Is there an existing issue for this?

• I have searched the existing issues

What happened?

Hello!

I've got an unexpected issue trying to update cilium in an EKS cluster.
It is an EKS cluster updated to Kubernetes 1.23, latest in AWS.
Using cilium 1.11.8 it works fine, using the helm template command with some flags enabled:

But after upgrading to 1.12.1 with the same helm template, the pod is not initialized.

This is the helm export with 1.11.8 that works:

helm template cilium cilium/cilium --version 1.11.8 \ --namespace kube-system \ --set cni.chainingMode=aws-cni \ --set enableIPv4Masquerade=false \ --set tunnel=disabled \ --set kubeProxyReplacement=strict \ --set k8sServiceHost=xxxxxxxxxxxxxx.yl4.xxxxxxxxxxxxx.eks.amazonaws.com \ --set k8sServicePort=443 \ --set bpf.preallocateMaps=true \ --set ipv6.enabled=false \ --set nodeinit.enabled=true > cilium-base_1.11.8.yaml

The helm template that it not works is the next:

helm template cilium cilium/cilium --version 1.12.1 \ --namespace kube-system \ --set cni.chainingMode=aws-cni \ --set enableIPv4Masquerade=false \ --set tunnel=disabled \ --set kubeProxyReplacement=strict \ --set k8sServiceHost=xxxxxxxxxxxxxx.yl4.xxxxxxxxxxxxx.eks.amazonaws.com \ --set k8sServicePort=443 \ --set bpf.preallocateMaps=true \ --set ipv6.enabled=false \ --set nodeinit.enabled=true > cilium-base_1.12.1.yaml

After deploying the manifest, and the pod is not initialized, I can check that the node where the pod is created, has the directory /etc/cni/net.d empty and is not creating the needed /etc/cni/net.d/10-aws.conflist file.

Cilium Version

Client: 1.12.1 4c9a630 2022-08-15T16:29:39-07:00 go version go1.18.5 linux/amd64
Daemon: 1.12.1 4c9a630 2022-08-15T16:29:39-07:00 go version go1.18.5 linux/amd64

Kernel Version

Linux ip-xx-xx-xx-xx.eu-west-1.compute.internal 5.4.209-116.363.amzn2.x86_64 #1 SMP Wed Aug 10 21:19:18 UTC 2022 x86_64 x86_64 x86_64 GNU/Linux

Kubernetes Version

Client Version: version.Info{Major:"1", Minor:"15+", GitVersion:"v1.15.10-eks-bac369", GitCommit:"bac3690554985327ae4d13e42169e8b1c2f37226", GitTreeState:"clean", BuildDate:"2020-02-21T23:37:18Z", GoVersion:"go1.12.12", Compiler:"gc", Platform:"linux/amd64"}
Server Version: version.Info{Major:"1", Minor:"23+", GitVersion:"v1.23.7-eks-4721010", GitCommit:"b77d9473a02fbfa834afa67d677fd12d690b195f", GitTreeState:"clean", BuildDate:"2022-06-27T22:19:07Z", GoVersion:"go1.17.10", Compiler:"gc", Platform:"linux/amd64"}

Sysdump

cilium-sysdump-20220908-112305.zip

Relevant log output

Exec lifecycle hook ([/cni-install.sh --enable-debug=false --cni-exclusive=true --log-file=/var/run/cilium/cilium-cni.log]) for Container "cilium-agent" in Pod "cilium-xxxx_kube-system(xxxxxxx-xxxx-xxxx-xxxxxx-xxxxxxxxxx)" failed - error: command '/cni-install.sh --enable-debug=false --cni-exclusive=true --log-file=/var/run/cilium/cilium-cni.log' exited with 1: , message: "Installing cilium-cni to /host/opt/cni/bin/ ...\nRemoving active Cilium CNI configurations from /host/etc/cni/net.d})...\nExisting CNI config is required for chaining but does not exist yet, exiting...\n"

Anything else?

No response

Code of Conduct

• I agree to follow this project's Code of Conduct