tencent cloud


Change Records of VPC-CNI Component

Last updated: 2021-12-10 10:12:39

    VPC-CNI component contains three kubernetes cluster components: tke-eni-agent, tke-eni-ipamd and tke-eni-ip-scheduler. Generally, the versions of these components are the same. However, tke-eni-ip-scheduler is less modified, so its version may be a little earlier.

    Checking the Component Version

    The component version is the image tag. You can check it via the kubernetes API.

    # Checking the version of tke-eni-agent
    kubectl -nkube-system get ds tke-eni-agent -o jsonpath={.spec.template.spec.containers[0].image}
    # Checking the version of tke-eni-ipamd
    kubectl -nkube-system get deploy tke-eni-ipamd -o jsonpath={.spec.template.spec.containers[0].image}
    # Checking the version of tke-eni-ip-scheduler
    kubectl -nkube-system get deploy tke-eni-ip-scheduler -o jsonpath={.spec.template.spec.containers[0].image}

    Change Records

    Version NumberRelease DateUpdatesImpacts
  • Fixed repeat creation of an EIP caused by the network.
  • Pods with independent ENIs in non-static IP address mode can be bound to an EIP.
  • Optimizes the mechanism of expansion resources for eni-agent to make the management of expansion resources more stable and robust.
  • Fixed the issues caused by inconsistency between quota set for the node and the actual quota.
  • Optimizes IP garbage collection mechanism for eni-agent. If there is a dirty container in the Pod that is being created, the reclaimed IPs will be allocated to a new container in the Pod.
  • Optimizes the calculating method for resources of the used IPs and ENIs in non-static IP address mode. Fixed the issue of inaccurate calculation of resources caused by the Pod status of `Error`, `Evicted` and `Completed` etc.
  • No impact on services
  • `--master` can configure the backend kube-apiserver address without relying on kube-proxy.
  • eni-agent supports `--kube-client-qps` and `--kube-client-burst` to configure `QPS` and `Burst` of kube client, and the default values increase to 10 and 20 respectively.
  • If eni-agent finds that the updated expansion resources are less than original ones, it will update the latest expansion resources information in the node status to prevent issues caused by async updating of kubelet.
  • No impact on services
  • eni-ipamd supports `--enable-node-condition` and `--enable-node-taint`. If `eni-ip` or `direct-eni` is missed on the node after enabling, the condition or taints of the node will be set.
  • EIP supports parsing new API parameters in json format.
  • Fixed the issue where the allocated IPs may be reclaimed improperly by garbage collection of eni-agent in containerd runtime.
  • Fixed ipamd panic that may be caused by the EIP API.
  • Fixed the issue where an ENI is unbound because `disable-node-eni` annotation is set improperly when the non-static IP mode is upgrading.
  • No impact on services
  • Fixed the issue where the allocated IPs and routes may be reclaimed improperly because of the garbage collection mechanism of eni-agent.
  • Fixed the issue where IPs may be released before the Pod when deleting deployment and other upper-layer resources after `--enable-ownerref` is enabled for eni-ipamd.
  • No impact on services
  • Fixed the issue where locally stored data of the Pod cannot be deleted because of improper deletion of the IPs or ENIs of the Pod with a shared ENI/exclusive ENI in non-static IP address mode.
  • Fixed the issue where CNI information of a shared ENI/exclusive ENI does not store and verify ENI information of the Pod in non-static IP address mode.
  • No impact on services
  • Fixed the issue where the component continues trying to unbind the ENI in the condition that the CVM has shut down.
  • Fixed the panic caused by the concurrent writes of asynchronous logs.
  • Optimizes the ENI synchronization logic in non-static IP address mode to ensure internal data consistency and prevent the ENIs in use from being unbound.
  • Fixed the issue where the existing nodes cannot allocate IPs caused by insufficient IPs in the subnet of the cluster upgrading from v3.2 in non-static IP address mode.
  • Fixed the issue where the ENI may be incorrectly released when the primary IP of the existing ENI is being used by the Pod.
  • No impact on services
  • Supports hybrid cloud ipam, and it can work in collaboration with the cilium overlay/underlay mode.
  • No impact on services
  • ip-scheduler supports occupancy caused by insufficiency of default resources, and does not support occupancy caused by insufficiency of IP resources.
  • The security group feature logic of the shared ENI is reconstructed. It supports strong synchronization with the security group set on the node to ensure that the binding sequence and priority of security groups is consistent with that in user’s settings.
  • Supports the cilium cni-chain mode.
  • For eni-agent, `hostPort` field can be configured for the Pod after `--port-mapping` is enabled.
  • The annotation `tke.cloud.tencent.com/claim-expired-duration` can be added to the Pods to reclaim static IPs in specific time. The annotation only affects the added Pods.
  • No impact on services
  • Multiple ENIs can be used in shared ENI non-static IP address mode.
  • Tencent Cloud API can call API QPS limits, and the limit for a single cluster is 50 QPS by default (limit by the type of CVM, VPC and TKE).
  • Changes of IP quota can be perceived after upgrading of non-static IP address mode.
  • The annotation `tke.cloud.tencent.com/desired-route-eni-pod-num` can be added for `node`. The desired number of route-eni ip can be written and the node quota will be adjusted automatically by the component after the writing.
  • Fixed the issue of VPC task polling timeout caused by the fact that the VPC task does not exist.
  • Fixed the issue of eni-ipamd panic caused by failure of task creation for the ENI.
  • Optimizes routing reconciliation logic and only clears the IP routes managed by eni-agent.
  • Fixed the issue of exceptional panic occurred at the time of ENI releasing in the independent ENI non-static IP address mode caused by the fact that the ENI has already been released.
  • No impact on services
  • Supports customized GR mode. Multiple CIDR blocks can be set in a node and a cluster.
  • No impact on services
  • Reduces the time of retrying for binding an ENI in exclusive ENI mode and improves binding efficiency.
  • Reduces failures of concurrent binding and unbinding of ENIs, and improves the efficiency of binding and unbinding through concurrency control.
  • Optimizes subnet allocation logic for an ENI in non-static IP address mode. Fixed the issue where some nodes cannot obtain IPs in the condition that IPs are sufficient when the nodes are added concurrently.
  • The garbage collection mechanism of eni-agent supports self-awareness of the underlying runtime and supports containerd.
  • No impact on services
  • dnsConfig is added when eni-ipamd and ip-scheduler are deployed to avoid the issues caused by the DNS that are created by users.
  • In the shared ENI static IP address mode, the information of subnetID of the ENI that is bound to each node will be synced to the label of the node, and the key is `tke.cloud.tencent.com/route-eni-subnet-ids`.
  • eni-agent will try to obtain the reasons for failures of IP allocation and return them to the CNI plugin to make them reflect in the Pod event.
  • A bare Pod can specify an IP through the annotation `tke.cloud.tencent.com/nominated-vpc-ip`.
  • eni-agent supports periodic test for the connection with APIServer. It will restart automatically if a timeout occurs.
  • Fixed the waste of IPs caused by internal data inconsistency.
  • No impact on services
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support