github antrea-io/antrea v2.0.0
Antrea v2.0.0

latest releases: v2.2.0, v2.2.0-alpha.2, v2.2.0-alpha.1...
6 months ago

Added

  • Support LoadBalancerIPMode in AntreaProxy to implement K8s KEP-1860. (#6102, @hongliangl)
  • Add sameLabels field support for Antrea ClusterNetworkPolicy peer Namespace selection to allow users to create ACNPs that isolate Namespaces based on their label values. (#4537, @Dyanngg)
  • Add multiple physical interfaces support for the secondary network bridge. (#5959, @aroradaman)
  • Use a Node's primary NIC as the secondary OVS bridge physical interface. (#6108, @aroradaman)
  • Add user documentation for Antrea native secondary network support. (#6015 #6042, @jianjuns @antoninbas)
  • Add a new versioned API NetworkPolicyEvaluation and a new antctl sub-command for querying the effective policy rule applied to particular traffic. (#5740 #6112, @qiyueyao)

Changed

  • Multiple deprecated APIs, fields and options have been removed from Antrea.
    • Remove deprecated v1alpha1 CRDs Tier, ClusterNetworkPolicy, NetworkPolicy, Traceflow and ExternalEntity. (#6162 #6177 #6238, @luolanzone @hjiajing @antoninbas)
    • Remove deprecated v1alpha2 and v1alpha3 CRDs ClusterGroups, ExternalIPPool, ClusterGroup and Group. (#6049 #6239, @luolanzone @antoninbas)
    • Remove deprecated ServiceAccount field in ClusterSet type for Antrea Multi-cluster. (#6134, @luolanzone)
    • Remove deprecated options enableIPSecTunnel,multicastInterfaces, multicluster.enable and legacyCRDMirroring. (#5158, @luolanzone)
    • Clean up unused code for NodePortLocal and remove the deprecated nplPortRange config. (#5943, @luolanzone)
    • Clean up deprecated APIServices. (#6002, @tnqn)
  • Documentation has been updated to reflect recent changes and provide better guidance to users.
    • Add upgrade instructions for Antrea v2.0. (#6261, @antoninbas)
    • Update the OVS pipeline document and workflow diagram to keep them up to date. (#5412, @hongliangl)
    • Clarify documentation for IPPool and ExternalIPPool CRDs. (#6183, @antoninbas)
    • Document Pods using FQDN based policies must respect DNS TTL. (#6230, @tnqn)
    • Document the limitations of Audit Logging for policy rules. (#6225, @antoninbas)
  • Optimizing Antrea binaries size.
    • Optimize package organization to reduce antctl binary size. (#6037, @tnqn)
    • Reduce antrea-cni binary size by removing unnecessary import packages. (#6038, @tnqn)
    • Strip all debug symbols from Go binaries by default. (#6035, @antoninbas)
    • Disable cgo for all Antrea binaries. (#5988, @antoninbas)
  • Increase the minimum supported Kubernetes version to v1.19. (#6089, @hjiajing)
  • Add OVS groups dump information to support bundle to help troubleshooting. (#6195, @shikharish)
  • Add egressNodeName in flow records for Antrea Flow Aggregator. (#6012, @Atish-iaf)
  • Add EgressNode field in the Traceflow Egress observation to include the name of the Egress Node. (#5949, @Atish-iaf)
  • Upgrade IPPool CRD to v1beta1 and make the subnet definition consistent with the one in ExternalIPPool CRD. (#6036, @mengdie-song)
  • Request basic memory for antrea-controller to improve its scheduling and reduce its OOM adjustment score, enhancing overall robustness. (#6233, @tnqn)
  • Increase default rate limit of antrea-controller to improve performance for batch requests. (#6231, @tnqn)
  • Remove Docker support for antrea-agent on Windows, update Windows documentation to remove all Docker-specific instructions, and all mentions of (userspace) kube-proxy. (#6019 #6255, @XinShuYang @antoninbas)
  • Stop publishing the legacy unified image. (#6182, @antoninbas)
  • Avoid unnecessary DNS queries for FQDN rule of NetworkPolicy in antrea-agent. (#6200, @tnqn)
  • Stop using projects.registry.vmware.com for user-facing images. (#6073, @antoninbas)
  • Fall back to lenient decoding when strict decoding config fails to tolerate unknown fields and duplicate fields, ensuring forward compatibility of configurations. (#6156, @tnqn)
  • Skip loading openvswitch kernel module if it's already built-in. (#5979, @antoninbas)
  • Persist TLS certificate and key of antrea-controller and sync the CA cert periodically to improve robustness. (#5955 #6205, @tnqn)
  • Add more validations for ExternalIPPool CRD to improve robustness. (#5898, @aroradaman)
  • Add Antrea L7 NetworkPolicy logs for allowed HTTP traffic. (#6014, @qiyueyao)
  • Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
  • Add a flag for antctl to print OVS table names when users run antctl get ovsflows --table-names-only. (#5895 #6100, @luolanzone)
  • Improve log message when antrea-agent fails to join a new Node. (#6048, @roopeshsn)
  • Remove the prefix rancher-wins when collecting antrea-agent logs on Windows. (#6223, @wenyingd)
  • Upgrade K8s libraries to v0.29.2. (#5843, @hjiajing)
  • Upgrade base image from UBI8 to UBI9 for Antrea UBI images. (#5737, @xliuxu)

Fixed

  • Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
  • Disable libcapng to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu)
  • Fix a race condition in antrea-agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
  • Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
  • Use 65000 MTU upper bound for interfaces in encap mode to account for the MTU automatically configured by OVS on tunnel ports, and avoid packet drops on some clusters. (#5997, @antoninbas)
  • Install multicast related iptables rules only on IPv4 chains to fix the antrea-agent initialization failure occurred when the Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
  • Remove incorrect AntreaProxy warning on Windows when proxyAll is disabled. (#6242, @antoninbas)
  • Explicitly set kubelet's log files in Prepare-Node.ps1 on Windows, to ensure that they are included in support bundle collections. (#6221, @wenyingd)
  • Add validation on antrea-agent options to fail immediately when encryption is requested and the Multicast feature enabled. (#5920, @wenyingd)
  • Don't print the incorrect warning message when users run antrea-controller --version outside of K8s. (#5993, @prakrit55)
  • Record event when EgressIP is uninstalled from a Node and remains unassigned. (#6011, @jainpulkit22)
  • Fix a bug that the local traffic cannot be identified on networkPolicyOnly mode. (#6251, @hongliangl)
  • Use reserved OVS controller ports for the default Antrea ports to fix a potential ofport mismatch issue. (#6202, @antoninbas)

Don't miss a new antrea release

NewReleases is sending notifications on new releases.