diff --git a/stable/appmesh-controller/Chart.yaml b/stable/appmesh-controller/Chart.yaml index ab9ed0315..6269b4be5 100644 --- a/stable/appmesh-controller/Chart.yaml +++ b/stable/appmesh-controller/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: appmesh-controller description: App Mesh controller Helm chart for Kubernetes -version: 1.11.0 -appVersion: 1.11.0 +version: 1.12.1 +appVersion: 1.12.1 home: https://github.com/aws/eks-charts icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/stable/appmesh-controller/ci/values.yaml b/stable/appmesh-controller/ci/values.yaml index c99fb2434..17cb9e0bb 100644 --- a/stable/appmesh-controller/ci/values.yaml +++ b/stable/appmesh-controller/ci/values.yaml @@ -5,5 +5,5 @@ accountId: 123456789 region: us-west-2 image: repository: public.ecr.aws/appmesh/appmesh-controller - tag: v1.11.0 + tag: v1.12.1 pullPolicy: IfNotPresent diff --git a/stable/appmesh-controller/templates/rbac.yaml b/stable/appmesh-controller/templates/rbac.yaml index 35acfa7f6..22ca9cf5a 100644 --- a/stable/appmesh-controller/templates/rbac.yaml +++ b/stable/appmesh-controller/templates/rbac.yaml @@ -17,6 +17,13 @@ rules: - apiGroups: [""] resources: [events] verbs: [create, patch] +- apiGroups: ["coordination.k8s.io"] + resources: [leases] + verbs: [create] +- apiGroups: ["coordination.k8s.io"] + resources: [leases] + resourceNames: [appmesh-controller-leader-election] + verbs: [get, update, patch] --- apiVersion: rbac.authorization.k8s.io/v1 kind: RoleBinding diff --git a/stable/appmesh-controller/test.yaml b/stable/appmesh-controller/test.yaml index 222d251c2..74c398d33 100644 --- a/stable/appmesh-controller/test.yaml +++ b/stable/appmesh-controller/test.yaml @@ -12,13 +12,13 @@ useAwsFIPSEndpoint: false image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.11.0 + tag: v1.12.1 pullPolicy: IfNotPresent sidecar: image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.25.1.0-prod + tag: v1.25.4.0-prod # sidecar.logLevel: Envoy log level can be info, warn, error or debug logLevel: info envoyAdminAccessPort: 9901 diff --git a/stable/appmesh-controller/values.yaml b/stable/appmesh-controller/values.yaml index 2e225759e..938705cef 100644 --- a/stable/appmesh-controller/values.yaml +++ b/stable/appmesh-controller/values.yaml @@ -13,13 +13,13 @@ useAwsFIPSEndpoint: false image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/amazon/appmesh-controller - tag: v1.11.0 + tag: v1.12.1 pullPolicy: IfNotPresent sidecar: image: repository: 840364872350.dkr.ecr.us-west-2.amazonaws.com/aws-appmesh-envoy - tag: v1.25.1.0-prod + tag: v1.25.4.0-prod # sidecar.logLevel: Envoy log level can be info, warn, error or debug logLevel: info envoyAdminAccessPort: 9901 diff --git a/stable/aws-for-fluent-bit/Chart.yaml b/stable/aws-for-fluent-bit/Chart.yaml index c3211212c..bef2e40a4 100644 --- a/stable/aws-for-fluent-bit/Chart.yaml +++ b/stable/aws-for-fluent-bit/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v1 name: aws-for-fluent-bit description: A Helm chart to deploy aws-for-fluent-bit project -version: 0.1.25 -appVersion: 2.28.4 +version: 0.1.27 +appVersion: 2.31.11 home: https://github.com/aws/eks-charts icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/stable/aws-for-fluent-bit/README.md b/stable/aws-for-fluent-bit/README.md index ec34f2be6..b6c46aa2f 100755 --- a/stable/aws-for-fluent-bit/README.md +++ b/stable/aws-for-fluent-bit/README.md @@ -30,7 +30,7 @@ helm delete aws-for-fluent-bit --namespace kube-system | - | - | - | - | `global.namespaceOverride` | Override the deployment namespace | Not set (`Release.Namespace`) | | `image.repository` | Image to deploy | `amazon/aws-for-fluent-bit` | ✔ -| `image.tag` | Image tag to deploy | `2.28.4` +| `image.tag` | Image tag to deploy | `stable` | | `image.pullPolicy` | Pull policy for the image | `IfNotPresent` | ✔ | `podSecurityContext` | Security Context for pod | `{}` | | `containerSecurityContext` | Security