Summary
This update is mainly a dependency and docker image base update. For a long time, kube-router has been stalled on Alpine 3.18 because of a breaking change with the upstream iptables user space. However, this was fixed in iptables-1.8.11 which was released in November and then was integrated into Alpine 3.21 early this Month. See #1789 for more information.
This should make kube-router much more tolerant of iptables / nftables rules added by recent versions of the netfilter userspaces.
This release does contain a few prominent fixes since the last release of v2.4.1:
ipset.Save()was introduced at the start of the NetworkPolicyController resolving a race condition between the NetworkPolicyController (--run-firewall) and the NetworkServiceController (--run-service-proxy). See #1806 (thanks @alexcriss for reporting this and being patient while we tried to reproduce)- Internal cluster traffic is now properly excluded from NAT conditions which resolves a regression that was introduced in the v2.3 release line. See: #1778 (thanks @zerkms for reporting this)
Other major dependency updates:
- Bundled CNI plugins have been updated from v1.4.0 -> v1.6.2
- Go version has been updated from v1.22.3 -> v1.23.6
Contributions
Special thanks to @rbrtbnfgl and @dsseng for their contributions to this release!
Changelog
- 85e429e - doc(RELEASE.md): update release docs
<Aaron U'Ren> - b97e2bb - feat(Makefile): update CNI plugins v1.4.0 -> v1.6.2
<Aaron U'Ren> - baad588 - feat(gomoq): update moq version v0.3.4 -> v0.5.1
<Aaron U'Ren> - 5e9cc72 - feat(goreleaser): update goreleaser version and syntax
<Aaron U'Ren> - 16d1f6b - feat(Makefile): update golangci-lint 1.56.2->1.63.4
<Aaron U'Ren> - d8430e2 - fix(lint): remove nolint for error messages
<Aaron U'Ren> - 760fcd5 - fix(lint): remove non-constant format string (govet)
<Aaron U'Ren> - 48b631c - fix(lint): remove unnecessary variable initializations (copyloopvar)
<Aaron U'Ren> - 858fdf6 - fix(lint): prevent against integer overflow errors
<Aaron U'Ren> - 5cdc417 - feat: update to go 1.22.3->1.23.6 and alpine 3.18->3.21
<Aaron U'Ren> - d1982eb - Added ipset.Save at the start of syncNetworkPolicyChains
<Roberto Bonafiglia> - e6d7245 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 1dfd31b - build(deps): bump github.com/spf13/pflag from 1.0.5 to 1.0.6
<dependabot[bot]> - 4a2537b - build(deps): bump google.golang.org/protobuf from 1.36.3 to 1.36.4
<dependabot[bot]> - 0a4ca09 - build(deps): bump github.com/aws/aws-sdk-go from 1.55.5 to 1.55.6
<dependabot[bot]> - 0b7cc95 - build(deps): bump google.golang.org/protobuf from 1.36.2 to 1.36.3
<dependabot[bot]> - bca3227 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 70fa746 - build(deps): bump google.golang.org/grpc from 1.69.2 to 1.69.4
<dependabot[bot]> - aa7cffb - fix(NSC): only set rp_filter to 2 if it is 1
<Dmitry Sharshakov> - b2e2ef8 - build(deps): bump golang.org/x/net from 0.33.0 to 0.34.0
<dependabot[bot]> - 60566a9 - build(deps): bump google.golang.org/protobuf from 1.36.1 to 1.36.2
<dependabot[bot]> - c067b83 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - cb67bae - build(deps): bump github.com/onsi/gomega from 1.36.1 to 1.36.2
<dependabot[bot]> - 93498fb - build(deps): bump google.golang.org/grpc from 1.69.0 to 1.69.2
<dependabot[bot]> - 970c52d - build(deps): bump google.golang.org/protobuf from 1.35.2 to 1.36.0
<dependabot[bot]> - b7dc040 - build(deps): bump golang.org/x/net from 0.32.0 to 0.33.0
<dependabot[bot]> - 955bf54 - build(deps): bump golang.org/x/net from 0.31.0 to 0.32.0
<dependabot[bot]> - 44f95a6 - build(deps): bump github.com/onsi/gomega from 1.36.0 to 1.36.1
<dependabot[bot]> - 7ebe51a - build(deps): bump google.golang.org/grpc from 1.67.1 to 1.69.0
<dependabot[bot]> - 6ce2c6d - fix(NRC): find all node IPs for NAT exclusion
<Aaron U'Ren>