Summary
It has been more than half a year since our last official kube-router release, so I think we're more than past time to do so. Additionally, there have been quite a few items that have been fixed or upgraded.
Highlights & Changed Functionality
- The Network Services Controller (enabled via
--run-service-proxy) now fetches metrics when the metrics URL is hit rather than on the sync period (--ipvs-sync-period). This allows for more fine-grained and up-to-date metrics on IPVS services. (Thanks @rkojedzinszky!) - Service's
externalIPandLoadBalancerIPare now labels on IPVS metrics which can increase cardinality, but also provides better visibility for services. Prior to this, only theClusterIPorNodePortlabels were added to metrics. - The GoBGP port can be changed or disabled via
--gpbgp-admin-portto create more secure / flexible deployments of kube-router - We converted a lot of exec's out to
iproute2intonetlinklibrary calls, making the code more idiomatic, faster, and less fragile to userspace tooling changes - When both DSR and Maglev is enabled on a service kube-router will automatically enable the kernel option
sloppy_tcpfor IPVS which allows for greater service routing consistency when transitioning nodes (Thanks @AnupamGhosh!) - All references to Endpoints has been removed since the API is now fully deprecated and EndpointSlices is now used behind the scenes
Fixed Issues
- 1895 - IPv6 NDP NA/NS dropped when using egress network policy
- 1875 - Collect service statistics real-time
- 1888 - Resilience to TCP SYN Node Loss
- 1816 - support change the default port of GoBGP
- 1614 - Fix CLI Options - --master doesn't work without --kubeconfig
Library Updates
- Go Version:
1.23.6->1.25.1 - Alpine Version:
3.21->3.22 - Go Releaser Version:
v2.5.0->v2.12.2 - GoBGP Version:
v3.29.0->v3.37.0 - CNI Plugin Version:
v1.6.2->v1.8.0 - Kubernetes Libraries:
v1.31.3->v1.34.1
Contributions
Special thanks to @rkojedzinszky, @AnupamGhosh, @qbnit0 for contributing to kube-router and helping make this release possible!
Changelog
- 8bf2e56 - feat(cni): update v1.6.2 -> v1.8.0
<Aaron U'Ren> - b04463f - feat(moq): update v0.5.1 -> v0.6.0
<Aaron U'Ren> - b1b3f93 - feat(goreleaser): update v2.12.2 -> v2.5.0
<Aaron U'Ren> - a4fb70a - feat(lint): update golangci-lint v2.0.2 -> v2.4.0
<Aaron U'Ren> - ec5c41d - feat(markdown): update linter from 0.39.0 -> 0.45.0
<Aaron U'Ren> - 727ff28 - feat(actions): update stale v9 -> v10
<Aaron U'Ren> - 97138fd - feat(actions): update setup-go v5 -> v6
<Aaron U'Ren> - d691aaa - feat(alpine): update 3.21 -> 3.22
<Aaron U'Ren> - 4d41eb6 - feat(go): update go 1.24 -> 1.25 + mods
<Aaron U'Ren> - 94e72aa - fix(NPC): allow bi-directional ipv6 network discovery
<Aaron U'Ren> - bafe940 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 0855bbe - build(deps): bump google.golang.org/protobuf from 1.36.6 to 1.36.8
<dependabot[bot]> - 16d7e2b - build(deps): bump the k8s-dependencies group across 1 directory with 4 updates
<dependabot[bot]> - cb3ada2 - build(deps): bump k8s from 0.31.3 -> 0.33.3
<Aaron U'Ren> - d7214ce - feat(Endpoints): convert Endpoints -> EndpointSlices
<Aaron U'Ren> - bb9835a - feat(lballoc_test.go): make mock informer satisfy SharedIndexInformer interface
<Aaron U'Ren> - 21719d2 - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - af1984a - build(deps): bump github.com/spf13/pflag from 1.0.9 to 1.0.10
<dependabot[bot]> - a5c9404 - build(deps): bump github.com/onsi/gomega from 1.38.0 to 1.38.2
<dependabot[bot]> - 36b6634 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - ab81c6e - build(deps): bump github.com/prometheus/client_golang
<dependabot[bot]> - 732d7a7 - fix(nsc): add loadbalancer IPs to metrics
<Aaron U'Ren> - c2fd633 - fix(nsc): sync field name
<Richard Kojedzinszky> - b4a9ba7 - fix(nsc): rename network_services_metrics.go
