Merge branch 'master' into update/aws-for-fluent-bit

aws · Jul 7, 2023 · 3746c5c · 3746c5c
2 parents 0702f25 + 979d92b
commit 3746c5c
Show file tree

Hide file tree

Showing 24 changed files with 85 additions and 59 deletions.
diff --git a/stable/appmesh-controller/Chart.yaml b/stable/appmesh-controller/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: appmesh-controller
 description: App Mesh controller Helm chart for Kubernetes
-version: 1.11.0
-appVersion: 1.11.0
+version: 1.12.1
+appVersion: 1.12.1
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

diff --git a/stable/appmesh-controller/ci/values.yaml b/stable/appmesh-controller/ci/values.yaml
@@ -5,5 +5,5 @@ accountId: 123456789
 region: us-west-2
 image:
   repository: public.ecr.aws/appmesh/appmesh-controller
-  tag: v1.11.0
+  tag: v1.12.1
   pullPolicy: IfNotPresent
diff --git a/stable/appmesh-controller/templates/rbac.yaml b/stable/appmesh-controller/templates/rbac.yaml
@@ -17,6 +17,13 @@ rules:
 - apiGroups: [""]
   resources: [events]
   verbs: [create, patch]
+- apiGroups: ["coordination.k8s.io"]
+  resources: [leases]
+  verbs: [create]
+- apiGroups: ["coordination.k8s.io"]
+  resources: [leases]
+  resourceNames: [appmesh-controller-leader-election]
+  verbs: [get, update, patch]
 ---
 apiVersion: rbac.authorization.k8s.io/v1
 kind: RoleBinding

diff --git a/stable/appmesh-controller/test.yaml b/stable/appmesh-controller/test.yaml
@@ -12,13 +12,13 @@ useAwsFIPSEndpoint: false
 
 image:
   repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller
-  tag: v1.11.0
+  tag: v1.12.1
   pullPolicy: IfNotPresent
 
 sidecar:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy
-    tag: v1.25.1.0-prod
+    tag: v1.25.4.0-prod
     # sidecar.logLevel: Envoy log level can be info, warn, error or debug
   logLevel: info
   envoyAdminAccessPort: 9901

diff --git a/stable/appmesh-controller/values.yaml b/stable/appmesh-controller/values.yaml
@@ -13,13 +13,13 @@ useAwsFIPSEndpoint: false
 
 image:
   repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller
-  tag: v1.11.0
+  tag: v1.12.1
   pullPolicy: IfNotPresent
 
 sidecar:
   image:
     repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy
-    tag: v1.25.1.0-prod
+    tag: v1.25.4.0-prod
     # sidecar.logLevel: Envoy log level can be info, warn, error or debug
   logLevel: info
   envoyAdminAccessPort: 9901

diff --git a/stable/aws-for-fluent-bit/Chart.yaml b/stable/aws-for-fluent-bit/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v1
 name: aws-for-fluent-bit
 description: A Helm chart to deploy aws-for-fluent-bit project
-version: 0.1.25
-appVersion: 2.28.4
+version: 0.1.27
+appVersion: 2.31.11
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

diff --git a/stable/aws-for-fluent-bit/README.md b/stable/aws-for-fluent-bit/README.md
@@ -30,7 +30,7 @@ helm delete aws-for-fluent-bit --namespace kube-system
 | - | - | - | -
 | `global.namespaceOverride` | Override the deployment namespace | Not set (`Release.Namespace`) |
 | `image.repository` | Image to deploy | `amazon/aws-for-fluent-bit` | ✔
-| `image.tag` | Image tag to deploy | `2.28.4`
+| `image.tag` | Image tag to deploy | `stable` |
 | `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | ✔
 | `podSecurityContext` | Security Context for pod | `{}` | 
 | `containerSecurityContext` | Security Context for container | `{}` | 

diff --git a/stable/aws-for-fluent-bit/templates/configmap.yaml b/stable/aws-for-fluent-bit/templates/configmap.yaml
@@ -478,9 +478,9 @@ data:
         {{- end }}
         {{- if .Values.opensearch.suppressTypeName }}
         Suppress_Type_Name  {{ .Values.opensearch.suppressTypeName }}
-        {{- end }}
+        {{- end -}}
         {{- if .Values.opensearch.extraOutputs }}
-{{ .Values.opensearch.extraOutputsIndent_8 }}
+{{ .Values.opensearch.extraOutputs | indent 8 }}
         {{- end }}
 {{- end }}
 

diff --git a/stable/aws-for-fluent-bit/values.yaml b/stable/aws-for-fluent-bit/values.yaml
@@ -4,7 +4,7 @@ global:
 
