8000 Releases · antrea-io/antrea · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Releases: antrea-io/antrea

Antrea v2.2.1

30 Mar 09:00
@luolanzone luolanzone
v2.2.1
98a0bf1
Compare
Choose a tag to compare
Antrea v2.2.1

Changed

Fixed

  • Fix antrea-agent crash issue when deleting the Secret which is storing BGP passwords. (#7042, @hongliangl)
  • Filter out the hostNetwork Pods locally on Linux to fix K8s compatibility issue, since the spec.hostNetwork field selector for Pods is not supported before K8s v1.28. (#7012, @wenyingd)
  • Add -ComputerName localhost explicitly for VMSwitch commands to avoid potential validation issues on Windows with Active Directory. (#6985, @XinShuYang)
  • Reconcile Pods with hostNetwork after Antrea Agent is restarted on Windows. (#6944, @wenyingd)
  • Fix PacketCapture bpf filter issue to avoid receiving packets when the socket is created but the bpf filter is not applied yet. (#6821, @hangyan)
  • Set the maximum packet size explicitly to fix an issue with reading PacketCapture pcapng files with tcpdump on macOS. (#6804, @hangyan)
  • Remove stale OVS interfaces in the CNIServer reconciler if the original Pod interface is disconnected. (#6919, @wenyingd)
  • Ensure that promote_secondaries is set on IPAssigner interfaces to avoid the automatic removal of all other IP addresses in the same subnet when the primary IP address is deleted. (#6898 #6900, @antoninbas)
  • Ensure that OpenFlow rules for a Windows Pod are installed as long as the OpenFlow port is allocated, even if its state is incorrectly reported as "LINK_DOWN". (#6889, @wenyingd)
  • Fix audit logging for default deny-all K8s NetworkPolicy rules. (#6855, @qiyueyao)
  • Fix race condition when getting BGP routes in BGPController. (#6823, @Atish-iaf)

Contributors

antoninbas, hangyan, and 6 other contributors
Loading

Antrea v2.3.0

22 Feb 02:25
@luolanzone luolanzone
v2.3.0
f3f4dff
Compare
Choose a tag to compare
Antrea v2.3.0 Latest
Latest

Added

  • Add Proxy mode for Flow Aggregator to send flows directly without buffering or aggregation. (#6920 #6961, @antoninbas)
  • Support version skew between Antrea Agent and Flow Aggregator to improve upgrade robustness. (#6912, @antoninbas)
  • Add clusterId to aggregated records for Flow Aggregator. (#6769, @antoninbas)
  • Add checksum/config annotation to the Deployment of Flow Aggregator. (#6967, @antoninbas)
  • Support SecondaryNetwork of SR-IOV type for VM Nodes. (#6881, @tnqn)
  • Add more printer columns for PacketCapture CRD. (#6977, @antoninbas)
  • Add fallback log collection to the antctl supportbundle command for Antrea components for which regular Support Bundle collection has failed. (#3659, @hangyan)
  • Add antreaProxy.disableServiceHealthCheckServer config to disable the health check server run by Antrea Proxy to avoid kube-proxy error logs. (#6939, @antoninbas)
  • Add route info to the output of antctl get bgproutes. (#6803 #6823 #6835, @Atish-iaf)

Changed

  • Promote feature EgressSeparateSubnet from Alpha to Beta. (#6982, @luolanzone)
  • Promote feature ServiceExternalIP from Alpha to Beta. (#6903, @xliuxu)
  • Allow running Flow Aggregator with no collector / sink. (#7006, @antoninbas)
  • More efficient IP checks in the Flow Exporter when determining the type of flow being exported. (#6960, @antoninbas)
  • Require k8s.v1.cni.cncf.io/resourceName annotations for SR-IOV type of NetworkAttachmentDefinitions for SecondaryNetwork. (#6999, @antoninbas)
  • Remove stale OVS interfaces in the CNIServer reconciler if the original Pod interface is disconnected. (#6919, @wenyingd)
  • Remove local ASN range limitation in BGPPolicy API. (#6914, @hongliangl)
  • Support providing a fixed public host key for SFTP uploads with a new field hostPublicKey to PacketCapture and SupportBundleCollection CRDs. (#6848, @antoninbas)
  • Upgrade CNI plugins from v1.5.1 to v1.6.2. (#6796, @luolanzone)
  • Push Antrea Ubuntu-based images to ghcr.io. (#6834, @antoninbas)
  • Upgrade go-ipfix to 0.13.0, which includes performance improvements and supports sending multiple data records in the same IPFIX message. (#6998, @antoninbas)

