antrea-io/antrea v1.8.0

Release v1.8.0

on GitHub

Added

• Add ExternalNode feature which enables Antrea to manage security policies for non-Kubernetes Nodes (like virtual machines or bare-metal servers). (#4110, @wenyingd @mengdie-song @Anandkumar26)
  • It introduces the ExternalNode CRD; each resource of this kind represents a virtual machine or bare-metal server and supports specifying which network interfaces on the external Node are expected to be protected with Antrea-native policies.
  • An ExternalEntity resource will be created for each network interface specified in the ExternalNode resource. Antrea-native policies are applied to an external Node by using the ExternalEntity selector.
  • Refer to this document for more information about this feature.
• Add the following capabilities to Antrea-native policies:
  • Add Audit Logging support for K8s Networkpolicy. (#4047, @qiyueyao)
  • Support applying Antrea ClusterNetworkPolicy to NodePort Services for securing ingress traffic. (#3997, @GraysonWu)
  • Introduce the Group CRD to logically group different network endpoints and reference them together in Antrea NetworkPolicy. (#2438, @qiyueyao @abhiraut)
• Release new Antrea Helm chart version for each Antrea release. (#3935 #3952, @antoninbas @yanjunz97)
  • Refer to this document for Helm installation method. (#3989, @antoninbas)
• Support TopologyAwareHints in AntreaProxy. (#3515, @hongliangl)
• Add encap mode support for the Multicast feature. (#3947, @wenyingd)
• Support configurable Geneve, VXLAN, or STT port number for encap mode. (#4065, @Jexf)
• Add Status field to the IPPool CRD: it is used to report usage information for the pool (total number of IPs in the pool and number of IPs that are currently assigned). (#3072 #4088, @ksamoray @tnqn)
• Support updating configuration at runtime for flow-aggregator via antctl or by updating the ConfigMap. (#3642, @yuntanghsu)
• Add antctl commands to set up and delete Multi-cluster ClusterSet. (#3992, @hjiajing)
• Add documentation to set up Multi-cluster ClusterSet with antctl. (#4096, @jianjuns)

Changed

• Antrea now uses OpenFlow 1.5 to program OVS. (#3770, @wenyingd @ashish-varma)
• Rename Windows script Start.ps1 to Start-AntreaAgent.ps1, and rename Stop.ps1 to Stop-AntreaAgent.ps1. (#3904, @wenyingd)
• Unify NodePortLocal behavior across Linux and Windows. Linux agents now support allocating different Node ports for different protocols even when the Pod port number is the same. (#3936, @XinShuYang)
• Antrea IPAM now uses the name of the uplink interface to name the host internal port, and the uplink interface will be renamed with a ~ suffix, e.g. eth0~. (#3938, @gran-vmv)
• Send Neighbor Advertisement messages after creating Pods in an IPv6 cluster. (#3998, @gran-vmv)
• Add an output formatter "raw" to better display multi-line string responses for antctl. (#3589, @Atish-iaf)
• Add new ports to network requirement doc. (#4063, @luolanzone)
• Windows OVS installation script now installs required SSL library if missing. (#4029, @XinShuYang)
• Upgrade whereabouts CNI to v0.5.4 and provide required pluginArgs when invoking the CNI binary. (#3987, @arunvelayutham)
• Remove Grafana flow collector files in the Antrea repo (as they were moved to the Theia repo). (#4048, @dreamtalen)
• Make the following changes to the Multi-cluster feature:
  • Add columns of kubectl outputs for Multi-cluster custom resources. (#3923, @jianjuns)
  • Use hostNetwork for Multi-cluster controller. (#3965, @luolanzone)
  • Update ClusterClaim CRD to v1alpha2. (#3755, @bangqipropel)
  • Update GatewayIPPrecedence to support the "external/internal" options. (#3930, @luolanzone)
  • Disable metrics API and change the health binding address port to 8080. (#4101, @luolanzone)
  • Improve CRD validation. (#4062 #4090 #4043, @luolanzone)
  • Auto create MemberClusterAnnounce and update ClusterSet in leader cluster for each member cluster. (#3956 #4054 #4026, @hjiajing @luolanzone)
  • Add Multi-cluster Gateway descriptions in the Multi-cluster architecture document. (#3638 #3899, @luolanzone @jianjuns)

Fixed

• Fix reconnection issue between Agent and OVS. (#4091, @wenyingd)
• Fix the wrong DNAT IP used by AntreaProxy for serving NodePort traffic on Windows Nodes. (#4103, @XinShuYang)
• Fix Antrea Octant plugin build. (#4107, @antoninbas)
• Fix Pod-to-external traffic on EKS in policyOnly mode. (#3975, @antoninbas)
• Fix problems caused by Node restart on EKS in policyOnly mode. (#4012 #4042, @antoninbas)
• Fix race conditions in NetworkPolicyController. (#4028, @tnqn)
• Fix FlowExporter memory bloat when export process is dead. (#3994, @wsquan171)
• Fix socket leak in an IPv6 cluster. (#4104, @wenyingd)
• Fix ClickHouse client race during batch commit. (#4071, @wsquan171)
• Retry when retrieval of PodCIDRs fails to avoid Agent crash due to the delay in allocating PodCIDRs for the Node. (#3950, @ksamoray)
• Fix nil pointer issue when ClusterSet is deleted in leader cluster. (#3915, @luolanzone)
• Clean up ResourceExport if the exported Service has no available Endpoints. (#4056, @luolanzone)