Conversation
|
do we have any data about how many customer using self managed cluster with aws cni ? |
There was a problem hiding this comment.
Pull request overview
Removes the PolicyEndpoint CRD from the aws-vpc-cni Helm chart and the generated config/master manifests to avoid perpetual diffs (e.g., ArgoCD) now that EKS control plane installs the CRD.
Changes:
- Dropped
policyendpoints.networking.k8s.awsCRD from the Helm chart CRDs bundle. - Removed the same CRD from all
config/master/aws-k8s-cni*.yamlrendered manifests.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 1 comment.
Show a summary per file
| File | Description |
|---|---|
| config/master/aws-k8s-cni.yaml | Removes embedded PolicyEndpoint CRD from rendered manifest. |
| config/master/aws-k8s-cni-cn.yaml | Removes embedded PolicyEndpoint CRD from rendered manifest. |
| config/master/aws-k8s-cni-us-gov-east-1.yaml | Removes embedded PolicyEndpoint CRD from rendered manifest. |
| config/master/aws-k8s-cni-us-gov-west-1.yaml | Removes embedded PolicyEndpoint CRD from rendered manifest. |
| config/master/aws-k8s-cni-us-gov-west-1.yaml | Removes embedded PolicyEndpoint CRD from rendered manifest. |
| charts/aws-vpc-cni/crds/customresourcedefinition.yaml | Removes PolicyEndpoint CRD from chart CRDs so it’s no longer installed by Helm. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| names: | ||
| plural: eniconfigs | ||
| singular: eniconfig | ||
| kind: ENIConfig |
There was a problem hiding this comment.
This PR removes the PolicyEndpoint CRD from the chart, which changes behavior for self-managed clusters that enable network policy (they will now need to install the NPC CRDs/controllers separately). The chart docs (e.g., charts/aws-vpc-cni/README.md) don’t currently mention this prerequisite—please add a note and link to the NPC CRDs/install instructions so Helm users don’t end up with a partially-working network policy setup.
What type of PR is this?
cleanup
Which issue does this PR fix?: #3623
What does this PR do / Why do we need it?:
Removes the PE CRD since we install it via Control Plane and not Managed Addons. CRDs are present here for reference
https://github.com/aws/amazon-network-policy-controller-k8s/blob/main/charts/amazon-network-policy-controller-k8s/crds/crds.yaml
Testing done on this change: N/A. The CRD should come installed on an EKS cluster. For self managed clusters, customers have to install NPC to work together with NPA. If customers are not using NPA, they can disable it completely by setting --set nodeAgent.enabled=false
Will this PR introduce any new dependencies?: N/A
Will this break upgrades or downgrades? Has updating a running cluster been tested?:
N/A
Does this change require updates to the CNI daemonset config files to work?: N/A
Does this PR introduce any user-facing change?: Yes refer to comment in testing section. The change only affects customers using self managed cluster and using VPC CNI
By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.