - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
- amd64 "value": "DEBUG"
- arm64 - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
- key: "eks.amazonaws.com/compute-type" "value": "/host/var/log/aws-routed-eni/ipamd.log"
operator: NotIn - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT"
values: "value": "prng"
- fargate - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
serviceAccountName: aws-node "value": "eni"
hostNetwork: true - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE"
tolerations: "value": "/var/log/aws-routed-eni/plugin.log"
- operator: Exists - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL"
containers: "value": "DEBUG"
- image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.5" }}" - "name": "DISABLE_INTROSPECTION"
imagePullPolicy: Always "value": "false"
ports: - "name": "DISABLE_METRICS"
- containerPort: 61678 "value": "false"
name: metrics - "name": "ENABLE_POD_ENI"
name: aws-node "value": "false"
readinessProbe: - "name": "MY_NODE_NAME"
exec: "valueFrom":
command: ["/app/grpc-health-probe", "-addr=:50051"] "fieldRef":
initialDelaySeconds: 1 "fieldPath": "spec.nodeName"
livenessProbe: - "name": "WARM_ENI_TARGET"
exec: "value": "1"
command: ["/app/grpc-health-probe", "-addr=:50051"] - "name": "CLUSTER_NAME"
initialDelaySeconds: 60 "value": "{{ ClusterName }}"
env:
- name: CLUSTER_NAME
value: {{ ClusterName }}
- name: ADDITIONAL_ENI_TAGS
value: '{}'
- name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: "true"
- name: AWS_VPC_ENI_MTU
value: "9001"
- name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER
value: "false"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: ENABLE_POD_ENI
value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: WARM_ENI_TARGET
value: "1"
{{- range .Networking.AmazonVPC.Env }} {{- range .Networking.AmazonVPC.Env }}
- name: {{ .Name }} - "name": "{{ .Name }}"
value: "{{ .Value }}" "value": "{{ .Value }}"
{{- end }} {{- end }}
resources: "image": "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.5" }}"
requests: "imagePullPolicy": "Always"
cpu: 10m "livenessProbe":
securityContext: "exec":
capabilities: "command":
add: - "/app/grpc-health-probe"
- NET_ADMIN - "-addr=:50051"
volumeMounts: "initialDelaySeconds": 60
- mountPath: /host/opt/cni/bin "name": "aws-node"
name: cni-bin-dir "ports":
- mountPath: /host/etc/cni/net.d - "containerPort": 61678
name: cni-net-dir "name": "metrics"
- mountPath: /host/var/log/aws-routed-eni "readinessProbe":
name: log-dir "exec":
- mountPath: /var/run/aws-node "command":
name: run-dir - "/app/grpc-health-probe"
- mountPath: /var/run/dockershim.sock - "-addr=:50051"
name: dockershim "initialDelaySeconds": 1
- mountPath: /run/xtables.lock "resources":
name: xtables-lock "requests":
initContainers: "cpu": "10m"
- env: "securityContext":
- name: DISABLE_TCP_EARLY_DEMUX "capabilities":
value: "false" "add":
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5 - "NET_ADMIN"
imagePullPolicy: Always "volumeMounts":
name: aws-vpc-cni-init - "mountPath": "/host/opt/cni/bin"
resources: {} "name": "cni-bin-dir"
securityContext: - "mountPath": "/host/etc/cni/net.d"
privileged: true "name": "cni-net-dir"
terminationMessagePath: /dev/termination-log - "mountPath": "/host/var/log/aws-routed-eni"
terminationMessagePolicy: File "name": "log-dir"