Context for container | `{}` | diff --git a/stable/aws-for-fluent-bit/templates/configmap.yaml b/stable/aws-for-fluent-bit/templates/configmap.yaml index 4f9eb5136..e2571b567 100755 --- a/stable/aws-for-fluent-bit/templates/configmap.yaml +++ b/stable/aws-for-fluent-bit/templates/configmap.yaml @@ -478,9 +478,9 @@ data: {{- end }} {{- if .Values.opensearch.suppressTypeName }} Suppress_Type_Name {{ .Values.opensearch.suppressTypeName }} - {{- end }} + {{- end -}} {{- if .Values.opensearch.extraOutputs }} -{{ .Values.opensearch.extraOutputsIndent_8 }} +{{ .Values.opensearch.extraOutputs | indent 8 }} {{- end }} {{- end }} diff --git a/stable/aws-for-fluent-bit/values.yaml b/stable/aws-for-fluent-bit/values.yaml index 59d34dfca..4a604becc 100644 --- a/stable/aws-for-fluent-bit/values.yaml +++ b/stable/aws-for-fluent-bit/values.yaml @@ -4,7 +4,7 @@ global: image: repository: public.ecr.aws/aws-observability/aws-for-fluent-bit - tag: 2.28.4 + tag: 2.31.11 pullPolicy: IfNotPresent imagePullSecrets: [] diff --git a/stable/aws-load-balancer-controller/Chart.yaml b/stable/aws-load-balancer-controller/Chart.yaml index f7ab53be1..363fff854 100644 --- a/stable/aws-load-balancer-controller/Chart.yaml +++ b/stable/aws-load-balancer-controller/Chart.yaml @@ -1,8 +1,8 @@ apiVersion: v2 name: aws-load-balancer-controller description: AWS Load Balancer Controller Helm chart for Kubernetes -version: 1.5.3 -appVersion: v2.5.2 +version: 1.5.4 +appVersion: v2.5.3 home: https://github.com/aws/eks-charts icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png sources: diff --git a/stable/aws-load-balancer-controller/README.md b/stable/aws-load-balancer-controller/README.md index 95e3154a5..ee4be9aad 100644 --- a/stable/aws-load-balancer-controller/README.md +++ b/stable/aws-load-balancer-controller/README.md @@ -82,6 +82,8 @@ kubectl apply -k "github.com/aws/eks-charts/stable/aws-load-balancer-controller/ If you are setting `enableCertManager: true` you need to have installed cert-manager and it's CRDs before installing this chart; to install [cert-manager](https://artifacthub.io/packages/helm/cert-manager/cert-manager) follow the installation guide. +The controller helm chart requires the cert-manager with apiVersion `cert-manager.io/v1`. + Set `cluster.dnsDomain` (default: `cluster.local`) to the actual DNS domain of your cluster to include the FQDN in requested TLS certificates. #### Installing the Prometheus Operator diff --git a/stable/aws-load-balancer-controller/templates/pdb.yaml b/stable/aws-load-balancer-controller/templates/pdb.yaml index 775adc4c1..f72abaf34 100644 --- a/stable/aws-load-balancer-controller/templates/pdb.yaml +++ b/stable/aws-load-balancer-controller/templates/pdb.yaml @@ -1,9 +1,5 @@ {{- if and .Values.podDisruptionBudget (gt (int .Values.replicaCount) 1) }} -{{- if .Capabilities.APIVersions.Has "policy/v1/PodDisruptionBudget" }} apiVersion: policy/v1 -{{- else }} -apiVersion: policy/v1beta1 -{{- end }} kind: PodDisruptionBudget metadata: name: {{ include "aws-load-balancer-controller.fullname" . }} diff --git a/stable/aws-load-balancer-controller/templates/webhook.yaml b/stable/aws-load-balancer-controller/templates/webhook.yaml index ec01d7c58..e7d557e41 100644 --- a/stable/aws-load-balancer-controller/templates/webhook.yaml +++ b/stable/aws-load-balancer-controller/templates/webhook.yaml @@ -212,11 +212,7 @@ data: tls.crt: {{ $tls.clientCert }} tls.key: {{ $tls.clientKey }} {{- else }} -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 -{{- else }} -apiVersion: cert-manager.io/v1alpha2 -{{- end }} kind: Certificate metadata: name: {{ template "aws-load-balancer-controller.namePrefix" . }}-serving-cert @@ -232,11 +228,7 @@ spec: name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer secretName: {{ template "aws-load-balancer-controller.webhookCertSecret" . }} --- -{{- if .Capabilities.APIVersions.Has "cert-manager.io/v1" }} apiVersion: cert-manager.io/v1 -{{- else }} -apiVersion: cert-manager.io/v1alpha2 -{{- end }} kind: Issuer metadata: name: {{ template "aws-load-balancer-controller.namePrefix" . }}-selfsigned-issuer diff --git a/stable/aws-load-balancer-controller/test.yaml b/stable/aws-load-balancer-controller/test.yaml index 54480f826..3c4a90754 100644 --- a/stable/aws-load-balancer-controller/test.yaml +++ b/stable/aws-load-balancer-controller/test.yaml @@ -6,7 +6,7 @@ replicaCount: 2 image: repository: public.ecr.aws/eks/aws-load-balancer-controller - tag: v2.5.2 + tag: v2.5.3 pullPolicy: IfNotPresent imagePullSecrets: [] diff --git a/stable/aws-load-balancer-controller/values.yaml b/stable/aws-load-balancer-controller/values.yaml index 874e565d7..dea199559 100644 --- a/stable/aws-load-balancer-controller/values.yaml +++ b/stable/aws-load-balancer-controller/values.yaml @@ -6,7 +6,7 @@ replicaCount: 2 image: repository: public.ecr.aws/eks/aws-load-balancer-controller - tag: v2.5.2 + tag: v2.5.3 pullPolicy: IfNotPresent imagePullSecrets: [] diff --git a/stable/aws-vpc-cni/Chart.yaml b/stable/aws-vpc-cni/Chart.yaml index 32a4bee0f..687b4c101 100644 --- a/stable/aws-vpc-cni/Chart.yaml +++ b/stable/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.2.8 -appVersion: "v1.12.6" +version: 1.13.2 +appVersion: "v1.13.2" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/stable/aws-vpc-cni/README.md b/stable/aws-vpc-cni/README.md index 2ecd2a148..29e5b39cf 100644 --- a/stable/aws-vpc-cni/README.md +++ b/stable/aws-vpc-cni/README.md @@ -18,7 +18,7 @@ helm repo add eks https://aws.github.io/eks-charts To install the chart with the release name `aws-vpc-cni` and default configuration: ```shell -$ helm install --name aws-vpc-cni --namespace kube-system eks/aws-vpc-cni +$ helm install aws-vpc-cni --namespace kube-system eks/aws-vpc-cni ``` To install into an EKS cluster where the CNI is already installed, see [this section below](#adopting-the-existing-aws-node-resources-in-an-eks-cluster) @@ -41,17 +41,19 @@ The following table lists the configurable parameters for this chart and their d | `eniConfig.subnets.securityGroups` | The IDs of the security groups which will be used in the ENIConfig | `nil` | | `env` | List of environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | +| `image.tag` | Image tag | `v1.13.2` | +| `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | -| `image.tag` | Image tag | `v1.12.6` | +| `image.endpoint` | ECR repository endpoint to use. | `ecr` | | `image.account` | ECR repository account number | `602401143452` | -| `image.domain` | ECR repository domain | `amazonaws.com` | | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | +| `init.image.tag` | Image tag | `v1.13.2` | +| `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | -| `init.image.tag` | Image tag | `v1.12.6` | +| `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | | `init.image.account` | ECR repository account number | `602401143452` | -| `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.pullPolicy` | Container pull policy | `IfNotPresent` | | `init.image.override` | A custom docker image to use | `nil` | | `init.env` | List of init container environment variables. See [here](https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables) for options | (see `values.yaml`) | @@ -65,20 +67,20 @@ The following table lists the configurable parameters for this chart and their d | `podAnnotations` | annotations to add to each pod | `{}` | | `podLabels` | Labels to add to each pod | `{}` | | `priorityClassName` | Name of the priorityClass | `system-node-critical` | -| `resources` | Resources for the pods | `requests.cpu: 10m` | +| `resources` | Resources for containers in pod | `requests.cpu: 25m` | | `securityContext` | Container Security context | `capabilities: add: - "NET_ADMIN" - "NET_RAW"` | | `serviceAccount.name` | The name of the ServiceAccount to