Added
- Add "Antrea Proxy" implementation to provide Pod-to-Service load-balancing (for ClusterIP Services) directly in the OVS pipeline. (#772, @weiqiangt) [Alpha - Feature Gate:
AntreaProxy]- This feature is enabled by default for Windows Nodes, as it is required for correct NetworkPolicy implementation for Pod-to-Service traffic
- Add ClusterNetworkPolicy CRD API, which enables cluster admins to define security policies which apply to the entire cluster (not just one Namespace). (#810 #872 #724, @abhiraut @Dyanngg) [Alpha - Feature Gate:
ClusterNetworkPolicy] - Add Traceflow CRD API, which supports generating tracing requests for traffic going through the Antrea-managed Pod network. (#660 #731, @gran-vmv @lzhecheng) [Alpha - FeatureGate:
Traceflow] - Add Traceflow Octant plugin: requests can be generated from the Web dashboard (by filling-out a form) and responses are displayed in graph format. (#841, @ZhangYW18)
- Wrap klog so that one can specify a maximum number of log files to be kept for each verbosity level (using "--log_file_max_num"), while enforcing the size limit for each file (as specified with "--log_file_max_size"). (#879, @jianjuns @alex-vmw)
- Support executing Agent API requests which depend on OVS command-line utilities (e.g., ovs-ofctl, ovs-appctl) on Windows Nodes; this enables using the "antctl get ovsflows" and "antctl trace-packet" commands for Windows Nodes. (#794, @wenyingd)
- Support "antctl supportbundle" command for Windows Nodes. (#820, @weiqiangt)
- Add "--controller-only" flag to "antctl supportbundle" command to only collect information from the Controller, without the Agents. (#791, @weiqiangt)
- Add new Agent Prometheus metrics for NetworkPolicies:
- Additional documentation:
- Windows design document (#751, @wenyingd @ruicao93)
- information about "supportbundle" command in antctl documentation (#812, @antoninbas)
- Feature gates documentation (#892, @antoninbas)
Changed
- Change default tunnel type from VXLAN to Geneve. (#858 #903, @jianjuns @antoninbas @abhiraut)
- this may cause some disruption during upgrade, as inter-Node Pod communications between Nodes running Antrea pre-v0.8 and Nodes running Antrea post-v0.8 will be broken; edit the manifest if you want to stick to VXLAN
- Move Octant plugin to a new "plugins/" folder and make it its own Go module. (#838, @mengdie-song)
- Update antrea-cni to support CNI version 0.4.0. (#784, @moshe010)
- Change gateway and tunnel interface names to antrea-gw0 and antrea-tun0 respectively. (#854, @jianjuns)
- Make antrea-agent Pod tolerant of "NoExecute" taints to prevent unwanted evictions. (#815, @tnqn)
- Use "Feature Gates" to control enabling / disabling experimental features instead of introducing separate temporary configuration parameters. (#847, @tnqn)
- Upgrade K8s API version used by Antrea to 1.18. (#838, @mengdie-song)
- Create controller-ca ConfigMap in the same Namespace as the Controller Deployment, instead of hard-coding it to "kube-system". (#876, @jianjuns)
- Log error when "iptables-restore" command fails. (#839, @tnqn)
- Update OVS version to 2.13.1 on Windows because of some issues, notably with the connection tracking implementation. (#856, @ruicao93)
- Update behavior of "antctl supportbundle" command so that the Controller logs are not collected when a Node name or a Node filter is provided. (#857, @jianjuns)
Fixed
- Fix runtime crash in the Agent when processing NetworkPolicy rules for which a Protocol has been provided, but no Port. (#882, @wenyingd @abhiraut)
- Clean up stale OVS PID files to avoid failure loops in antrea-ovs startup. (#880, @jianjuns)
- When using CNI chaining in a cloud-managed service, ensure that the initContainer blocks until the "primary CNI"'s conf file is found. (#864, @reachjainrahul)
- Update version of go-iptables library to avoid deadlock when invoking iptables commands. (#873, @antoninbas)
- Improve robustness of the liveness probe for the antrea-ovs container. (#861, @tnqn)