Updated test agent for snat test

Update documentation for PD (aws#1539) Update SDK Go version (aws#1542) * Update SDK Go version * missed mod file Bump helm.sh/helm/v3 from 3.2.0 to 3.6.1 in /test (aws#1545) Bumps [helm.sh/helm/v3](https://github.com/helm/helm) from 3.2.0 to 3.6.1. - [Release notes](https://github.com/helm/helm/releases) - [Commits](helm/helm@v3.2.0...v3.6.1) --- updated-dependencies: - dependency-name: helm.sh/helm/v3 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> Update CNI charts image version (aws#1543) * Update CNI charts image version * updated the labels * CRD update * update charts version * minor nits * fix charts ver * fix charts ver Cherry-pick to master - (aws#1551) (aws#1552) * Release - v1.9.0 (aws#1551) * update markdown Update prefix-and-ip-target.md (aws#1553) Grammar fixes Use codecov github action (aws#1550) In particular, this avoids `curl | bash` (the bash script is simply embedded in the github action image). It also provides a trivial upgrade path to the new nodejs-based uploader (`@v1` -> `@v2`), when we decide that is ready (perhaps now). Added Multus artifacts to config folder (aws#1563) Added Readme for Multus Installation Updated configMap in daemonset to use aws-vpc-cni as default delegate instead of flannel Co-authored-by: Chinmay Gadgil <cgadgil@amazon.com> set requests/limits for initcontainer (aws#1559) Documentation update (aws#1565) * Doc update * more updates set multus log level to panic instead of debug (aws#1567) Updated Readme for Multus logging info Changed log level to error instead of debug Co-authored-by: Chinmay Gadgil <cgadgil@amazon.com> WARM targets can be set non-negative (aws#1568) Generate calico artifacts from helm (aws#1541) * Generate calico manifests from helm * Update CNI charts image version * Testing release workflow<Do-not-merge> * Testing workflow * Updating workflow * set matchlabels while generating manifests * Copy generated manifests to master/config folder * update to match the release branch * update operator to v1.13.8 * update version Change github_token permission (aws#1577) Bandwidth plugin support (aws#1560) * bandwidth plugin support * update netns Update new instance types (aws#1576) Updated multus ds manifest file for v3.7.2-eksbuild.2 (aws#1583) * Updated multus ds manifest file for v3.7.2-eksbuild.2 Remove Node Affinity for amd64 from manifest so that it can run on arm64 as well * revert log-level to error for multus Co-authored-by: Chinmay Gadgil <cgadgil@amazon.com> Modify integ test workflow (aws#1579) * Change github_token permission * - Modified permissions for github_token in cron and integ test workflow - Modified integ test workflow to run on push to master and release branches Upgrading controller-runtime is test dir (aws#1582) Update Ginkgo command params example in the doc (aws#1589) Update CONTRIBUTING.md (aws#1591) Fix region/account for manifests generated from helm (aws#1592) * Yamls generated from helm was missing region/account override * fix domains Updated snat rule test logic Install iptables in the test agent image
cgchinmay · Aug 30, 2021 · e5f2a8c · e5f2a8c
1 parent 808173e
commit e5f2a8c
Show file tree

Hide file tree

Showing 120 changed files with 13,728 additions and 1,399 deletions.
diff --git a/.github/workflows/cron-test.yml b/.github/workflows/cron-test.yml
@@ -4,6 +4,9 @@ on:
   schedule:
     - cron: "0 3 * * *"  # every night
 
+permissions:
+  contents: read
+
 jobs:
   # Run nightly e2e tests on self-hosted runner
   integration-cron:

diff --git a/.github/workflows/forked-pr-tests.yml b/.github/workflows/forked-pr-tests.yml
@@ -8,6 +8,9 @@ on:
         default: ''
         required: true
 
+permissions:
+  contents: read
+
 jobs:
   # Repo owner has triggered this run
   integration-fork:

diff --git a/.github/workflows/integration-tests.yml b/.github/workflows/integration-tests.yml
@@ -1,12 +1,16 @@
 name: Integration tests
 
 on:
-  # Run on every pull request
-  pull_request_target:
-    branches: [ master ]
+  # Runs on push to master or release branches
+  push:
+    branches:
+      - 'master'
+      - 'release*'
+
+permissions:
+  contents: read
 
 jobs:
-  # Branch-based pull request from this repo
   integration-trusted:
     runs-on: self-hosted
     steps:

diff --git a/.github/workflows/release.yaml b/.github/workflows/release.yaml
@@ -22,5 +22,8 @@ jobs:
     - name: Check out code into the Go module directory
       uses: actions/checkout@v2
 
