v1.16.0
Release Notes
- The VPC CNI now uses CNI spec 1.0.0: https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.16.0/misc/10-aws.conflist
- With VPC CNI v1.16.0, Security Groups for Pods is now supported on IPv6 clusters.
- One caveat to be aware of compared to IPv4 is that ICMPv6 Neighbor Discovery must be allowed in EC2 security groups in order for pods to properly resolve IPv6 addresses to MAC addresses.
Changes since v1.15.5
- Bug - check if ipv4Addr or ipv6Addr is empty before calling AnnotatePod() (@zachdorame )
- Bug - Fix enabling of Metrics and Introspection Endpoint (@jdn5126 )
- Cleanup - swicth grpc deprecated method to new method (@Icarus9913 )
- Cleanup - swicth k8s deprecated method to new method (@Icarus9913 )
- Dependency - Update golang.org/x/crypto to v0.17.0 (@jdn5126 )
- Dependency - Bump github.com/containerd/containerd from 1.7.6 to 1.7.11 (@dependabot )
- Dependency - Update upstream CNI plugins to v1.4.0 (@jdn5126 )
- Documentation - Remove hard-coded comment for primary intf (@jdn5126 )
- Documentation - Fix Infof/Debugf/Errors to use correct function names (@dims )
- Feature - Add parameters for tuning revisionHistory and securityContext (@bodgit )
- Feature - Manifest for Multus 4.0.2 thick plugin support (@jdn5126 )
- Feature - IPv6 Security Groups for Pods Support (@jdn5126 )
- Feature - Prometheus metrics scraping from CNI metrics helper (@jayanthvn )
- Improvement - add instance types (@jchen6585 )
- Improvement - Update CHANGELOG, charts, and manifests for v1.15.5 release; update aws-vpc-cni ConfigMap default settings (@jdn5126 )
- Improvement - adding feature flags to configmap charts (@haouc )
- Improvement - No need to set accept_ra or accept_redirects for non-primary interfaces (@jdn5126 )
- Improvement - Simplify IPv6 Gateway Calculation (@jdn5126 )
To manually apply this release:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni.yaml
Note that the following regions use different manifests:
us-gov-east-1:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni-us-gov-east-1.yaml
us-gov-west-1:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni-us-gov-west-1.yaml
cn:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.16.0/config/master/aws-k8s-cni-cn.yaml
To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.16.0/charts/aws-vpc-cni/README.md#installing-the-chart
Verify the update:
$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3
amazon-k8s-cni-init:v1.16.0
amazon-k8s-cni:v1.16.0
amazon/aws-network-policy-agent:v1.0.7