build(deps): bump github.com/aws/amazon-vpc-cni-k8s from 1.15.0 to 1.15.3

[dependabot]

Bumps github.com/aws/amazon-vpc-cni-k8s from 1.15.0 to 1.15.3.

Release notes

Sourced from github.com/aws/amazon-vpc-cni-k8s's releases.

v1.15.3

Major Changes since v1.15.1

• Bug - Fully address CVE-2023-44487 (@​jdn5126 )
• Improvement - feat(chart): Made node agent optional (@​stevehipwell )
• Improvement - Update Golang to 1.21.3 (@​jdn5126 )
• Improvement - Go module updates and Golang builder image update (@​jdn5126 )

Note

• The bundled Network Policy agent image has been updated to v1.0.5.
• The Network Policy agent container can now be removed from the Daemonset during helm installation by setting nodeAgent.enabled to false.

To manually apply this release:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.3/config/master/aws-k8s-cni.yaml

Note that the following regions use different manifests:

us-gov-east-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.3/config/master/aws-k8s-cni-us-gov-east-1.yaml

us-gov-west-1:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.3/config/master/aws-k8s-cni-us-gov-west-1.yaml

cn:

kubectl apply -f https://raw.githubusercontent.com/aws/amazon-vpc-cni-k8s/v1.15.3/config/master/aws-k8s-cni-cn.yaml

To apply this release using helm:

Follow the installation instructions in https://github.com/aws/amazon-vpc-cni-k8s/blob/v1.15.3/charts/aws-vpc-cni/README.md#installing-the-chart

Verify the update:

$ kubectl describe daemonset aws-node -n kube-system | grep Image | cut -d "/" -f 2-3                                                 
amazon-k8s-cni-init:v1.15.3
amazon-k8s-cni:v1.15.3
amazon/aws-network-policy-agent:v1.0.5

v1.15.1

... (truncated)

Changelog

Sourced from github.com/aws/amazon-vpc-cni-k8s's changelog.

v1.15.3

• Bug - Fully address CVE-2023-44487 (@​jdn5126 )
• Improvement - feat(chart): Made node agent optional (@​stevehipwell )
• Improvement - Update Golang to 1.21.3 (@​jdn5126 )
• Improvement - Go module updates and Golang builder image update (@​jdn5126 )

v1.15.1

• Bug - Do not patch CNINode for custom networking unless SGPP is enabled (@​jdn5126 )
• Bug - Pass CNINode scheme to k8s client only (@​jdn5126 )
• Bug - fix(chart): Switch base64 encoded cniConfig.fileContents to the binaryData (@​VLZZZ )
• Cleanup - chore: remove refs to deprecated io/ioutil (@​testwill )
• Documentation - Update example table 'Pod per Prefixes' value (@​rlaisqls )
• Documentation - Bandwidth plugin with NP is currently unsupported (@​jayanthvn )
• Documentation - Update the use of privileged flag in aws-vpc-cni manifest (@​jaydeokar )
• Improvement - Dependabot Updates (@​jdn5126 )
• Improvement - Update Golang Builder image (@​jdn5126 )
• Improvement - Add ENABLE_V4_EGRESS env var to control IPv4 egress in IPv6 clusters (@​jdn5126 )
• Improvement - Reduce API calls (@​jchen6585 )
• Improvement - Add cni version to userAgent (@​jchen6585 )
• Improvement - bump controller runtime to 0.16.1 (@​jchen6585 )
• Improvement - Instance limits api pkg (@​jchen6585 )
• Improvement - Mimic VPC-RC limit struture (@​jchen6585 )
• Metrics - rename warm pool metrics (@​lnhanks )
• Metrics - Only metrics (@​lnhanks )
• Testing - Remove self-managed node group from custom-networking suite (@​jdn5126 )
• Testing - Integration test cleanup: Security Groups for Pods (@​jdn5126 )

Commits

• 16ac22b release updates for VPC CNI v1.15.3 (#2636)
• ea430a0 Release 1.15 (#2630)
• 944ca36 Release 1.15 (#2619)
• e82795a CHANGELOG, chart, and manifest updates for VPC CNI v1.15.1 (#2610)
• 9f61b23 Merge master into release-1.15 for upcoming v1.15.1 release (#2608)
• d751f59 Sync release-1.15 with master for upcoming release (#2579)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

Hi @dependabot[bot]. Thanks for your PR.

I'm waiting for a kubernetes-sigs member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[nrb]

/ok-to-test

[k8s-ci-robot]

@dependabot[bot]: The following tests failed, say /retest to rerun all failed tests or /retest-required to rerun all mandatory failed tests:

Test name	Commit	Details	Required	Rerun command
pull-cluster-api-provider-aws-build	1ddfe30	link	true	/test pull-cluster-api-provider-aws-build
pull-cluster-api-provider-aws-test	1ddfe30	link	true	/test pull-cluster-api-provider-aws-test
pull-cluster-api-provider-aws-verify	1ddfe30	link	true	/test pull-cluster-api-provider-aws-verify

Full PR test history. Your PR dashboard. Please help us cut down on flakes by linking to an open issue when you hit one in your PR.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[Ankitasw]

@dependabot rebase

[dependabot]

Looks like this PR is already up-to-date with main! If you'd still like to recreate it from scratch, overwriting any edits, you can request @dependabot recreate.

[Ankitasw]

@dependabot recreate

[k8s-ci-robot]

Adding the "do-not-merge/release-note-label-needed" label because no release-note block was detected, please follow our release note process to remove it.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[k8s-ci-robot]

[APPROVALNOTIFIER] This PR is APPROVED

Approval requirements bypassed by manually added approval.

This pull-request has been approved by:

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[dependabot]

Superseded by #4646.