volumeMounts: - "mountPath": "/var/run/aws-node"
- mountPath: /host/opt/cni/bin "name": "run-dir"
name: cni-bin-dir - "mountPath": "/var/run/dockershim.sock"
volumes: "name": "dockershim"
- hostPath: - "mountPath": "/run/xtables.lock"
path: /opt/cni/bin "name": "xtables-lock"
name: cni-bin-dir "hostNetwork": true
- hostPath: "initContainers":
path: /etc/cni/net.d - "env":
name: cni-net-dir - "name": "DISABLE_TCP_EARLY_DEMUX"
- hostPath: "value": "false"
path: /var/run/dockershim.sock "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5"
name: dockershim "imagePullPolicy": "Always"
- hostPath: "name": "aws-vpc-cni-init"
path: /run/xtables.lock "securityContext":
name: xtables-lock "privileged": true
- hostPath: "volumeMounts":
path: /var/log/aws-routed-eni - "mountPath": "/host/opt/cni/bin"
type: DirectoryOrCreate "name": "cni-bin-dir"
name: log-dir "priorityClassName": "system-node-critical"
- hostPath: "serviceAccountName": "aws-node"
path: /var/run/aws-node "terminationGracePeriodSeconds": 10
type: DirectoryOrCreate "tolerations":
name: run-dir - "operator": "Exists"
"volumes":
- "hostPath":
"path": "/opt/cni/bin"
"name": "cni-bin-dir"
- "hostPath":
"path": "/etc/cni/net.d"
"name": "cni-net-dir"
- "hostPath":
"path": "/var/run/dockershim.sock"
"name": "dockershim"
- "hostPath":
"path": "/run/xtables.lock"
"name": "xtables-lock"
- "hostPath":
"path": "/var/log/aws-routed-eni"
"type": "DirectoryOrCreate"
"name": "log-dir"
- "hostPath":
"path": "/var/run/aws-node"
"type": "DirectoryOrCreate"
"name": "run-dir"
"updateStrategy":
"rollingUpdate":
"maxUnavailable": "10%"
"type": "RollingUpdate"
--- ---
apiVersion: apiextensions.k8s.io/v1beta1 "apiVersion": "v1"
kind: CustomResourceDefinition "kind": "ServiceAccount"
metadata: "metadata":
name: eniconfigs.crd.k8s.amazonaws.com "name": "aws-node"
spec: "namespace": "kube-system"
scope: Cluster ...
group: crd.k8s.amazonaws.com
versions:
- name: v1alpha1
served: true
storage: true
names:
plural: eniconfigs
singular: eniconfig
kind: ENIConfig
`) `)
func cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplateBytes() ([]byte, error) { func cloudupResourcesAddonsNetworkingAmazonVpcRoutedEniK8s116YamlTemplateBytes() ([]byte, error) {

446
upup/models/cloudup/resources/addons/networking.amazon-vpc-routed-eni/k8s-1.16.yaml.template
View File

@ -1,226 +1,238 @@
# Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml # Vendored from https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.7/config/v1.7/aws-k8s-cni.yaml
--- ---
apiVersion: rbac.authorization.k8s.io/v1 "apiVersion": "rbac.authorization.k8s.io/v1"
kind: ClusterRole "kind": "ClusterRoleBinding"
metadata: "metadata":
name: aws-node "name": "aws-node"
rules: "roleRef":
- apiGroups: "apiGroup": "rbac.authorization.k8s.io"
- crd.k8s.amazonaws.com "kind": "ClusterRole"
resources: "name": "aws-node"
"subjects":
- "kind": "ServiceAccount"
"name": "aws-node"
"namespace": "kube-system"
---
"apiVersion": "rbac.authorization.k8s.io/v1"
"kind": "ClusterRole"
"metadata":
"name": "aws-node"
"rules":
- "apiGroups":
- "crd.k8s.amazonaws.com"
"resources":
- "eniconfigs"
"verbs":
- "get"
- "list"
- "watch"
- "apiGroups":
- ""
"resources":
- "pods"
- "namespaces"
"verbs":
- "list"
- "watch"
- "get"
- "apiGroups":
- ""
"resources":
- "nodes"
"verbs":
- "list"
- "watch"
- "get"
- "update"
- "apiGroups":
