diff --git a/stable/aws-vpc-cni/Chart.yaml b/stable/aws-vpc-cni/Chart.yaml index 47f9b1728..f5c129fdd 100644 --- a/stable/aws-vpc-cni/Chart.yaml +++ b/stable/aws-vpc-cni/Chart.yaml @@ -1,7 +1,7 @@ apiVersion: v1 name: aws-vpc-cni -version: 1.19.3 -appVersion: "v1.19.3" +version: 1.19.4 +appVersion: "v1.19.4" description: A Helm chart for the AWS VPC CNI icon: https://raw.githubusercontent.com/aws/eks-charts/master/docs/logo/aws.png home: https://github.com/aws/amazon-vpc-cni-k8s diff --git a/stable/aws-vpc-cni/README.md b/stable/aws-vpc-cni/README.md index 329446b35..f3713cee7 100644 --- a/stable/aws-vpc-cni/README.md +++ b/stable/aws-vpc-cni/README.md @@ -48,7 +48,7 @@ The following table lists the configurable parameters for this chart and their d | `minimumWindowsIPTarget`| Minimum IP target value for Windows prefix delegation | `3` | | `branchENICooldown` | Number of seconds that branch ENIs remain in cooldown | `60` | | `fullnameOverride` | Override the fullname of the chart | `aws-node` | -| `image.tag` | Image tag | `v1.19.3` | +| `image.tag` | Image tag | `v1.19.4` | | `image.domain` | ECR repository domain | `amazonaws.com` | | `image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -56,7 +56,7 @@ The following table lists the configurable parameters for this chart and their d | `image.pullPolicy` | Container pull policy | `IfNotPresent` | | `image.override` | A custom docker image to use | `nil` | | `imagePullSecrets` | Docker registry pull secret | `[]` | -| `init.image.tag` | Image tag | `v1.19.3` | +| `init.image.tag` | Image tag | `v1.19.4` | | `init.image.domain` | ECR repository domain | `amazonaws.com` | | `init.image.region` | ECR repository region to use. Should match your cluster | `us-west-2` | | `init.image.endpoint` | ECR repository endpoint to use. | `ecr` | @@ -69,7 +69,7 @@ The following table lists the configurable parameters for this chart and their d | `originalMatchLabels` | Use the original daemonset matchLabels | `false` | | `nameOverride` | Override the name of the chart | `aws-node` | | `nodeAgent.enabled` | If the Node Agent container should be created | `true` | -| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.2.0` | +| `nodeAgent.image.tag` | Image tag for Node Agent | `v1.2.1` | | `nodeAgent.image.domain`| ECR repository domain | `amazonaws.com` | | `nodeAgent.image.region`| ECR repository region to use. Should match your cluster | `us-west-2` | | `nodeAgent.image.endpoint` | ECR repository endpoint to use. | `ecr` | diff --git a/stable/aws-vpc-cni/templates/daemonset.yaml b/stable/aws-vpc-cni/templates/daemonset.yaml index e41879d51..f4a3c9031 100644 --- a/stable/aws-vpc-cni/templates/daemonset.yaml +++ b/stable/aws-vpc-cni/templates/daemonset.yaml @@ -81,8 +81,13 @@ spec: timeoutSeconds: {{ .Values.readinessProbeTimeoutSeconds }} env: {{- range $key, $value := .Values.env }} + {{- $skipKey := and (eq $key "NETWORK_POLICY_ENFORCING_MODE") (not $.Values.nodeAgent.enabled) }} + {{- if not $skipKey }} - name: {{ $key }} value: {{ $value | quote }} + {{- else }} + # Skipping NETWORK_POLICY_ENFORCING_MODE because nodeAgent is disabled + {{- end }} {{- end }} {{- with .Values.extraEnv }} {{- toYaml .