Add VlanId in the cmdAdd Result struct

This VlanId will appear in the prevResult during cmdDel request

CleanUp Pod Network using vlanId from prevResult in CNI itself
No need to call ipamd

Log formatting changes

Added hostNetworking Setup test for pods using security groups

Updated cleanUpPodENI method

Skip processing Delete request if prevResult is nil
Add Logging vlanId to ipamd

Add support to test with containerd nodegroup in pod-eni test

Add check for empty Netns() in cni

Manifests and Readme updates (aws#1732)

* Manifests and Readme updates

* update manifest.jsonnet

Readme updates (aws#1735)

Updates to troubleshooting doc (aws#1737)

* Updates to troubleshooting doc

* updates to troubleshooting doc

imdsv2 changes (aws#1743)

fix flaky canary test (aws#1742)

add CODEOWNERS (aws#1747)

Snat tests: [agent is already updated] (aws#1513)

* resolved conflicts with go.sum

* Updated test agent image

* Removed redundant files

* Addressed PR comments

Fixed go.sum in root folder

Changed DescribeInstanceWithFilter to DescribeInstances
Moved GetPrimaryInstanceId from ec2 interface
Added GinkgoWriter

Updated Readme for Snat test

Rearranged snat_test logic
Updated Readme for test/e2e

* Minor change to logging

Fix compilation errors (aws#1751)

add support for running canary script in different regions (aws#1752)

Regenerate pod eni values for new instance types (aws#1754)

* Regenerate pod eni values for new instance types

Co-authored-by: Senthil Kumaran <senthilx@amazon.com>

Minor change to container runtime argument

Check for Empty NetNs() first
Fallback to older method if prevResult is nil

Closed issue message (aws#1761)

* closed issue message

* update message

fix typo in upload script (aws#1763)

Update calico file path

Use an unique s3 bucket name (aws#1760)

Update region

Workflow to build arm and x86 images (aws#1764)

DataStore.GetStats() refactoring to simplify adding new fields (aws#1704)

* DataStore.GetStats() refactoring to simplify adding new fields

* cleanup

* cleanup

* cleanup

* goimports

* rename test to TestGetStatsV4

* address comments

* fix typo

* update

* update "IP pool is too low" logging

* GetStats() -> GetIpStats()

* GetStats() -> GetIpStats() in tests and comments

* update test

* cleanup test

* add logPoolStats comment

Fix KOPS_STATE_STORE (aws#1770)

Automation script for running IT  (aws#1759)

Update issue template

Update issue template with email address

Update issue template

Update go.mod for integration folder (aws#1741)

* Update go.mod for integration folder

- Update go.mod for integration folder

* Change integration test to use new K8s test framework

* Modify server pod image

* Switch to Nginx port 80 for server pod

* Switch server port in client test

* Remove custom command directive for Nginx pod

* Added ping command for host checks

README: mention arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy (aws#1768)

Co-authored-by: Shreya027 <shrenaik@amazon.com>

Add dl1.24xlarge to ENILimits override list (aws#1777)

Chart and Manifest updates (aws#1771)

* Chart and Manifest updates

* Update probe timeout values

Change workflow to use git install (aws#1785)

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file

.github/ISSUE_TEMPLATE/bug-report.md

@@ -20,8 +20,7 @@ If you think you have found a potential security issue, please do not post it as
 
 **Attach logs**
 <!--
-Please upload the logs by running [CNI Log Collection tool] since it will help faster resolution
-`sudo bash /opt/cni/bin/aws-cni-support.sh`
+Please collect the logs by running [CNI Log Collection tool] `sudo bash /opt/cni/bin/aws-cni-support.sh` and email the log archive to k8s-awscni-triage@amazon.com
 -->
 
 **What you expected to happen**:

.github/ISSUE_TEMPLATE/support-request.md

@@ -18,7 +18,7 @@ If you think you have found a potential security issue, please do not post it as
 <!--
 If you're looking for help, check the [troubleshooting guide](https://github.com/aws/amazon-vpc-cni-k8s/blob/master/docs/troubleshooting.md)
 
-If you're unable to find the answers and would like to create an issue, upload the logs by running [CNI Log Collection tool](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#troubleshoot-cni)
+If you're unable to find the answers and would like to create an issue, upload the logs by running [CNI Log Collection tool](https://docs.aws.amazon.com/eks/latest/userguide/troubleshooting.html#troubleshoot-cni) and email the log archive to k8s-awscni-triage@amazon.com
 -->
 
 **Environment**:

.github/workflows/build-multi-arch.yml

@@ -0,0 +1,42 @@
+name: Build x64 and ARM64 images 
+
+on:
+  pull_request:
+    branches:
+      - 'master'
+      - 'release*'  
+
+jobs:
+  build_x64:
+    name: Build x64
+    runs-on: [self-hosted, linux, x64]
+    steps:
+
+    - name: Set up Go 1.14
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.14.3'
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Build
+      run: make docker all
+
+  build_arm:
+    name: Build ARM64
+    runs-on: [self-hosted, linux, ARM64]
+    steps:
+
+    - name: Set up Go 1.14
+      uses: actions/setup-go@v2
+      with:
+        go-version: '1.14.3'
+      id: go
+
+    - name: Check out code into the Go module directory
+      uses: actions/checkout@v2
+
+    - name: Build
+      run: make docker all

