github aws/amazon-vpc-cni-k8s v1.21.2
on GitHub

6 hours ago

What's Changed

  • Amazon VPC CNI now propagates the EC2 security group idle connection tracking timeout settings from the instance's primary ENI to all secondary ENIs it creates, ensuring consistent connection tracking behavior across all network interfaces. To customize these settings on the primary ENI, use a custom launch template to configure the desired connection tracking timeout values.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts

Features

  • Replicate primary ENI connection tracking settings to secondary ENIs (#3666, @jaydeokar)
  • Add support for extra volume mounts in aws-vpc-cni-init container (#3633, @phbergsmann)
  • Add conntrack-cache-table-size to helm chart (#3617, @viveksb007)

Bug Fixes

  • Fix panic in air-gapped regions: use awshttp.BuildableClient instead of *http.Client for AWS SDK HTTP client (#3672, @haouc)
  • Add HTTP request timeout (10s) to AWS SDK clients to prevent indefinite hangs (#3649, @haouc)
  • Fix nil pointer panic in PodLogs when Stream fails (#3671, @haouc)
  • Fix missing timeout in DescribeNetworkInterfaces call (#3644, @cdirubbio)
  • Fix context cancellation with DescribeNetworkInterfaces timeout (#3644, @cdirubbio)
  • Fix IMDS resource leak (#3617, @viveksb007)
  • Restore clobbered context in pkg/publisher (#3595, @alrs)
  • Fix dropped error in pkg/networkutils (#3595, @alrs)
  • Fix address issue #3620 (#3646, @gabrnavarro)
  • Add userAgent to AWS API calls (#3556, @cdirubbio)
  • Fix image pull policy in helm chart (#3570, @OlTrenin)

Improvements

  • Enhance logging in ipamd (#3561, @supreeet)
  • Improve custom networking integration tests (#3668, @yash97)
  • Improve TestNew_SetsHTTPClientTimeout to assert timeout is set (#3670, @haouc)
  • Build images in separate arch runner (@yash97)
  • Pick up EKS CVE patched container plugin binaries for internal builds (#3571, @jupdec)
  • Bundle internal binaries when available and add integration test cases (#3627, @jupdec)

Full Changelog: v1.21.1...v1.21.2

To manually apply this release: 

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1: 

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1: 

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn: 

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/release-1.21/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/release-1.21/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update: 

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.21.2
amazon-k8s-cni:v1.21.2
amazon/aws-network-policy-agent:v1.3.5
Check out latest releases or
releases around aws/amazon-vpc-cni-k8s v1.21.2

Don't miss a new amazon-vpc-cni-k8s release

NewReleases is sending notifications on new releases.

Get notifications