Merge branch 'master' into update_package_versions

.github/workflows/pr-automated-tests.yaml

@@ -42,6 +42,17 @@ jobs:
     steps:
       - name: Checkout latest commit in the PR
         uses: actions/checkout@v3
+      - name: Set up AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          role-to-assume: ${{ secrets.OSS_TEST_ROLE_ARN }}
+          role-duration-seconds: 14400 # 4 hours
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+      - name: Login to Amazon ECR Public
+        id: login-ecr-public
+        uses: aws-actions/amazon-ecr-login@v1
+        with:
+          registry-type: public
       - name: Set up QEMU
         uses: docker/setup-qemu-action@v2
       - name: Set up Docker Buildx

charts/aws-vpc-cni/README.md

@@ -91,7 +91,6 @@ WARNING: Substitute YOUR_HELM_RELEASE_NAME_HERE with the name of your helm relea
 
 set -euo pipefail
 
-# don't import the crd. Helm cant manage the lifecycle of it anyway.
 for kind in daemonSet clusterRole clusterRoleBinding serviceAccount; do
   echo "setting annotations and labels on $kind/aws-node"
   kubectl -n kube-system annotate --overwrite $kind aws-node meta.helm.sh/release-name=YOUR_HELM_RELEASE_NAME_HERE

charts/aws-vpc-cni/templates/clusterrole.yaml

@@ -28,7 +28,7 @@ rules:
   - apiGroups: [""]
     resources:
       - nodes
-    verbs: ["list", "watch", "get", "update"]
+    verbs: ["list", "watch", "get"]
   - apiGroups: ["extensions"]
     resources:
       - '*'

charts/aws-vpc-cni/templates/daemonset.yaml

@@ -91,8 +91,8 @@ spec:
           - mountPath: /host/etc/cni/net.d
             name: cni-net-dir
 {{- if .Values.cniConfig.enabled }}
-            # the dockerfile copies the baked in config to this location, lets overwrite it with ours
-            # the entrypoint.sh script will then copy our config to /host/etc/cni/net.d on boot
+            # The dockerfile copies the baked in config to this location, so overwrite it with ours.
+            # The entrypoint process will then copy our config to /host/etc/cni/net.d on boot.
           - name: cni-config
             mountPath: /app/10-aws.conflist
             subPath: 10-aws.conflist

charts/cni-metrics-helper/Chart.yaml

@@ -1,23 +1,19 @@
 apiVersion: v2
 name: cni-metrics-helper
-description: A Helm chart for Kubernetes
-
-# A chart can be either an 'application' or a 'library' chart.
-#
-# Application charts are a collection of templates that can be packaged into versioned archives
-# to be deployed.
-#
-# Library charts provide useful utilities or functions for the chart developer. They're included as
-# a dependency of application charts to inject those utilities and functions into the rendering
-# pipeline. Library charts do not define any templates and therefore cannot be deployed.
-type: application
-
-# This is the chart version. This version number should be incremented each time you make changes
-# to the chart and its templates, including the app version.
-# Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.14
-
-# This is the version number of the application being deployed. This version number should be
-# incremented each time you make changes to the application. Versions are not expected to
-# follow Semantic Versioning. They should reflect the version the application is using.
+version: 0.1.15
 appVersion: v1.12.1
+description: A Helm chart for the AWS VPC CNI Metrics Helper
+icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
+home: https://github.com/aws/amazon-vpc-cni-k8s
+sources:
+  - https://github.com/aws/amazon-vpc-cni-k8s
+keywords:
+  - eks
+  - cni
+  - networking
+  - vpc
+maintainers:
+  - name: Jayanth Varavani
+    url: https://github.com/jayanthvn
+    email: jayanthvn@users.noreply.github.com
+engine: gotpl

charts/cni-metrics-helper/README.md

@@ -9,15 +9,34 @@ This chart provides a Kubernetes deployment for the Amazon VPC CNI Metrics Helpe
 
 ## Installing the Chart
 
-Clone the Amazon VPC CNI for Kubernetes repository to your local machine.
+First add the EKS repository to Helm:
+
+```shell
+helm repo add eks https://aws.github.io/eks-charts
+```
+
+To install the chart with the release name `cni-metrics-helper` and default configuration:
+
+```shell
+$ helm install cni-metrics-helper --namespace kube-system eks/cni-metrics-helper
+```
+
+To install manually, clone the Amazon VPC CNI for Kubernetes repository to your local machine:
 
 ```shell
 $ git clone https://github.com/aws/amazon-vpc-cni-k8s.git
 ```
-Use the helm install command to install the chart into your Kubernetes cluster
+
+Use the helm install command to install the chart into your Kubernetes cluster:
 
 ```shell
-$ helm install cni-metrics-helper ./amazon-vpc-cni-k8s/charts/cni-metrics-helper
+$ helm install cni-metrics-helper --namespace kube-system ./charts/cni-metrics-helper
+```
+
+To uninstall:
+
+```shell
+$ helm uninstall cni-metrics-helper --namespace kube-system
 ```
 
