v1.22.2

⚠️ Warning: VPC CNI v1.22.2 reverts the Security Group discovery feature initially introduced in the previous version, v1.22.1.

What's Changed

• Reverting Security Group discovery feature by @cdirubbio in #3720

Full Changelog: v1.22.1...v1.22.2

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.22.2/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.22.2/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.22.2/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/v1.22.2/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.22.2/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.22.2
amazon-k8s-cni:v1.22.2
amazon/aws-network-policy-agent:v1.3.5

v1.22.1

What's Changed

Amazon VPC CNI v1.22.1 introduces enhanced subnet discovery, allowing customers to separate pod and node subnets and apply dedicated security groups to pods on secondary ENIs.

⚠️ Warning: VPC CNI v1.22.1 introduces a new DescribeSecurityGroups API call that runs per node. In clusters with a large number of nodes, this can lead to EC2 API throttling (RequestLimitExceeded). Mitigation: Disable the subnet discovery feature, or delay upgrade until a fix is available.

⚠️ IAM Policy Update Required

The enhanced subnet discovery feature (enabled by default with ENABLE_SUBNET_DISCOVERY=true) requires ec2:DescribeSubnets and ec2:DescribeSecurityGroups permissions.

Without these permissions, aws-node will fail to start (#3704, #3705).

Who needs to take action:

• IPv6 clusters — the customer-managed IAM policy does not include ec2:DescribeSubnets or ec2:DescribeSecurityGroups
• Third-party IAM management (Terraform, Pulumi, CDK, etc.) — if your tool manages the VPC CNI IAM role independently, add both permissions before upgrading

Add the following to your CNI IAM policy:

{
    "Effect": "Allow",
    "Action": [
        "ec2:DescribeSubnets",
        "ec2:DescribeSecurityGroups"
    ],
    "Resource": "*"
}

Note: The AWS managed policy AmazonEKS_CNI_Policy already includes both permissions. If you are using the managed policy on an IPv4 cluster, no action is needed.

Alternatively, if you do not need subnet discovery, you can set ENABLE_SUBNET_DISCOVERY=false to disable the feature and avoid the new permission requirement.

Subnet Discovery

VPC CNI now supports advanced subnet selection for secondary ENIs:

• Tag subnets with kubernetes.io/role/cni=1 to include them for pod ENI allocation
• Tag subnets with kubernetes.io/role/cni=0 to exclude them (including the node's primary subnet)
• Tag security groups with kubernetes.io/role/cni=1 to apply custom security groups to ENIs in secondary subnets
• Use cni.networking.k8s.aws/cluster/<cluster-name> tags to scope subnets to specific clusters in multi-cluster VPCs

This feature is enabled by default via ENABLE_SUBNET_DISCOVERY=true.

Features

• Enhanced subnet discovery with subnet exclusion, custom security groups, and cluster-specific tags (#3463, @dshehbaj, @haouc)
• Migrate subnet cluster tag prefix to cni.networking.k8s.aws/cluster/ and fix primary subnet exclusion logic (#3647, @haouc)

Full Changelog: v1.21.2...v1.22.1

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.22/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.22/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.22/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/release-1.22/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/release-1.22/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.22.1
amazon-k8s-cni:v1.22.1
amazon/aws-network-policy-agent:v1.3.5

v1.21.2

What's Changed

• Amazon VPC CNI now propagates the EC2 security group idle connection tracking timeout settings from the instance's primary ENI to all secondary ENIs it creates, ensuring consistent connection tracking behavior across all network interfaces. To customize these settings on the primary ENI, use a custom launch template to configure the desired connection tracking timeout values.

