This is a patch release to address issue #1241 where the CNI will fail to start on kernels older than 4.6.
The issue is caused by the init container assuming that the net.ipv4.tcp_early_demux key will be present. The early TCP demux change that breaks TCP connections from kubelet to pods using per pod security groups was added in kernel 3.6, but the flag to disable it was not added until 4.6. This means using TCP health checks for per pod security groups requires at least Linux kernel 4.6.
Changes since v1.7.3
If you want to apply this config to one of your clusters:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/aws-k8s-cni.yaml
Verify the update:
kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2
amazon-k8s-cni-init:v1.7.4
amazon-k8s-cni:v1.7.4
To use version v1.7.4 of the cni-metrics-helper in a cluster:
kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/cni-metrics-helper.yaml