aws-vpc-cni-fips
Helm chart
Request a free trial
Contact our team to test out this Helm chart and related images for free. Please also indicate any other images you would like to evaluate.
Tag:
1
# Default values for aws-vpc-cni.
2
# This is a YAML-formatted file.
3
# Declare variables to be passed into your templates.
4
5
# This default name override is to maintain backwards compatability with
6
# existing naming
7
nameOverride: aws-node
8
init:
9
image:
10
tag: latest@sha256:74f98b459136a325441b217f299f2acba9fceca5ce49fcaa9896bb2e9f3ba071
11
domain: amazonaws.com
12
region: us-west-2
13
endpoint: ecr
14
account: "602401143452"
15
pullPolicy: Always
16
# Set to use custom image
17
overrideRepository: chainreg.biz/chainguard-private/amazon-k8s-cni-init-fips
18
# overrideRepository: "repo/org/image"
19
override:
20
# override: "repo/org/image:tag"
21
env:
22
DISABLE_TCP_EARLY_DEMUX: "false"
23
ENABLE_IPv6: "false"
24
securityContext:
25
privileged: true
26
resources: {}
27
nodeAgent:
28
enabled: true
29
image:
30
tag: latest@sha256:5f300fac3143d1a851cc9219f4a9a40b2a7471a8e11d9daf399ee0e2e8591f23
31
domain: amazonaws.com
32
region: us-west-2
33
endpoint: ecr
34
account: "602401143452"
35
pullPolicy: Always
36
# Set to use custom image
37
overrideRepository: chainreg.biz/chainguard-private/aws-network-policy-agent-fips
38
# overrideRepository: "repo/org/image"
39
override:
40
# override: "repo/org/image:tag"
41
securityContext:
42
capabilities:
43
add:
44
- "NET_ADMIN"
45
privileged: true
46
enableCloudWatchLogs: "false"
47
enablePolicyEventLogs: "false"
48
networkPolicyAgentLogFileLocation: "/var/log/aws-routed-eni/network-policy-agent.log"
49
enableIpv6: "false"
50
metricsBindAddr: "8162"
51
healthProbeBindAddr: "8163"
52
conntrackCacheCleanupPeriod: 300
53
logLevel: "debug"
54
resources: {}
55
image:
56
tag: latest@sha256:fb1737d3d473057460d469d35f2c6f53074b2021b345b7824dcc3ba5d19898dd
57
domain: amazonaws.com
58
region: us-west-2
59
endpoint: ecr
60
account: "602401143452"
61
pullPolicy: Always
62
# Set to use custom image
63
overrideRepository: chainreg.biz/chainguard-private/amazon-k8s-cni-fips
64
# overrideRepository: "repo/org/image"
65
override:
66
# override: "repo/org/image:tag"
67
# The CNI supports a number of environment variable settings
68
# See https://github.com/aws/amazon-vpc-cni-k8s#cni-configuration-variables
69
env:
70
ADDITIONAL_ENI_TAGS: "{}"
71
AWS_VPC_CNI_NODE_PORT_SUPPORT: "true"
72
AWS_VPC_ENI_MTU: "9001"
73
AWS_VPC_K8S_CNI_CUSTOM_NETWORK_CFG: "false"
74
AWS_VPC_K8S_CNI_EXTERNALSNAT: "false"
75
AWS_VPC_K8S_CNI_LOG_FILE: "/host/var/log/aws-routed-eni/ipamd.log"
76
AWS_VPC_K8S_CNI_LOGLEVEL: DEBUG
77
AWS_VPC_K8S_CNI_RANDOMIZESNAT: "prng"
78
AWS_VPC_K8S_CNI_VETHPREFIX: eni
79
AWS_VPC_K8S_PLUGIN_LOG_FILE: "/var/log/aws-routed-eni/plugin.log"
80
AWS_VPC_K8S_PLUGIN_LOG_LEVEL: DEBUG
81
DISABLE_INTROSPECTION: "false"
82
DISABLE_METRICS: "false"
83
ENABLE_POD_ENI: "false"
84
ENABLE_PREFIX_DELEGATION: "false"
85
WARM_ENI_TARGET: "1"
86
WARM_PREFIX_TARGET: "1"
87
DISABLE_NETWORK_RESOURCE_PROVISIONING: "false"
88
ENABLE_IPv4: "true"
89
ENABLE_IPv6: "false"
90
ENABLE_SUBNET_DISCOVERY: "true"
91
VPC_CNI_VERSION: "v1.21.1"
92
NETWORK_POLICY_ENFORCING_MODE: "standard"
93
ENABLE_IMDS_ONLY_MODE: "false"
94
ENABLE_MULTI_NIC: "false"
95
# Add env from configMap or from secrets
96
# - name: ENV_VAR1
97
# valueFrom:
98
# configMapKeyRef:
99
# name: example-config
100
# key: ENV_VAR1
101
# - name: ENV_VAR2
102
# valueFrom:
103
# configMapKeyRef:
104
# name: example-config
105
# key: ENV_VAR2
106
# - name: SECRET_VAR1
107
# valueFrom:
108
# secretKeyRef:
109
# name: example-secret
110
# key: SECRET_VAR1
111
