This release has serveral improvements to network policies implementation in kube-router and cleanup of code base to fix all go lint errors and few bug fixes.
Thanks @mrueg @aauren @liuxu623 for your the PR's.
Thanks @aauren for reporting regression in v1.0.0-rc4 and critical feedback on network policy implementation some of which are addressed in this release.
Note: This release has following breaking changes:
- The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
- if you have egress network policies applied to workload, you need to ensure proper value for
service-cluster-ip-range
andservice-node-port-range
configured to ensure pod's can access service cluster IP's and NodePort services
Note: This release has following known issues:
- please see #934
Changelog
e858e26 change ACCEPT to RETURN with mark when a netpol is matched so that we run through (#915)
4d6b0b8 whitelist traffic to cluster IP and node ports in INPUT chain to bypass netwrok policy enforcement (#914)
210dc3d avoids adding kube-router specific rules to enforce network policies in (#909)
8f5c959 full sync when namespace labels change (#917)
12674d5 Add golangci-lint support (#895)
4a08e11 Dockerfile: Update to alpine:3.11 (#918)
cb48a7f fix(network_routes): missing node ip -> error log (#904)
d2178da fix(ecmp_vip): check for nil nodename (#903)