github cloudnativelabs/kube-router v2.7.0
on GitHub

12 hours ago

Summary

Welcome to another full minor release update of kube-router! This one comes with several large-ish fixes along with a
few improvements to functionality.

First off the major dependency version changes:

  • Bump Go 1.25.1 -> 1.25.7
  • CNI plugins v1.8.0 -> v1.9.0
  • GoBGP 3.37.0 -> 4.2.0
  • Add bugfixes to iptables wrapper script from upstream

Node Annotation Consolidation

v2.7.0 also comes with a major change to the way BGP peers can be configured via node annotations. Node annotations can
still be configured with the previous method of comma separated values. However, they can also now be configured using a
consolidated embedded yaml form: 

kubectl annotate node <kube-node> \
kube-router.io/peers="$(cat <<'EOF'
- remoteip: 192.168.1.99
  remoteasn: 65000
  password: U2VjdXJlUGFzc3dvcmQK
- remoteip: 192.168.1.100
  remoteasn: 65000
  password: U2VjdXJlUGFzc3dvcmQK
EOF
)"

See using consolidated annotations for more information.

Other Notable Changes

  • Add better unit testing to Network Services Controller (--run-service-proxy) to prevent future regressions - This
    hopefully helps curb one of the largest sources of functionality regressions over the past several years within
    kube-router
  • Configure AFI SAFI for dual stack clusters regardless of graceful restart setting - Previously, this was configured for the
    primary IP family (becuase GoBGP does this by default), but the secondary family would only get AFI SAFI
    configurations if graceful restart was configured (--bgp-graceful-restart)
  • Correctly configure TCPMSS for IPv6 tunnels - Previously TCPMSS clamping was a one-size-fits-all based on the size of
    IPv4 headers. Now they are properly configured per family
  • Retry certain netlink calls which fixes early start race conditions - Some users noticed a race condition on ip link
    setup when kube-router was starting as the node's OS was also starting. This should fix that edge case.

Contributions

Thanks to all of the community members that helped contribute to this release! Your volunteered time is what makes open
source projects like this one still viable!

Contributors to this release:

  • Documentation fixes: @xieyubo
  • Go Safecast bug fixes and unit test efficiencies: @ccoVeille
  • Consolidated node annotations & fixing netlink retries: @catherinetcai
  • Fix TCPMSS clamping for IPv6: @rkojedzinszky
  • Keeping all of our dependencies up to date and helping with our builds: @mrueg

