Releases: cloudnativelabs/kube-router
v1.0.0-rc6
Bug fix release. Fixes for regressions found in v1.0.0-rc5
thanks @eeeeeta for reporting and fixing the regression
Breaking changes and knows issues:
If you are upgrading from v1.0.0-rc4 or earlier version please see release notes for v1.0.0-rc5. Same breaking changes and known issues apply for this release as well
Changelog
4f9a794 Merge pull request #931 from cloudnativelabs/pr914-feedback
1bec864 avoide listing a chain if the rule already exists
309c803 Merge pull request #928 from eeeeeta/fix-generate-fwmark
a2ac2f0 fix unintentional Sprint of two-argument generateFwmark() call
a23017d Merge pull request #927 from cloudnativelabs/bgppolicies
81d717d fix false negative errors in creating BGP defined sets
v1.0.0-rc5
This release has serveral improvements to network policies implementation in kube-router and cleanup of code base to fix all go lint errors and few bug fixes.
Thanks @mrueg @aauren @liuxu623 for your the PR's.
Thanks @aauren for reporting regression in v1.0.0-rc4 and critical feedback on network policy implementation some of which are addressed in this release.
Note: This release has following breaking changes:
- The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
- if you have egress network policies applied to workload, you need to ensure proper value for
service-cluster-ip-rangeandservice-node-port-rangeconfigured to ensure pod's can access service cluster IP's and NodePort services
Note: This release has following known issues:
- please see #934
Changelog
e858e26 change ACCEPT to RETURN with mark when a netpol is matched so that we run through (#915)
4d6b0b8 whitelist traffic to cluster IP and node ports in INPUT chain to bypass netwrok policy enforcement (#914)
210dc3d avoids adding kube-router specific rules to enforce network policies in (#909)
8f5c959 full sync when namespace labels change (#917)
12674d5 Add golangci-lint support (#895)
4a08e11 Dockerfile: Update to alpine:3.11 (#918)
cb48a7f fix(network_routes): missing node ip -> error log (#904)
d2178da fix(ecmp_vip): check for nil nodename (#903)
v1.0.0-rc4
v1.0.0-rc3
Changelog
#900 - Fix Network Policy Cleanup Code
#894 - .goreleaser.yml: Multiarch build
#898 - Use same image for container and initContainer
Thanks @mrueg & @cfrantsen for your contributions!
v1.0.0-rc2
We are excited to release rc2 candidate for v1.0 release.
thanks @rmb938 @CertainLach @mrueg @ufou @ldx @bumyongchoi @filintod @aauren @paulbsch for your contribution
Changelog
f695c75 Merge pull request #892 from cloudnativelabs/proxy-healtchecks
e04ac66 ensure hearbeats are sent during sync done for add/delete/update events of service, endpoints
361d6fe outbound traffic from pod should be intercepted in filter table INPUT chain (#891)
df40aa5 push multi-arch images to the dev registry (#890)
1af329c nflog the packet that will be dropped by network policy enforcement (#889)
f3ea1a6 Merge pull request #888 from CertainLach/master
86ebd28 Fix for same issue as #750, but for network_routes_controller
21ea5a5 Add multi-arch support for container images. (#885)
2462137 .travis.yml: Update manifest-tool to 1.0.2 (#886)
ea4f2db Merge pull request #747 from ufou/enable_bgp_restart_default
6640c65 mount host /run/xtables.lock to kube-router container which will be (#884)
ffad338 Handle missing routing tables (#865)
f5db29e honor the ClientIP session affinity timeout when set. (#882)
7777b9a use Spec.PolicyTypes for the type of network policy (#883)
0f21f87 withdraw external IP from advertisement only if the deleted service is the last service using external IP (#850)
3e67159 Update selectors to allow matchexpressions as well as matlabels (#881)
b5e9bd3 intercept pod egress traffic going through the OUTPUT chain of filter table and run through the (#875)
4c764f5 handle DeletedFinalStateUnknown objects in DeleteFunc handlers (#856)
19e5637 switch --set to less ambiguous --match-set (#874)
2c4911b Fix unit test failure due to switch of listing node API objects from (#869)
d838253 Add Numberly to USERS.md (#867)
33724aa read the necessary API objects from local cache instead of listing from the API server (#864)
5c5dc41 add Globo.com to USERS.md (#858)
945a8ca Update USERS.md (#857)
3b9f22b add enix as user (#855)
c857f5d add DigitalOcean to USERS.md (#852)
97ec4dd adding kube-router users list (#851)
0857436 use endpoint (IP, port) tuple to track active endpoints of a service in use. Currently only endpoint IP (#842)
4f627bc Enable ppc64le builds (#847)
8f0bcfb Enabling --bgp-graceful-restart by default when the router component is deployed via daemonset
v1.0.0-rc1
Note: Please note behaviour change that is introduced by 13421da. Functionally service proxy will remain same but kube-router now will internally use SNAT instead of MASQUERADE
Changelog
9db9a49 populate pod CID in network routing controler to simulate reading from node spec once at begining (#844)
148736b fix gofmt
459e52e fix unhealthy on api server down (#813)
97c682e Ignore deletion of unknown IPVS rules (#830)
13421da Use SNAT instead of MASQUERADE to source NAT outbound IPVS traffic (#668)
v0.4.0
restrict externalTrafficPolicy=Local interpretation only to NodePort …
v0.4.0-rc3
v0.4.0-rc2
Changelog
5671c3a fix .goreleaser.yml (#837)
53e0571 fix broken CI (#823)
f01a9a5 Revert "restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services (#819)" (#835)
27ec314 restrict externalTrafficPolicy=Local interpretation only to NodePort and LoadBalancer services (#819)
c160e90 [FIX] Don't ignore silently service proxy errors. (#796)
8bcd166 Fix connection resets during firewall sync (#807)
3a0da2b fix build break due to commit 05d03e7 (#817)
52e338d Add PriorityClass and docs update (#816)
05d03e7 #797 Conditionally disable "Allow All" input/chain on IPVS KUBE-ROUTER-SERVICES (#809)
ff6a024 set cniVersion in 10-kuberouter.conf (#811)
a339d8a remove stale project sponsorships (#805)
v0.4.0-rc1
Changelog
d6f9f31 Fix: Send BGP Withdrawals for Service VIPs Upon Service Deletion (#756)
3aacd48 fix clusteripprefixset import policy (#771)
803bd90 Allow setting the BGP graceful restart deferral time. See RFC4724 4.1 (#753)
b54b80c update to apps/v1 and add selector (#759)
4afd6d6 Updated the kube-proxy cleanup command to use the newer version (#762)
94fd7b6 Send heartbeats during NetworkPolicy and NetworkService sync. (#741)
6470795 Use x/sys/unix epoll (#737)
8fe9f70 Add Import Policy for Service VIPs (#721)
4be51ba First stab at pushing multiarch releases (#735)