Release v1.8.1

Changed

• Add OVS connection check to Agent's liveness probes for self-healing on OVS disconnection. (#4126, @tnqn)
• Upgrade Antrea base image to ubuntu:22.04. (#4459 #4499, @antoninbas)

Fixed

• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Add a periodic job to rejoin dead Nodes to fix Egress not working properly after long network downtime. (#4491, @tnqn)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix potential deadlocks and memory leaks of memberlist maintenance in large-scale clusters. (#4469, @wenyingd)
• Fix connectivity issues caused by MAC address changes with systemd v242 and later. (#4428, @wenyingd)
• Fix OpenFlow rules not being updated when Multi-cluster Gateway updates. (#4388, @luolanzone)
• Set no-flood config with ports for TrafficControl after Agent restarting. (#4318, @hongliangl)
• Fix packet resubmission issue when AntreaProxy is enabled and AntreaPolicy is disable. (#4261, @GraysonWu)
• Fix data race when Multi-cluster controller reconciles ServiceExports concurrently. (#4305, @Dyanngg)
• Fix multicast group not removed from cache when it is uninstalled. (#4176, @wenyingd)
• Fix nil pointer error when there is no ClusterSet found during MemberClusterAnnounce validation. (#4154, @luolanzone)
• Remove redundant Openflow messages when syncing an updated group to OVS. (#4160, @hongliangl)

Release v1.7.3

Fixed

• Fix race conditions in NetworkPolicyController. (#4028, @tnqn)
• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)

Release v1.11.0

• The EndpointSlice feature is graduated from Alpha to Beta and is therefore enabled by default.

Added

• Add the following capabilities to Antrea-native policies:
  • ClusterSet scoped policy rules now support with the namespaces field. (#4571, @Dyanngg)
  • Layer 7 policy rules now support traffic logging. (#4625, @qiyueyao)
  • The implementation of FQDN policy rules has been extended to process DNS packets over TCP. (#4612 #4732, @GraysonWu @tnqn)
• Add the following capabilities to the AntreaProxy feature:
  • Graduate EndpointSlice from Alpha to Beta; antrea-agent now listens to EndpointSlice events by default. (#4634, @hongliangl)
  • Support ProxyTerminatingEndpoints in AntreaProxy. (#4607, @hongliangl)
  • Support rejecting requests to Services without available Endpoints. (#4656, @hongliangl)
• Add the following capabilities to Egress policies:
  • Support limiting the number of Egress IPs that can be assigned to a Node via new configuration option egress.maxEgressIPsPerNode or Node annotation "node.antrea.io/max-egress-ips". (#4593 #4627, @tnqn)
  • Add antctl get memberlist CLI command to get memberlist state. (#4611, @Atish-iaf)
• Support "noEncap", "hybrid", and "networkPolicyOnly" in-cluster traffic encapsulation modes with Multi-cluster Gateway. (#4407, @luolanzone)
• Enhance CI to validate Antrea with Rancher clusters. (#4496, @jainpulkit22)

Changed

• Ensure cni folders are created when starting antrea-agent with containerd on Windows. (#4685, @XinShuYang)
• Decrease log verbosity value for antrea-agent specified in the Windows manifest for containerd from 4 to 0. (#4676, @XinShuYang)
• Bump up cni and plugins libraries to v1.1.1. (#4425, @wenyingd)
• Upgrade OVS version to 2.17.5. (#4742, @antoninbas)
• Extend the message length limitation in the Conditions of Antrea-native policies to 256 characters. (#4574, @wenyingd)
• Stop using ClusterFirstWithHostNet DNSPolicy for antrea-agent; revert it to the default value. (#4548, @antoninbas)
• Perform Service load balancing within OVS for Multi-cluster Service traffic, when the local member Service of the Multi-cluster Service is selected as the destination. (#4693, @luolanzone)
• Rename the multicluster.enable configuration parameter to multicluster.enableGateway. (#4533, @jianjuns)
• Add the multicluster.enablePodToPodConnectivity configuration parameter for antrea-agent to enable Multi-cluster Pod-to-Pod connectivity. (#4605, @hjiajing)
• No longer install Whereabouts CNI to host. (#4617, @jianjuns)
• Add an explicit Secret for the vm-agent ServiceAccount to the manifest for non-Kubernetes Nodes. (#4560, @wenyingd)
• Change the toService.scope field of Antrea ClusterNetworkPolicy to an enum. (#4562, @GraysonWu)

Fixed

• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Avoid duplicate Node Results in Live Traceflow Status. (#4715, @antoninbas)
• Fix OpenFlow Group being reused with wrong type because groupDb cache was not cleaned up. (#4592, @ceclinux)
• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4654 #4419, @xliuxu)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix antctl not being able to talk with GCP kube-apiserver due to missing platforms specific imports. (#4494, @luolanzone)

Antrea v1.11.0-alpha.0

The main purpose of this pre-release is to validate the updated release workflow.

