github antrea-io/antrea v1.1.0
Release v1.1.0
on GitHub

latest releases: v2.0.0, v1.13.4, v1.14.3...
3 years ago

Added

  • Enable "noEncap" and "hybrid" traffic modes for clusters which include Windows Nodes. (#2160 #2161, @lzhecheng @tnqn) [Windows]
    • Each Agent is responsible for annotating its Node resource with the MAC address of the uplink interface, using the "node.antrea.io/mac-address" annotation; the annotation is used to forward Pod traffic
  • Add a generic mechanism to define policy rules enforced on all the network endpoints belonging to the same Namespace as the target of the AppliedTo; this makes it very easy to define an Antrea CNP to only allow same-Namespace traffic (Namespace isolation) across all Namespaces in the cluster or a subset of them. (#1961, @Dyanngg)
  • Add support for the "Reject" action of Antrea-native policies in the Traceflow observations. (#2032, @gran-vmv)
  • Add support for the "endPort" field in K8s NetworkPolicies. (#2190, @GraysonWu)
  • Add support for dual-stack Services, which are enabled by default in K8s v1.21, in AntreaProxy. (#2207, @xliuxu)
  • Export flow records about connections denied by NetworkPolicies from the FlowExporter and the FlowAggregator; the records include information about the policy responsible for denying the connection when applicable. (#2112, @zyiou)
  • Add more NetworkPolicy-related information to IPFIX flow records exported by the FlowAggregator (policy type and rule name). (#2163, @heanlan)
  • Add live-traffic Traceflow support to the Antrea Octant plugin, which includes support for displaying the captured packet's headers. (#2124, #2182, @luolanzone)
  • Add crd.antrea.io/v1alpha3/ClusterGroup API resource which removes the deprecated "ipBlock" field; a conversion webhook is added to the Controller to convert from the v1alpha2 version to the v1alpha3 version. (#2008, @Dyanngg)
  • Add support for providing an IP address as the source for live-traffic Traceflow; the source can also be omitted altogether in which case any source can be a match. (#2068, @jianjuns)
  • Add ICMP echo ID and sequence number to the captured packet for live-traffic Traceflow. (#2162, @jianjuns)
  • Add support for dumping OVS groups with the "antctl get of" command. (#1984, @jianjuns)
  • Add new "antrea_agent_deny_connection_count" Prometheus metric to keep track of the number of connections denied because of NetworkPolicies; if too many connections are denied within a short window of time, the metric may undercount. (#2112, @zyiou)
  • Generate and check-in clientset code for ClusterGroupMembers and GroupAssociation, to facilitate consumption of these APIs by third-party software. (#2130, @Dyanngg)
  • Document requirements for the Node network (how to configure firewalls, security groups, etc.) when running Antrea. (#2098, @luolanzone)

Changed

  • Rename Antrea Go module from github.com/vmware-tanzu/antrea to antrea.io/antrea, using a vanity import path. (#2154, @antoninbas)
  • Enable Receive Segment Coalescing (RSC) in the vSwitch on Windows Nodes to reduce host CPU utilization and increase throughput when traffic is not encapsulated. (#2198, @tnqn)
  • Change the export mechanism for the FlowAggregator: instead of exporting all flows periodically with a fixed interval, we introduce an "active timeout" and an "inactive timeout", and flow information is exported differently based on flow activity. (#1949, @srikartati)
  • Periodically verify the local gateway's configuration and the gateway routes on each Node, and correct any discrepancy. (#2091, @hty690)
  • Remove the "enableTLSToFlowAggregator" parameter from the Agent configuration; this information can be provided using the "flowCollectorAddr" parameter. (#2193, @zyiou)
  • Specify antrea-agent as the default container for kubectl commands using the "kubectl.kubernetes.io/default-container" annotation introduced in K8s v1.21. (#2065, @tnqn)
  • Improve the OpenAPI schema for Antrea-native policy CRDs to enable a more comprehensive validation. (#2125, @wenqiq)
  • Bump K8s dependencies (k8s.io/apiserver, k8s.io/client-go, etc.) to v0.21.0 and replace klog with klog/v2. (#1973, @xliuxu)
  • Add nodeSelector for FlowAggregator and ELK Pods in YAML manifests: they must run on amd64 Nodes. (#2087, @antoninbas)
  • Update reference Kibana configuration to decode the flowType field and display a human-friendly string instead of an integer. (#2102, @zyiou)
  • Package whereabouts CNI plugin into the Antrea Linux container image and install the binary on each Node. (#2185, @arunvelayutham)
  • Start enabling Antrea end-to-end tests for Windows Nodes. (#2018, @lzhecheng)
  • Parameterize K8s download path in Windows helper scripts. (#2174 #2192, @jayunit100 @lzhecheng) [Windows]

