update aws-node to v1.21.1

Author: michaelbeaumont

pkg/addons/default/assets/aws-node.yaml

@@ -78,14 +78,19 @@ spec:
         description: PolicyEndpoint is the Schema for the policyendpoints API
         properties:
           apiVersion:
-            description: 'APIVersion defines the versioned schema of this representation
-              of an object. Servers should convert recognized schemas to the latest
-              internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+            description: |-
+              APIVersion defines the versioned schema of this representation of an object.
+              Servers should convert recognized schemas to the latest internal value, and
+              may reject unrecognized values.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources
             type: string
           kind:
-            description: 'Kind is a string value representing the REST resource this
-              object represents. Servers may infer this from the endpoint the client
-              submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+            description: |-
+              Kind is a string value representing the REST resource this object represents.
+              Servers may infer this from the endpoint the client submits requests to.
+              Cannot be updated.
+              In CamelCase.
+              More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds
             type: string
           metadata:
             type: object
@@ -102,6 +107,12 @@ spec:
                     cidr:
                       description: CIDR is the network address(s) of the endpoint
                       type: string
+                    domainName:
+                      description: |-
+                        DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only)
+                        Note: This field should only be used in egress rules, not ingress
+                      pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$
+                      type: string
                     except:
                       description: Except is the exceptions to the CIDR ranges mentioned
                         above.
@@ -115,9 +126,9 @@ spec:
                           port/protocol
                         properties:
                           endPort:
-                            description: Endport specifies the port range port to
-                              endPort port must be defined and an integer, endPort
-                              > port
+                            description: |-
+                              Endport specifies the port range port to endPort
+                              port must be defined and an integer, endPort > port
                             format: int32
                             type: integer
                           port:
@@ -132,8 +143,6 @@ spec:
                             type: string
                         type: object
                       type: array
-                  required:
-                  - cidr
                   type: object
                 type: array
               ingress:
@@ -146,6 +155,12 @@ spec:
                     cidr:
                       description: CIDR is the network address(s) of the endpoint
                       type: string
+                    domainName:
+                      description: |-
+                        DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only)
+                        Note: This field should only be used in egress rules, not ingress
+                      pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$
+                      type: string
                     except:
                       description: Except is the exceptions to the CIDR ranges mentioned
                         above.
@@ -159,9 +174,9 @@ spec:
                           port/protocol
                         properties:
                           endPort:
-                            description: Endport specifies the port range port to
-                              endPort port must be defined and an integer, endPort
-                              > port
+                            description: |-
+                              Endport specifies the port range port to endPort
+                              port must be defined and an integer, endPort > port
                             format: int32
                             type: integer
                           port:
@@ -176,18 +191,17 @@ spec:
                             type: string
                         type: object
                       type: array
-                  required:
-                  - cidr
                   type: object
                 type: array
               podIsolation:
-                description: PodIsolation specifies whether the pod needs to be isolated
-                  for a particular traffic direction Ingress or Egress, or both. If
-                  default isolation is not specified, and there are no ingress/egress
-                  rules, then the pod is not isolated from the point of view of this
-                  policy. This follows the NetworkPolicy spec.PolicyTypes.
+                description: |-
+                  PodIsolation specifies whether the pod needs to be isolated for a
+                  particular traffic direction Ingress or Egress, or both. If default isolation is not
+                  specified, and there are no ingress/egress rules, then the pod is not isolated
+                  from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes.
                 items:
-                  description: PolicyType string describes the NetworkPolicy type
+                  description: |-
+                    PolicyType string describes the NetworkPolicy type
                     This type is beta-level in 1.8
                   type: string
                 type: array
@@ -198,46 +212,48 @@ spec:
                     description: matchExpressions is a list of label selector requirements.
                       The requirements are ANDed.
                     items:
-                      description: A label selector requirement is a selector that
-                        contains values, a key, and an operator that relates the key
-                        and values.
+                      description: |-
