V1.10.3 changes (#1946)

* Cherry pick of workflow changes from master branch (#1793)

* Change workflow to use git install (#1785)

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file

* Workflow file updates (#1787)

* Change workflow to use git install

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file

* Update workflow files to use go 1.16

- Updated workflow files to use go 1.16 for consistency.
- Changed integ test script to use git commit id and deleted unused code

* Specify go version at 1.16 for workflow files

Cherry pick multi-arch changes in release branch

1.10.2 changes (#1830)

* VlanID changes

PPSG Test agent changes

CNI metrics helper changes

minor fix

Move logging for CLUSTER_ID and Region inside publisher.go from main.go

revert manifest changes as the image is not released yet

* Cherry pick multi-arch changes in release branch

* cni-metrics-helper changes
vlanID changes
disable network provisioning fix
ipamd error code fix

* Minor change

* remove redundant changes

* Go version changes

* Switch to public ECR for AL2 (#1804)

* Switch to public ecr for al2 image

- Removed docker_arch variable which is redundant with this change

* Fix makefile and dockerfile entries

* Merge changes to auto-sync manifests

* minor change: add ContainerID to dummyVlanInterface

* Remove sudo from workflow files (#1818)

* remove set -x from bash, add -Ss to curl (#1802)

* remove weekly-cron-test.yml as its not needed for this branch

Co-authored-by: Vikas Basavaraj <[email protected]>
Co-authored-by: Jayanth Varavani <[email protected]>
Co-authored-by: Scott Merrill <[email protected]>

fixed conflicts with routed-eni-cni-plugin/cni.go

* Cherry pick of workflow changes from master branch (#1793)

* Change workflow to use git install (#1785)

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file

* Workflow file updates (#1787)

* Change workflow to use git install

- Change workflow to use git install as the go get command was
  altering go.mod file without updating go.sum file

* Update workflow files to use go 1.16

- Updated workflow files to use go 1.16 for consistency.
- Changed integ test script to use git commit id and deleted unused code

* Specify go version at 1.16 for workflow files

Cherry pick multi-arch changes in release branch

1.10.2 changes (#1830)

* VlanID changes

PPSG Test agent changes

CNI metrics helper changes

minor fix

Move logging for CLUSTER_ID and Region inside publisher.go from main.go

revert manifest changes as the image is not released yet

* Cherry pick multi-arch changes in release branch

* cni-metrics-helper changes
vlanID changes
disable network provisioning fix
ipamd error code fix

* Minor change

* remove redundant changes

* Go version changes

* Switch to public ECR for AL2 (#1804)

* Switch to public ecr for al2 image

- Removed docker_arch variable which is redundant with this change

* Fix makefile and dockerfile entries

* Merge changes to auto-sync manifests

* minor change: add ContainerID to dummyVlanInterface

* Remove sudo from workflow files (#1818)

* remove set -x from bash, add -Ss to curl (#1802)

* remove weekly-cron-test.yml as its not needed for this branch

Co-authored-by: Vikas Basavaraj <[email protected]>
Co-authored-by: Jayanth Varavani <[email protected]>
Co-authored-by: Scott Merrill <[email protected]>

fixed conflicts with routed-eni-cni-plugin/cni.go

Updated config files for v1.10.2

Changelog updates

fixed empty netns bug (#1941)

minor logging change

Updated GO SDK

added c7g instance

PD on bare metal instance

fixed dependabot warning

* Updated go.mod and go.sum

README.md

@@ -511,7 +511,7 @@ Setting ENABLE_PREFIX_DELEGATION to true will not increase the density of branch
 
 Please refer to [VPC CNI Feature Matrix](https://github.com/aws/amazon-vpc-cni-k8s#vpc-cni-feature-matrix) section below for additional information around using Prefix delegation with Custom Networking and Security Groups Per Pod features.
 