- "extensions"
- "apps"
"resources":
- "*" - "*"
verbs: "verbs":
- "*" - "list"
- apiGroups: [""] - "watch"
resources:
- pods
- namespaces
verbs: ["list", "watch", "get"]
- apiGroups: [""]
resources:
- nodes
verbs: ["list", "watch", "get", "update"]
- apiGroups: ["extensions", "apps"]
resources:
- daemonsets
verbs: ["list", "watch"]
--- ---
apiVersion: v1 "apiVersion": "apiextensions.k8s.io/v1beta1"
kind: ServiceAccount "kind": "CustomResourceDefinition"
metadata: "metadata":
name: aws-node "name": "eniconfigs.crd.k8s.amazonaws.com"
namespace: kube-system "spec":
"group": "crd.k8s.amazonaws.com"
"names":
"kind": "ENIConfig"
"plural": "eniconfigs"
"singular": "eniconfig"
"scope": "Cluster"
"versions":
- "name": "v1alpha1"
"served": true
"storage": true
--- ---
apiVersion: rbac.authorization.k8s.io/v1 "apiVersion": "apps/v1"
kind: ClusterRoleBinding "kind": "DaemonSet"
metadata: "metadata":
name: aws-node "labels":
roleRef: "k8s-app": "aws-node"
apiGroup: rbac.authorization.k8s.io "name": "aws-node"
kind: ClusterRole "namespace": "kube-system"
name: aws-node "spec":
subjects: "selector":
- kind: ServiceAccount "matchLabels":
name: aws-node "k8s-app": "aws-node"
namespace: kube-system "template":
"metadata":
--- "labels":
apiVersion: apps/v1 "k8s-app": "aws-node"
kind: DaemonSet "spec":
metadata: "affinity":
labels: "nodeAffinity":
k8s-app: aws-node "requiredDuringSchedulingIgnoredDuringExecution":
name: aws-node "nodeSelectorTerms":
namespace: kube-system - "matchExpressions":
labels: - "key": "kubernetes.io/os"
k8s-app: aws-node "operator": "In"
spec: "values":
updateStrategy: - "linux"
type: RollingUpdate - "key": "kubernetes.io/arch"
rollingUpdate: "operator": "In"
maxUnavailable: "10%" "values":
selector: - "amd64"
matchLabels: - "arm64"
k8s-app: aws-node - "key": "eks.amazonaws.com/compute-type"
template: "operator": "NotIn"
metadata: "values":
labels: - "fargate"
k8s-app: aws-node "containers":
spec: - "env":
priorityClassName: system-node-critical - "name": "ADDITIONAL_ENI_TAGS"
affinity: "value": "{}"
nodeAffinity: - "name": "AWS_VPC_CNI_NODE_PORT_SUPPORT"
requiredDuringSchedulingIgnoredDuringExecution: "value": "true"
nodeSelectorTerms: - "name": "AWS_VPC_ENI_MTU"
- matchExpressions: "value": "9001"
- key: "kubernetes.io/os" - "name": "AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER"
operator: In "value": "false"
values: - "name": "AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG"
- linux "value": "false"
- key: "kubernetes.io/arch" - "name": "AWS_VPC_K8S_CNI_EXTERNALSNAT"
operator: In "value": "false"
values: - "name": "AWS_VPC_K8S_CNI_LOGLEVEL"
- amd64 "value": "DEBUG"
- arm64 - "name": "AWS_VPC_K8S_CNI_LOG_FILE"
- key: "eks.amazonaws.com/compute-type" "value": "/host/var/log/aws-routed-eni/ipamd.log"
operator: NotIn - "name": "AWS_VPC_K8S_CNI_RANDOMIZESNAT"
values: "value": "prng"
- fargate - "name": "AWS_VPC_K8S_CNI_VETHPREFIX"
serviceAccountName: aws-node "value": "eni"
hostNetwork: true - "name": "AWS_VPC_K8S_PLUGIN_LOG_FILE"
tolerations: "value": "/var/log/aws-routed-eni/plugin.log"
- operator: Exists - "name": "AWS_VPC_K8S_PLUGIN_LOG_LEVEL"
containers: "value": "DEBUG"
- image: "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.5" }}" - "name": "DISABLE_INTROSPECTION"
imagePullPolicy: Always "value": "false"
ports: - "name": "DISABLE_METRICS"
