v1.0.4

v1.0.4

Major Changes since v1.0.2

• Bug - Ignore policy restrictions against Node IP (@achevuru )
• Bug - With catchALL honor "except" (@jayanthvn )
• Bug - Race condition with init and cw setup (@jayanthvn )
• Enhancement - V6 Optimizations(@jayanthvn )
• Enhancement - Add flag enable-policy-event-logs (@mycrEEpy )
• Enhancement - Modified Default Metrics Bind Port (@kareem-rady )
• Enhancement - Log rotate support (@achevuru )
• Testing - Enhancements for testing packages and GitHub actions (@jaydeokar )

Please Note -

• A new command line flag for the Network Policy Agent, enable-policy-event-logs, has been added: https://github.com/aws/aws-network-policy-agent#enable-policy-event-logs. This flag is set to "false" by default i.e, if you need access logs then it has to be turned on (set to "true").

To manually upgrade to this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.1/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.1/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.1/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.1/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:

Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.15.1/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3                                                 
amazon-k8s-cni-init:v1.15.1
amazon-k8s-cni:v1.15.1
amazon/aws-network-policy-agent:v1.0.4

Thanks to all our contributors! 😊

v1.0.2

v1.0.2

Major Changes since v1.0.1

• Improvements - This updates the aws-eks-nodeagent container to address the race condition issue in SDK while generating access logs
• Improvements - The helm chart now has two new flags added (healthProbeBindAddr & metricsBindAddr) to make the metrics port configurable for aws-eks-nodeagent. By default it now binds to port 8162 and 8163

Please refer to Amazon VPC CNI release notes for upgrade steps.

v1.0.1

Initial release of Amazon EKS Network Policy Agent. Network Policy Agent is a daemonset that is responsible for enforcing configured network policies on the cluster. Network policy support is a feature of the Amazon VPC CNI.

Network Policy Controller resolves the configured network policies and publishes the resolved endpoints via Custom CRD (PolicyEndpoints) resource. Network Policy agent derives the endpoints from PolicyEndpoint resources and enforces them via eBPF probes attached to pod's host Veth interface.

Starting with Amazon VPC CNI v1.14.0, Network Policy agent will be automatically installed. Review the instructions in the EKS User Guide.

Alpha version v0.1.0

Alpha version of AWS Network Policy Agent