 image:
   repository: public.ecr.aws/aws-observability/aws-for-fluent-bit
-  tag: 2.28.4
+  tag: 2.31.11
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []

diff --git a/stable/aws-load-balancer-controller/Chart.yaml b/stable/aws-load-balancer-controller/Chart.yaml
@@ -1,8 +1,8 @@
 apiVersion: v2
 name: aws-load-balancer-controller
 description: AWS Load Balancer Controller Helm chart for Kubernetes
-version: 1.5.3
-appVersion: v2.5.2
+version: 1.5.4
+appVersion: v2.5.3
 home: https://github.com/aws/eks-charts
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 sources:

diff --git a/stable/aws-load-balancer-controller/README.md b/stable/aws-load-balancer-controller/README.md
@@ -82,6 +82,8 @@ kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/
 
 If you are setting `enableCertManager: true` you need to have installed cert-manager and it's CRDs before installing this chart; to install [cert-manager](https://artifacthub.io/packages/helm/cert-manager/cert-manager) follow the installation guide.
 
+The controller helm chart requires the cert-manager with apiVersion `cert-manager.io/v1`.
+
 Set `cluster.dnsDomain` (default: `cluster.local`) to the actual DNS domain of your cluster to include the FQDN in requested TLS certificates.
 
 #### Installing the Prometheus Operator

diff --git a/stable/aws-load-balancer-controller/templates/pdb.yaml b/stable/aws-load-balancer-controller/templates/pdb.yaml
@@ -1,9 +1,5 @@
 {{- if and .Values.podDisruptionBudget (gt (int .Values.replicaCount) 1) }}
-{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }}
 apiVersion: policy/v1
-{{- else }}
-apiVersion: policy/v1beta1
-{{- end }}
 kind: PodDisruptionBudget
 metadata:
   name: {{ include "aws-load-balancer-controller.fullname" . }}

diff --git a/stable/aws-load-balancer-controller/templates/webhook.yaml b/stable/aws-load-balancer-controller/templates/webhook.yaml
@@ -212,11 +212,7 @@ data:
   tls.crt: {{ $tls.clientCert }}
   tls.key: {{ $tls.clientKey }}
 {{- else }}
-{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
 apiVersion: cert-manager.io/v1
-{{- else }}
-apiVersion: cert-manager.io/v1alpha2
-{{- end }}
 kind: Certificate
 metadata:
   name: {{ template "aws-load-balancer-controller.namePrefix" . }}-serving-cert
@@ -232,11 +228,7 @@ spec:
     name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer
   secretName: {{ template "aws-load-balancer-controller.webhookCertSecret" . }}
 ---
-{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }}
 apiVersion: cert-manager.io/v1
-{{- else }}
-apiVersion: cert-manager.io/v1alpha2
-{{- end }}
 kind: Issuer
 metadata:
   name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer

diff --git a/stable/aws-load-balancer-controller/test.yaml b/stable/aws-load-balancer-controller/test.yaml
@@ -6,7 +6,7 @@ replicaCount: 2
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.5.2
+  tag: v2.5.3
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []

diff --git a/stable/aws-load-balancer-controller/values.yaml b/stable/aws-load-balancer-controller/values.yaml
@@ -6,7 +6,7 @@ replicaCount: 2
 
 image:
   repository: public.ecr.aws/eks/aws-load-balancer-controller
-  tag: v2.5.2
+  tag: v2.5.3
   pullPolicy: IfNotPresent
 
 imagePullSecrets: []

diff --git a/stable/aws-vpc-cni/Chart.yaml b/stable/aws-vpc-cni/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v1
 name: aws-vpc-cni
-version: 1.2.8
-appVersion: "v1.12.6"
+version: 1.13.2
+appVersion: "v1.13.2"
 description: A Helm chart for the AWS VPC CNI
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s

diff --git a/stable/aws-vpc-cni/README.md b/stable/aws-vpc-cni/README.md
@@ -18,7 +18,7 @@ helm repo add eks https://aws.github.io/eks-charts
 To install the chart with the release name `aws-vpc-cni` and default configuration:
 
 ```shell
-$ helm install --name aws-vpc-cni --namespace kube-system eks/aws-vpc-cni
+$ helm install aws-vpc-cni --namespace kube-system eks/aws-vpc-cni
 ```
 