+                        A label selector requirement is a selector that contains values, a key, and an operator that
+                        relates the key and values.
                       properties:
                         key:
                           description: key is the label key that the selector applies
                             to.
                           type: string
                         operator:
-                          description: operator represents a key's relationship to
-                            a set of values. Valid operators are In, NotIn, Exists
-                            and DoesNotExist.
+                          description: |-
+                            operator represents a key's relationship to a set of values.
+                            Valid operators are In, NotIn, Exists and DoesNotExist.
                           type: string
                         values:
-                          description: values is an array of string values. If the
-                            operator is In or NotIn, the values array must be non-empty.
-                            If the operator is Exists or DoesNotExist, the values
-                            array must be empty. This array is replaced during a strategic
+                          description: |-
+                            values is an array of string values. If the operator is In or NotIn,
+                            the values array must be non-empty. If the operator is Exists or DoesNotExist,
+                            the values array must be empty. This array is replaced during a strategic
                             merge patch.
                           items:
                             type: string
                           type: array
+                          x-kubernetes-list-type: atomic
                       required:
                       - key
                       - operator
                       type: object
                     type: array
+                    x-kubernetes-list-type: atomic
                   matchLabels:
                     additionalProperties:
                       type: string
-                    description: matchLabels is a map of {key,value} pairs. A single
-                      {key,value} in the matchLabels map is equivalent to an element
-                      of matchExpressions, whose key field is "key", the operator
-                      is "In", and the values array contains only "value". The requirements
-                      are ANDed.
+                    description: |-
+                      matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels
+                      map is equivalent to an element of matchExpressions, whose key field is "key", the
+                      operator is "In", and the values array contains only "value". The requirements are ANDed.
                     type: object
                 type: object
                 x-kubernetes-map-type: atomic
               podSelectorEndpoints:
-                description: PodSelectorEndpoints contains information about the pods
+                description: |-
+                  PodSelectorEndpoints contains information about the pods
                   matching the podSelector
                 items:
                   description: PodEndpoint defines the summary information for the
@@ -300,7 +316,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.21.1"
 ---
 # Source: aws-vpc-cni/templates/configmap.yaml
 apiVersion: v1
@@ -312,7 +328,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.21.1"
 data:
   enable-windows-ipam: "false"
   enable-network-policy-controller: "false"
@@ -331,7 +347,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.21.1"
 rules:
   - apiGroups:
       - crd.k8s.amazonaws.com
@@ -357,16 +373,20 @@ rules:
   - apiGroups: ["networking.k8s.aws"]
     resources:
       - policyendpoints
+      - clusterpolicyendpoints
     verbs: ["get", "list", "watch"]
   - apiGroups: ["networking.k8s.aws"]
     resources:
       - policyendpoints/status
+      - clusterpolicyendpoints/status
     verbs: ["get"]
   - apiGroups:
       - vpcresources.k8s.aws
     resources:
       - cninodes
     verbs: ["get", "list", "watch", "patch"]
+  - nonResourceURLs: ["/apis/networking.k8s.aws", "/apis/networking.k8s.aws/*"]
+    verbs: ["get"]
 ---
 # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1
@@ -377,7 +397,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.21.1"
 roleRef:
   apiGroup: rbac.authorization.k8s.io
   kind: ClusterRole
@@ -397,7 +417,7 @@ metadata:
     app.kubernetes.io/name: aws-node
     app.kubernetes.io/instance: aws-vpc-cni
     k8s-app: aws-node
-    app.kubernetes.io/version: "v1.20.3"
+    app.kubernetes.io/version: "v1.21.1"
 spec:
   updateStrategy:
     rollingUpdate:
@@ -418,7 +438,7 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.20.3
+        image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.21.1
         imagePullPolicy: Always
         env:
           - name: DISABLE_TCP_EARLY_DEMUX
@@ -440,7 +460,7 @@ spec:
         {}
       containers:
         - name: aws-node
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.20.3
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.21.1
           ports:
             - containerPort: 61678
               name: metrics
@@ -508,7 +528,7 @@ spec:
             - name: NETWORK_POLICY_ENFORCING_MODE
               value: "standard"
             - name: VPC_CNI_VERSION
-              value: "v1.20.3"
+              value: "v1.21.1"
             - name: WARM_ENI_TARGET
               value: "1"
             - name: WARM_PREFIX_TARGET
@@ -543,7 +563,7 @@ spec:
           - mountPath: /run/xtables.lock
             name: xtables-lock
         - name: aws-eks-nodeagent
-          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.2.6
+          image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.3.1
           imagePullPolicy: Always
           ports:
             - containerPort: 8162

pkg/addons/default/aws_node_test.go

@@ -61,7 +61,7 @@ var _ = Describe("AWS Node", func() {
 
 	Describe("UpdateAWSNode", func() {
 		var preUpdateAwsNode *v1.DaemonSet
-		const expectedVersion = "v1.20.3"
+		const expectedVersion = "v1.21.1"
 		BeforeEach(func() {
 			loadSamples(rawClient, "testdata/sample-1.15.json")