v2.1.3
Summary
Another bugfix release. This one fixes an issue with TCP MSS clamping (e.g. packet MTU's not being properly negotiated during TCP handshake) and an issue where iptables wasn't properly identifying that rules existed in chains causing iptables definitions to increase with every call to sync NetworkPolicy ending up in linear growth of iptables rule definitions.
Contributions
Special thanks to @rkojedzinszky for fixing the TCP MSS clamping on DSR services.
Other Notes
The iptables definition growth was seemingly caused by iptables user-space tooling v1.8.10 which means that this likely only affected users of the kube-router container that was updated to alpine 3.19. User's using kube-router as a daemon outside a container runtime, may want to be wary of updating the iptables user-space to that version.
Changelog
- f6c45f3 - feat(alpine): revert 3.19 -> 3.18
<Aaron U'Ren>
- e980a17 - fix(nsc): remove previous TCPMSS rules during setting up DSR
<Richard Kojedzinszky>
- defdf64 - fix(nsc): remove previous TCPMSS rules
<Aaron U'Ren>
- b1070f1 - feat(nsc): apply TCPMSS rules on kube-bridge interface only
<Richard Kojedzinszky>
- 5fdde06 - fix(nsc): TCPMSS rules are created per-service and for reply packets only
<Richard Kojedzinszky>