Fixed

  • Add -ComputerName localhost explicitly for VMSwitch commands to avoid potential validation issues on Windows with Active Directory. (#6985, @XinShuYang)
  • Fix that Antrea L7NetworkPolicies do not handle Service traffic correctly. (#6941, @hongliangl)
  • Disable TX checksum offload for Antrea host gateway interface when disableTXChecksumOffload is set to true. (#6843, @hongliangl)
  • Add fqdnCacheMinTTL configuration for Antrea-native policies which will ensure that resolved IPs are included in data path rules for at least the configured amount of time, in case some applications are caching the results of DNS queries. (#6808, @hkiiita)
  • Ensure that OpenFlow rules for a Windows Pod are installed as long as the OpenFlow port is allocated, even if its state is incorrectly reported as "LINK_DOWN". (#6889, @wenyingd)
  • Fix audit logging for default deny-all K8s NetworkPolicy rules. (#6855, @qiyueyao)
  • Ensure that promote_secondaries is set on IPAssigner interfaces to avoid the automatic removal of all other IP addresses in the same subnet when the primary IP address is deleted. (#6898 #6900, @antoninbas)
  • Set the maximum packet size explicitly to fix an issue with reading PacketCapture pcapng files with tcpdump on macOS. (#6804, @hangyan)
  • Reconcile Pods with hostNetwork after Antrea Agent is restarted on Windows. (#6944, @wenyingd)
  • Create a new kubeconfig for SupportBundleClient to fix antctl supportbundle failures on Windows. (#6840, @XinShuYang)
  • Fix PacketCapture bpf filter issue to avoid receiving packets when the socket is created but the bpf filter is not applied yet. (#6821, @hangyan)

Contributors

antoninbas, hangyan, and 9 other contributors
Assets 31

Antrea v2.2.0

10 Nov 09:40
@tnqn tnqn
v2.2.0
a13d931
Compare
Choose a tag to compare
Antrea v2.2.0

Added

  • Add a new feature PacketCapture to allow users to capture live traffic and upload captured packets to a specified location:
  • Add a few new antctl sub-commands for the BGPPolicy feature to improve usability:
    • antctl get bgppolicy to get the effective BGP policy applied on the local Node. (#6646, @Atish-iaf)
    • antctl get bgppeers to print the current status of all BGP peers of the effective BGPPolicy applied on the local Node. (#6689 #6755, @Atish-iaf)
    • antctl get bgproutes to print the BGP routes advertised from the local Node. (#6734, @Atish-iaf)
  • Add an except field to the Antrea-native policy field ipBlock to allow users to exclude certain CIDRs from ipBlock.cidr. (#6658 #6677, @Dyanngg)
  • Add a new templateRefreshTimeout configuration for FlowAggregator to define the template retransmission interval when using the UDP protocol to export records. (#6699, @antoninbas)
  • Add EnableLogging and LogLabel support for Antrea Node NetworkPolicy. (#6626, @hongliangl)
  • Add ServiceTrafficDistribution feature in Antrea Proxy that enables traffic distribution for Services. (#6604, @hongliangl)
  • Support --random-fully for iptables SNAT / MASQUERADE rules. (#6602, @antoninbas)
  • Add antctl-darwin-arm64 to Antrea release assets. (#6640, @antoninbas)
  • Add documentation for the NodeLatencyMonitor feature. (#6561, @antoninbas)

