feat(chart): Configure FIPS Endpoint

[JoeNorth]

What type of PR is this?

improvement

Which issue does this PR fix?:

What does this PR do / Why do we need it?:
Creates new .Values.fips value which sets AWS_USE_FIPS_ENDPOINT=true for each of the daemonset's containers. This configures the AWS SDK to use FIPS endpoints where regionally available.

Testing done on this change:

Tested in us-east-1 with FIPS builds of the chart's images.

aws-node time="2026-04-02T21:02:29Z" level=info msg="Starting IPAM daemon... "
aws-node time="2026-04-02T21:02:29Z" level=info msg="Checking for IPAM connectivity... "
aws-node time="2026-04-02T21:02:32Z" level=info msg="Copying config file... "
aws-node time="2026-04-02T21:02:32Z" level=info msg="Successfully copied CNI plugin binary and config file."
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Copying CNI plugin binaries ..."
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Copied all CNI plugin binaries to /host/opt/cni/bin"
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Found primaryMAC 0a:ff:d2:e1:81:cd"
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Found primaryIF enp39s0"
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Updated net/ipv4/conf/enp39s0/rp_filter to 2\n"
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="Updated net/ipv4/tcp_early_demux to 1\n"
aws-vpc-cni-init time="2026-04-02T21:02:24Z" level=info msg="CNI init container done"

Will this PR introduce any new dependencies?:

No
Will this break upgrades or downgrades? Has updating a running cluster been tested?:
No

Does this change require updates to the CNI daemonset config files to work?:

No
Does this PR introduce any user-facing change?:

FIPS option added to Helm chart to enable AWS_USE_FIPS_ENDPOINT

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[Copilot]

Pull request overview

Adds a Helm value to enable AWS SDK FIPS endpoints for the aws-vpc-cni DaemonSet, allowing users to opt into AWS_USE_FIPS_ENDPOINT=true where regional FIPS endpoints are available.

Changes:

• Introduces a new top-level Helm value .Values.fips (default false).
• Conditionally injects AWS_USE_FIPS_ENDPOINT=true into the init container, aws-node, and aws-eks-nodeagent containers when .Values.fips is enabled.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File	Description
charts/aws-vpc-cni/values.yaml	Adds the new fips chart value and a brief description.
charts/aws-vpc-cni/templates/daemonset.yaml	Wires the new fips value into container env var injection across the DaemonSet containers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.