Changed
- Use iptables-wrapper in Antrea container. Now antrea-agent can work with distros that lack the iptables kernel module of "legacy" mode (ip_tables). (#3308, @antoninbas)
- Reduce permissions of Antrea ServiceAccount for updating annotations. (#3408, @tnqn)
Fixed
- Fix NodePort/LoadBalancer Service cannot be accessed when externalTrafficPolicy changed from Cluster to Local with proxyAll enabled. (#3330, @hongliangl)
- Fix initial egress connections from Pods may go out with node IP rather than Egress IP. (#3378, @tnqn)
- Fix NodePort Service access when an Egress selects the same Pod as the NodePort Service. (#3397, @hongliangl)
- Fix ipBlock referenced in nested ClusterGroup not processed correctly. (#3405, @Dyanngg)