The Multicast, TopologyAwareHints, and NodeIPAM features are graduated from Alpha to Beta. The TopologyAwareHints, NodeIPAM features are enabled by default. Multicast can be enabled with a new Antrea Agent configuration parameter: multicast.enable
.
Added
- Add two new fields
sourcePort
andsourceEndPort
in Antrea-native policy API to match traffic initiated from specific ports. (#4687, @Dyanngg) - Add a new field
logLabel
to Antrea-native policy CRDs; the user-provided label is added to audit logs. (#4748, @qiyueyao) - Add Antrea Controller API for querying Antrea Groups and ClusterGroups by IP addresses. (#4807, @Dyanngg)
- Add a new Antrea Controller configuration
clientCAFile
to allow user to specify client CA. (#4664, @wenyingd) - Add support for ExternalIP in AntreaProxy to allow a Service to be accessed from outside the cluster using an external IP address. (#4866, @hongliangl)
- Add WireGuard tunnel mode for Antrea Multi-cluster to support encryption of the traffic between member clusters. (#4737 #4606 #4848, @hjiajing)
- Refer to Antrea Multi-cluster user guide for more informantion about this feature.
- Add support for EndpointSlice API for Multi-cluster Services. When the EndpointSlice API is available for the cluster, EndpointSlice resources of the exported Service, rather than the Endpoints resource, will be processed. (#4895, @luolanzone)
- Add a new exporter to FlowAggregator to write flows to a local file. (#4855, @antoninbas)
- Add openEuler 22.03 as a new supported OS of Antrea, and update the Kubernetes installer document with the information. (#4957, @ceclinux)
Changed
- Deprecate Antrea Octant Plugin; it is replaced by a dedicated Antrea UI. (#4825, @antoninbas)
- Update Open vSwitch version to 2.17.6. (#4959, @tnqn)
- Update Windows OVS version to 2.16.7. (#4705, @XinShuYang)
- Add
status.egressIP
field for Egress to represent the effective Egress IP. (#4603, @tnqn) - Add a new
Failed
phase in ANP status for the case when all Agents have reported the status and at least one failure is received. (#4608, @wenyingd) - Check the existence of AntreaAgentInfo CRD before operating on it for worker Node or ExternalNode. (#4762, @wenyingd)
- Stop serving v1alpha2 version of the ClusterGroup CRD. (#4812, @antoninbas)
- Optimize the cached flows in Antrea Agent to reduce Agent memory usage. (#4495, @wenyingd)
- Replace PacketIn/Controller with PacketIn2/Controller2 to improve packetin handler. (#4768, @GraysonWu)
- Change to look up Pods by name instead of IP address to fetch labels in Flow Aggregator, to avoid obtaining incorrect Pods when Pod turnover is high. (#4942, @dreamtalen)
- Do not export Services of type ExternalName in Antrea Multi-cluster; this is consistent with the upstream Multi-cluster Service KEP. (#4814, @luolanzone)
- Update Multi-cluster user guide to provide more details for Gateway enablement. (#4889, @luolanzone)
- Update documentation for recent MetalLB versions. (#4803, @antoninbas)
- Add support for short-circuiting in AntreaProxy to ensure that the traffic from Pod/Node clients to
external addresses behaves the same way as the traffic from external clients to external addresses. (#4815, @hongliangl) - Add OVS table name as label for
ovs_flow_count
Prometheus metrics. (#4893, @cr7258) - Make IGMP query versions configurable for Antrea Multicast. (#4876, @ceclinux)
- Document the limit of maximum receiver group number on a Linux Node for Antrea Multicast. (#4850, @ceclinux)
- Upgrade K8s libraries to v0.26.4. (#4935, @heanlan)
- Bump up whereabouts to v0.6.1. (#4988, @hjiajing)
Fixed
- Unify AntreaProxy behavior across Linux and Windows. Windows agents now configure only a single route for all Service ClusterIPs and can restore routes after they are deleted by accident. (#3889, @hongliangl)
- Use LOCAL instead of CONTROLLER as the in_port of packet-out messages to fix a Windows agent crash issue. (#4992, @tnqn)
- Run agent modules that rely on Services access after AntreaProxy is ready to fix a Windows agent crash issue. (#4946, @tnqn)
- Improve Windows cleanup scripts to avoid unexpected failures. (#4722 #5013, @wenyingd)
- Fix a bug that a deleted NetworkPolicy is still enforced when a new NetworkPolicy with the same name exists. (#4986, @tnqn)
- Make FQDN NetworkPolicy work for upper case FQDNs. (#4934, @GraysonWu)
- Fix a bug that K8s Networkpolicy audit logging doesn't work for Service access. (#4780, @qiyueyao)
- Fix Service not being updated correctly when stickyMaxAgeSeconds or InternalTrafficPolicy is updated. (#4845, @tnqn)
- Fix EndpointSlice API availablility check to resolve the issue that AntreaProxy always falls back to the Endpoints API when EndpointSlice is enabled. (#4852, @tnqn)
- In Antrea Agent Service CIDR discovery, prevent headless Services from updating the discovered Service CIDR to avoid overwriting the default route of host network unexpectedly. (#5008, @hongliangl)
- Fix the Antrea Agent crash issue when a large amount of multicast receivers with different multicast IPs on one Node start together. (#4870, @ceclinux)
- Fix the Antrea Agent crash issue which is caused by a concurrency bug in Multicast feature with encap mode. (#4903, @ceclinux)
- Use a random port when the UDP source port in a Traceflow is 0. (#4963, @gran-vmv)
- Set default flag to 2 for TCP Traceflow to fix a Traceflow timeout issue when the flag is not provided. (#4948, @luolanzone)
- Fix concurrent map write bug for LabelIdentity controller in Antrea Multi-cluster. (#4994, @Dyanngg)
- Fix a race condition between stale controller and ResourceImport reconcilers in Antrea Multi-cluster controller. (#4853, @Dyanngg)
- Bump up Suricata to 6.0.12 to fix a L7 NetworkPolicy issue. (#4968, @xliuxu)
- Fix discovered Service CIDR flapping on Agent start. (#5017, @tnqn)