Changed
- Change the default flow's action to
dropin ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl) - Stop using
/bin/shand invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas) - Increase the rate limit setting of
PacketInMeterand the size ofPacketInQueue. (#5460, @GraysonWu) - Upgrade Open vSwitch to 2.17.7. (#5225, @antoninbas)
Fixed
- Fix IPv4 groups containing IPv6 endpoints mistakenly in dual-stack clusters in AntreaProxy implementation. (#5194, @tnqn)
- Fix ClusterClaim webhook bug to avoid ClusterClaim deletion failure. (#5075, @luolanzone)
- Ensure the Egress IP is always correctly advertised to the network, including when the userspace ARP responder is not running or when the Egress IP is temporarily claimed by multiple Nodes. (#5127, @tnqn)
- Fix status report when no-op changes are applied to Antrea-native policies. (#5096, @tnqn)
- Bump up libOpenflow version to fix a PacketIn response parse error. (#5157, @wenyingd)
- Remove NetworkPolicyStats dependency of MulticastGroup API to fix the empty list issue when users run
kubectl get multicastgroupseven when the Multicast is enabled. (#5367, @ceclinux) - Fix an Antrea Controller crash issue in handling empty Pod labels for LabelIdentity when the config
enableStretchedNetworkPolicyis enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg) - Do not attempt to join Windows agents to the memberlist cluster to avoid misleading error logs. (#5434, @tnqn)
- Fix the burst setting of the
PacketInQueueto reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)