<Richard Kojedzinszky> - 7533c18 - feat(nsc): getMetricsServiceMap() rebuilds only after services changed
<Richard Kojedzinszky> - 5efb999 - feat(nsc): replace unsafe.Pointer with atomic.Pointer
<Richard Kojedzinszky> - d0163ab - feat(nsc): move part of Collect() to getMetricsServiceMap()
<Richard Kojedzinszky> - 4e8bb70 - feat(nsc): move metrics logic to separate file
<Richard Kojedzinszky> - a224198 - feat(nsc): optimize key in temporary serviceMap
<Richard Kojedzinszky> - 4ed0cf4 - feat(nsc): improve Service statistics
<Richard Kojedzinszky> - 1b4b6d6 - feat(nsc): eliminate nested loops in Collect()
<Richard Kojedzinszky> - 7666276 - feat(nsc): collect service statistics on demand
<Richard Kojedzinszky> - 4b4ebec - feat(nsc): prepare serviceMap to be accessed by collector thread
<Richard Kojedzinszky> - 5132015 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds
<dependabot[bot]> - 4479fd2 - build(deps): bump golang.org/x/net from 0.42.0 to 0.43.0
<dependabot[bot]> - 3127ca8 - build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.37.1 to 1.38.3
<dependabot[bot]> - bca8418 - build(deps): bump github.com/aws/smithy-go from 1.22.5 to 1.23.0
<dependabot[bot]> - 5d31e35 - build(deps): bump google.golang.org/grpc from 1.74.2 to 1.75.0
<dependabot[bot]> - 9b9402e - build(deps): bump github.com/spf13/pflag from 1.0.7 to 1.0.9
<dependabot[bot]> - 90821a1 - build(deps): bump actions/checkout from 4 to 5
<dependabot[bot]> - 9771000 - build(deps): bump github.com/stretchr/testify from 1.10.0 to 1.11.1
<dependabot[bot]> - 02fbecc - build(deps): bump golang.org/x/sys from 0.34.0 to 0.35.0
<dependabot[bot]> - 5e397e5 - fix failed message
<Anupam Ghosh> - bbb8f3b - disable sloppy_tcp if there is no DSR & Maglev service
<Anupam Ghosh> - 98e38e9 - get and set with int8 for SysctlConfig
<Anupam Ghosh> - 598fc86 - enable sloppy_tcp when DSR and Maglev is enabled
<Anupam Ghosh> - 46d7d62 - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - b7a3721 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - d9c4712 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds
<dependabot[bot]> - cfb9119 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 0f4c577 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - c64aed5 - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - 4f31e54 - build(deps): bump github.com/onsi/gomega from 1.37.0 to 1.38.0
<dependabot[bot]> - 9bf90c7 - build(deps): bump google.golang.org/grpc from 1.73.0 to 1.74.2
<dependabot[bot]> - 496ea3b - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 716b3de - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds
<dependabot[bot]> - 48e859b - build(deps): bump github.com/spf13/pflag from 1.0.6 to 1.0.7
<dependabot[bot]> - 7adddd4 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 569954a - build(deps): bump golang.org/x/net from 0.41.0 to 0.42.0
<dependabot[bot]> - b3f5082 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - bcaced7 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - e2f9681 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 7006205 - feat(DSR): disable routing DSR traffic via kube-bridge
<Aaron U'Ren> - 2ebcac6 - feat(linux_networking): add some additional logging
<Aaron U'Ren> - eb04cbe - fact(linux_tunnels): split SetupOverlayTunnel
<Aaron U'Ren> - 7a0fca3 - feat(linux_tunnels): convert to use netlink library
<Aaron U'Ren> - 8504c52 - fix(DSR): setup source routing for all external IPs
<Aaron U'Ren> - e6edc85 - fix(ipAddrDel): check to see if IP exists on interface before delete
<Aaron U'Ren> - 69e58ed - feat(NSC): add some additional debugging to traffic director
<Aaron U'Ren> - 94bfc0d - fix(ipAddrDel): check for routes before trying to delete
<Aaron U'Ren> - e29b6a3 - fix(NSC): pass fwmark to traffic director as an int