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/security-group-connection-tracking.html#connection-tracking-timeouts

Features

• Replicate primary ENI connection tracking settings to secondary ENIs (#3666, @jaydeokar)
• Add support for extra volume mounts in aws-vpc-cni-init container (#3633, @phbergsmann)
• Add conntrack-cache-table-size to helm chart (#3617, @viveksb007)

Bug Fixes

• Fix panic in air-gapped regions: use awshttp.BuildableClient instead of *http.Client for AWS SDK HTTP client (#3672, @haouc)
• Add HTTP request timeout (10s) to AWS SDK clients to prevent indefinite hangs (#3649, @haouc)
• Fix nil pointer panic in PodLogs when Stream fails (#3671, @haouc)
• Fix missing timeout in DescribeNetworkInterfaces call (#3644, @cdirubbio)
• Fix context cancellation with DescribeNetworkInterfaces timeout (#3644, @cdirubbio)
• Fix IMDS resource leak (#3617, @viveksb007)
• Restore clobbered context in pkg/publisher (#3595, @alrs)
• Fix dropped error in pkg/networkutils (#3595, @alrs)
• Fix address issue #3620 (#3646, @gabrnavarro)
• Add userAgent to AWS API calls (#3556, @cdirubbio)
• Fix image pull policy in helm chart (#3570, @OlTrenin)

Improvements

• Enhance logging in ipamd (#3561, @supreeet)
• Improve custom networking integration tests (#3668, @yash97)
• Improve TestNew_SetsHTTPClientTimeout to assert timeout is set (#3670, @haouc)
• Build images in separate arch runner (@yash97)
• Pick up EKS CVE patched container plugin binaries for internal builds (#3571, @jupdec)
• Bundle internal binaries when available and add integration test cases (#3627, @jupdec)

Full Changelog: v1.21.1...v1.21.2

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/release-1.21/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/release-1.21/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/release-1.21/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.21.2
amazon-k8s-cni:v1.21.2
amazon/aws-network-policy-agent:v1.3.5

v1.21.1

🚨 🚨 🚨 v1.21.1-eksbuild.7 and v1.21.1-eksbuild.8 contains a defect in Network Policy Agent version (image tag v1.3.2-v1.3.4) that may cause issues with existing network policies. For users using network policy feature, please upgrade to v1.21.1. 🚨 🚨 🚨

Fixes bug in Network Policy agent where the map pointer gets overwritten which causes issues with existing network policies

What's Changed

• Release 1.21 by @jaydeokar in #3545
• Adding CNI v1.21.1 release by @jaydeokar in #3550

Full Changelog: v1.21.0...v1.21.1

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.1/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.1/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.1/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/v1.21.1/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.21.1/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.21.1
amazon-k8s-cni:v1.21.1
amazon/aws-network-policy-agent:v1.3.1

v1.21.0

🚨 🚨 🚨 v1.21.0 contains a defect in Network Policy Agent version (image tag v1.3.0) that may cause issues with existing network policies. For users using network policy feature, please upgrade to v1.21.1. 🚨 🚨 🚨

What's New

• This release adds support for Cluster Network Policy in AWS Network Policy Agent which allows cluster administrators to define network policies with Layer 3 and 4 network rules at the cluster scope

What's Changed

• chore: update VPC IP resource limits by @github-actions[bot] in #3521
• Bump peter-evans/create-pull-request from 7.0.5 to 7.0.9 by @dependabot[bot] in #3519
• Bump golang.org/x/crypto from 0.40.0 to 0.45.0 by @dependabot[bot] in #3515
• Merge into release branch by @jaydeokar in #3522
• updating changelog by @yash97 in #3525
• chore: update VPC IP resource limits by @github-actions[bot] in #3532
• updating setup go fo gh action by @yash97 in #3537
• update tags by @yash97 in #3535
• update golang version by @yash97 in #3536
• Master to Release-1.21 sync by @jaydeokar in #3539
• Merge pull request #3522 from aws/master by @jaydeokar in #3540
• Release notes for v1.21.0 by @jaydeokar in #3547
• release-1.21 sync with master by @jaydeokar in #3548