Release v1.10.0

Added

• Add L7NetworkPolicy feature which enables users to protect their applications by specifying how they are allowed to communicate with others, taking into account application context. (#4380 #4406 #4410, @hongliangl @qiyueyao @tnqn)
  • Layer 7 NetworkPolicy can be configured through the l7Protocols field of Antrea-native policies.
  • Refer to this document for more information about this feature.
• Add SupportBundleCollection feature which enables a CRD API for Antrea to collect support bundle files on any K8s Node or ExternalNode, and upload to a user-defined file server. (#4184 #4338 #4249, @wenyingd @mengdie-song @ceclinux)
  • Refer to this document for more information about this feature.
• Add support for NetworkPolicy for cross-cluster traffic. (#4432 #3914, @Dyanngg @GraysonWu)
  • Setting scope of an ingress peer to clusterSet expands the scope of the podSelector or namespaceSelector to the entire ClusterSet.
  • Setting scope of toServices to clusterSet selects a Multi-cluster Service. (#4397, @Dyanngg)
  • Refer to this document for more information about this feature.
• Add the following capabilities to the ExternalNode feature:
  • Containerized option for antrea-agent installation on Linux VMs. (#4413, @Nithish555)
  • Support for RHEL 8.4. (#4323, @Nithish555)
• Add support for running antrea-agent as DaemonSet when using containerd as the runtime on Windows. (#4279, @XinShuYang)
• Add documentation for Antrea Multicast. (#4339, @ceclinux)

Changed

• Extend antctl mc get joinconfig to print member token Secret. (#4363, @jianjuns)
• Improve support for Egress in Traceflow. (#3926, @Atish-iaf)
• Add NodePortLocalPortRange field for AntreaAgentInfo. (#4379, @wenqiq)
• Use format "namespace/name" as the key for ExternalNode span calculation. (#4401, @wenyingd)
• Enclose Pod labels with single quotes when uploading CSV record to S3 in the FlowAggregator. (#4334, @dreamtalen)
• Upgrade Antrea base image to ubuntu 22.04. (#4459 #4499, @antoninbas)
• Update OVS to 2.17.3. (#4402, @mnaser)
• Reduce confusion caused by transient error encountered when creating static Tiers. (#4414, @tnqn)

Fixed

• Add a periodic job to rejoin dead Nodes, to fix Egress not working properly after long network downtime. (#4491, @tnqn)
• Fix potential deadlocks and memory leaks of memberlist maintenance in large-scale clusters. (#4469, @wenyingd)
• Fix connectivity issues caused by MAC address changes with systemd v242 and later. (#4428, @wenyingd)
• Fix error handling when S3Uploader partially succeeds. (#4433, @heanlan)
• Fix a ClusterInfo export bug when Multi-cluster Gateway changes. (#4412, @luolanzone)
• Fix OpenFlow rules not being updated when Multi-cluster Gateway updates. (#4388, @luolanzone)
• Delete Pod specific VF resource cache when a Pod gets deleted. (#4285, @arunvelayutham)
• Fix OpenAPI descriptions for AntreaAgentInfo and AntreaControllerInfo. (#4390, @tnqn)

Release v1.7.2

Changed

• Upgrade Antrea base image to ubuntu 22.04. (#4459, @antoninbas)
• Add OFSwitch connection check to Agent's liveness probes. (#4126, @tnqn)
• Improve install_cni_chaining to support updates to CNI config file. (#4012, @antoninbas)

Fixed

• Add a periodic job to rejoin dead Nodes to fix Egress not working properly after long network downtime. (#4491, @tnqn)
• Fix connectivity issues caused by MAC address changes with systemd v242 and later. (#4428, @wenyingd)
• Fix potential deadlocks and memory leaks of memberlist maintenance in large-scale clusters. (#4469, @wenyingd)
• Fix Windows AddNodePort parameter error. (#4103, @XinShuYang)
• Set no-flood config with ports for TrafficControl after Agent restarting. (#4318, @hongliangl)
• Fix multicast group not removed from cache when it is uninstalled. (#4176, @wenyingd)
• Remove redundant Openflow messages when syncing an updated group to OVS. (#4160, @hongliangl)
• Fix Antrea Octant plugin build. (#4107, @antoninbas)

