Added
- Add documentation for the Antrea Agent RBAC permissions and how to restrict them using Gatekeeper/OPA. (#3694, @antoninbas)
Fixed
- Clean up stale routes installed by AntreaProxy when ProxyAll is disabled. (#3465, @hongliangl)
- Fix export/import of Services with named ports when using the Antrea Multi-cluster feature. (#3561, @luolanzone)
- Fix handling of the "reject" packets generated by the Antrea Agent to avoid infinite looping. (#3569, @GraysonWu)
- Fix DNS resolution error of Antrea Agent on AKS by using
ClusterFirst
dnsPolicy. (#3701, @tnqn) - Fix tolerations for Pods running on control-plane for Kubernetes >= 1.24. (#3731, @xliuxu)
- Reduce permissions of Antrea Agent ServiceAccount. (#3691, @xliuxu)
- [Windows] Ensure that Service traffic does not bypass NetworkPolicies when ProxyAll is enabled. (#3510, @hongliangl)
- Fix Antrea wildcard FQDN NetworkPolicies not working when NodeLocal DNSCache is enabled. (#3510, @hongliangl)