-**Note:** `ENABLE_PREFIX_DELEGATION` needs to be set to `true` when VPC CNI is configured to operate in IPv6 mode (supported in v1.10.0+).
+**Note:** `ENABLE_PREFIX_DELEGATION` needs to be set to `true` when VPC CNI is configured to operate in IPv6 mode (supported in v1.10.0+). Prefix Delegation in IPv4 and IPv6 modes is supported on Nitro based Bare Metal instances as well from v1.11+. If you're using Prefix Delegation feature on Bare Metal instances, downgrading to an earlier version of VPC CNI from v1.11+ will be disruptive and not supported.
 
 ---
 

cmd/routed-eni-cni-plugin/cni.go

@@ -178,7 +178,7 @@ func add(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 		return errors.New("add cmd: failed to assign an IP address to container")
 	}
 
-	log.Infof("Received add network response for container %s interface %s: %+v",
+	log.Infof("Received add network response from ipamd for container %s interface %s: %+v",
 		args.ContainerID, args.IfName, r)
 
 	//We will let the values in result struct guide us in terms of IP Address Family configured.
@@ -313,14 +313,6 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 		return errors.Wrap(err, "del cmd: failed to load k8s config from args")
 	}
 
-	// With containerd as the runtime, it was observed that sometimes spurious delete requests
-	// are triggered from kubelet with an empty Netns. This check safeguards against such
-	// scenarios and we just return
-	// ref: https://github.com/kubernetes/kubernetes/issues/44100#issuecomment-329780382
-	if args.Netns == "" {
-		log.Info("Netns() is empty, so network already cleanedup. Nothing to do")
-		return nil
-	}
 	prevResult, ok := conf.PrevResult.(*current.Result)
 
 	// Try to use prevResult if available
@@ -343,6 +335,11 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 					return errors.Wrap(err, "del cmd: found Incorrect 0 vlandId for ppsg")
 				}
 
+				if isNetnsEmpty(args.Netns) {
+					log.Infof("Ignoring TeardownPodENI as Netns is empty for SG pod:%s namespace: %s containerID:%s", k8sArgs.K8S_POD_NAME, k8sArgs.K8S_POD_NAMESPACE, k8sArgs.K8S_POD_INFRA_CONTAINER_ID)
+					return nil
+				}
+
 				err = cleanUpPodENI(podVlanId, log, args.ContainerID, driverClient)
 				if err != nil {
 					return err
@@ -397,7 +394,7 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 		return errors.New("del cmd: failed to process delete request")
 	}
 
-	log.Infof("Received del network response for pod %s namespace %s sandbox %s: %+v", string(k8sArgs.K8S_POD_NAME),
+	log.Infof("Received del network response from ipamd for pod %s namespace %s sandbox %s: %+v", string(k8sArgs.K8S_POD_NAME),
 		string(k8sArgs.K8S_POD_NAMESPACE), string(k8sArgs.K8S_POD_INFRA_CONTAINER_ID), r)
 
 	var deletedPodIP net.IP
@@ -416,7 +413,12 @@ func del(args *skel.CmdArgs, cniTypes typeswrapper.CNITYPES, grpcClient grpcwrap
 			Mask: net.CIDRMask(maskLen, maskLen),
 		}
 
+		// vlanID != 0 means pod using security group
 		if r.PodVlanId != 0 {
+			if isNetnsEmpty(args.Netns) {
+				log.Infof("Ignoring TeardownPodENI as Netns is empty for SG pod:%s namespace: %s containerID:%s", k8sArgs.K8S_POD_NAME, k8sArgs.K8S_POD_NAMESPACE, k8sArgs.K8S_POD_INFRA_CONTAINER_ID)
+				return nil
+			}
 			err = driverClient.TeardownPodENINetwork(int(r.PodVlanId), log)
 		} else {
 			err = driverClient.TeardownNS(addr, int(r.DeviceNumber), log)
@@ -443,6 +445,14 @@ func cleanUpPodENI(podVlanId int, log logger.Logger, containerId string, driverC
 	return nil
 }
 
