github antrea-io/antrea v2.4.0
Antrea v2.4.0
on GitHub

latest releases: v2.4.1, v2.1.2, v2.1.1...
one month ago

Added

  • Add BGP confederation support in BGPPolicy. (#6927 #6905, @hongliangl)
  • Support mTLS when exporting flows to an external flow collector for FlowAggregator. (#7212, @antoninbas)
  • Add k8s.v1.cni.cncf.io/network-status annotation to make SecondaryNetwork Pod IP visible. (#7069, @wenqiq)
  • Add protocolFilter config to FlowExporter to filter and export flows only with the specified protocols. (#7145, @petertran-avgo)
  • Add antctl get fqdncache sub-command to fetch the DNS mapping entries for FQDN policies. (#6868, @Dhruv-J)
  • Add TCP flags filter support for PacketCapture. (#7070, @AryanBakliwal)
  • Add bidirectional packet capture support for PacketCapture. (#6882, @AryanBakliwal)
  • Add ICMP messages filter support for PacketCapture. (#7164, @AryanBakliwal)
  • Support antctl packetcapture sub-commands for PacketCapture. (#6884, @hangyan)
  • Support enabling multicast snooping for SecondaryNetwork. (#7200, @tnqn)
  • Allow defining static MAC addresses for SecondaryInterfaces for VLAN network. (#7137, @KMAnju-2021 @rajnkamr)

Changed

  • Multiple enhancements for FlowAggregator are introduced:
    • Move aggregation logic from go-ipfix to Antrea for FlowAggregator. (#7227, @antoninbas)
    • Remove several instances of log spam in the Flow Aggregator, and improve handling of connection failures. (#7223, @antoninbas)
    • Set priorityClassName to system-node-critical by default for FlowAggregator. (#7124, @luolanzone)
    • Support custom ClusterIDs attached to exported flow records for FlowAggregator. (#7197, @petertran-avgo)
    • Clean up RBAC for FlowAggregator. (#7125, @antoninbas)
    • Use Protobuf message in FlowAggregator to represent flows. (#7253, @antoninbas)
    • Use Protobuf / gRPC between FlowExporter and FlowAggregator by default, and allow disabling IPFIX collector via aggregatorTransportProtocol. (#7264, @antoninbas)
    • Add ability to export K8s UIDs in the IPFIX exporter. (#7279, @antoninbas)
    • Add more configuration values to the flow-aggregator chart. (#7138, @antoninbas)
    • Push flow-aggregator image to ghcr.io registry. (#7036, @antoninbas)
  • Log error when OVS meter drops packets, which helps to evaluate whether increasing the packetInRate configuration is needed. (#7242, @tnqn)
  • Log PacketIn drops when dispatching to per-category queues to improve troubleshooting. (#7174, @tnqn)
  • Increase the default packet-in rate limit to 5000. (#7243, @tnqn)
  • Sync affected groups in the Antrea Controller when a Pod goes into Terminated state, to ensure that the Pod is excluded from NetworkPolicy source and destination immediately. (#7217, @Dyanngg)
  • Decouple sending of ICMP probes & latency reporting for NodeLatencyMonitor, which can improve accuracy of measurements and reduce system load. (#7189, @g4rud4kun)
  • Add ICMP Rule for NodeLatencyMonitor to make it work when the Node is configured with iptables default DROP policy. (#7011, @Dhruv-J)
  • Handle Pod UID updates in PodStore to account for the corner case where old and new Pods from update handler are actually different objects. (#6964, @antoninbas)
  • Support configuring file permissions for the Antrea CNI configuration file. (#7098, @luolanzone)
  • Install iptables rules to allow WireGuard packets to ensure Antrea with WireGuard can work properly when the Node is configured with iptables default DROP policy. (#7030, @wenyingd)
  • Make IPPool prefixLength and gateway immutable. (#7186, @wenqiq)
  • Periodically sync permanent neighbors to ensure route correctness for Antrea host gateway interface. (#7238, @hongliangl)
  • Rename a SR-IOV VF device, which is configured as a secondary Pod interface, back to the original name when the Pod is deleted. (#7144, @luolanzone)
  • Support removing the whole k8s.v1.cni.cncf.io/networks annotation or resetting it to an empty value, which deletes the Pod's SecondaryNetwork interfaces. (#7119, @wenqiq)
  • Document Antrea native secondary network support for SR-IOV interfaces. (#7076, @tnqn)

Fixed

  • Enhance OVS commands for Antrea Windows to accelerate container recovery and improve robustness. (#7228, @XinShuYang)
  • Configure routes via ip route add to avoid incorrect replacement of routes when the interface is managed by a network daemon. (#7134, @luolanzone)
  • Restore secondary VLAN interface information and reconcile OVS ports after Agent restarts. (#6853, @KMAnju-2021)
  • Persist container netns with OVS port external IDs. (#7199, @[@jianjuns)
  • Restore the existing SR-IOV secondary interface information when Agent restarts, using the information stored in the Pod NetworkStatus annotation, which ensures correct IP release and VF device name restoration after Pod deletion. (#7240, @luolanzone)
  • Fix invalid template ID in FlowAggregator for IPFIX exporter. (#7208, @antoninbas)
  • Fix race condition when getting metrics via antctl for FlowAggregator. (#7230, @antoninbas)
  • Fix invalid IPFIX UDP traffic fragmentation in the Flow Aggregator. (#7080, @antoninbas)
  • Fix invalid Antrea IE registry ID in docs. (#7087, @ColonelBundy)
  • Remove stale local members in the group cache for Multicast, which resolves an issue that the same receiver may fail to receive multicast packets after it rejoins the group. (#7154, @wenyingd)
  • Fix Agent crash when deleting the Secret storing BGP passwords. (#7042, @hongliangl)
  • Fix rollback when configureContainerLinkVeth fails, to ensure subsequent retries can succeed. (#7210 #7213, @tnqn)
  • Upgrade otelhttp to v0.55.0 to fix WriteHeader logging flood. (#7196, @DeeBi9)
Check out latest releases or
releases around antrea-io/antrea v2.4.0

Don't miss a new antrea release

NewReleases is sending notifications on new releases.

Get notifications