Fixed

  • It was discovered that the AntreaProxy implementation has an upper-bound for the number of Endpoints it can support for each Service: we increase this upper-bound from ~500 to 800, log a warning for Services with a number of Endpoints greater than 800, and arbitrarily drop some Endpoints so we can still provide load-balancing for the Service. (#2101, @hongliangl)
  • Fix Antrea-native policy with multiple AppliedTo selectors: some rules were never realized by the Agents as they thought they had only received partial information from the Controller. (#2084, @tnqn)
  • Fix re-installation of the OpenFlow groups when the OVS daemons are restarted to ensure that AntreaProxy keeps functioning. (#2134, @antoninbas)
  • Configure the MTU correctly in Windows containers, or Path MTU Discovery fails and datagrams with the minimum size are transmitted leading to poor performance in overlay mode. (#2133, @lzhecheng) [Windows]
  • Fix IPFIX flow records exported by the Antrea Agent. (#2089, @zyiou)
    • If a connection spanned multiple export cycles, it wasn't handled properly and no record was sent for the connection
    • If a connection spanned a single export cycle, a single record was sent but "delta counters" were set to 0 which caused flow visualization to omit the flow in dashboards
  • Fix incorrect stats reporting for ingress rules of some NetworkPolicies: some types of traffic were bypassing the OVS table keeping track of statistics once the connection was established, causing packet and byte stats to be incorrect. (#2078, @ceclinux)
  • Fix ability of the FlowExporter to connect to the FlowAggregator on Windows: the "flow-aggregator.flow-aggregator.svc" DNS name cannot be resolved on Windows because the Agent is running as a process. (#2138, @dreamtalen) [Windows]
  • Fix Traceflow for "hairpinned" Service traffic. (#2167, @gran-vmv)
  • Fix possible crash in the FlowExporter and FlowAggregator when re-establishing a connection for exporting flow records. (#2039, @srikartati)
  • Fix local access (from the K8s Node) to the port of a Pod with NodePortLocal enabled running on the same Node. (#2200, @antoninbas)
  • Add conntrack label parsing in the FlowExporter when using the OVS netdev datapath, so that NetworkPolicy information can be populated correctly in flow records. (#2194, @dreamtalen)
  • Fix the retry logic when enabling the OVS bridge local interface on Windows Nodes. (#2081, @antoninbas) [Windows]
  • Sleep for a small duration before injecting Traceflow packet even when the destination is local, to ensure that flow installation can complete and avoid transient errors. (#2114, @gran-vmv)
  • Build antrea-cni binary and release binaries without cgo, to avoid dependencies on system libraries. (#2189, @antoninbas)
  • Do not populate hostNetwork Pods into AppliedTo groups sent by the Controller to the Agents to avoid unnecessary logs (NetworkPolicies are not enforced on hostNetwork Pods). (2093, @Dyanngg)
  • Fix formatting of K8s code generation tags for Antrea API type declarations, to ensure that auto-generated godocs are rendered correctly. (#2164, @heshengyuan1311)
  • Update brew install commands in the documentation for bringing up a local K8s test cluster. (#2074, @RayBB)
Check out latest releases or
releases around antrea-io/antrea v1.1.0

Don't miss a new antrea release

NewReleases is sending notifications on new releases.

Get notifications