Release v1.9.0

Added

• Add the following capabilities to the Multi-cluster feature:
  • Add support for Pod-to-Pod connectivity across clusters. (#4219, @hjiajing)
  • Add active-passive mode high availability support for Gateway Nodes. (#4069, @luolanzone)
  • Allow Pod IPs as Endpoints of Multi-cluster Service; option endpointIPType is added to the Multi-cluster Controller ConfigMap to specify the Service Endpoints type. (#4198, @luolanzone)
  • Add antctl mc get joinconfig command to print ClusterSet join parameters. (#4299, @jianjuns)
  • Add antctl mc get|delete membertoken commands to get/delete member token. (#4254, @bangqipropel)
• Add rule name to Audit Logging for Antrea-native policies. (#4178, @qiyueyao)
• Add Service health check similar to kube-proxy in antrea-agent; it provides HTTP endpoints <nodeIP>:<healthCheckNodePort>/healthz for querying number of local Endpoints of a Service. (#4120, @shettyg)
• Add S3Uploader as a new exporter of Flow Aggregator, which periodically exports expired flow records to AWS S3 storage bucket. (#4143, @heanlan)
• Add scripts and binaries needed for running Antrea on non-Kubernetes Nodes (ExternalNode) in release assets. (#4266 #4113, @antoninbas @Anandkumar26)

Changed

• AntreaProxy now supports more than 800 Endpoints for a Service. (#4167, @hongliangl)
• Add OVS connection check to Agent's liveness probes for self-healing on OVS disconnection. (#4126, @tnqn)
• antrea-agent startup scripts now perform cleanup automatically on non-Kubernetes Nodes (ExternalNode) upon Node restart. (#4277, @Anandkumar26)
• Make tunnel csum option configurable and default to false which avoids double encapsulation checksum issues on some platforms. (#4250, @tnqn)
• Use standard value type for k8s.v1.cni.cncf.io/networks annotation for the SecondaryNetwork feature. (#4146, @antoninbas)
• Update Go to v1.19. (#4106, @antoninbas)
• Add API support for reporting Antrea NetworkPolicy realization failure. (#4248, @wenyingd)
• Update ResourceExport's json tag to lowerCamelCase. (#4211, @luolanzone)
• Add clusterUUID column to S3 uploader and ClickHouseExporter to support multiple clusters in the same data warehouse. (#4214, @heanlan)

Fixed

• Fix nil pointer error when collecting support bundle from Agent fails. (#4306, @tnqn)
• Set no-flood config for TrafficControl ports after restarting Agent to prevent ARP packet loops. (#4318, @hongliangl)
• Fix packet resubmission issue when AntreaProxy is enabled and AntreaPolicy is disable. (#4261, @GraysonWu)
• Fix ownerReferences in APIExternalEntities generated from ExternalNodes. (#4259, @wenyingd)
• Fix the issue that "MulticastGroup" API returned wrong Pods that have joined multicast groups. (#4240, @ceclinux)
• Fix inappropriate route for IPv6 ClusterIPs in the host network when proxyAll is enabled. (#4297, @tnqn)
• Fix log spam when there is any DNS based LoadBalancer Service. (#4234, @tnqn)
• Remove multicast group from cache when group is uninstalled. (#4176, @wenyingd)
• Remove redundant Openflow messages when syncing an updated group to OVS. (#4160, @hongliangl)
• Fix nil pointer error when there is no ClusterSet found during MemberClusterAnnounce validation. (#4154, @luolanzone)
• Fix data race when Multi-cluster controller reconciles ServiceExports concurrently. (#4305, @Dyanngg)
• Fix memory leak in Multi-cluster resource import controllers. (#4251, @Dyanngg)
• Fix Antrea-native policies for multicast traffic matching IGMP traffic unexpectedly. (#4206, @liu4480)
• Fix IPsec not working in UBI-based image. (#4244, @xliuxu)
• Fix antctl mc get clusterset command output when a ClusterSet's status is empty. (#4174, @luolanzone)

Release v1.8.0

Added

• Add ExternalNode feature which enables Antrea to manage security policies for non-Kubernetes Nodes (like virtual machines or bare-metal servers). (#4110, @wenyingd @mengdie-song @Anandkumar26)
  • It introduces the ExternalNode CRD; each resource of this kind represents a virtual machine or bare-metal server and supports specifying which network interfaces on the external Node are expected to be protected with Antrea-native policies.
  • An ExternalEntity resource will be created for each network interface specified in the ExternalNode resource. Antrea-native policies are applied to an external Node by using the ExternalEntity selector.
  • Refer to this document for more information about this feature.
• Add the following capabilities to Antrea-native policies:
  • Add Audit Logging support for K8s Networkpolicy. (#4047, @qiyueyao)
  • Support applying Antrea ClusterNetworkPolicy to NodePort Services for securing ingress traffic. (#3997, @GraysonWu)
  • Introduce the Group CRD to logically group different network endpoints and reference them together in Antrea NetworkPolicy. (#2438, @qiyueyao @abhiraut)
• Release new Antrea Helm chart version for each Antrea release. (#3935 #3952, @antoninbas @yanjunz97)
  • Refer to this document for Helm installation method. (#3989, @antoninbas)
• Support TopologyAwareHints in AntreaProxy. (#3515, @hongliangl)
• Add encap mode support for the Multicast feature. (#3947, @wenyingd)
• Support configurable Geneve, VXLAN, or STT port number for encap mode. (#4065, @Jexf)
• Add Status field to the IPPool CRD: it is used to report usage information for the pool (total number of IPs in the pool and number of IPs that are currently assigned). (#3072 #4088, @ksamoray @tnqn)
• Support updating configuration at runtime for flow-aggregator via antctl or by updating the ConfigMap. (#3642, @yuntanghsu)
• Add antctl commands to set up and delete Multi-cluster ClusterSet. (#3992, @hjiajing)
• Add documentation to set up Multi-cluster ClusterSet with antctl. (#4096, @jianjuns)