use | `nil` | | `serviceAccount.create` | Specifies whether a ServiceAccount should be created | `true` | | `serviceAccount.annotations` | Specifies the annotations for ServiceAccount | `{}` | | `livenessProbe` | Livenness probe settings for daemonset | (see `values.yaml`) | | `readinessProbe` | Readiness probe settings for daemonset | (see `values.yaml`) | -| `tolerations` | Optional deployment tolerations | `[]` | +| `tolerations` | Optional deployment tolerations | `[{"operator": "Exists"}]` | | `updateStrategy` | Optional update strategy | `type: RollingUpdate` | Specify each parameter using the `--set key=value[,key=value]` argument to `helm install` or provide a YAML file containing the values for the above parameters: ```shell -$ helm install --name aws-vpc-cni --namespace kube-system eks/aws-vpc-cni --values values.yaml +$ helm install aws-vpc-cni --namespace kube-system eks/aws-vpc-cni --values values.yaml ``` ## Adopting the existing aws-node resources in an EKS cluster diff --git a/stable/aws-vpc-cni/templates/_helpers.tpl b/stable/aws-vpc-cni/templates/_helpers.tpl index 230aed771..591b09797 100644 --- a/stable/aws-vpc-cni/templates/_helpers.tpl +++ b/stable/aws-vpc-cni/templates/_helpers.tpl @@ -55,3 +55,25 @@ Create the name of the service account to use {{ default "default" .Values.serviceAccount.name }} {{- end -}} {{- end -}} + +{{/* +The aws-vpc-cni-init image to use +*/}} +{{- define "aws-vpc-cni.initImage" -}} +{{- if .Values.init.image.override }} +{{- .Values.init.image.override }} +{{- else }} +{{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni-init:%s" .Values.init.image.account .Values.init.image.endpoint .Values.init.image.region .Values.init.image.domain .Values.init.image.tag }} +{{- end }} +{{- end }} + +{{/* +The aws-vpc-cni image to use +*/}} +{{- define "aws-vpc-cni.image" -}} +{{- if .Values.image.override }} +{{- .Values.image.override }} +{{- else }} +{{- printf "%s.dkr.%s.%s.%s/amazon-k8s-cni:%s" .Values.image.account .Values.image.endpoint .Values.image.region .Values.image.domain .Values.image.tag }} +{{- end }} +{{- end }} diff --git a/stable/aws-vpc-cni/templates/clusterrole.yaml b/stable/aws-vpc-cni/templates/clusterrole.yaml index fb096ef0f..24b91556f 100644 --- a/stable/aws-vpc-cni/templates/clusterrole.yaml +++ b/stable/aws-vpc-cni/templates/clusterrole.yaml @@ -29,10 +29,6 @@ rules: resources: - nodes verbs: ["list", "watch", "get", "update"] - - apiGroups: ["extensions"] - resources: - - '*' - verbs: ["list", "watch"] - apiGroups: ["", "events.k8s.io"] resources: - events diff --git a/stable/aws-vpc-cni/templates/daemonset.yaml b/stable/aws-vpc-cni/templates/daemonset.yaml index 80f092b5e..a6877b1f8 100644 --- a/stable/aws-vpc-cni/templates/daemonset.yaml +++ b/stable/aws-vpc-cni/templates/daemonset.yaml @@ -40,7 +40,7 @@ spec: hostNetwork: true initContainers: - name: aws-vpc-cni-init - image: "{{- if .Values.init.image.override }}{{- .Values.init.image.override }}{{- else }}{{- .Values.init.image.account }}.dkr.ecr.{{- .Values.init.image.region }}.{{- .Values.init.image.domain }}/amazon-k8s-cni-init:{{- .Values.init.image.tag }}{{- end}}" + image: {{ include "aws-vpc-cni.initImage" . }} env: {{- range $key, $value := .Values.init.env }} - name: {{ $key }} @@ -48,12 +48,16 @@ spec: {{- end }} securityContext: {{- toYaml .Values.init.securityContext | nindent 12 }} + resources: + {{- toYaml .Values.resources | nindent 12 }} volumeMounts: - mountPath: /host/opt/cni/bin name: cni-bin-dir terminationGracePeriodSeconds: 10 + {{- with .Values.tolerations }} tolerations: - - operator: Exists + {{- toYaml . | nindent 8 }} + {{- end }} {{- with .Values.imagePullSecrets }} imagePullSecrets: {{- toYaml . | nindent 8 }} @@ -62,7 +66,7 @@ spec: {{- toYaml .Values.podSecurityContext | nindent 8 }} containers: - name: aws-node - image: "{{- if .Values.image.override }}{{- .Values.image.override }}{{- else }}{{- .Values.image.account }}.dkr.ecr.