+    - name: Attach release artifacts 
+      run: make release
+
     - name: Create eks-charts PR
-      run: make ekscharts-sync-release
+      run: make ekscharts-sync-release  
diff --git a/.github/workflows/unit-tests.yml b/.github/workflows/unit-tests.yml
@@ -14,7 +14,7 @@ jobs:
     - name: Set up Go 1.14
       uses: actions/setup-go@v2
       with:
-        go-version: '1.14.3' 
+        go-version: '1.14.3'
       id: go
 
     - name: Check out code into the Go module directory
@@ -41,4 +41,4 @@ jobs:
       run: make unit-test
 
     - name: Upload code coverage
-      run: bash <(curl -s https://codecov.io/bash)
+      uses: codecov/codecov-action@v1
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,14 @@
 # Changelog
 
+## v1.9.0
+* Enhancement - [EC2 sdk model override](https://github.com/aws/amazon-vpc-cni-k8s/pull/1508) (#1508, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [Prefix Delegation feature support](https://github.com/aws/amazon-vpc-cni-k8s/pull/1516) (#1516, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [Header formatting for env variable](https://github.com/aws/amazon-vpc-cni-k8s/pull/1522) (#1522, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [non-nitro instances init issues](https://github.com/aws/amazon-vpc-cni-k8s/pull/1527) (#1527, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [Add metrics for total prefix count and ips used per cidr](https://github.com/aws/amazon-vpc-cni-k8s/pull/1530) (#1530, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [Update documentation for PD](https://github.com/aws/amazon-vpc-cni-k8s/pull/1540) (#1540, [@jayanthvn](https://github.com/jayanthvn))
+* Enhancement - [Update SDK Go version](https://github.com/aws/amazon-vpc-cni-k8s/pull/1544) (#1544, [@jayanthvn](https://github.com/jayanthvn))
+
 ## v1.8.0
 * Bug - [Use symmetric return path for non-VPC traffic - alternate solution](https://github.com/aws/amazon-vpc-cni-k8s/pull/1475) (#1475, [@kishorj](https://github.com/kishorj))
 * Bug - [Gracefully handle failed ENI SG update](https://github.com/aws/amazon-vpc-cni-k8s/pull/1341) (#1341, [@jayanthvn](https://github.com/jayanthvn))

diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -24,7 +24,7 @@ reported the issue. Please try to include as much information as you can. Detail
 Contributions via pull requests are much appreciated. Before sending us a pull request, please ensure that:
 
 1. You are working against the latest source on the *master* branch.
-2. You check existing open, and recently merged, pull requests to make sure someone else hasn't addressed the problem already.
+2. You check [existing open](https://github.com/aws/amazon-vpc-cni-k8s/pulls), and [recently closed](https://github.com/aws/amazon-vpc-cni-k8s/pulls?q=is%3Apr+is%3Aclosed), pull requests to make sure someone else hasn't addressed the problem already.
 3. You open an issue to discuss any significant work - we would hate for your time to be wasted.
 
 To send us a pull request, please:

diff --git a/Makefile b/Makefile
@@ -72,7 +72,7 @@ export GOPROXY = direct
 
 VENDOR_OVERRIDE_FLAG =
 # aws-sdk-go override in case we need to build against a custom version
-EC2_SDK_OVERRIDE ?= "y"
+EC2_SDK_OVERRIDE ?= "n"
 
 ifeq ($(EC2_SDK_OVERRIDE), "y")
 VENDOR_OVERRIDE_FLAG = -mod=mod

diff --git a/README.md b/README.md
@@ -236,7 +236,7 @@ Type: Integer
 
 Default: None
 
-Specifies the number of free IP addresses that the `ipamd` daemon should attempt to keep available for pod assignment on the node. 
+Specifies the number of free IP addresses that the `ipamd` daemon should attempt to keep available for pod assignment on the node. Setting this to a non-positive value is same as setting this to 0 or not setting the variable.
 With `ENABLE_PREFIX_DELEGATION` set to `true` then `ipamd` daemon will check if the existing (/28) prefixes are enough to maintain the
 `WARM_IP_TARGET` if it is not sufficent then more prefixes will be attached.
 
@@ -268,7 +268,8 @@ Default: None
 
 Specifies the number of total IP addresses that the `ipamd` daemon should attempt to allocate for pod assignment on the node.
 `MINIMUM_IP_TARGET` behaves identically to `WARM_IP_TARGET` except that instead of setting a target number of free IP
-addresses to keep available at all times, it sets a target number for a floor on how many total IP addresses are allocated.
+addresses to keep available at all times, it sets a target number for a floor on how many total IP addresses are allocated. Setting to a 
+non-positive value is same as setting this to 0 or not setting the variable.
 