Changed

  • Uniform BGP router ID selection for IPv4 and IPv6 for the BGPPolicy feature. (#6605, @Atish-iaf)
  • Use the default protocol / port when the destination is a Service in Traceflow. (#6601, @Atish-iaf)
  • Add validations for Antrea Node NetworkPolicy to fail invalid configurations. (#6613, @Atish-iaf)
  • More robust system Tier creation / update for Antrea-native policies. (#6696, @antoninbas)
  • Handle ExternalIPPool range changes in Egress controller. (#6685, @antoninbas)
  • Close connection to IPFIX collector explicitly on Stop for FlowAggregator. (#6635, @antoninbas)
  • Unify the checker image and make it configurable when running antctl check cluster. (#6579, @tnqn)
  • Update the Finalizer of ResourceExport to be a domain-qualified string. (#6742, @Dyanngg)
  • Upgrade Ubuntu to 24.04 (Noble). (#6575, @antoninbas)
  • Upgrade Go to 1.23. (#6647, @antoninbas)
  • Upgrade Suricata to 7.0. (#6589, @antoninbas)

Fixed

  • Install OpenFlow entries by PortStatus to fix an Antrea Agent failure on Windows when the OF port allocation takes longer than 5s. (#6763, @wenyingd)
  • Match dstIP in ClassifierTable to fix a potential source MAC and IP mismatched issue on Windows when promiscuous mode is enabled. (#6528, @XinShuYang)
  • Fix the checker image tag when running antctl check cluster with a released antctl binary. (#6565, @tnqn)
  • Use the same MTU as uplink for bridge ports to fix a potential MTU mismatch issue when the traffic mode is changed. (#6577, @antoninbas)
  • Cache TTLs for individual IP addresses in DNS responses to avoid evicting valid IPs before they are expired. (#6732, @hkiiita)
  • Fix an issue with ipset or iptables chain removal during Antrea Node NetworkPolicy updates or deletions. (#6707, @hongliangl)
  • Fix an issue with logging support for L7 NetworkPolicy causing the wrong packet to be logged by Suricata for the default reject rule. From now on, enableLogging only controls L4 audit logging and we unconditionally log the packet data for all Suricata alert events. (#6651, @qiyueyao)
  • Fix NetworkPolicy related antctl commands including antctl get networkpolicy and antctl get ovsflows. (#6487, @Dyanngg)
  • Fix the template ID not existing error in IPFIX exporter for FlowAggregator. (#6630, @antoninbas)
  • Fix an antrea-agent crash issue when the host interface is already attached to the OVS bridge for SecondaryNetwork. (#6666, @xliuxu)
  • Delay the initialization of ARP / NDP responders to fix the ServiceExternalIP feature when SecondaryNetwork is enabled. (#6700, @xliuxu)
  • Run the IPPool webhook handler when SecondaryNetwork is enabled. (#6691, @luolanzone)
  • Fix a slice init length issue for NetworkPolicy controller. (#6715, @cuishuang)
  • Improve memory copying logic to avoid a potential memory fault on Windows. (#6664 #6673, @XinShuYang @tnqn)
  • Document a workaround for using EgressSeparateSubnet feature on OpenShift. (#6622 #6775, @luolanzone @jianjuns)
  • Clean up stale resources when antctl check cluster fails. (#6597, @luolanzone)
  • Fix hint annotation implementation in AntreaProxy. (#6607, @hongliangl)
  • Initialize creationTimestamp when creating instances of NodeLatencyStats to prevent a null creationTimestamp issue. (#6574, @hkiiita)
  • Avoid error log when unmarshalling config for Antrea Multi-cluster Controller. (#6744, @antoninbas)

Contributors

antoninbas, hangyan, and 12 other contributors
Loading

Antrea v2.2.0-alpha.2

31 Oct 04:02
@antoninbas antoninbas
v2.2.0-alpha.2
cc441db
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Antrea v2.2.0-alpha.2 Pre-release
Pre-release

The main purpose of this pre-release is to validate the updated workflow for building and publishing Antrea images. This release is not meant to be used in production.