| nindent 12 }} @@ -128,6 +133,9 @@ spec: - name: aws-eks-nodeagent image: {{ include "aws-vpc-cni.nodeAgentImage" . }} imagePullPolicy: {{ .Values.nodeAgent.image.pullPolicy }} + ports: + - containerPort: {{ .Values.nodeAgent.metricsBindAddr}} + name: agentmetrics env: - name: MY_NODE_NAME valueFrom: diff --git a/stable/aws-vpc-cni/templates/eniconfig.yaml b/stable/aws-vpc-cni/templates/eniconfig.yaml index 90066142d..d43491c6d 100644 --- a/stable/aws-vpc-cni/templates/eniconfig.yaml +++ b/stable/aws-vpc-cni/templates/eniconfig.yaml @@ -3,7 +3,7 @@ apiVersion: crd.k8s.amazonaws.com/v1alpha1 kind: ENIConfig metadata: - name: {{ $key }} + name: "{{ $key }}" spec: {{- if $value.securityGroups }} securityGroups: diff --git a/stable/aws-vpc-cni/templates/podmonitor.yaml b/stable/aws-vpc-cni/templates/podmonitor.yaml new file mode 100644 index 000000000..e507a7e91 --- /dev/null +++ b/stable/aws-vpc-cni/templates/podmonitor.yaml @@ -0,0 +1,40 @@ +{{- if .Values.podMonitor.create }} +apiVersion: monitoring.coreos.com/v1 +kind: PodMonitor +metadata: + name: {{ include "aws-vpc-cni.fullname" . }} + namespace: {{ .Release.Namespace }} + labels: + {{- with .Values.podMonitor.labels }} + {{- toYaml . | nindent 4 }} + {{- end }} + {{- with .Values.podMonitor.annotations }} + annotations: + {{- toYaml . | nindent 4 }} + {{- end }} +spec: + jobLabel: {{ include "aws-vpc-cni.fullname" . }} + namespaceSelector: + matchNames: + - {{ .Release.Namespace }} + podMetricsEndpoints: + - interval: {{ .Values.podMonitor.interval }} + path: /metrics + port: metrics + {{- with .Values.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- if .Values.nodeAgent.enabled }} + - interval: {{ .Values.podMonitor.interval }} + path: /metrics + port: agentmetrics + {{- with .Values.podMonitor.relabelings }} + relabelings: + {{- toYaml . | nindent 6 }} + {{- end }} + {{- end }} + selector: + matchLabels: + k8s-app: aws-node +{{- end }} diff --git a/stable/aws-vpc-cni/values.yaml b/stable/aws-vpc-cni/values.yaml index b98b00711..1db96660f 100644 --- a/stable/aws-vpc-cni/values.yaml +++ b/stable/aws-vpc-cni/values.yaml @@ -8,7 +8,7 @@ nameOverride: aws-node init: image: - tag: v1.19.3 + tag: v1.19.4 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -27,7 +27,7 @@ init: nodeAgent: enabled: true image: - tag: v1.2.0 + tag: v1.2.1 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -51,7 +51,7 @@ nodeAgent: resources: {} image: - tag: v1.19.3 + tag: v1.19.4 domain: amazonaws.com region: us-west-2 endpoint: ecr @@ -85,7 +85,7 @@ env: ENABLE_IPv4: "true" ENABLE_IPv6: "false" ENABLE_SUBNET_DISCOVERY: "true" - VPC_CNI_VERSION: "v1.19.3" + VPC_CNI_VERSION: "v1.19.4" NETWORK_POLICY_ENFORCING_MODE: "standard" # Add env from configMap or from secrets @@ -231,3 +231,17 @@ eniConfig: # id: subnet-789 # securityGroups: # - sg-789 + +podMonitor: + # Create Prometheus podMonitor + create: false + # Annotations to add to the Prometheus podMonitor + annotations: {} + # Labels to add to the Prometheus podMonitor + labels: {} + # The interval to scrape metrics. + interval: 30s + # The timeout before a metrics scrape fails. + scrapeTimeout: 30s + # relabelings to apply to the podMonitor + relabelings: []