Merge master to Release 1.11 branch (#2032)

* 1.10.3 release artifacts (#1962)

* Stale PR and issue cleanup wrkflow (#1964)

* fix image name during build (#1968)

* add event recorder utils to raise aws-node pod events (#1536)

* refactor uploader scripts (#1972)

* Fix cni panic due to pod.Annotations is a nil map (#1974)

Co-authored-by: Relk Li <relk@maicoin.com>

* chart: Add extraVolumes and extraVolumeMounts (#1949)

Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

* Add the new command in the section of CNI Plugin Sequence (#1813)

Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

* Bump github.com/containernetworking/cni from 0.8.0 to 0.8.1 (#1966)

Bumps [github.com/containernetworking/cni](https://github.com/containernetworking/cni) from 0.8.0 to 0.8.1.
- [Release notes](https://github.com/containernetworking/cni/releases)
- [Commits](containernetworking/cni@v0.8.0...v0.8.1)

---
updated-dependencies:
- dependency-name: github.com/containernetworking/cni
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>

Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

* Update README to highlight containerd.sock edge case with EKS AMI. (#1884)

* Update README to highlight containerd.sock edge case with EKS AMI.

* Updated Instructions as per review.

* add cni release test script (#1971)

* Multus release manifest (#1984)

* release manifest for Multus v3.8.0-eksbuild.1

* minor change to Readme

* Added Tests for validating Multus Installation (#1811)

* Added Tests for validating Multus Installation

Added missing files

Refactored code
Tried to make it modular and extensible.

* Deleted redundant file

* Fixed compilation issues

* fixed minor error

* Added script to trigger Multus tests (will be used by prow job)

* remove multus installation logic from ginkgo

* remove redundant changes

* Cleaned up run-multus-tests helper script

* Updated Readme for running multus tests
Added few checks in canary helper script

* revert changes to canary.sh

* Pass tag as an argument

* Updated Readme

* Updated tag for multus tests to use latest image

* Port new integration tests (#1928)

* Minor changes to run-integration-tests
Added integration-new framework tests

* Modified run-integration-tests to use new integration tests

* reverted redundant changes

* Merge integration with integration-new

* increase timeout (#1985)

fix syntax for ginkgo-v2

* Added configurable flag to create test nodes with arm64 and containerd runtime (#1977)

* Cleanup binary file (#1987)

* log error in ipamd on api server timeout (#1988)

* Refactored code and Added cni addon upgrade/downgrade regression test (#1861)

* Refactored code
Addon upgrade/downgrade test similar to #1795

Added tests for addon upgrade/downgrade

Changed DEFAULT version
Added addon status checks

Fetch latest addon version for given K8s Cluster

Update kops cluster config used in weekly tests (#1862)

* Change to kops cluster creation scripts

* Add logging for retry attempt

* Switch kops cluster to use docker container runtime

Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

Renamed package name for adddon tests

removed unnecessary changes
Fixed replica count for MTU and Veth test in host networking

Updated ENI/IP limits file for newly added instances (#1864)

* Added new instances

* Updated test readme

* needed rebase

* formatting

* remove all references to integration-new
migrate to ginkgo v2 in addon test files

* fix maxIPPerInterface count on pod_networking_suite

* Increase default deployment ready timeout

Co-authored-by: Vikas Basavaraj <5373156+vikasmb@users.noreply.github.com>

* Remove generation of calico manifests (#1905)

* cni manifest upgrade downgrade test (#1863)

* Added upgrade/downgrade script template

Refactored code
Addon upgrade/downgrade test similar to #1795

Added tests for addon upgrade/downgrade

Changed DEFAULT version
Added addon status checks

Fetch latest addon version for given K8s Cluster

Update kops cluster config used in weekly tests (#1862)

