aws-vpc-cni
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for aws-vpc-cni.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
# This default name override is to maintain backwards compatability with
6
# existing naming
7
nameOverride: aws-node
8
init:
9
image:
10
tag: latest@sha256:a208827e47d7f443ebc808210fecdd94a4b4e4dbafdf3591579cb1e3f10c81a8
11
domain: amazonaws.com
12
region: us-west-2
13
endpoint: ecr
14
account: "602401143452"
15
pullPolicy: Always
16
# Set to use custom image
17
overrideRepository:
18
# overrideRepository: "repo/org/image"
19
override:
20
# override: "repo/org/image:tag"
21
repository: cgr.dev/chainguard-private/amazon-k8s-cni-init-fips
22
env:
23
DISABLE_TCP_EARLY_DEMUX: "false"
24
ENABLE_IPv6: "false"
25
securityContext:
26
privileged: true
27
resources: {}
28
nodeAgent:
29
enabled: true
30
image:
31
tag: latest@sha256:ce45f8aab9febfb3e236776d38f4b5f19e5a2347688f8b0701b6d9781e80a94d
32
domain: amazonaws.com
33
region: us-west-2
34
endpoint: ecr
35
account: "602401143452"
36
pullPolicy: Always
37
# Set to use custom image
38
overrideRepository:
39
# overrideRepository: "repo/org/image"
40
override:
41
# override: "repo/org/image:tag"
42
repository: cgr.dev/chainguard-private/aws-network-policy-agent-fips
43
securityContext:
44
capabilities:
45
add:
46
- "NET_ADMIN"
47
privileged: true
48
enableCloudWatchLogs: "false"
49
enablePolicyEventLogs: "false"
50
networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log"
51
enableIpv6: "false"
52
metricsBindAddr: "8162"
53
healthProbeBindAddr: "8163"
54
conntrackCacheCleanupPeriod: 300
55
logLevel: "debug"
56
resources: {}
57
image:
58
tag: latest@sha256:d2f97b89b149e68df9ca4734c91724d09374ee50f4b08a02517fa423a8352d15
59
domain: amazonaws.com
60
region: us-west-2
61
endpoint: ecr
62
account: "602401143452"
63
pullPolicy: Always
64
# Set to use custom image
65
overrideRepository:
66
# overrideRepository: "repo/org/image"
67
override:
68
# override: "repo/org/image:tag"
69
repository: cgr.dev/chainguard-private/amazon-k8s-cni-fips
70
# The CNI supports a number of environment variable settings
71
# See https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables
72
env:
73
ADDITIONAL_ENI_TAGS: "{}"
74
AWS_VPC_CNI_NODE_PORT_SUPPORT: "true"
75
AWS_VPC_ENI_MTU: "9001"
76
AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "false"
77
AWS_VPC_K8S_CNI_EXTERNALSNAT: "false"
78
AWS_VPC_K8S_CNI_LOG_FILE: "/host/var/log/aws-routed-eni/ipamd.log"
79
AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG
80
AWS_VPC_K8S_CNI_RANDOMIZESNAT: "prng"
81
AWS_VPC_K8S_CNI_VETHPREFIX: eni
82
AWS_VPC_K8S_PLUGIN_LOG_FILE: "/var/log/aws-routed-eni/plugin.log"
83
AWS_VPC_K8S_PLUGIN_LOG_LEVEL: DEBUG
84
DISABLE_INTROSPECTION: "false"
85
DISABLE_METRICS: "false"
86
ENABLE_POD_ENI: "false"
87
ENABLE_PREFIX_DELEGATION: "false"
88
WARM_ENI_TARGET: "1"
89
WARM_PREFIX_TARGET: "1"
90
DISABLE_NETWORK_RESOURCE_PROVISIONING: "false"
91
ENABLE_IPv4: "true"
92
ENABLE_IPv6: "false"
93
ENABLE_SUBNET_DISCOVERY: "true"
94
VPC_CNI_VERSION: "v1.21.1"
95
NETWORK_POLICY_ENFORCING_MODE: "standard"
96
ENABLE_IMDS_ONLY_MODE: "false"
97
ENABLE_MULTI_NIC: "false"
98
# Add env from configMap or from secrets
99
# - name: ENV_VAR1
100
# valueFrom:
101
# configMapKeyRef:
102
# name: example-config
103
# key: ENV_VAR1
104
# - name: ENV_VAR2
105
# valueFrom:
106
# configMapKeyRef:
107
# name: example-config
108
# key: ENV_VAR2
109
