Release v1.7.4 Release · aws/amazon-vpc-cni-k8s

This is a patch release to address issue #1241 where the CNI will fail to start on kernels older than 4.6.

The issue is caused by the init container assuming that the net.ipv4.tcp_early_demux key will be present. The early TCP demux change that breaks TCP connections from kubelet to pods using per pod security groups was added in kernel 3.6, but the flag to disable it was not added until 4.6. This means using TCP health checks for per pod security groups requires at least Linux kernel 4.6.

Changes since v1.7.3

Bug - Ignore error on enabling TCP early demux for old kernels (#1242, @mogren)

If you want to apply this config to one of your clusters:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/aws-k8s-cni.yaml

Verify the update:

kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2

amazon-k8s-cni-init:v1.7.4
amazon-k8s-cni:v1.7.4

To use version v1.7.4 of the cni-metrics-helper in a cluster:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.7.4/config/v1.7/cni-metrics-helper.yaml

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v1.7.4 Release