* Change to kops cluster creation scripts

* Add logging for retry attempt

* Switch kops cluster to use docker container runtime

Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

Added upgrade/downgrade test for custom cni-manifest-file

Added missing files

remove upgrade-downgrade.sh

* Add eks.go file , deleted by mistake

* Extract apply manifest logic in common
Remove redundant code

* Add PD traffic test for cni upgrade downgrade test

* Update golang to Go 1.18 (#1991)

* Update CNI Plugins to v1.1.1 (#1997)

* Update release manifests for VPC CNI v1.11.2 (#2001) (#2002)

* Enable Calico on ARM64 and add configureable flags for Calico installation (#2004)

* Enable Calico on ARM64 and add configureable flags for Calico
installation

* Add v to Calico version in release test script

* fix integration test script (#1998)

* Updated dependencies (#2012)

* Fix readme (#2013)

* Added upgrade/downgrade script template

Refactored code
Addon upgrade/downgrade test similar to #1795

Added tests for addon upgrade/downgrade

Changed DEFAULT version
Added addon status checks

Fetch latest addon version for given K8s Cluster

Update kops cluster config used in weekly tests (#1862)

* Change to kops cluster creation scripts

* Add logging for retry attempt

* Switch kops cluster to use docker container runtime

Co-authored-by: Jayanth Varavani <1111446+jayanthvn@users.noreply.github.com>

Added upgrade/downgrade test for custom cni-manifest-file

Added missing files

remove upgrade-downgrade.sh

* Add eks.go file , deleted by mistake

* Extract apply manifest logic in common
Remove redundant code

* Add PD traffic test for cni upgrade downgrade test

* Updated Readme

* Merge fix-ginkgo to master (#2014)

* fix path failure

* seperate makefile for test

Co-authored-by: abhipth <abhipth@amazon.com>

* Multus manifest for release v3.9.0-eksbuild.1 (#2016)

* Updating new instances - p4de (#2018)

* Updating new instances

* fix formatting

* Fix go build failure with v6 networking suite. (#2020)

* Update README.md (#2021)

* Fix Go build for ipamd test package. (#2023)

* Fix Go build for ipamd test package.

* Fix format with make format

* Fix go build for cni test package. (#2024)

* Prevent allocate/free ENIs when node is marked noSchedule (#1927)

* Prevent allocate/free ENIs when node is marked noSchedule

* Update UTs

* Re-use logger instance (#2029)

* Re-use logger instance

- Existing logger initialization constructed different logger
  instances upon call to Get() method.
- Fixed the initailiation logic to re-use the logger instance.

* Added unit tests for logger initialization fix

Co-authored-by: M00nF1sh <yyyng@amazon.com>
Co-authored-by: Sushmitha Ravikumar <58063229+sushrk@users.noreply.github.com>
Co-authored-by: Relk Li <YiJiun.Li.C@gmail.com>
Co-authored-by: Relk Li <relk@maicoin.com>
Co-authored-by: Jan-Otto Kröpke <github@jkroepke.de>
Co-authored-by: Shuntaro Azuma <azush.work@gmail.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Senthil Kumaran <senthilx@amazon.com>
Co-authored-by: cgchinmay <cgadgil@amazon.com>
Co-authored-by: Vikas Basavaraj <5373156+vikasmb@users.noreply.github.com>
Co-authored-by: Hao Zhou <haouc@users.noreply.github.com>
Co-authored-by: abhipth <abhipth@amazon.com>
Co-authored-by: Prasad Jivane <prasad.jivane@walchandsangli.ac.in>

.github/workflows/release.yaml

@@ -26,4 +26,7 @@ jobs:
       run: make release
 
     - name: Create eks-charts PR
-      run: make ekscharts-sync-release  
+      run: make ekscharts-sync-release
+
+    - name: Create sample manifests PR
+      run: make config-folder-sync   