# - name: SECRET_VAR1
110
# valueFrom:
111
# secretKeyRef:
112
# name: example-secret
113
# key: SECRET_VAR1
114
extraEnv: []
115
# this flag enables you to use the match label that was present in the original daemonset deployed by EKS
116
# You can then annotate and label the original aws-node resources and 'adopt' them into a helm release
117
originalMatchLabels: false
118
# Settings for aws-vpc-cni ConfigMap
119
# - Network Policy settings
120
enableNetworkPolicy: "false"
121
# - Windows settings
122
enableWindowsIpam: "false"
123
# - Windows Prefix Delegation settings
124
enableWindowsPrefixDelegation: "false"
125
warmWindowsPrefixTarget: 0
126
warmWindowsIPTarget: 1
127
minimumWindowsIPTarget: 3
128
# - Security Groups for Pods settings
129
branchENICooldown: 60
130
cniConfig:
131
enabled: false
132
fileContents: ""
133
imagePullSecrets: []
134
fullnameOverride: "aws-node"
135
priorityClassName: system-node-critical
136
podSecurityContext: {}
137
podAnnotations: {}
138
podLabels: {}
139
securityContext:
140
capabilities:
141
add:
142
- "NET_ADMIN"
143
- "NET_RAW"
144
serviceAccount:
145
# Specifies whether a service account should be created
146
create: true
147
# The name of the service account to use.
148
# If not set and create is true, a name is generated using the fullname template
149
name: aws-vpc-cni-sa
150
annotations: {}
151
# To set annotations - serviceAccount.annotations."eks\.amazonaws\.com/role-arn"=arn:aws:iam::<AWS_ACCOUNT_ID>:<IAM_ROLE_NAME>
152
livenessProbe:
153
exec:
154
command:
155
- /app/grpc-health-probe
156
- '-addr=:50051'
157
- '-connect-timeout=5s'
158
- '-rpc-timeout=5s'
159
initialDelaySeconds: 60
160
livenessProbeTimeoutSeconds: 10
161
readinessProbe:
162
exec:
163
command:
164
- /app/grpc-health-probe
165
- '-addr=:50051'
166
- '-connect-timeout=5s'
167
- '-rpc-timeout=5s'
168
initialDelaySeconds: 1
169
readinessProbeTimeoutSeconds: 10
170
resources:
171
requests:
172
cpu: 25m
173
updateStrategy:
174
type: RollingUpdate
175
rollingUpdate:
176
maxUnavailable: "10%"
177
nodeSelector: {}
178
tolerations:
179
- operator: Exists
180
affinity:
181
nodeAffinity:
182
requiredDuringSchedulingIgnoredDuringExecution:
183
nodeSelectorTerms:
184
- matchExpressions:
185
- key: "kubernetes.io/os"
186
operator: In
187
values:
188
- linux
189
- key: "kubernetes.io/arch"
190
operator: In
191
values:
192
- amd64
193
- arm64
194
- key: "eks.amazonaws.com/compute-type"
195
operator: NotIn
196
values:
197
- fargate
198
- hybrid
199
- auto
200
eniConfig:
201
# Specifies whether ENIConfigs should be created
202
create: false
203
region: us-west-2
204
subnets:
205
# Key identifies the AZ
206
# Value contains the subnet ID and security group IDs within that AZ
207
# us-west-2a:
208
# id: subnet-123
209
# securityGroups:
210
# - sg-123
211
# us-west-2b:
212
# id: subnet-456
213
# securityGroups:
214
# - sg-456
215
# us-west-2c:
216
# id: subnet-789
217
# securityGroups:
218
# - sg-789
219
podMonitor:
220
# Create Prometheus podMonitor
221
create: false
222
# Annotations to add to the Prometheus podMonitor
223
annotations: {}
224
# Labels to add to the Prometheus podMonitor
225
labels: {}
226
# The interval to scrape metrics.
227
interval: 30s
228
# The timeout before a metrics scrape fails.
229
scrapeTimeout: 30s
230
# relabelings to apply to the podMonitor
231
relabelings: []
232
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.