 ## Configuration
@@ -33,17 +52,21 @@ The following table lists the configurable parameters for this chart and their d
 | image.domain               | ECR repository domain                                         | amazonaws.com      |
 | env.USE_CLOUDWATCH         | Whether to export CNI metrics to CloudWatch                   | true               |
 | env.AWS_CLUSTER_ID         | ID of the cluster to use when exporting metrics to CloudWatch | default            |
-| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds Metrics are published to CloudWatch at 2*METRIC_UPDATE_INTERVAL   | 30                 |
+| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds.   |                    |
+|                            | Metrics are published to CloudWatch at 2x the interval        | 30                 |
 | serviceAccount.name        | The name of the ServiceAccount to use                         | nil                |
 | serviceAccount.create      | Specifies whether a ServiceAccount should be created          | true               |
 | serviceAccount.annotations | Specifies the annotations for ServiceAccount                  | {}                 |
 
-
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters:
 
 ```shell
-$ helm install my-release ./amazon-vpc-cni-k8s/charts/cni-metrics-helper --set useCloudwatch=false --values values.yaml
+$ helm install cni-metrics-handler --namespace kube-system eks/cni-metrics-handler --values values.yaml
+```
 
+Manual install:
+```shell
+$ helm install cni-metrics-helper --namespace kube-system ./charts/cni-metrics-helper --values values.yaml
 ```
 
 ## Resources
@@ -52,9 +75,8 @@ $ helm install my-release ./amazon-vpc-cni-k8s/charts/cni-metrics-helper --set u
 |---------------------------|------------------------------------------------|---------|
 |    resources              | Resources for the pods.                        |   `{}`  |
 
-
-for example, to set a CPU limit of 200m and a memory limit of 256Mi for the cni-metrics-helper pods, you can use the following command:
+For example, to set a CPU limit of 200m and a memory limit of 256Mi for the cni-metrics-helper pods, you can use the following command:
 
 ```shell
-$ helm install my-release ./amazon-vpc-cni-k8s/charts/cni-metrics-helper --set resources.limits.cpu=200m,resources.limits.memory=256Mi
+$ helm install cni-metrics-helper ./charts/cni-metrics-helper --namespace kube-system --set resources.limits.cpu=200m,resources.limits.memory=256Mi
 ```

cmd/aws-k8s-agent/main.go

@@ -59,7 +59,7 @@ func _main() int {
 		return 1
 	}
 
-	eventrecorder.InitEventRecorder(rawK8SClient)
+	eventrecorder.New(rawK8SClient, cacheK8SClient)
 
 	ipamContext, err := ipamd.New(rawK8SClient, cacheK8SClient)
 	if err != nil {

pkg/awsutils/awsutils.go

@@ -248,6 +248,8 @@ type EC2InstanceMetadataCache struct {
 
 	imds   TypedIMDS
 	ec2SVC ec2wrapper.EC2
+
+	eventRecorder *eventrecorder.EventRecorder
 }
 
 // ENIMetadata contains information about an ENI
@@ -394,7 +396,7 @@ func (i instrumentedIMDS) GetMetadataWithContext(ctx context.Context, p string)
 }
 
 // New creates an EC2InstanceMetadataCache
-func New(useCustomNetworking, disableENIProvisioning, v4Enabled, v6Enabled bool) (*EC2InstanceMetadataCache, error) {
+func New(useCustomNetworking, disableENIProvisioning, v4Enabled, v6Enabled bool, eventRecorder *eventrecorder.EventRecorder) (*EC2InstanceMetadataCache, error) {
 	//ctx is passed to initWithEC2Metadata func to cancel spawned go-routines when tests are run
 	ctx := context.Background()
 
@@ -408,6 +410,7 @@ func New(useCustomNetworking, disableENIProvisioning, v4Enabled, v6Enabled bool)
 	cache.imds = TypedIMDS{instrumentedIMDS{ec2Metadata}}
 	cache.clusterName = os.Getenv(clusterNameEnvVar)
 	cache.additionalENITags = loadAdditionalENITags()
+	cache.eventRecorder = eventRecorder
 
 	region, err := ec2Metadata.Region()
 	if err != nil {
@@ -432,8 +435,6 @@ func New(useCustomNetworking, disableENIProvisioning, v4Enabled, v6Enabled bool)
 	if err != nil {
 		return nil, err
 	}
-	// event recorder to raise events for failed EC2 API calls
-	eventRecorder = eventrecorder.Get()
 
 	// Clean up leaked ENIs in the background
 	if !disableENIProvisioning {