.github/workflows/stale_issue_pr.yaml

@@ -0,0 +1,27 @@
+name: 'Stale issue & PR handler'
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '0 0 * * *'
+
+jobs:
+  stale:
+    runs-on: ubuntu-latest
+    permissions:
+      issues: write
+      pull-requests: write
+    steps:
+      - uses: actions/stale@main
+        id: stale
+        with:
+          ascending: true
+          close-issue-message: 'Issue closed due to inactivity.'
+          close-pr-message: 'Pull request closed due to inactivity.'
+          days-before-close: 14
+          days-before-stale: 60
+          exempt-issue-labels: 'triage-pending,review-pending'
+          operations-per-run: 100
+          stale-issue-message: 'This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days'
+          stale-pr-message: 'This pull request is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 14 days'
+      - name: Print outputs
+        run: echo ${{ join(steps.stale.outputs.*, ',') }}

.gitignore

@@ -13,3 +13,4 @@ cni-metrics-helper
 coverage.txt
 build/
 vendor
+egress-v4-cni

CHANGELOG.md

@@ -32,7 +32,6 @@ Was Skipped
 * Bugfix - [Fix dependabot high sev issue caused by GoGo protobuf](https://github.com/aws/amazon-vpc-cni-k8s/pull/1942) (@jayanthvn)
 * Bugfix - [Fixed empty netns bug](https://github.com/aws/amazon-vpc-cni-k8s/pull/1941 ) (@cgchinmay)
 
-
 ## v1.10.2
 * Improvement - [Fetch Region and CLUSTER_ID information from cni-metrics-helper env](https://github.com/aws/amazon-vpc-cni-k8s/pull/1715) (@cgchinmay )
 * Improvement - [Add VlanId in the cmdAdd Result struct](https://github.com/aws/amazon-vpc-cni-k8s/pull/1705) (@cgchinmay )

Makefile

@@ -295,11 +295,6 @@ ekscharts-sync:
 ekscharts-sync-release:
 	${MAKEFILE_PATH}/scripts/sync-to-eks-charts.sh -b ${HELM_CHART_NAME} -r ${REPO_FULL_NAME} -n -y
 
-build-test-binaries:
-	mkdir -p ${MAKEFILE_PATH}build
-	find ${MAKEFILE_PATH} -name '*suite_test.go' -type f  | xargs dirname  | xargs ginkgo build
-	find ${MAKEFILE_PATH} -name "*.test" -print0 | xargs -0 -I {} mv {} ${MAKEFILE_PATH}build
-
 upload-resources-to-github:
 	${MAKEFILE_PATH}/scripts/upload-resources-to-github.sh
 
@@ -308,6 +303,9 @@ generate-cni-yaml:
 
 release: generate-cni-yaml upload-resources-to-github
 
+config-folder-sync:
+	${MAKEFILE_PATH}/scripts/sync-to-config-folder.sh
+
 setup-ec2-sdk-override:
 	@if [ "$(EC2_SDK_OVERRIDE)" = "y" ] ; then \
 	    ./scripts/ec2_model_override/setup.sh ; \

charts/aws-vpc-cni/README.md

@@ -55,6 +55,8 @@ The following table lists the configurable parameters for this chart and their d
 | `init.securityContext`  | Init container Security context                         | `privileged: true`                  |
 | `originalMatchLabels`   | Use the original daemonset matchLabels                  | `false`                             |
 | `nameOverride`          | Override the name of the chart                          | `aws-node`                          |
+| `extraVolumes`          | Array to add extra volumes                              | `[]`                                |
+| `extraVolumeMounts`     | Array to add extra mount                                | `[]`                                |
 | `nodeSelector`          | Node labels for pod assignment                          | `{}`                                |
 | `podSecurityContext`    | Pod Security Context                                    | `{}`                                |
 | `podAnnotations`        | annotations to add to each pod                          | `{}`                                |

charts/aws-vpc-cni/templates/clusterrole.yaml

@@ -33,3 +33,7 @@ rules:
     resources:
       - '*'
     verbs: ["list", "watch"]
+  - apiGroups: ["", "events.k8s.io"]
+    resources:
+      - events
+    verbs: ["create", "patch", "list", "get"]