.github/workflows/closed-issue-message.yml

@@ -0,0 +1,17 @@
+name: Closed Issue Message
+on:
+    issues:
+       types: [closed]
+jobs:
+    auto_comment:
+        runs-on: ubuntu-latest
+        steps:
+        - uses: aws-actions/closed-issue-message@v1
+          with:
+            # These inputs are both required
+            repo-token: "${{ secrets.GITHUB_TOKEN }}"
+            message: |
+                     ### ⚠️COMMENT VISIBILITY WARNING⚠️ 
+                     Comments on closed issues are hard for our team to see. 
+                     If you need more assistance, please open a new issue that references this one. 
+                     If you wish to keep having a conversation with other community members under this issue feel free to do so.

.github/workflows/cron-test.yml

@@ -26,8 +26,8 @@ jobs:
 
       - name: Get dependencies
         run: |
-          go get -u golang.org/x/lint/golint
-          go get -u golang.org/x/tools/cmd/goimports
+          go install golang.org/x/lint/golint
+          go install golang.org/x/tools/cmd/goimports
 
       - name: Run e2e tests
         env:

.github/workflows/forked-pr-tests.yml

@@ -32,8 +32,8 @@ jobs:
 
       - name: Get dependencies
         run: |
-          go get -u golang.org/x/lint/golint
-          go get -u golang.org/x/tools/cmd/goimports
+          go install golang.org/x/lint/golint
+          go install golang.org/x/tools/cmd/goimports
 
       - name: Clean up stale docker images
         run: sudo docker image prune -f

.github/workflows/integration-tests.yml

@@ -25,8 +25,8 @@ jobs:
 
       - name: Get dependencies
         run: |
-          go get -u golang.org/x/lint/golint
-          go get -u golang.org/x/tools/cmd/goimports
+          go install golang.org/x/lint/golint
+          go install golang.org/x/tools/cmd/goimports
 
       - name: Clean up stale docker images
         run: sudo docker image prune -f

.github/workflows/weekly-cron-test.yml

@@ -26,8 +26,8 @@ jobs:
 
       - name: Get dependencies
         run: |
-          go get -u golang.org/x/lint/golint
-          go get -u golang.org/x/tools/cmd/goimports
+          go install golang.org/x/lint/golint
+          go install golang.org/x/tools/cmd/goimports
 
       - name: Run perf tests
         env:

README.md

@@ -60,6 +60,8 @@ L-IPAM requires one of the following [IAM policies](https://docs.aws.amazon.com/
       }
 ```
 
+The above policy is available under: `arn:aws:iam::aws:policy/AmazonEKS_CNI_Policy` as a part of [AWS managed policies for EKS](https://docs.aws.amazon.com/eks/latest/userguide/security-iam-awsmanpol.html).
+
 **IPv6 Mode:**
 
 ```

charts/aws-vpc-cni/Chart.yaml

@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-vpc-cni
-version: 1.1.11
-appVersion: "v1.10.0"
+version: 1.1.12
+appVersion: "v1.10.1"
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

charts/aws-vpc-cni/values.yaml

@@ -8,7 +8,7 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.10.0
+    tag: v1.10.1
     region: us-west-2
     account: "602401143452"   
     pullPolicy: Always
@@ -23,7 +23,7 @@ init:
 
 image:
   region: us-west-2
-  tag: v1.10.0
+  tag: v1.10.1
   account: "602401143452"   
   domain: "amazonaws.com"  
   pullPolicy: Always
@@ -97,22 +97,22 @@ livenessProbe:
     command:
       - /app/grpc-health-probe
       - '-addr=:50051'
-      - '-connect-timeout=2s'
-      - '-rpc-timeout=2s'
+      - '-connect-timeout=5s'
+      - '-rpc-timeout=5s'
   initialDelaySeconds: 60
 
-livenessProbeTimeoutSeconds: 5
+livenessProbeTimeoutSeconds: 10
 
 readinessProbe:
   exec:
     command:
       - /app/grpc-health-probe
       - '-addr=:50051'
-      - '-connect-timeout=2s'
-      - '-rpc-timeout=2s'
+      - '-connect-timeout=5s'
+      - '-rpc-timeout=5s'
   initialDelaySeconds: 1
 
-readinessProbeTimeoutSeconds: 5
+readinessProbeTimeoutSeconds: 10
 
 resources:
   requests:

charts/cni-metrics-helper/Chart.yaml

@@ -15,9 +15,9 @@ type: application
 # This is the chart version. This version number should be incremented each time you make changes
 # to the chart and its templates, including the app version.
 # Versions are expected to follow Semantic Versioning (https://semver.org/)
-version: 0.1.5
+version: 0.1.6
 