Loading

Antrea v2.2.0-alpha.1

30 Oct 16:44
@antoninbas antoninbas
v2.2.0-alpha.1
3749caf
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Antrea v2.2.0-alpha.1 Pre-release
Pre-release

Release is not usable as image manifests were not published correctly.

The main purpose of this pre-release is to validate the updated workflow for building and publishing Antrea images. This release is not meant to be used in production.

Loading

Antrea v2.2.0-alpha.0

29 Oct 17:37
@antoninbas antoninbas
v2.2.0-alpha.0
47ce51e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Antrea v2.2.0-alpha.0 Pre-release
Pre-release

Release is not usable as image manifests were not published correctly.

The main purpose of this pre-release is to validate the updated workflow for building and publishing Antrea images. This release is not meant to be used in production.

Loading

Antrea v2.1.0

26 Jul 12:57
@tnqn tnqn
v2.1.0
1dacc22
Compare
Choose a tag to compare
Antrea v2.1.0

Added

  • Add a new feature BGPPolicy that allows users to run a BGP process on selected Kubernetes Nodes and advertise Service IPs, Pod IPs, and Egress IPs to remote BGP peers.
  • Add a new feature NodeLatencyMonitor that allows users to do east/west connectivity monitoring and provides an API to query inter-Node latency. (#6120 #6392 #6479, @IRONICBo)
  • Add two new antctl commands to validate a K8s Cluster before Antrea installation, and allow users to validate basic network and security functionalities after Antrea is installed.
    • Add antctl check cluster command to to ensure that a K8s cluster is configured properly before Antrea installation. (#6278, @kanha-gupta)
    • Add antctl check installation command to conduct Pod/Service connectivity checks and verify basic NetworkPolicy rules. (#6133 #6313 #6367, @kanha-gupta)
    • Add documentation for the new antctl check commands. (#6373, @kanha-gupta)
    • Refer to this document for more information about these new commands.

Changed

  • Ensure Antrea Proxy handles all Service traffic with proxyAll enabled, even when kube-proxy is present. (#6308, @hongliangl)
  • Optimize the containerized OVS installation on Windows, manual installation of the OVS kernel driver is usually not required anymore. (#6383, @wenyingd)
  • Add OVS driver installation in initContainer for Antrea Agent on Windows. (#6312, @XinShuYang)
  • Use HostProcess container base image and buildx to build the Antrea Agent Windows image, Window Server 2019 and later are now supported with the same image, including Windows Server 2022. (#6325, @wenyingd)
  • Support shared LoadBalancerIP for multiple Services by introducing a new annotation service.antrea.io/allow-shared-load-balancer-ip: true. (#6480, @tnqn)
  • Promote feature CleanupStaleUDPSvcConntrack from Alpha to Beta. (#6372, @hongliangl)
  • Always include Pod labels in FlowAggregator IPFIX template. (#6418, @antoninbas)
  • Fix live config updates on IPFIXExporter for FlowAggregator. (#6385, @antoninbas)
  • Improve handling of config changes in FlowAggregator to support updating recordContents.podLabels at runtime. (#6378, @antoninbas)
  • Add an EndpointResolver to remove Antrea Agent's dependency on proxy to access Antrea Service. (#6361, @antoninbas)
  • Replace bincover with built-in Go coverage profiling tool. (#6090, @shikharish)
  • Trim unneeded fields stored in informers and Node objects to reduce memory footprint. (#6317 #6351, @tnqn)
  • Remove stale multicast routes to improve the readability of multicast routes. (#3242, @ceclinux)
  • Add srcPodIP field in Traceflow observations. (#6247, @Atish-iaf)
  • Use Helm to generate Antrea Windows manifests. (#6360, @shikharish)
  • Upgrade CNI plugins from v1.4.1 to v1.5.1. (#6475, @antoninbas)
  • Add documentation for the sameLabels feature in Antrea ClusterNetworkPolicy. (#6280, @Dyanngg)
  • Add recommended usage of FQDN policies. (#6389, @Dyanngg)