charts/aws-vpc-cni/templates/daemonset.yaml

@@ -110,6 +110,9 @@ spec:
             name: run-dir
           - mountPath: /run/xtables.lock
             name: xtables-lock
+          {{- with .Values.extraVolumeMounts  }}
+          {{- toYaml .| nindent 10 }}
+          {{- end }}
       volumes:
       - name: cni-bin-dir
         hostPath:
@@ -142,6 +145,9 @@ spec:
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
+      {{- with .Values.extraVolumes  }}
+      {{- toYaml .| nindent 6 }}
+      {{- end }}
       {{- with .Values.nodeSelector }}
       nodeSelector:
         {{- toYaml . | nindent 8 }}

cmd/aws-k8s-agent/main.go

@@ -19,6 +19,7 @@ import (
 
 	"github.com/aws/amazon-vpc-cni-k8s/pkg/ipamd"
 	"github.com/aws/amazon-vpc-cni-k8s/pkg/k8sapi"
+	"github.com/aws/amazon-vpc-cni-k8s/pkg/utils/eventrecorder"
 	"github.com/aws/amazon-vpc-cni-k8s/pkg/utils/logger"
 	"github.com/aws/amazon-vpc-cni-k8s/pkg/version"
 )
@@ -58,6 +59,8 @@ func _main() int {
 		return 1
 	}
 
+	eventrecorder.InitEventRecorder(rawK8SClient)
+
 	ipamContext, err := ipamd.New(rawK8SClient, cacheK8SClient)
 	if err != nil {
 		log.Errorf("Initialization failure: %v", err)

config/master/aws-k8s-cni-cn.yaml

@@ -70,6 +70,10 @@ rules:
     resources:
       - '*'
     verbs: ["list", "watch"]
+  - apiGroups: ["", "events.k8s.io"]
+    resources:
+      - events
+    verbs: ["create", "patch", "list", "get"]
 ---
 # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1

config/master/aws-k8s-cni-us-gov-east-1.yaml

@@ -70,6 +70,10 @@ rules:
     resources:
       - '*'
     verbs: ["list", "watch"]
+  - apiGroups: ["", "events.k8s.io"]
+    resources:
+      - events
+    verbs: ["create", "patch", "list", "get"]
 ---
 # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1

config/master/aws-k8s-cni-us-gov-west-1.yaml

@@ -70,6 +70,10 @@ rules:
     resources:
       - '*'
     verbs: ["list", "watch"]
+  - apiGroups: ["", "events.k8s.io"]
+    resources:
+      - events
+    verbs: ["create", "patch", "list", "get"]
 ---
 # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1

config/master/aws-k8s-cni.yaml

@@ -70,6 +70,10 @@ rules:
     resources:
       - '*'
     verbs: ["list", "watch"]
+  - apiGroups: ["", "events.k8s.io"]
+    resources:
+      - events
+    verbs: ["create", "patch", "list", "get"]
 ---
 # Source: aws-vpc-cni/templates/clusterrolebinding.yaml
 apiVersion: rbac.authorization.k8s.io/v1

config/multus/v3.8.0-eksbuild.1/Readme.md

@@ -0,0 +1,2 @@
+## Changelog
+Multus source code in-sync with upstream Multus repo [v3.8](https://github.com/k8snetworkplumbingwg/multus-cni/releases/tag/v3.8)