 # This is the version number of the application being deployed. This version number should be
 # incremented each time you make changes to the application. Versions are not expected to
 # follow Semantic Versioning. They should reflect the version the application is using.
-appVersion: v1.10.0
+appVersion: v1.10.1

charts/cni-metrics-helper/values.yaml

@@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper
 
 image:
   region: us-west-2
-  tag: v1.10.0
+  tag: v1.10.1
   account: "602401143452"
   domain: "amazonaws.com"   
   # Set to use custom image

cmd/routed-eni-cni-plugin/cni.go

@@ -296,32 +296,36 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 		return errors.Wrap(err, "del cmd: failed to load k8s config from args")
 	}
 
-	prevResult, ok := conf.PrevResult.(*current.Result)
-
-	if !ok || args.Netns == "" {
-		log.Info("prevResult is nil or Netns() is empty, skip processing this request")
+	if args.Netns == "" {
+		log.Info("Netns() is empty, so network already cleanedup. Nothing to do")
 		return nil
 	}
+	prevResult, ok := conf.PrevResult.(*current.Result)
 
-	for _, iface := range prevResult.Interfaces {
-		if iface.Name == vlanInterfaceName {
-			podVlanId, err := strconv.Atoi(iface.Mac)
-			if err != nil {
-				return errors.Wrap(err, "Failed to parse vlanId from prevResult")
+	// Try to use prevResult if available
+	// prevResult might not be availabe, if we are still using older cni spec < 0.4.0.
+	// So we should fallback to the old clean up method
+	if ok {
+		for _, iface := range prevResult.Interfaces {
+			if iface.Name == vlanInterfaceName {
+				podVlanId, err := strconv.Atoi(iface.Mac)
+				if err != nil {
+					return errors.Wrap(err, "Failed to parse vlanId from prevResult")
+				}
+				// podVlanId == 0 means pod is not using branch ENI
+				// then fallback to existing cleanup
+				if podVlanId == 0 {
+					break
+				}
+				// if podVlanId != 0 means pod is using branch ENI
+				err = cleanUpPodENI(podVlanId, log, args.ContainerID, driverClient)
+				if err != nil {
+					return err
+				}
+				log.Infof("Received del network response for pod %s namespace %s sandbox %s with vlanId: %v", string(k8sArgs.K8S_POD_NAME),
+					string(k8sArgs.K8S_POD_NAMESPACE), string(k8sArgs.K8S_POD_INFRA_CONTAINER_ID), podVlanId)
+				return nil
 			}
-			// podVlanId == 0 means pod is not using branch ENI
-			// then fallback to existing cleanup
-			if podVlanId == 0 {
-				break
-			}
-			// if podVlanId != 0 means pod is using branch ENI
-			err = cleanUpPodENI(podVlanId, log, args.ContainerID, driverClient)
-			if err != nil {
-				return err
-			}
-			log.Infof("Received del network response for pod %s namespace %s sandbox %s with vlanId: %v", string(k8sArgs.K8S_POD_NAME),
-				string(k8sArgs.K8S_POD_NAMESPACE), string(k8sArgs.K8S_POD_INFRA_CONTAINER_ID), podVlanId)
-			return nil
 		}
 	}
 

config/master/aws-k8s-cni-cn.yaml

@@ -9,7 +9,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.10.0"
+    app.kubernetes.io/version: "v1.10.1"
 ---
 # Source: aws-vpc-cni/templates/customresourcedefinition.yaml
 apiVersion: apiextensions.k8s.io/v1
@@ -20,7 +20,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.10.0"
+    app.kubernetes.io/version: "v1.10.1"
 spec:
   scope: Cluster
   group: crd.k8s.amazonaws.com
@@ -47,7 +47,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.10.0"
+    app.kubernetes.io/version: "v1.10.1"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -80,7 +80,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.10.0"
+    app.kubernetes.io/version: "v1.10.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -100,7 +100,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.10.0"
+    app.kubernetes.io/version: "v1.10.1"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -121,7 +121,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.10.0"
+        image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni-init:v1.10.1"
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
             value: "false"
@@ -139,7 +139,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.10.0"
+          image: "961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/amazon-k8s-cni:v1.10.1"
           ports:
             - containerPort: 61678
               name: metrics
@@ -148,19 +148,19 @@ spec:
               command:
               - /app/grpc-health-probe
               - -addr=:50051
-              - -connect-timeout=2s
-              - -rpc-timeout=2s
+              - -connect-timeout=5s
+              - -rpc-timeout=5s
             initialDelaySeconds: 60
-            timeoutSeconds: 5
+            timeoutSeconds: 10
           readinessProbe:
             exec:
               command:
               - /app/grpc-health-probe
               - -addr=:50051
-              - -connect-timeout=2s
-              - -rpc-timeout=2s
+              - -connect-timeout=5s
+              - -rpc-timeout=5s
             initialDelaySeconds: 1
-            timeoutSeconds: 5
+            timeoutSeconds: 10
           env:
             - name: ADDITIONAL_ENI_TAGS
               value: "{}"