 To install into an EKS cluster where the CNI is already installed, see [this section below](#adopting-the-existing-aws-node-resources-in-an-eks-cluster)
@@ -41,17 +41,19 @@ The following table lists the configurable parameters for this chart and their d
 | `eniConfig.subnets.securityGroups`  | The IDs of the security groups which will be used in the ENIConfig | `nil`        |
 | `env`                   | List of environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) |
 | `fullnameOverride`      | Override the fullname of the chart                      | `aws-node`                          |
+| `image.tag`             | Image tag                                               | `v1.13.2`                           |
+| `image.domain`          | ECR repository domain                                   | `amazonaws.com`                     |
 | `image.region`          | ECR repository region to use. Should match your cluster | `us-west-2`                         |
-| `image.tag`             | Image tag                                               | `v1.12.6`                           |
+| `image.endpoint`        | ECR repository endpoint to use.                         | `ecr`                               |
 | `image.account`         | ECR repository account number                           | `602401143452`                      |
-| `image.domain`          | ECR repository domain                                   | `amazonaws.com`                     |
 | `image.pullPolicy`      | Container pull policy                                   | `IfNotPresent`                      |
 | `image.override`        | A custom docker image to use                            | `nil`                               |
 | `imagePullSecrets`      | Docker registry pull secret                             | `[]`                                |
+| `init.image.tag`        | Image tag                                               | `v1.13.2`                           |
+| `init.image.domain`     | ECR repository domain                                   | `amazonaws.com`                     |
 | `init.image.region`     | ECR repository region to use. Should match your cluster | `us-west-2`                         |
-| `init.image.tag`        | Image tag                                               | `v1.12.6`                           |
+| `init.image.endpoint`   | ECR repository endpoint to use.                         | `ecr`                               |
 | `init.image.account`    | ECR repository account number                           | `602401143452`                      |
-| `init.image.domain`     | ECR repository domain                                   | `amazonaws.com`                     |
 | `init.image.pullPolicy` | Container pull policy                                   | `IfNotPresent`                      |
 | `init.image.override`   | A custom docker image to use                            | `nil`                               |
 | `init.env`              | List of init container environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) |
@@ -65,20 +67,20 @@ The following table lists the configurable parameters for this chart and their d
 | `podAnnotations`        | annotations to add to each pod                          | `{}`                                |
 | `podLabels`             | Labels to add to each pod                               | `{}`                                |
 | `priorityClassName`     | Name of the priorityClass                               | `system-node-critical`              |
-| `resources`             | Resources for the pods                                  | `requests.cpu: 10m`                 |
+| `resources`             | Resources for containers in pod                         | `requests.cpu: 25m`                 |
 | `securityContext`       | Container Security context                              | `capabilities: add: - "NET_ADMIN" - "NET_RAW"`  |
 | `serviceAccount.name`   | The name of the ServiceAccount to use                   | `nil`                               |
 | `serviceAccount.create` | Specifies whether a ServiceAccount should be created    | `true`                              |
 | `serviceAccount.annotations` | Specifies the annotations for ServiceAccount       | `{}`                                |
 | `livenessProbe`         | Livenness probe settings for daemonset                  | (see `values.yaml`)                 |
 | `readinessProbe`        | Readiness probe settings for daemonset                  | (see `values.yaml`)                 |
-| `tolerations`           | Optional deployment tolerations                         | `[]`                                |
+| `tolerations`           | Optional deployment tolerations                         | `[{"operator": "Exists"}]`          |
 | `updateStrategy`        | Optional update strategy                                | `type: RollingUpdate`               |
 
 Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters:
 
 ```shell
-$ helm install --name aws-vpc-cni --namespace kube-system eks/aws-vpc-cni --values values.yaml
+$ helm install aws-vpc-cni --namespace kube-system eks/aws-vpc-cni --values values.yaml
 ```
 
 ## Adopting the existing aws-node resources in an EKS cluster

diff --git a/stable/aws-vpc-cni/templates/_helpers.tpl b/stable/aws-vpc-cni/templates/_helpers.tpl
@@ -55,3 +55,25 @@ Create the name of the service account to use
     {{ default "default" .Values.serviceAccount.name }}
 {{- end -}}
 {{- end -}}
+
+{{/*
+The aws-vpc-cni-init image to use
+*/}}
+{{- define "aws-vpc-cni.initImage" -}}
+{{- if .Values.init.image.override }}
+{{- .Values.init.image.override }}
+{{- else }}
+{{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni-init:%s" .Values.init.image.account .Values.init.image.endpoint .Values.init.image.region .Values.init.image.domain .Values.init.image.tag }}
+{{- end }}
+{{- end }}
+
+{{/*
+The aws-vpc-cni image to use
+*/}}
+{{- define "aws-vpc-cni.image" -}}
+{{- if .Values.image.override }}
+{{- .Values.image.override }}
+{{- else }}
+{{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni:%s" .Values.image.account .Values.image.endpoint .Values.image.region .Values.image.domain .Values.image.tag }}
+{{- end }}
+{{- end }}
diff --git a/stable/aws-vpc-cni/templates/clusterrole.yaml b/stable/aws-vpc-cni/templates/clusterrole.yaml
@@ -29,10 +29,6 @@ rules:
     resources:
       - nodes
     verbs: ["list", "watch", "get", "update"]
-  - apiGroups: ["extensions"]
-    resources:
-      - '*'
-    verbs: ["list", "watch"]
   - apiGroups: ["", "events.k8s.io"]
     resources:
       - events