Fixed

  • Fix NodePortLocal rules being deleted incorrectly due to PodIP recycle. (#6531, @tnqn)
  • Fix "Access is denied" error when importing certificates into the trusted publishers store on Windows server 2022. (#6529, @wenyingd)
  • Fix the Node network connection breaking when attaching a host interface to the secondary OVS bridge. (#6504, @wenyingd)
  • Exclude terminated Pods from group members when calculating AppliedToGroups and EgressGroups to prevent NetworkPolicies or Egresses applying to wrong Pods. (#6508, @tnqn)
  • Fix install_cni_chaining script not configuring CNI conf correctly with AKS or CNI chaining, when the CNI conf file is not ready. (#6506, @tnqn)
  • Wait for OVS bridge datapath ID to be available after creating br-int to avoid failures when the Antrea Agent tries to query supported OVS datapath features. (#6472, @antoninbas)
  • Fix a bug causing Antrea Proxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
  • Fix Antrea Agent crash when enabling proxyAll in networkPolicyOnly mode. (#6259, @hongliangl)
  • Improve stale UDP conntrack entries deletion accuracy in Antrea Proxy. (#6193, @hongliangl)
  • Remove unexpected altname after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv)
  • Avoid generating a zombie process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)
  • Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
  • Delay removal of flow-restore-wait to fix traffic interruption issue when Antrea Agent restarts. (#6342, @antoninbas)
  • Fix antctl mc deploy command usage to make the version parameter optional. (#6287, @roopeshsn)
  • Fix inaccuracy in Traceflow user guide. (#6319, @antoninbas)

Contributors

antoninbas, ceclinux, and 11 other contributors
Loading

Antrea v2.1.0-beta.0

19 Jul 04:06
@tnqn tnqn
v2.1.0-beta.0
63b8117
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
Antrea v2.1.0-beta.0 Pre-release
Pre-release

Note that this pre-release of v2.1.0 does not include BGPPolicy support, which will be a major feature in the final v2.1.0 release.

Loading

Antrea v2.0.1

21 Jun 07:54
@tnqn tnqn
v2.0.1
8e1c0e9
Compare
Choose a tag to compare
Antrea v2.0.1

Changed

Fixed

  • Remove unexpected altname after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv)
  • Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
  • Fix a bug causing AntreaProxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
  • Improve stale UDP conntrack entries deletion accuracy in AntreaProxy. (#6193, @hongliangl)
  • Fix antrea-agent crash when enabling proxyAll in networkPolicyOnly mode. (#6259, @hongliangl)
  • Avoid generating defunct process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)
  • Fix inaccuracy in Traceflow user guide. (#6319, @antoninbas)

Contributors

antoninbas, Dyanngg, and 2 other contributors
Loading

Antrea v1.15.2

21 Jun 08:46
@tnqn tnqn
v1.15.2
c4881dc
Compare
Choose a tag to compare
Antrea v1.15.2

Fixed

  • Remove unexpected altname after renaming interface to avoid failure when moving host interface to OVS bridge. (#6321, @gran-vmv)
  • Do not try to update type of Secret in selfSignedCertProvider to avoid self-signed certificate update failure. (#6205, @tnqn)
  • Install multicast related iptables rules only on IPv4 chains to fix the antrea-agent initialization failure occurring when the Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
  • Fix a single rule deletion bug for NodePortLocal on Linux and improve robustness of NPL rule cleanup. (#6284, @antoninbas)
  • Fix a bug causing AntreaProxy not to delete stale UDP conntrack entries for the virtual NodePort DNAT IP. (#6379, @hongliangl)
  • Improve stale UDP conntrack entries deletion accuracy in AntreaProxy. (#6193, @hongliangl)
  • Fix antrea-agent crash when enabling proxyAll in networkPolicyOnly mode. (#6259, @hongliangl)
  • Fix a bug preventing local traffic from being identified in networkPolicyOnly mode. (#6251, @hongliangl)
  • Avoid generating defunct process when starting Suricata, the L7 ANP engine. (#6366, @hongliangl)

Contributors

antoninbas, wenyingd, and 3 other contributors
Loading
0