Changed

• Antrea now uses OpenFlow 1.5 to program OVS. (#3770, @wenyingd @ashish-varma)
• Rename Windows script Start.ps1 to Start-AntreaAgent.ps1, and rename Stop.ps1 to Stop-AntreaAgent.ps1. (#3904, @wenyingd)
• Unify NodePortLocal behavior across Linux and Windows. Linux agents now support allocating different Node ports for different protocols even when the Pod port number is the same. (#3936, @XinShuYang)
• Antrea IPAM now uses the name of the uplink interface to name the host internal port, and the uplink interface will be renamed with a ~ suffix, e.g. eth0~. (#3938, @gran-vmv)
• Send Neighbor Advertisement messages after creating Pods in an IPv6 cluster. (#3998, @gran-vmv)
• Add an output formatter "raw" to better display multi-line string responses for antctl. (#3589, @Atish-iaf)
• Add new ports to network requirement doc. (#4063, @luolanzone)
• Windows OVS installation script now installs required SSL library if missing. (#4029, @XinShuYang)
• Upgrade whereabouts CNI to v0.5.4 and provide required pluginArgs when invoking the CNI binary. (#3987, @arunvelayutham)
• Remove Grafana flow collector files in the Antrea repo (as they were moved to the Theia repo). (#4048, @dreamtalen)
• Make the following changes to the Multi-cluster feature:
  • Add columns of kubectl outputs for Multi-cluster custom resources. (#3923, @jianjuns)
  • Use hostNetwork for Multi-cluster controller. (#3965, @luolanzone)
  • Update ClusterClaim CRD to v1alpha2. (#3755, @bangqipropel)
  • Update GatewayIPPrecedence to support the "external/internal" options. (#3930, @luolanzone)
  • Disable metrics API and change the health binding address port to 8080. (#4101, @luolanzone)
  • Improve CRD validation. (#4062 #4090 #4043, @luolanzone)
  • Auto create MemberClusterAnnounce and update ClusterSet in leader cluster for each member cluster. (#3956 #4054 #4026, @hjiajing @luolanzone)
  • Add Multi-cluster Gateway descriptions in the Multi-cluster architecture document. (#3638 #3899, @luolanzone @jianjuns)

Fixed

• Fix reconnection issue between Agent and OVS. (#4091, @wenyingd)
• Fix the wrong DNAT IP used by AntreaProxy for serving NodePort traffic on Windows Nodes. (#4103, @XinShuYang)
• Fix Antrea Octant plugin build. (#4107, @antoninbas)
• Fix Pod-to-external traffic on EKS in policyOnly mode. (#3975, @antoninbas)
• Fix problems caused by Node restart on EKS in policyOnly mode. (#4012 #4042, @antoninbas)
• Fix race conditions in NetworkPolicyController. (#4028, @tnqn)
• Fix FlowExporter memory bloat when export process is dead. (#3994, @wsquan171)
• Fix socket leak in an IPv6 cluster. (#4104, @wenyingd)
• Fix ClickHouse client race during batch commit. (#4071, @wsquan171)
• Retry when retrieval of PodCIDRs fails to avoid Agent crash due to the delay in allocating PodCIDRs for the Node. (#3950, @ksamoray)
• Fix nil pointer issue when ClusterSet is deleted in leader cluster. (#3915, @luolanzone)
• Clean up ResourceExport if the exported Service has no available Endpoints. (#4056, @luolanzone)

Release v1.7.1

Fixed

• Fix FlowExporter memory bloat when export process is dead. (#3994, @wsquan171)
• Fix Pod-to-external traffic on EKS in policyOnly mode. (#3975, @antoninbas)
• Use uplink interface name for host interface internal port to support DHCP client. (#3938, @gran-vmv)

Release v1.8.0-alpha.2

The main purpose of this pre-release is to validate Antrea Helm chart releases.