Changelog

  • da98050 - feat(go): other misc dep updates <Aaron U'Ren>
  • ff8ad4c - feat(Dockerfile): bump IPTABLES wrapper version to latest <Aaron U'Ren>
  • ae9c04c - feat(gobgp): update v3.37.0 -> v4.2.0 <Aaron U'Ren>
  • f56f307 - feat(Makefile): bump CNI plugins v1.8.0 -> v1.9.0 <Aaron U'Ren>
  • 93590ba - feat(Makefile): bump goreleaser v2.12.2 -> v2.13.3 <Aaron U'Ren>
  • 8edde99 - feat(Makefile): bump golangci-lint v2.4.0 -> v2.8.0 <Aaron U'Ren>
  • 4acb902 - feat(go): update go 1.25.1 -> 1.25.7, alpine 3.22 -> 3.23 <Aaron U'Ren>
  • a1e6de9 - test(NSC): add endpoint checking to tests that need them <Aaron U'Ren>
  • 3157e85 - test(NSC): fix two DSR service tests to create pods <Aaron U'Ren>
  • ca6b644 - test(NSC): mock netlink calls - attempt 1 <Aaron U'Ren>
  • b9cd0de - test(NSC): add DSR unit tests - series 1 <Aaron U'Ren>
  • 10f366a - test(NSC): implement traffic policy unit testing <Aaron U'Ren>
  • 0486807 - fix(NSC): cleanup historical bad IPv6 TCPMSS vals <Aaron U'Ren>
  • 8aaba65 - test(NSC): add comprehensive TCPMSS unit tests <Aaron U'Ren>
  • d208307 - fact(test): reuse existing ValToPtr functions <Aaron U'Ren>
  • ae39f27 - fact(NSC): use LinuxNetworkingMock instead of creating a new one <Aaron U'Ren>
  • 59814eb - fix: convert ginkgo tests to standard go tests <Aaron U'Ren>
  • 790d53e - fact(bgp_peers.go): migrate for loop -> slices.Contains <Aaron U'Ren>
  • 827cb4a - fix(BGP): always configure AFI SAFI <Aaron U'Ren>
  • 4dc20bd - feat(retry.go): add debug logging to retries <Aaron U'Ren>
  • ee0940b - fix(dsr): set TCPMSS based on address family <Richard Kojedzinszky>
  • b56e3dd - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • f767c10 - build(deps): bump golang.org/x/sys from 0.39.0 to 0.40.0 <dependabot[bot]>
  • c3af973 - build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.41.0 to 1.41.1 <dependabot[bot]>
  • 8a97044 - build(deps): bump google.golang.org/grpc from 1.76.0 to 1.78.0 <dependabot[bot]>
  • 4fb0b62 - chore: Use context instead of deprecated golang.org/x/net/context <Cat C>
  • fef6c4f - doc(user-guide.md): use obvious kubernetes master port <Aaron U'Ren>
  • 5ba705e - docs: Add GoDoc comments for all wrapper functions <Cat C>
  • 440ad4d - fix: Replace all netlink functions that throw ErrDumpInterrupted with a retry wrapper <Cat C>
  • 50a18d6 - build(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 <dependabot[bot]>
  • 75a79f2 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 3ac9b5c - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • cda88e5 - build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.40.1 to 1.41.0 <dependabot[bot]>
  • 42e954b - feat(ci): attempt to reduce permissions to least privs <Aaron U'Ren>
  • a8326ca - fix(nrc): Update make test-pretty to test internal subdirectory. Update nlretry and LocalLinkQuerier interface to support passing in contexts <Cat C>
  • 8ea5e44 - fix(nrc): Add netlink.Handle wrapper to retry netlink calls that raise ErrDumpInterrupted errors <Cat C>
  • 56f269b - doc(SECURITY.md): add initial policy <Aaron U'Ren>
  • ed79de5 - feat(NRC): Restructures the PeerConfig struct introduced in the previous commit to make the API easier to understanding and use. <Cat C>
  • 9e091b8 - feat(NRC): This commit adds support for a consolidated annotation for configuring a node's BGP peer settings while maintaining backwards support for the existing annotations to address #1393. <Cat C>
  • 229de73 - build(deps): bump golang.org/x/sys from 0.38.0 to 0.39.0 <dependabot[bot]>
  • 2ecdcae - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • a6c7050 - build(deps): bump github.com/onsi/gomega from 1.38.2 to 1.38.3 <dependabot[bot]>
  • 36bcd1f - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • 5ad2110 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds <dependabot[bot]>
  • 5c7215d - fact(service.go): modernize interface{} -> any <Aaron U'Ren>
  • 952e438 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 10efc0c - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • dba1773 - build(deps): bump github.com/hashicorp/go-version from 1.7.0 to 1.8.0 <dependabot[bot]>
  • 1ce59e7 - build(deps): bump golang.org/x/sys from 0.37.0 to 0.38.0 <dependabot[bot]>
  • ed5e61e - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds <dependabot[bot]>
  • 95faa5c - build(deps): bump the k8s-dependencies group with 4 updates <dependabot[bot]>
  • 41f2179 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 2645ba4 - build(deps): bump actions/checkout from 5 to 6 <dependabot[bot]>
  • e06ddcc - feat(test): use safecast.RequireConvert as a replacement for safecast.Convert in tests <ccoVeille>
  • 00b4619 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 7da6510 - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • 9d150b9 - build(deps): bump github.com/docker/docker <dependabot[bot]>
  • 2558974 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds <dependabot[bot]>
  • 1e8976b - build(deps): update github.com/ccoveille/go-safecast to v2.0.0 <ccoVeille>
  • e8a59fd - build(deps): bump github.com/ccoveille/go-safecast to 1.8.1 <ccoVeille>
  • 2ffdb15 - build(deps): bump google.golang.org/grpc from 1.75.1 to 1.76.0 <dependabot[bot]>
  • cd1cb08 - build(deps): bump google.golang.org/protobuf from 1.36.9 to 1.36.10 <dependabot[bot]>
  • cbe58ef - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 66f8527 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds <dependabot[bot]>
  • 08858fe - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 61b543b - build(deps): bump golang.org/x/net from 0.44.0 to 0.46.0 <dependabot[bot]>
  • df7a5e5 - build(deps): bump github/codeql-action from 3 to 4 <dependabot[bot]>
  • 8628aed - doc(kubeadm.md): correct kube-proxy image address to match the one used in crt run command. <xyb>
  • ac629d5 - build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 <dependabot[bot]>
  • 5a5c436 - build(deps): bump github.com/aws/aws-sdk-go-v2/config <dependabot[bot]>
  • 3ad43c6 - build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds <dependabot[bot]>
  • 730364c - build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.39.0 to 1.39.2 <dependabot[bot]>
Check out latest releases or
releases around cloudnativelabs/kube-router v2.7.0

Don't miss a new kube-router release

NewReleases is sending notifications on new releases.

Get notifications