From 634e0c5285aaf79141f3de070d64b0a67216504a Mon Sep 17 00:00:00 2001 From: Alex Monk Date: Thu, 6 Aug 2020 17:42:48 +0100 Subject: [PATCH 1/2] Update AWS VPC CNI and KubeProxy for EKS 1.16 https://docs.aws.amazon.com/eks/latest/userguide/update-cluster.html recommends: * AWS VPC CNI 1.6.3 (note they've also updated the 1.15 recommendation to this as well) * CoreDNS 1.6.6 (which we have) * KubeProxy 1.16.12 --- charts/gsp-cluster/templates/00-aws-auth/aws-vpc-cni.yaml | 2 +- charts/gsp-cluster/templates/00-aws-auth/kube-proxy.yaml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/charts/gsp-cluster/templates/00-aws-auth/aws-vpc-cni.yaml b/charts/gsp-cluster/templates/00-aws-auth/aws-vpc-cni.yaml index c965e086f..9667b95cf 100644 --- a/charts/gsp-cluster/templates/00-aws-auth/aws-vpc-cni.yaml +++ b/charts/gsp-cluster/templates/00-aws-auth/aws-vpc-cni.yaml @@ -100,7 +100,7 @@ spec: tolerations: - operator: Exists containers: - - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.1 + - image: 602401143452.dkr.ecr.us-west-2.amazonaws.com/amazon-k8s-cni:v1.6.3 imagePullPolicy: Always ports: - containerPort: 61678 diff --git a/charts/gsp-cluster/templates/00-aws-auth/kube-proxy.yaml b/charts/gsp-cluster/templates/00-aws-auth/kube-proxy.yaml index 126eff246..0c9e6f05c 100644 --- a/charts/gsp-cluster/templates/00-aws-auth/kube-proxy.yaml +++ b/charts/gsp-cluster/templates/00-aws-auth/kube-proxy.yaml @@ -37,7 +37,7 @@ spec: - /bin/sh - -c - kube-proxy --v=2 --config=/var/lib/kube-proxy-config/config - image: 602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/kube-proxy:v1.15.11 + image: 602401143452.dkr.ecr.eu-west-2.amazonaws.com/eks/kube-proxy:v1.16.12 imagePullPolicy: IfNotPresent name: kube-proxy resources: From 566cd0e6b3e66f2ec8ab98b30ed4c80dce1c51c6 Mon Sep 17 00:00:00 2001 From: Alex Monk Date: Thu, 6 Aug 2020 17:54:19 +0100 Subject: [PATCH 2/2] Update Calico too --- charts/gsp-cluster/templates/02-gsp-system/calico.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/charts/gsp-cluster/templates/02-gsp-system/calico.yaml b/charts/gsp-cluster/templates/02-gsp-system/calico.yaml index 62e4b518a..aa4bdb92f 100644 --- a/charts/gsp-cluster/templates/02-gsp-system/calico.yaml +++ b/charts/gsp-cluster/templates/02-gsp-system/calico.yaml @@ -38,7 +38,7 @@ spec: # container programs network policy and routes on each # host. - name: calico-node - image: quay.io/calico/node:v3.13.0 + image: quay.io/calico/node:v3.13.4 env: # Use Kubernetes API as the backing datastore. - name: DATASTORE_TYPE @@ -377,12 +377,13 @@ apiVersion: rbac.authorization.k8s.io/v1 metadata: name: calico-node rules: - # The CNI plugin needs to get pods, nodes, and namespaces. + # The CNI plugin needs to get pods, nodes, configmaps, and namespaces. - apiGroups: [""] resources: - pods - nodes - namespaces + - configmaps verbs: - get - apiGroups: [""] @@ -553,7 +554,7 @@ spec: securityContext: fsGroup: 65534 containers: - - image: quay.io/calico/typha:v3.13.0 + - image: quay.io/calico/typha:v3.13.4 name: calico-typha ports: - containerPort: 5473