 `MINIMUM_IP_TARGET` is for pre-scaling, `WARM_IP_TARGET` is for dynamic scaling. For example, suppose a cluster has an
 expected pod density of approximately 30 pods per node. If `WARM_IP_TARGET` is set to 30 to ensure there are enough IPs
@@ -436,7 +437,12 @@ To enable security groups for pods you need to have at least an EKS 1.17 eks.3 c
 
 Setting `ENABLE_POD_ENI` to `true` will allow IPAMD to add the `vpc.amazonaws.com/has-trunk-attached` label to the node if the instance has capacity to attach an additional ENI.
 
-The label notifies vpc-resource-controller (https://github.com/aws/amazon-vpc-resource-controller-k8s) to attach a Trunk ENI to the instance. The label value is initially set to `false` and is marked to `true` by IPAMD when vpc-resource-controller attaches a Trunk ENI to the instance. However, there might be cases where the label value will remain `false` if the instance doesn't support ENI Trunking.
+The label notifies vpc-resource-controller (https://github.com/aws/amazon-vpc-resource-controller-k8s) to attach a Trunk ENI to the instance. The label value is initially set to `false` and is marked to `true` by IPAMD when vpc-resource-controller attaches a Trunk ENI to the instance. However, there might be cases where the label value will remain `false` if the instance doesn't support ENI Trunking. 
+
+Once enabled the VPC resource controller will then advertise branch network interfaces as extended resources on these nodes in your cluster. Branch interface capacity is additive to existing instance type limits for secondary IP addresses and prefixes. For example, a c5.4xlarge can continue to have up to 234 secondary IP addresses or 234 /28 prefixes assigned to standard network interfaces and up to 54 branch network interfaces. Each branch network interface only receives a single primary IP address and this IP address will be allocated to pods with security group(branch ENI pods).
+
+Any of the WARM targets do not impact the scale of the branch ENI pods so you will have to set the WARM_{ENI/IP/PREFIX}_TARGET based on the number of non-branch ENI pods. If you are having the cluster mostly using pods with security group consider setting WARM_IP_TARGET to a very low value instead of default WARM_ENI_TARGET or WARM_PREFIX_TARGET to reduce wastage of IPs/ENIs.
+
 
 **NOTE!** Toggling `ENABLE_POD_ENI` from `true` to `false` will not detach the Trunk ENI from instance. To delete/detach the Trunk ENI from instance, you need recycle the instance.
 
@@ -472,6 +478,10 @@ To enable IPv4 prefix delegation on nitro instances. Setting `ENABLE_PREFIX_DELE
 instead of a secondary IP in the ENIs subnet. The total number of prefixes and private IP addresses will be less than the
 limit on private IPs allowed by your instance. Setting or resetting of `ENABLE_PREFIX_DELEGATION` while pods are running or if ENIs are attached is supported and the new pods allocated will get IPs based on the mode of IPAMD but the max pods of kubelet should be updated which would need either kubelet restart or node recycle.
 
+Custom networking and Security group per pods are supported with this feature.
+
+Setting ENABLE_PREFIX_DELEGATION to true will not increase the density of branch ENI pods. The limit on number of branch network interfaces per instance type will remain the same - https://docs.aws.amazon.com/eks/latest/userguide/security-groups-for-pods.html#supported-instance-types. Each branch network will be allocated a primary IP and this IP will be allocated for the branch ENI pods.
+
 ---
 
 #### `WARM_PREFIX_TARGET` (v1.9.0+)
@@ -480,9 +490,11 @@ Type: Integer
 
 Default: None
 
-Specifies the number of free IPv4(/28) prefixes that the `ipamd` daemon should attempt to keep available for pod assignment on the node.
+Specifies the number of free IPv4(/28) prefixes that the `ipamd` daemon should attempt to keep available for pod assignment on the node. Setting to a non-positive value is same as setting this to 0 or not setting the variable.
 This environment variable works when `ENABLE_PREFIX_DELEGATION` is set to `true` and is overriden when `WARM_IP_TARGET` and `MINIMUM_IP_TARGET` are configured.
 
+---
+
 ### ENI tags related to Allocation
 
 This plugin interacts with the following tags on ENIs:

diff --git a/charts/aws-calico/Chart.yaml b/charts/aws-calico/Chart.yaml
@@ -2,6 +2,6 @@ apiVersion: v1
 description: A Helm chart for installing Calico on AWS
 website: https://docs.aws.amazon.com/eks/latest/userguide/calico.html
 name: aws-calico
-version: 0.3.4
-appVersion: 3.15.1
+version: 0.3.7
+appVersion: 3.19.1
 icon: https://www.projectcalico.org/wp-content/uploads/2019/09/Calico_Logo_Large_Calico.png
diff --git a/charts/aws-calico/crds/crds.yaml b/charts/aws-calico/crds/crds.yaml
diff --git a/charts/aws-calico/crds/kustomization.yaml b/charts/aws-calico/crds/kustomization.yaml