- containerPort: 61678 "value": "false"
name: metrics - "name": "ENABLE_POD_ENI"
name: aws-node "value": "false"
readinessProbe: - "name": "MY_NODE_NAME"
exec: "valueFrom":
command: ["/app/grpc-health-probe", "-addr=:50051"] "fieldRef":
initialDelaySeconds: 1 "fieldPath": "spec.nodeName"
livenessProbe: - "name": "WARM_ENI_TARGET"
exec: "value": "1"
command: ["/app/grpc-health-probe", "-addr=:50051"] - "name": "CLUSTER_NAME"
initialDelaySeconds: 60 "value": "{{ ClusterName }}"
env:
- name: CLUSTER_NAME
value: {{ ClusterName }}
- name: ADDITIONAL_ENI_TAGS
value: '{}'
- name: AWS_VPC_CNI_NODE_PORT_SUPPORT
value: "true"
- name: AWS_VPC_ENI_MTU
value: "9001"
- name: AWS_VPC_K8S_CNI_CONFIGURE_RPFILTER
value: "false"
- name: AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG
value: "false"
- name: AWS_VPC_K8S_CNI_EXTERNALSNAT
value: "false"
- name: AWS_VPC_K8S_CNI_LOGLEVEL
value: DEBUG
- name: AWS_VPC_K8S_CNI_LOG_FILE
value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
value: DEBUG
- name: DISABLE_INTROSPECTION
value: "false"
- name: DISABLE_METRICS
value: "false"
- name: ENABLE_POD_ENI
value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME
valueFrom:
fieldRef:
fieldPath: spec.nodeName
- name: WARM_ENI_TARGET
value: "1"
{{- range .Networking.AmazonVPC.Env }} {{- range .Networking.AmazonVPC.Env }}
- name: {{ .Name }} - "name": "{{ .Name }}"
value: "{{ .Value }}" "value": "{{ .Value }}"
{{- end }} {{- end }}
resources: "image": "{{- or .Networking.AmazonVPC.ImageName "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.7.5" }}"
requests: "imagePullPolicy": "Always"
cpu: 10m "livenessProbe":
securityContext: "exec":
capabilities: "command":
add: - "/app/grpc-health-probe"
- NET_ADMIN - "-addr=:50051"
volumeMounts: "initialDelaySeconds": 60
- mountPath: /host/opt/cni/bin "name": "aws-node"
name: cni-bin-dir "ports":
- mountPath: /host/etc/cni/net.d - "containerPort": 61678
name: cni-net-dir "name": "metrics"
- mountPath: /host/var/log/aws-routed-eni "readinessProbe":
name: log-dir "exec":
- mountPath: /var/run/aws-node "command":
name: run-dir - "/app/grpc-health-probe"
- mountPath: /var/run/dockershim.sock - "-addr=:50051"
name: dockershim "initialDelaySeconds": 1
- mountPath: /run/xtables.lock "resources":
name: xtables-lock "requests":
initContainers: "cpu": "10m"
- env: "securityContext":
- name: DISABLE_TCP_EARLY_DEMUX "capabilities":
value: "false" "add":
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5 - "NET_ADMIN"
imagePullPolicy: Always "volumeMounts":
name: aws-vpc-cni-init - "mountPath": "/host/opt/cni/bin"
resources: {} "name": "cni-bin-dir"
securityContext: - "mountPath": "/host/etc/cni/net.d"
privileged: true "name": "cni-net-dir"
terminationMessagePath: /dev/termination-log - "mountPath": "/host/var/log/aws-routed-eni"
terminationMessagePolicy: File "name": "log-dir"
volumeMounts: - "mountPath": "/var/run/aws-node"
- mountPath: /host/opt/cni/bin "name": "run-dir"
name: cni-bin-dir - "mountPath": "/var/run/dockershim.sock"
volumes: "name": "dockershim"
- hostPath: - "mountPath": "/run/xtables.lock"
path: /opt/cni/bin "name": "xtables-lock"
name: cni-bin-dir "hostNetwork": true
- hostPath: "initContainers":
path: /etc/cni/net.d - "env":
name: cni-net-dir - "name": "DISABLE_TCP_EARLY_DEMUX"
- hostPath: "value": "false"