extraEnv: []
112
# this flag enables you to use the match label that was present in the original daemonset deployed by EKS
113
# You can then annotate and label the original aws-node resources and 'adopt' them into a helm release
114
originalMatchLabels: false
115
# Settings for aws-vpc-cni ConfigMap
116
# - Network Policy settings
117
enableNetworkPolicy: "false"
118
# - Windows settings
119
enableWindowsIpam: "false"
120
# - Windows Prefix Delegation settings
121
enableWindowsPrefixDelegation: "false"
122
warmWindowsPrefixTarget: 0
123
warmWindowsIPTarget: 1
124
minimumWindowsIPTarget: 3
125
# - Security Groups for Pods settings
126
branchENICooldown: 60
127
cniConfig:
128
enabled: false
129
fileContents: ""
130
imagePullSecrets: []
131
fullnameOverride: "aws-node"
132
priorityClassName: system-node-critical
133
podSecurityContext: {}
134
podAnnotations: {}
135
podLabels: {}
136
securityContext:
137
capabilities:
138
add:
139
- "NET_ADMIN"
140
- "NET_RAW"
141
serviceAccount:
142
# Specifies whether a service account should be created
143
create: true
144
# The name of the service account to use.
145
# If not set and create is true, a name is generated using the fullname template
146
name:
147
annotations: {}
148
# To set annotations - serviceAccount.annotations."eks\.amazonaws\.com/role-arn"=arn:aws:iam::<AWS_ACCOUNT_ID>:<IAM_ROLE_NAME>
149
livenessProbe:
150
exec:
151
command:
152
- /app/grpc-health-probe
153
- '-addr=:50051'
154
- '-connect-timeout=5s'
155
- '-rpc-timeout=5s'
156
initialDelaySeconds: 60
157
livenessProbeTimeoutSeconds: 10
158
readinessProbe:
159
exec:
160
command:
161
- /app/grpc-health-probe
162
- '-addr=:50051'
163
- '-connect-timeout=5s'
164
- '-rpc-timeout=5s'
165
initialDelaySeconds: 1
166
readinessProbeTimeoutSeconds: 10
167
resources:
168
requests:
169
cpu: 25m
170
updateStrategy:
171
type: RollingUpdate
172
rollingUpdate:
173
maxUnavailable: "10%"
174
nodeSelector: {}
175
tolerations:
176
- operator: Exists
177
affinity:
178
nodeAffinity:
179
requiredDuringSchedulingIgnoredDuringExecution:
180
nodeSelectorTerms:
181
- matchExpressions:
182
- key: "kubernetes.io/os"
183
operator: In
184
values:
185
- linux
186
- key: "kubernetes.io/arch"
187
operator: In
188
values:
189
- amd64
190
- arm64
191
- key: "eks.amazonaws.com/compute-type"
192
operator: NotIn
193
values:
194
- fargate
195
- hybrid
196
- auto
197
eniConfig:
198
# Specifies whether ENIConfigs should be created
199
create: false
200
region: us-west-2
201
subnets:
202
# Key identifies the AZ
203
# Value contains the subnet ID and security group IDs within that AZ
204
# us-west-2a:
205
# id: subnet-123
206
# securityGroups:
207
# - sg-123
208
# us-west-2b:
209
# id: subnet-456
210
# securityGroups:
211
# - sg-456
212
# us-west-2c:
213
# id: subnet-789
214
# securityGroups:
215
# - sg-789
216
podMonitor:
217
# Create Prometheus podMonitor
218
create: false
219
# Annotations to add to the Prometheus podMonitor
220
annotations: {}
221
# Labels to add to the Prometheus podMonitor
222
labels: {}
223
# The interval to scrape metrics.
224
interval: 30s
225
# The timeout before a metrics scrape fails.
226
scrapeTimeout: 30s
227
# relabelings to apply to the podMonitor
228
relabelings: []
229
The trusted source for open source
Talk to an expertProduct
Customers
© 2026 Chainguard, Inc. All Rights Reserved.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.
Chainguard® and the Chainguard logo are registered trademarks of Chainguard, Inc. in the United States and/or other countries.
The other respective trademarks mentioned on this page are owned by the respective companies and use of them does not imply any affiliation or endorsement.