config/multus/v3.8.0-eksbuild.1/aws-k8s-multus-cn.yaml

@@ -0,0 +1,165 @@
+---
+apiVersion: apiextensions.k8s.io/v1
+kind: CustomResourceDefinition
+metadata:
+  name: network-attachment-definitions.k8s.cni.cncf.io
+spec:
+  group: k8s.cni.cncf.io
+  scope: Namespaced
+  names:
+    plural: network-attachment-definitions
+    singular: network-attachment-definition
+    kind: NetworkAttachmentDefinition
+    shortNames:
+    - net-attach-def
+  versions:
+    - name: v1
+      served: true
+      storage: true
+      schema:
+        openAPIV3Schema:
+          description: 'NetworkAttachmentDefinition is a CRD schema specified by the Network Plumbing
+            Working Group to express the intent for attaching pods to one or more logical or physical
+            networks. More information available at: https://github.com/k8snetworkplumbingwg/multi-net-spec'
+          type: object
+          properties:
+            apiVersion:
+              description: 'APIVersion defines the versioned schema of this represen
+                tation of an object. Servers should convert recognized schemas to the
+                latest internal value, and may reject unrecognized values. More info:
+                https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources'
+              type: string
+            kind:
+              description: 'Kind is a string value representing the REST resource this
+                object represents. Servers may infer this from the endpoint the client
+                submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds'
+              type: string
+            metadata:
+              type: object
+            spec:
+              description: 'NetworkAttachmentDefinition spec defines the desired state of a network attachment'
+              type: object
+              properties:
+                config:
+                  description: 'NetworkAttachmentDefinition config is a JSON-formatted CNI configuration'
+                  type: string
+---
+kind: ClusterRole
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus
+rules:
+  - apiGroups: ["k8s.cni.cncf.io"]
+    resources:
+      - '*'
+    verbs:
+      - '*'
+  - apiGroups:
+      - ""
+    resources:
+      - pods
+      - pods/status
+    verbs:
+      - get
+      - update
+  - apiGroups:
+      - ""
+      - events.k8s.io
+    resources:
+      - events
+    verbs:
+      - create
+      - patch
+      - update
+---
+kind: ClusterRoleBinding
+apiVersion: rbac.authorization.k8s.io/v1
+metadata:
+  name: multus
+roleRef:
+  apiGroup: rbac.authorization.k8s.io
+  kind: ClusterRole
+  name: multus
+subjects:
+- kind: ServiceAccount
+  name: multus
+  namespace: kube-system
+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: multus
+  namespace: kube-system
+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: kube-multus-ds
+  namespace: kube-system
+  labels:
+    tier: node
+    app: multus
+    name: multus
+spec:
+  selector:
+    matchLabels:
+      name: multus
+  updateStrategy:
+    type: RollingUpdate
+  template:
+    metadata:
+      labels:
+        tier: node
+        app: multus
+        name: multus
+    spec:
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: kubernetes.io/os
+                operator: In
+                values:
+                - linux
+              - key: eks.amazonaws.com/compute-type
+                operator: NotIn
+                values:
+                - fargate
+      hostNetwork: true
+      tolerations:
+      - operator: Exists
+        effect: NoSchedule
+      serviceAccountName: multus
+      containers:
+      - name: kube-multus
+        image: 961992271922.dkr.ecr.cn-northwest-1.amazonaws.com.cn/eks/multus-cni:v3.8.0-eksbuild.1
+        command: ["/entrypoint.sh"]
+        args:
+        - "--multus-conf-file=auto"
+        - "--cni-version=0.4.0"
+        - "--multus-master-cni-file-name=10-aws.conflist"
+        - "--multus-log-level=error"
+        - "--multus-log-file=/var/log/aws-routed-eni/multus.log"
+        resources:
+          requests:
+            cpu: "100m"
+            memory: "50Mi"
+          limits:
+            cpu: "100m"
+            memory: "50Mi"
+        securityContext:
+          privileged: true
+        volumeMounts:
+        - name: cni
+          mountPath: /host/etc/cni/net.d
+        - name: cnibin
+          mountPath: /host/opt/cni/bin
+      terminationGracePeriodSeconds: 10
+      volumes:
+        - name: cni
+          hostPath:
+            path: /etc/cni/net.d
+        - name: cnibin
+          hostPath:
+            path: /opt/cni/bin