+// Scope usage of this function to only SG pods scenario (https://harbinger.amazon.com/notices/65203)
+// Don't process deletes when NetNS is empty
+// as it implies that veth for this request is already deleted
+// ref: https://github.com/kubernetes/kubernetes/issues/44100#issuecomment-329780382
+func isNetnsEmpty(Netns string) bool {
+	return Netns == ""
+}
+
 func main() {
 	log := logger.DefaultLogger()
 	about := fmt.Sprintf("AWS CNI %s", version)

go.mod

@@ -3,80 +3,80 @@ module github.com/aws/amazon-vpc-cni-k8s
 go 1.17
 
 require (
-	github.com/aws/aws-sdk-go v1.40.6
+	github.com/aws/aws-sdk-go v1.43.29
 	github.com/containernetworking/cni v0.8.0
 	github.com/containernetworking/plugins v0.9.0
 	github.com/coreos/go-iptables v0.4.5
 	github.com/golang/mock v1.4.1
-	github.com/golang/protobuf v1.4.2
+	github.com/golang/protobuf v1.4.3
 	github.com/google/go-jsonnet v0.16.0
 	github.com/pkg/errors v0.9.1
-	github.com/prometheus/client_golang v1.0.0
+	github.com/prometheus/client_golang v1.7.1
 	github.com/prometheus/client_model v0.2.0
-	github.com/prometheus/common v0.4.1
+	github.com/prometheus/common v0.10.0
 	github.com/spf13/pflag v1.0.5
-	github.com/stretchr/testify v1.5.1
+	github.com/stretchr/testify v1.6.1
 	github.com/vishvananda/netlink v1.1.1-0.20201029203352-d40f9887b852
 	go.uber.org/zap v1.15.0
-	golang.org/x/net v0.0.0-20210805182204-aaa1db679c0d
-	golang.org/x/sys v0.0.0-20210616094352-59db8d763f22
+	golang.org/x/net v0.0.0-20220127200216-cd36cc0744dd
+	golang.org/x/sys v0.0.0-20211216021012-1d35b9e2eb4e
 	google.golang.org/grpc v1.29.0
-	google.golang.org/protobuf v1.23.0
+	google.golang.org/protobuf v1.25.0
 	gopkg.in/natefinch/lumberjack.v2 v2.0.0
-	k8s.io/api v0.18.6
-	k8s.io/apimachinery v0.18.6
-	k8s.io/client-go v0.18.6
+	k8s.io/api v0.20.2
+	k8s.io/apimachinery v0.20.2
+	k8s.io/client-go v0.20.2
 	k8s.io/cri-api v0.0.0-20191107035106-03d130a7dc28
 	sigs.k8s.io/controller-runtime v0.6.3
 )
 
