diff --git a/pkg/addons/default/assets/aws-node.yaml b/pkg/addons/default/assets/aws-node.yaml index a8f847ab10..9dec0d57b7 100644 --- a/pkg/addons/default/assets/aws-node.yaml +++ b/pkg/addons/default/assets/aws-node.yaml @@ -78,14 +78,19 @@ spec: description: PolicyEndpoint is the Schema for the policyendpoints API properties: apiVersion: - description: 'APIVersion defines the versioned schema of this representation - of an object. Servers should convert recognized schemas to the latest - internal value, and may reject unrecognized values. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources' + description: |- + APIVersion defines the versioned schema of this representation of an object. + Servers should convert recognized schemas to the latest internal value, and + may reject unrecognized values. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#resources type: string kind: - description: 'Kind is a string value representing the REST resource this - object represents. Servers may infer this from the endpoint the client - submits requests to. Cannot be updated. In CamelCase. More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds' + description: |- + Kind is a string value representing the REST resource this object represents. + Servers may infer this from the endpoint the client submits requests to. + Cannot be updated. + In CamelCase. + More info: https://git.k8s.io/community/contributors/devel/sig-architecture/api-conventions.md#types-kinds type: string metadata: type: object @@ -102,6 +107,12 @@ spec: cidr: description: CIDR is the network address(s) of the endpoint type: string + domainName: + description: |- + DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only) + Note: This field should only be used in egress rules, not ingress + pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$ + type: string except: description: Except is the exceptions to the CIDR ranges mentioned above. @@ -115,9 +126,9 @@ spec: port/protocol properties: endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port + description: |- + Endport specifies the port range port to endPort + port must be defined and an integer, endPort > port format: int32 type: integer port: @@ -132,8 +143,6 @@ spec: type: string type: object type: array - required: - - cidr type: object type: array ingress: @@ -146,6 +155,12 @@ spec: cidr: description: CIDR is the network address(s) of the endpoint type: string + domainName: + description: |- + DomainName is the FQDN for the endpoint (mutually exclusive with CIDR, egress-only) + Note: This field should only be used in egress rules, not ingress + pattern: ^(\*\.)?([a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.)+[a-zA-z0-9]([-a-zA-Z0-9_]*[a-zA-Z0-9])?\.?$ + type: string except: description: Except is the exceptions to the CIDR ranges mentioned above. @@ -159,9 +174,9 @@ spec: port/protocol properties: endPort: - description: Endport specifies the port range port to - endPort port must be defined and an integer, endPort - > port + description: |- + Endport specifies the port range port to endPort + port must be defined and an integer, endPort > port format: int32 type: integer port: @@ -176,18 +191,17 @@ spec: type: string type: object type: array - required: - - cidr type: object type: array podIsolation: - description: PodIsolation specifies whether the pod needs to be isolated - for a particular traffic direction Ingress or Egress, or both. If - default isolation is not specified, and there are no ingress/egress - rules, then the pod is not isolated from the point of view of this - policy. This follows the NetworkPolicy spec.PolicyTypes. + description: |- + PodIsolation specifies whether the pod needs to be isolated for a + particular traffic direction Ingress or Egress, or both. If default isolation is not + specified, and there are no ingress/egress rules, then the pod is not isolated + from the point of view of this policy. This follows the NetworkPolicy spec.PolicyTypes. items: - description: PolicyType string describes the NetworkPolicy type + description: |- + PolicyType string describes the NetworkPolicy type This type is beta-level in 1.8 type: string type: array @@ -198,46 +212,48 @@ spec: description: matchExpressions is a list of label selector requirements. The requirements are ANDed. items: - description: A label selector requirement is a selector that - contains values, a key, and an operator that relates the key - and values. + description: |- + A label selector requirement is a selector that contains values, a key, and an operator that + relates the key and values. properties: key: description: key is the label key that the selector applies to. type: string operator: - description: operator represents a key's relationship to - a set of values. Valid operators are In, NotIn, Exists - and DoesNotExist. + description: |- + operator represents a key's relationship to a set of values. + Valid operators are In, NotIn, Exists and DoesNotExist. type: string values: - description: values is an array of string values. If the - operator is In or NotIn, the values array must be non-empty. - If the operator is Exists or DoesNotExist, the values - array must be empty. This array is replaced during a strategic + description: |- + values is an array of string values. If the operator is In or NotIn, + the values array must be non-empty. If the operator is Exists or DoesNotExist, + the values array must be empty. This array is replaced during a strategic merge patch. items: type: string type: array + x-kubernetes-list-type: atomic required: - key - operator type: object type: array + x-kubernetes-list-type: atomic matchLabels: additionalProperties: type: string - description: matchLabels is a map of {key,value} pairs. A single - {key,value} in the matchLabels map is equivalent to an element - of matchExpressions, whose key field is "key", the operator - is "In", and the values array contains only "value". The requirements - are ANDed. + description: |- + matchLabels is a map of {key,value} pairs. A single {key,value} in the matchLabels + map is equivalent to an element of matchExpressions, whose key field is "key", the + operator is "In", and the values array contains only "value". The requirements are ANDed. type: object type: object x-kubernetes-map-type: atomic podSelectorEndpoints: - description: PodSelectorEndpoints contains information about the pods + description: |- + PodSelectorEndpoints contains information about the pods matching the podSelector items: description: PodEndpoint defines the summary information for the @@ -300,7 +316,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.20.3" + app.kubernetes.io/version: "v1.21.0" --- # Source: aws-vpc-cni/templates/configmap.yaml apiVersion: v1 @@ -312,7 +328,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.20.3" + app.kubernetes.io/version: "v1.21.0" data: enable-windows-ipam: "false" enable-network-policy-controller: "false" @@ -331,7 +347,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.20.3" + app.kubernetes.io/version: "v1.21.0" rules: - apiGroups: - crd.k8s.amazonaws.com @@ -367,6 +383,8 @@ rules: resources: - cninodes verbs: ["get", "list", "watch", "patch"] + - nonResourceURLs: ["/apis/networking.k8s.aws", "/apis/networking.k8s.aws/*"] + verbs: ["get"] --- # Source: aws-vpc-cni/templates/clusterrolebinding.yaml apiVersion: rbac.authorization.k8s.io/v1 @@ -377,7 +395,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.20.3" + app.kubernetes.io/version: "v1.21.0" roleRef: apiGroup: rbac.authorization.k8s.io kind: ClusterRole @@ -397,7 +415,7 @@ metadata: app.kubernetes.io/name: aws-node app.kubernetes.io/instance: aws-vpc-cni k8s-app: aws-node - app.kubernetes.io/version: "v1.20.3" + app.kubernetes.io/version: "v1.21.0" spec: updateStrategy: rollingUpdate: @@ -418,7 +436,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.20.3 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni-init:v1.21.0 imagePullPolicy: Always env: - name: DISABLE_TCP_EARLY_DEMUX @@ -440,7 +458,7 @@ spec: {} containers: - name: aws-node - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.20.3 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.21.0 ports: - containerPort: 61678 name: metrics @@ -508,7 +526,7 @@ spec: - name: NETWORK_POLICY_ENFORCING_MODE value: "standard" - name: VPC_CNI_VERSION - value: "v1.20.3" + value: "v1.21.0" - name: WARM_ENI_TARGET value: "1" - name: WARM_PREFIX_TARGET @@ -543,7 +561,7 @@ spec: - mountPath: /run/xtables.lock name: xtables-lock - name: aws-eks-nodeagent - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.2.6 + image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon/aws-network-policy-agent:v1.3.0 imagePullPolicy: Always ports: - containerPort: 8162 diff --git a/pkg/addons/default/aws_node_test.go b/pkg/addons/default/aws_node_test.go index a8beaf76f4..237a888eb8 100644 --- a/pkg/addons/default/aws_node_test.go +++ b/pkg/addons/default/aws_node_test.go @@ -61,7 +61,7 @@ var _ = Describe("AWS Node", func() { Describe("UpdateAWSNode", func() { var preUpdateAwsNode *v1.DaemonSet - const expectedVersion = "v1.20.3" + const expectedVersion = "v1.21.0" BeforeEach(func() { loadSamples(rawClient, "testdata/sample-1.15.json")