Full Changelog: v1.20.5...v1.21.0

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.0/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.0/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.21.0/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/v1.21.0/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.21.0/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.21.0
amazon-k8s-cni:v1.21.0
amazon/aws-network-policy-agent:v1.3.0

v1.20.5

What's Changed

• enabling pod egress traffic test for under mac address policy variation by @yash97 in #3459
• Bump the aws-dependencies group with 9 updates by @dependabot[bot] in #3465
• chore: update VPC IP resource limits by @github-actions[bot] in #3476
• bumping kops tag to v1.34 by @Supreeth095 in #3477
• feat: add retry logic for netlink dump operations by @dcoppa in #3440
• chore: update VPC IP resource limits by @github-actions[bot] in #3481
• Updating network policy agent version by @jaydeokar in #3491
• Bump actions/dependency-review-action from 4.3.3 to 4.8.1 by @dependabot[bot] in #3485
• Bump actions/setup-go from 5.5.0 to 6.0.0 by @dependabot[bot] in #3486
• Gracefully handle v4 (unmanaged) ENIs on IPv6 node by @jupdec in #3489
• Go bump by @Supreeth095 in #3500
• chore: update VPC IP resource limits by @github-actions[bot] in #3502
• nit: Update README to separate ENI Tags from Subnet Tags by @cdirubbio in #3508
• Merge master to Release 1.20 for v1.20.5 release by @Supreeth095 in #3504
• Sync Release 1.20 with Master by @jaydeokar in #3510
• Bumping up containerd version for CVE fix by @jaydeokar in #3512
• chore: update VPC IP resource limits by @github-actions[bot] in #3514
• Adding change log and release notes for v1.20.5 by @nakshah87 in #3511
• Merge master into release-1.20 branch by @yash97 in #3517

New Contributors

• @cdirubbio made their first contribution in #3508
• @nakshah87 made their first contribution in #3511

Full Changelog: v1.20.4...v1.20.5

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.5/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.5/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.5/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/refs/heads/release-1.20/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.20.5/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.20.5
amazon-k8s-cni:v1.20.5
amazon/aws-network-policy-agent:v1.2.7

v1.20.4

What's Changed

• Updating SNAT variable documentation by @jaydeokar in #3439
• Bump the k8s-dependencies group with 5 updates by @dependabot[bot] in #3426
• Bump the aws-dependencies group with 11 updates by @dependabot[bot] in #3424
• Optimize ENI slot reservation for non-supported instance type by @phuhung273 in #3250
• Include all plugins for Multus by @jaydeokar in #3470
• fix: format string bug in GetPodMTU error logging by @dcoppa in #3471
• Adding change log and release notes for v1.20.4 by @jaydeokar in #3472

New Contributors

• @phuhung273 made their first contribution in #3250

Full Changelog: v1.20.3...v1.20.4

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.4/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.4/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.4/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.4/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.20.4/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.20.4
amazon-k8s-cni:v1.20.4
amazon/aws-network-policy-agent:v1.2.7

v1.20.3

🚨 🚨 🚨 v1.20.2 and v1.20.3 removes the cni plugins which are not required for regular amazon-vpc-cni operations. However this might break Multus, if you are using the plugins which is not bundled with the container 🚨 🚨 🚨

What's Changed

• chore: update VPC IP resource limits by @github-actions[bot] in #3441
• chore: update VPC IP resource limits by @github-actions[bot] in #3453
• Optionally setting up Route table for non zero Network Cards if AMI is already configuring at bootup by @jaydeokar in #3452
• feat(helm_chart/aws-vpc-cni): add overrideRepository images option by @QuentinBtd in #3435
• fix: initialize controller-runtime logger by @dcoppa in #3443
• Chart updates and release notes by @jaydeokar in #3455

New Contributors

• @QuentinBtd made their first contribution in #3435
• @dcoppa made their first contribution in #3443