 require (
-	github.com/alecthomas/template v0.0.0-20160405071501-a0175ee3bccc // indirect
-	github.com/alecthomas/units v0.0.0-20151022065526-2efee857e7cf // indirect
-	github.com/beorn7/perks v1.0.0 // indirect
+	github.com/alecthomas/template v0.0.0-20190718012654-fb15b899a751 // indirect
+	github.com/alecthomas/units v0.0.0-20190717042225-c3de453c63f4 // indirect
+	github.com/beorn7/perks v1.0.1 // indirect
+	github.com/cespare/xxhash/v2 v2.1.1 // indirect
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/evanphx/json-patch v4.9.0+incompatible // indirect
 	github.com/fsnotify/fsnotify v1.4.9 // indirect
-	github.com/go-logr/logr v0.1.0 // indirect
-	github.com/gogo/protobuf v1.3.1 // indirect
-	github.com/golang/groupcache v0.0.0-20190129154638-5b532d6fd5ef // indirect
-	github.com/google/go-cmp v0.4.0 // indirect
+	github.com/go-logr/logr v0.3.0 // indirect
+	github.com/gogo/protobuf v1.3.2 // indirect
+	github.com/golang/groupcache v0.0.0-20200121045136-8c9f03a8e57e // indirect
+	github.com/google/go-cmp v0.5.2 // indirect
 	github.com/google/gofuzz v1.1.0 // indirect
-	github.com/google/uuid v1.1.1 // indirect
-	github.com/googleapis/gnostic v0.3.1 // indirect
+	github.com/google/uuid v1.1.2 // indirect
+	github.com/googleapis/gnostic v0.4.1 // indirect
 	github.com/hashicorp/golang-lru v0.5.4 // indirect
 	github.com/imdario/mergo v0.3.9 // indirect
 	github.com/jmespath/go-jmespath v0.4.0 // indirect
 	github.com/json-iterator/go v1.1.10 // indirect
-	github.com/konsorten/go-windows-terminal-sequences v1.0.1 // indirect
-	github.com/matttproud/golang_protobuf_extensions v1.0.1 // indirect
+	github.com/konsorten/go-windows-terminal-sequences v1.0.3 // indirect
+	github.com/matttproud/golang_protobuf_extensions v1.0.2-0.20181231171920-c182affec369 // indirect
 	github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect
 	github.com/modern-go/reflect2 v1.0.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
-	github.com/prometheus/procfs v0.0.11 // indirect
+	github.com/prometheus/procfs v0.2.0 // indirect
 	github.com/safchain/ethtool v0.0.0-20190326074333-42ed695e3de8 // indirect
-	github.com/sirupsen/logrus v1.4.2 // indirect
+	github.com/sirupsen/logrus v1.6.0 // indirect
 	github.com/vishvananda/netns v0.0.0-20200728191858-db3c7e526aae // indirect
 	go.uber.org/atomic v1.6.0 // indirect
 	go.uber.org/multierr v1.5.0 // indirect
-	golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9 // indirect
+	golang.org/x/crypto v0.0.0-20201002170205-7f63de1d35b0 // indirect
 	golang.org/x/lint v0.0.0-20210508222113-6edffad5e616 // indirect
-	golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45 // indirect
-	golang.org/x/text v0.3.6 // indirect
-	golang.org/x/time v0.0.0-20190308202827-9d24e82272b4 // indirect
+	golang.org/x/oauth2 v0.0.0-20200107190931-bf48bf16ab8d // indirect
+	golang.org/x/text v0.3.7 // indirect
+	golang.org/x/time v0.0.0-20200630173020-3af7569d3a1e // indirect
 	golang.org/x/tools v0.1.5 // indirect
-	golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1 // indirect
-	gomodules.xyz/jsonpatch/v2 v2.0.1 // indirect
-	google.golang.org/appengine v1.5.0 // indirect
-	google.golang.org/genproto v0.0.0-20190819201941-24fa4b261c55 // indirect
+	gomodules.xyz/jsonpatch/v2 v2.1.0 // indirect
+	google.golang.org/appengine v1.6.6 // indirect
+	google.golang.org/genproto v0.0.0-20201110150050-8816d57aaa9a // indirect
 	gopkg.in/alecthomas/kingpin.v2 v2.2.6 // indirect
 	gopkg.in/inf.v0 v0.9.1 // indirect
 	gopkg.in/yaml.v2 v2.3.0 // indirect
-	k8s.io/apiextensions-apiserver v0.18.6 // indirect
-	k8s.io/klog v1.0.0 // indirect
-	k8s.io/klog/v2 v2.0.0 // indirect
-	k8s.io/kube-openapi v0.0.0-20200410145947-61e04a5be9a6 // indirect
-	k8s.io/utils v0.0.0-20200603063816-c1c6865ac451 // indirect
-	sigs.k8s.io/structured-merge-diff/v3 v3.0.0 // indirect
+	gopkg.in/yaml.v3 v3.0.0-20200615113413-eeeca48fe776 // indirect
+	k8s.io/apiextensions-apiserver v0.20.1 // indirect
+	k8s.io/klog/v2 v2.4.0 // indirect
+	k8s.io/kube-openapi v0.0.0-20201113171705-d219536bb9fd // indirect
+	k8s.io/utils v0.0.0-20210111153108-fddb29f9d009 // indirect
+	sigs.k8s.io/structured-merge-diff/v4 v4.0.2 // indirect
 	sigs.k8s.io/yaml v1.2.0 // indirect
 )