diff --git a/stable/aws-vpc-cni/templates/daemonset.yaml b/stable/aws-vpc-cni/templates/daemonset.yaml
@@ -40,20 +40,24 @@ spec:
       hostNetwork: true
       initContainers:
       - name: aws-vpc-cni-init
-        image: "{{- if .Values.init.image.override }}{{- .Values.init.image.override }}{{- else }}{{- .Values.init.image.account }}.dkr.ecr.{{- .Values.init.image.region }}.{{- .Values.init.image.domain }}/amazon-k8s-cni-init:{{- .Values.init.image.tag }}{{- end}}"
+        image: {{ include "aws-vpc-cni.initImage" . }}
         env:
 {{- range $key, $value := .Values.init.env }}
           - name: {{ $key }}
             value: {{ $value | quote }}
 {{- end }}
         securityContext:
           {{- toYaml .Values.init.securityContext | nindent 12 }}
+        resources:
+          {{- toYaml .Values.resources | nindent 12 }}
         volumeMounts:
           - mountPath: /host/opt/cni/bin
             name: cni-bin-dir
       terminationGracePeriodSeconds: 10
+      {{- with .Values.tolerations }}
       tolerations:
-        - operator: Exists
+        {{- toYaml . | nindent 8 }}
+      {{- end }}
     {{- with .Values.imagePullSecrets }}
       imagePullSecrets:
         {{- toYaml . | nindent 8 }}
@@ -62,7 +66,7 @@ spec:
         {{- toYaml .Values.podSecurityContext | nindent 8 }}
       containers:
         - name: aws-node
-          image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/amazon-k8s-cni:{{- .Values.image.tag }}{{- end}}"
+          image: {{ include "aws-vpc-cni.image" . }}
           ports:
             - containerPort: 61678
               name: metrics
@@ -80,10 +84,12 @@ spec:
             - name: MY_NODE_NAME
               valueFrom:
                 fieldRef:
+                  apiVersion: v1
                   fieldPath: spec.nodeName
             - name: MY_POD_NAME
               valueFrom:
                 fieldRef:
+                  apiVersion: v1
                   fieldPath: metadata.name
           resources:
             {{- toYaml .Values.resources | nindent 12 }}
@@ -144,7 +150,3 @@ spec:
       affinity:
         {{- toYaml . | nindent 8 }}
     {{- end }}
-    {{- with .Values.tolerations }}
-      tolerations:
-        {{- toYaml . | nindent 8 }}
-    {{- end }}
diff --git a/stable/aws-vpc-cni/values.yaml b/stable/aws-vpc-cni/values.yaml
@@ -8,12 +8,14 @@ nameOverride: aws-node
 
 init:
   image:
-    tag: v1.12.6
+    tag: v1.13.2
+    domain: amazonaws.com
     region: us-west-2
+    endpoint: ecr
     account: "602401143452"
     pullPolicy: Always
-    domain: "amazonaws.com"
     # Set to use custom image
+    override:
     # override: "repo/org/image:tag"
   env:
     DISABLE_TCP_EARLY_DEMUX: "false"
@@ -22,12 +24,14 @@ init:
     privileged: true
 
 image:
+  tag: v1.13.2
+  domain: amazonaws.com
   region: us-west-2
-  tag: v1.12.6
+  endpoint: ecr
   account: "602401143452"
-  domain: "amazonaws.com"
   pullPolicy: Always
   # Set to use custom image
+  override:
   # override: "repo/org/image:tag"
 
 # The CNI supports a number of environment variable settings
@@ -122,7 +126,8 @@ updateStrategy:
 
 nodeSelector: {}
 
-tolerations: []
+tolerations:
+  - operator: Exists
 
 affinity:
   nodeAffinity:

diff --git a/stable/cni-metrics-helper/Chart.yaml b/stable/cni-metrics-helper/Chart.yaml
@@ -1,7 +1,7 @@
 apiVersion: v2
 name: cni-metrics-helper
-version: 0.1.18
-appVersion: v1.12.6
+version: 1.13.2
+appVersion: v1.13.2
 description: A Helm chart for the AWS VPC CNI Metrics Helper
 icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png
 home: https://github.com/aws/amazon-vpc-cni-k8s