Full Changelog: v1.20.2...v1.20.3

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.3/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.3/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.3/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.3/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.20.3/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.20.3
amazon-k8s-cni:v1.20.3
amazon/aws-network-policy-agent:v1.2.6

v1.20.2

🚨 🚨 🚨 v1.20.2 and v1.20.3 removes the cni plugins which are not required for regular amazon-vpc-cni operations. However this might break Multus, if you are using the plugins which is not bundled with the container 🚨 🚨 🚨

What's Changed

• Bump github.com/samber/lo from 1.49.1 to 1.51.0 by @dependabot[bot] in #3386
• Bump github.com/prometheus/client_model from 0.6.1 to 0.6.2 by @dependabot[bot] in #3385
• Bump the aws-dependencies group with 11 updates by @dependabot[bot] in #3384
• Adding release notes and chart update by @yash97 in #3399
• updating tags by @yash97 in #3400
• Add and configure soak tests workflow by @Supreeth095 in #3404
• Add and configure soak tests workflow by @Supreeth095 in #3407
• Bump actions/checkout from 4.1.7 to 5.0.0 by @dependabot[bot] in #3409
• Bump helm.sh/helm/v3 from 3.18.4 to 3.18.5 by @dependabot[bot] in #3401
• Removing pinning of golang version by @jaydeokar in #3411
• Bump the k8s-dependencies group across 1 directory with 5 updates by @dependabot[bot] in #3359
• chore: update VPC IP resource limits by @github-actions[bot] in #3419
• chore: update VPC IP resource limits by @github-actions[bot] in #3420
• Fetch only necessary plugins by @jaydeokar in #3416
• chore: update VPC IP resource limits by @github-actions[bot] in #3422
• chore: update VPC IP resource limits by @github-actions[bot] in #3438
• Move npagent server port to unix socket by @Pavani-Panakanti in #3442
• Merge main to release-1.20 by @Pavani-Panakanti in #3444
• fix build:fetch selected binaries by @jupdec in #3447
• Update charts and configs by @Pavani-Panakanti in #3448
• Merge from master to release-1.20 by @Pavani-Panakanti in #3449

New Contributors

• @github-actions[bot] made their first contribution in #3419

Full Changelog: v1.20.1...v1.20.2

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.2/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.2/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.2/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.2/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:
Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.20.2/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.20.2
amazon-k8s-cni:v1.20.2
amazon/aws-network-policy-agent:v1.2.6

v1.20.1

What's Changed

• bumping kops tag by @yash97 in #3355
• updating kops tag in workflow by @yash97 in #3356
• bumping kops tag to v1.33.0-beta.1 by @yash97 in #3357
• adding github action monitoring in dependabot by @yash97 in #3360
• Bump actions/setup-go from 5.0.1 to 5.5.0 by @dependabot[bot] in #3365
• Bump docker/setup-buildx-action from 3.3.0 to 3.11.1 by @dependabot[bot] in #3362
• adding manual run option to integration test workflow by @yash97 in #3369
• Bump google.golang.org/protobuf from 1.36.5 to 1.36.6 by @dependabot[bot] in #3367
• Bump the aws-dependencies group with 3 updates by @dependabot[bot] in #3366
• updated README.md by @viveksb007 in #3371
• Bump docker/setup-qemu-action from 3.0.0 to 3.6.0 by @dependabot[bot] in #3373
• bypassing udev interference by assigning mac address to host side veth by @yash97 in #3354
• Updating static config for instances and better error handling by @jaydeokar in #3378
• fixing codecoverage report issue by @jaydeokar in #3382
• Adding release notes and chart update by @yash97 in #3397

Full Changelog: v1.20.0...v1.20.1

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.1/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.1/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.1/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.20.1/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:

Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.20.0/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3

amazon-k8s-cni-init:v1.20.1
amazon-k8s-cni:v1.20.1
amazon/aws-network-policy-agent:v1.2.4