path: /var/run/dockershim.sock "image": "602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5"
name: dockershim "imagePullPolicy": "Always"
- hostPath: "name": "aws-vpc-cni-init"
path: /run/xtables.lock "securityContext":
name: xtables-lock "privileged": true
- hostPath: "volumeMounts":
path: /var/log/aws-routed-eni - "mountPath": "/host/opt/cni/bin"
type: DirectoryOrCreate "name": "cni-bin-dir"
name: log-dir "priorityClassName": "system-node-critical"
- hostPath: "serviceAccountName": "aws-node"
path: /var/run/aws-node "terminationGracePeriodSeconds": 10
type: DirectoryOrCreate "tolerations":
name: run-dir - "operator": "Exists"
"volumes":
- "hostPath":
"path": "/opt/cni/bin"
"name": "cni-bin-dir"
- "hostPath":
"path": "/etc/cni/net.d"
"name": "cni-net-dir"
- "hostPath":
"path": "/var/run/dockershim.sock"
"name": "dockershim"
- "hostPath":
"path": "/run/xtables.lock"
"name": "xtables-lock"
- "hostPath":
"path": "/var/log/aws-routed-eni"
"type": "DirectoryOrCreate"
"name": "log-dir"
- "hostPath":
"path": "/var/run/aws-node"
"type": "DirectoryOrCreate"
"name": "run-dir"
"updateStrategy":
"rollingUpdate":
"maxUnavailable": "10%"
"type": "RollingUpdate"
--- ---
apiVersion: apiextensions.k8s.io/v1beta1 "apiVersion": "v1"
kind: CustomResourceDefinition "kind": "ServiceAccount"
metadata: "metadata":
name: eniconfigs.crd.k8s.amazonaws.com "name": "aws-node"
spec: "namespace": "kube-system"
scope: Cluster ...
group: crd.k8s.amazonaws.com
versions:
- name: v1alpha1
served: true
storage: true
names:
plural: eniconfigs
singular: eniconfig
kind: ENIConfig

2
upup/pkg/fi/cloudup/bootstrapchannelbuilder.go
View File

@ -1024,7 +1024,7 @@ func (b *BootstrapChannelBuilder) buildAddons(c *fi.ModelBuilderContext) (*chann
versions := map[string]string{ versions := map[string]string{
"k8s-1.10": "1.5.0-kops.2", "k8s-1.10": "1.5.0-kops.2",
"k8s-1.12": "1.5.5-kops.1", "k8s-1.12": "1.5.5-kops.1",
"k8s-1.16": "1.6.0-kops.1", "k8s-1.16": "1.7.5-kops.1",
} }
{ {

4
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/manifest.yaml
View File

@ -105,8 +105,8 @@ spec:
- id: k8s-1.16 - id: k8s-1.16
kubernetesVersion: '>=1.16.0' kubernetesVersion: '>=1.16.0'
manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml manifest: networking.amazon-vpc-routed-eni/k8s-1.16.yaml
manifestHash: c5ef06e0be88bdb1292b63b08eeea836ad2837bd manifestHash: fc0f1dd17944bfaca32ccf58163bf7db8099abfc
name: networking.amazon-vpc-routed-eni name: networking.amazon-vpc-routed-eni
selector: selector:
role.kubernetes.io/networking: "1" role.kubernetes.io/networking: "1"
version: 1.6.0-kops.1 version: 1.7.5-kops.1

86
upup/pkg/fi/cloudup/tests/bootstrapchannelbuilder/amazonvpc/networking.amazon-vpc-routed-eni-k8s-1.16.yaml
View File

@ -1,3 +1,18 @@
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRoleBinding
metadata:
name: aws-node
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: ClusterRole
name: aws-node
subjects:
- kind: ServiceAccount
name: aws-node
namespace: kube-system
---
apiVersion: rbac.authorization.k8s.io/v1 apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole kind: ClusterRole
metadata: metadata:
@ -6,9 +21,11 @@ rules:
- apiGroups: - apiGroups:
- crd.k8s.amazonaws.com - crd.k8s.amazonaws.com
resources: resources:
- '*' - eniconfigs
verbs: verbs:
- '*' - get
- list
- watch
- apiGroups: - apiGroups:
- "" - ""
resources: resources:
@ -31,33 +48,28 @@ rules:
- extensions - extensions
- apps - apps
resources: resources:
- daemonsets - '*'
verbs: verbs:
- list - list
- watch - watch
--- ---
apiVersion: v1 apiVersion: apiextensions.k8s.io/v1beta1
kind: ServiceAccount kind: CustomResourceDefinition
metadata: metadata:
name: aws-node name: eniconfigs.crd.k8s.amazonaws.com
namespace: kube-system spec:
group: crd.k8s.amazonaws.com
--- names:
kind: ENIConfig
apiVersion: rbac.authorization.k8s.io/v1 plural: eniconfigs
kind: ClusterRoleBinding singular: eniconfig
metadata: scope: Cluster
name: aws-node versions:
roleRef: - name: v1alpha1
apiGroup: rbac.authorization.k8s.io served: true
kind: ClusterRole storage: true
name: aws-node
subjects:
- kind: ServiceAccount
name: aws-node
namespace: kube-system
--- ---
@ -97,8 +109,6 @@ spec:
- fargate - fargate
containers: containers:
- env: - env:
- name: CLUSTER_NAME
value: minimal.example.com
- name: ADDITIONAL_ENI_TAGS - name: ADDITIONAL_ENI_TAGS
value: '{}' value: '{}'
- name: AWS_VPC_CNI_NODE_PORT_SUPPORT - name: AWS_VPC_CNI_NODE_PORT_SUPPORT
@ -117,6 +127,8 @@ spec:
value: /host/var/log/aws-routed-eni/ipamd.log value: /host/var/log/aws-routed-eni/ipamd.log
- name: AWS_VPC_K8S_CNI_RANDOMIZESNAT - name: AWS_VPC_K8S_CNI_RANDOMIZESNAT
value: prng value: prng
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: AWS_VPC_K8S_PLUGIN_LOG_FILE - name: AWS_VPC_K8S_PLUGIN_LOG_FILE
value: /var/log/aws-routed-eni/plugin.log value: /var/log/aws-routed-eni/plugin.log
- name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL - name: AWS_VPC_K8S_PLUGIN_LOG_LEVEL
@ -127,14 +139,14 @@ spec:
value: "false" value: "false"
- name: ENABLE_POD_ENI - name: ENABLE_POD_ENI
value: "false" value: "false"
- name: AWS_VPC_K8S_CNI_VETHPREFIX
value: eni
- name: MY_NODE_NAME - name: MY_NODE_NAME
valueFrom: valueFrom:
fieldRef: fieldRef:
fieldPath: spec.nodeName fieldPath: spec.nodeName
- name: WARM_ENI_TARGET - name: WARM_ENI_TARGET
value: "1" value: "1"
- name: CLUSTER_NAME
value: minimal.example.com
- name: WARM_IP_TARGET - name: WARM_IP_TARGET
value: "10" value: "10"
- name: AWS_VPC_K8S_CNI_LOGLEVEL - name: AWS_VPC_K8S_CNI_LOGLEVEL
@ -185,16 +197,14 @@ spec:
image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5 image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.7.5
imagePullPolicy: Always imagePullPolicy: Always
name: aws-vpc-cni-init name: aws-vpc-cni-init
resources: {}
securityContext: securityContext:
privileged: true privileged: true
terminationMessagePath: /dev/termination-log
terminationMessagePolicy: File
volumeMounts: volumeMounts:
- mountPath: /host/opt/cni/bin - mountPath: /host/opt/cni/bin
name: cni-bin-dir name: cni-bin-dir
priorityClassName: system-node-critical priorityClassName: system-node-critical
serviceAccountName: aws-node serviceAccountName: aws-node
terminationGracePeriodSeconds: 10
tolerations: tolerations:
- operator: Exists - operator: Exists
volumes: volumes:
@ -225,18 +235,8 @@ spec:
--- ---
apiVersion: apiextensions.k8s.io/v1beta1 apiVersion: v1
kind: CustomResourceDefinition kind: ServiceAccount
metadata: metadata:
name: eniconfigs.crd.k8s.amazonaws.com name: aws-node
spec: namespace: kube-system
group: crd.k8s.amazonaws.com
names:
kind: ENIConfig
plural: eniconfigs
singular: eniconfig
scope: Cluster
versions:
- name: v1alpha1
served: true
storage: true