Release v0.9.0
Pre-release
Pre-release
Added
- Add flow exporter feature. [Alpha - Feature Gate:
FlowExporter
]- Support sending network flow records using the IPFIX protocol from each Agent (#825 #984, @srikartati)
- Add reference cookbook to visualize exported flows using Elastic Stack (#836, @zyiou)
- Support OVS hardware offload for Pod networking: Pods can now be assigned an SR-IOV Virtual Function. (#786, @moshe010)
- Add new CI job to validate the hardware offload functionality (@AbdYsn)
- Support Node MTU auto-discovery in the Antrea Agent; the user can still override this value in the Agent configuration if desired. (#909, @reachjainrahul)
- Enable Antrea support for the AKS managed K8s service, using CNI chaining and the "networkPolicyOnly" traffic mode. (#998, @reachjainrahul)
- Support for NetworkPolicy tiering (ClusterNetworkPolicy only). (#956 #986, @abhiraut @Dyanngg)
- The
ClusterNetworkPolicy
Feature Gate must now be enabled for the Agent (in addition to the Controller) to activate the feature
- The
- Support executing Traceflow requests with antctl. (#932, @lzhecheng)
- Support automatic rotation for the self-signed certificate generated by Antrea when no certificate is provided by the user. (#1024, @MatthewHinton56)
- Add new Agent Prometheus metrics for OVS flow operations. (#866, @yktsubo)
- Provide a DaemonSet to automatically restart Pods on new Nodes in EKS when Antrea becomes ready: this ensures that NetworkPolicies are enforced correctly for all Pods. (#1057, @reachjainrahul)
- Add scripts to run the Antrea Agent directly without using a Pod to manage the lifecycle of the process. (#1013, @ruicao93) [Windows]
Changed
- Restrict all traffic modes except for "encap" to use "Antrea Proxy" for Pod-to-Service traffic, as this greatly simplifies the datapath implementation. (#1015, @suwang48404)
- Improve Antrea Octant plugin. (#913, @ZhangYW18)
- Merge the two existing plugins (Agent / Controller Info, Traceflow) into a single plugin / binary
- Enhance Traceflow graph color theme
- Improve layout of the "Overview" page for the plugin: all CRDs are shown on the same page
- Update Octant plugin installation guide (#914, @mengdie-song)
- Use Ubuntu 20.04 (instead of Ubuntu 18.04) as the base distribution for the Antrea Docker image. (#1022, @antoninbas)
- Enable outer UDP checksum for Geneve and VXLAN tunnels to benefit from Generic Receive Offload (GRO) on the receiver's side. (#1049, @tnqn)
- Support Services as destinations for Traceflow. (#979, @gran-vmv)
- Provide additional printer columns in the Traceflow CRD definition, so that more information is included in the "kubectl get" output. (#958, @abhiraut)
- More comprehensive OpenAPI schema for Traceflow CRD validation. (#918, @abhiraut)
- Optimize OVS flow updates for NetworkPolicies when the Agent restarts, by using batching. (#844, @Dyanngg)
- Increase watch timeout for the Antrea apiserver to reduce reconnection frequency; reduce log verbosity when a legitimate reconnection happens. (#1055, @antoninbas)
- Update OVS pipeline documentation to account for the new tables used for ClusterNetworkPolicy and tiering support. (#921 #1073, @abhiraut)
Fixed
- Fix implementation of NodePort Service on Windows for traffic for which the destination Pod (Service backend) is on the same Node as the source Pod. (#948, @wenyingd) [Windows]
- Fix IPsec support, which was broken because of Python3 error in an upstream OVS script. (#1046, @lzhecheng)
- Support Pod-to-LoadBalancer Service traffic in "Antrea Proxy". (#943, @ruicao93)
- Support incoming LoadBalancer Service traffic on Windows, by relying on kube-proxy. (#943, @ruicao93) [Windows]
- Avoid OpenFlow bundle timeout issues when using Traceflow: if PacketIn messages are not consumed fast enough, all inbound messages from OVS are blocked, including bundle reply messages. (#951, @gran-vmv)
- Move host routes from the uplink interface to the OVS bridge during Agent initialization on Windows. (#959, @ruicao93) [Windows]
- Optimize handling of very large AddressGroups (introduced by NetworkPolicies which select a large number of Pods in to/from rules) in the Antrea Agent. (#1031, @tnqn)
- Modify "List" apiserver requests in the Agent to use "resourceVersion=0", which forces requests to be served from the cache (instead of etcd persistent storage) and removes performance issues when many agents are restarted simultaneously. (#1045, @wenyingd)
- Fix OVS deadlock caused by glibc bug, by upgrading base distribution to Ubuntu 20.04 in Antrea Docker image. (#1022, @antoninbas @alex-vmw)
- Set the "no-flood" configuration option on the uplink bridge port in Windows, so that ARP broadcast traffic is not sent out to the underlay network. (#922, @wenyingd) [Windows]
- Avoid inaccurate warnings in the logs about "POD_NAMESPACE" not set. (#925, @antoninbas)
- Fix format of tracing packets for Traceflow:
- Set protocol version to the correct value in the IP header (#946, @lzhecheng)
- Add correct L3/L4 checksum values (#967, @gran-vmv)
- Set destination MAC address correctly when the provided destination IP address matches a local Pod. (#981, @ZhangYW18)
- In "hybrid" traffic mode, reject Traceflow requests if the source and destination Nodes are not connected by a tunnel. (#944, @gran-vmv)
- Log human-readable messages when the ofnet library returns an error. (#1065, @wenyingd)
- Wait for the Antrea client in the Agent to be ready before starting watches to avoid error log messages. (#1042, @tnqn)