<Aaron U'Ren> - 3c89595 - fact(utils): factor out single subnet ip logic
<Aaron U'Ren> - b070531 - fix: add proper nil rule src handling
<Aaron U'Ren> - f2b0d78 - fact: add ip utils library & add unit testing
<Aaron U'Ren> - 4795a07 - fix(ip rule): use NewRule() for all rule creations
<Aaron U'Ren> - 5607605 - fix(linux_networking.go): add scope to local routes
<Aaron U'Ren> - 80328ac - fix(linux_networking.go): filter routes to be deleted by table
<Aaron U'Ren> - 2836065 - fix(linux_routing.go): choose first rt_tables file
<Aaron U'Ren> - f59a4f5 - feat: convert execs to ip to netlink calls
<Aaron U'Ren> - d7e14f7 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - e04d62b - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - 1f3f5b9 - pkg/cmd/kube-router: Have gocritic ignore if-else chain
<qbnit0> - 4b1c954 - Support in-cluster config with --master
<qbnit0> - 2eeab05 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 46280e0 - build(deps): bump golang.org/x/net from 0.40.0 to 0.41.0
<dependabot[bot]> - ab0d686 - build(deps): bump google.golang.org/grpc from 1.72.2 to 1.73.0
<dependabot[bot]> - 36120e2 - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - b9d5cb5 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - d606220 - build(deps): bump google.golang.org/grpc from 1.72.1 to 1.72.2
<dependabot[bot]> - 82cb7ad - build(deps): bump github.com/docker/docker
<dependabot[bot]> - d6ae8cc - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 14cb612 - build(deps): bump google.golang.org/grpc from 1.72.0 to 1.72.1
<dependabot[bot]> - aa5117d - build(deps): bump golang.org/x/net from 0.39.0 to 0.40.0
<dependabot[bot]> - f8b691e - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 7b99088 - build(deps): bump github.com/osrg/gobgp/v3 from 3.36.0 to 3.37.0
<dependabot[bot]> - fc867eb - build(deps): bump golang.org/x/sys from 0.32.0 to 0.33.0
<dependabot[bot]> - f86e3b0 - build(deps): bump github.com/vishvananda/netlink from 1.3.0 to 1.3.1
<dependabot[bot]> - bb61315 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 81c4a27 - build(deps): bump golang.org/x/net from 0.38.0 to 0.39.0
<dependabot[bot]> - ab95405 - build(deps): bump google.golang.org/grpc from 1.71.0 to 1.72.0
<dependabot[bot]> - 0c495cc - build(deps): bump github.com/aws/aws-sdk-go-v2/config
<dependabot[bot]> - 5d22117 - build(deps): bump github.com/prometheus/client_golang
<dependabot[bot]> - 9788ada - build(deps): bump github.com/onsi/gomega from 1.36.2 to 1.37.0
<dependabot[bot]> - 5389fe1 - build(deps): bump golang.org/x/sys from 0.31.0 to 0.32.0
<dependabot[bot]> - df89045 - build(deps): bump github.com/osrg/gobgp/v3 from 3.29.0 to 3.36.0
<dependabot[bot]> - f2b6d62 - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 43d6dd7 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2
<dependabot[bot]> - 6a1d15c - Use golangci-lint 2.0.2
<Manuel Rüger> - 16b48c3 - Build with go 1.24
<Manuel Rüger> - d8cac91 - feat(options): allow disabling GoBGP grpc port
<Aaron U'Ren> - de3e218 - feat(options): add flag for GoBGP grpc port
<Aaron U'Ren> - ef09bbd - feat(go): update golang.org dependencies
<Aaron U'Ren> - ff8d42f - Update aws-sdk to v2
<Manuel Rüger> - e9a0f5e - build(deps): bump google.golang.org/protobuf from 1.36.5 to 1.36.6
<dependabot[bot]> - 7e03652 - build(deps): bump github.com/ccoveille/go-safecast from 1.5.0 to 1.6.1
<dependabot[bot]> - e0e47b2 - build(deps): bump google.golang.org/grpc from 1.69.4 to 1.71.0
<dependabot[bot]> - f90cba3 - build(deps): bump github.com/prometheus/client_golang
<dependabot[bot]> - 2b783fe - build(deps): bump github.com/docker/docker
<dependabot[bot]> - 8f620d8 - build(deps): bump google.golang.org/protobuf from 1.36.4 to 1.36.5
<dependabot[bot]> - 6be661a - build(deps): bump golang.org/x/net from 0.34.0 to 0.35.0
<dependabot[bot]>