{{- .Values.image.region }}.{{- .Values.image.domain }}/amazon-k8s-cni:{{- .Values.image.tag }}{{- end}}" + image: {{ include "aws-vpc-cni.image" . }} ports: - containerPort: 61678 name: metrics @@ -80,10 +84,12 @@ spec: - name: MY_NODE_NAME valueFrom: fieldRef: + apiVersion: v1 fieldPath: spec.nodeName - name: MY_POD_NAME valueFrom: fieldRef: + apiVersion: v1 fieldPath: metadata.name resources: {{- toYaml .Values.resources | nindent 12 }} @@ -144,7 +150,3 @@ spec: affinity: {{- toYaml . | nindent 8 }} {{- end }} - {{- with .Values.tolerations }} - tolerations: - {{- toYaml . | nindent 8 }} - {{- end }} diff --git a/stable/aws-vpc-cni/values.yaml b/stable/aws-vpc-cni/values.yaml index 2584f4bf2..560aaeae5 100644 --- a/stable/aws-vpc-cni/values.yaml +++ b/stable/aws-vpc-cni/values.yaml @@ -8,12 +8,14 @@ nameOverride: aws-node init: image: - tag: v1.12.6 + tag: v1.13.2 + domain: amazonaws.com region: us-west-2 + endpoint: ecr account: "602401143452" pullPolicy: Always - domain: "amazonaws.com" # Set to use custom image + override: # override: "repo/org/image:tag" env: DISABLE_TCP_EARLY_DEMUX: "false" @@ -22,12 +24,14 @@ init: privileged: true image: + tag: v1.13.2 + domain: amazonaws.com region: us-west-2 - tag: v1.12.6 + endpoint: ecr account: "602401143452" - domain: "amazonaws.com" pullPolicy: Always # Set to use custom image + override: # override: "repo/org/image:tag" # The CNI supports a number of environment variable settings @@ -122,7 +126,8 @@ updateStrategy: nodeSelector: {} -tolerations: [] +tolerations: + - operator: Exists affinity: nodeAffinity: diff --git a/stable/cni-metrics-helper/Chart.yaml b/stable/cni-metrics-helper/Chart.yaml index 85dbad660..e90ca1001 100644 --- a/stable/cni-metrics-helper/Chart.yaml +++ b/stable/cni-metrics-helper/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v2 name: cni-metrics-helper -version: 0.1.18 -appVersion: v1.12.6 +version: 1.13.2 +appVersion: v1.13.2 description: A Helm chart for the AWS VPC CNI Metrics Helper icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/stable/cni-metrics-helper/README.md b/stable/cni-metrics-helper/README.md index fd203db57..6844957b9 100644 --- a/stable/cni-metrics-helper/README.md +++ b/stable/cni-metrics-helper/README.md @@ -47,12 +47,14 @@ The following table lists the configurable parameters for this chart and their d |------------------------------|---------------------------------------------------------------|--------------------| | fullnameOverride | Override the fullname of the chart | cni-metrics-helper | | image.region | ECR repository region to use. Should match your cluster | us-west-2 | -| image.tag | Image tag | v1.12.6 | +| image.tag | Image tag | v1.13.2 | | image.account | ECR repository account number | 602401143452 | | image.domain | ECR repository domain | amazonaws.com | | env.USE_CLOUDWATCH | Whether to export CNI metrics to CloudWatch | true | | env.AWS_CLUSTER_ID | ID of the cluster to use when exporting metrics to CloudWatch | default | | env.AWS_VPC_K8S_CNI_LOGLEVEL | Log verbosity level (ie. FATAL, ERROR, WARN, INFO, DEBUG) | INFO | +| env.METRIC_UPDATE_INTERVAL | Interval at which to update CloudWatch metrics, in seconds. | | +| | Metrics are published to CloudWatch at 2x the interval | 30 | | serviceAccount.name | The name of the ServiceAccount to use | nil | | serviceAccount.create | Specifies whether a ServiceAccount should be created | true | | serviceAccount.annotations | Specifies the annotations for ServiceAccount | {} | diff --git a/stable/cni-metrics-helper/values.yaml b/stable/cni-metrics-helper/values.yaml index 4088f3f26..a82025f44 100644 --- a/stable/cni-metrics-helper/values.yaml +++ b/stable/cni-metrics-helper/values.yaml @@ -4,7 +4,7 @@ nameOverride: cni-metrics-helper image: region: us-west-2 - tag: v1.12.6 + tag: v1.13.2 account: "602401143452" domain: "amazonaws.com" # Set to use custom image