Release v1.12.1

Fixed

• Bump up libOpenflow and ofnet versions to fix a PacketIn2 response parse error. (#5154, @wenyingd)
• Fix incorrect FlowMod message passing in the modifyFlows function of the OpenFlow client to avoid unexpected flow error. (#5125, @Dyanngg)
• Ensure the Egress IP is always correctly advertised to the network, including when the userspace ARP responder is not running or when the Egress IP is temporarily claimed by multiple Nodes. (#5127, @tnqn)
• Fix ClusterClaim webhook bug to avoid ClusterClaim deletion failure. (#5075, @luolanzone)
• Fix an issue in ANP with FQDN rules where TCP src port is unset on the TCP DNS response flow. (#5078, @wenyingd)
• Fix status report when no-op changes are applied to Antrea-native policies. (#5096, @tnqn)
• Fix IPv4 groups containing IPv6 endpoints mistakenly in dual-stack clusters in AntreaProxy implementation. (#5194, @tnqn)

Release v1.11.2

Changed

• Update Open vSwitch to 2.17.6. (#4959, @tnqn)
• Bump up whereabouts to v0.6.1. (#4988, @hjiajing)

Fixed

• In Antrea Agent Service CIDR discovery, prevent headless Services from updating the discovered Service CIDR to avoid overwriting the default route of host network unexpectedly. (#5008, @hongliangl)
• Use LOCAL instead of CONTROLLER as the in_port of packet-out messages to fix a Windows agent crash issue. (#4992, @tnqn)
• Fix a bug that a deleted NetworkPolicy is still enforced when a new NetworkPolicy with the same name exists. (#4986, @tnqn)
• Improve Windows cleanup scripts to avoid unexpected failures. (#4722, @wenyingd)
• Fix a race condition between stale controller and ResourceImport reconcilers in Antrea Multi-cluster controller. (#4853, @Dyanngg)
• Make FQDN NetworkPolicy work for upper case FQDNs. (#4934, @GraysonWu)
• Run agent modules that rely on Services access after AntreaProxy is ready to fix a Windows agent crash issue. (#4946, @tnqn)
• Fix the Antrea Agent crash issue which is caused by a concurrency bug in Multicast feature with encap mode. (#4903, @ceclinux)

Release v1.10.1

Changed

• Decrease log verbosity value for antrea-agent specified in the Windows manifest for containerd from 4 to 0. (#4676, @XinShuYang)
• Ensure cni folders are created when starting antrea-agent with containerd on Windows. (#4685, @XinShuYang)
• Document the limit of maximum receiver group number on a Linux Node for multicast. (#4850, @ceclinux)
• Update Open vSwitch to 2.17.6 (#4959, @tnqn)
• Bump up whereabouts to v0.6.1. (#4988, @hjiajing)

Fixed

• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Fix OpenFlow Group being reused with wrong type because groupDb cache was not cleaned up. (#4592, @ceclinux)
• Fix antctl not being able to talk with GCP kube-apiserver due to missing platforms specific imports. (#4494, @luolanzone)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix Service not being updated correctly when stickyMaxAgeSeconds or InternalTrafficPolicy is updated. (#4845, @tnqn)
• Fix the Antrea Agent crash issue when large amount of multicast receivers with different multicast IPs on one Node start together. (#4870, @ceclinux)
• Fix the Antrea Agent crash issue which is caused by a concurrency bug in Multicast feature with encap mode. (#4903, @ceclinux)
• Fix the Antrea Agent crash issue on Windows by running modules that rely on Services after AntreaProxy is ready. (#4946, @tnqn)
• Make FQDN NetworkPolicy work for upper case DNS. (#4934, @GraysonWu)
• Fix a bug that a deleted NetworkPolicy is still enforced when a new NetworkPolicy with the same name exists. (#4986, @tnqn)
• Fix a race condition between stale controller and ResourceImport reconcilers in Antrea Multi-cluster controller. (#4853, @Dyanngg)
• Recover ovsdb-server and ovs-vswitched service if they do not exist when running the Windows cleanup script. (#4722, @wenyingd)

Release v1.12.0

The Multicast, TopologyAwareHints, and NodeIPAM features are graduated from Alpha to Beta. The TopologyAwareHints, NodeIPAM features are enabled by default. Multicast can be enabled with a new Antrea Agent configuration parameter: multicast.enable.

Added

• Add two new fields sourcePort and sourceEndPort in Antrea-native policy API to match traffic initiated from specific ports. (#4687, @Dyanngg)
• Add a new field logLabel to Antrea-native policy CRDs; the user-provided label is added to audit logs. (#4748, @qiyueyao)
• Add Antrea Controller API for querying Antrea Groups and ClusterGroups by IP addresses. (#4807, @Dyanngg)
• Add a new Antrea Controller configuration clientCAFile to allow user to specify client CA. (#4664, @wenyingd)
• Add support for ExternalIP in AntreaProxy to allow a Service to be accessed from outside the cluster using an external IP address. (#4866, @hongliangl)
• Add WireGuard tunnel mode for Antrea Multi-cluster to support encryption of the traffic between member clusters. (#4737 #4606 #4848, @hjiajing)
  • Refer to Antrea Multi-cluster user guide for more informantion about this feature.
• Add support for EndpointSlice API for Multi-cluster Services. When the EndpointSlice API is available for the cluster, EndpointSlice resources of the exported Service, rather than the Endpoints resource, will be processed. (#4895, @luolanzone)
• Add a new exporter to FlowAggregator to write flows to a local file. (#4855, @antoninbas)
• Add openEuler 22.03 as a new supported OS of Antrea, and update the Kubernetes installer document with the information. (#4957, @ceclinux)

Changed

• Deprecate Antrea Octant Plugin; it is replaced by a dedicated Antrea UI. (#4825, @antoninbas)
• Update Open vSwitch version to 2.17.6. (#4959, @tnqn)
• Update Windows OVS version to 2.16.7. (#4705, @XinShuYang)
• Add status.egressIP field for Egress to represent the effective Egress IP. (#4603, @tnqn)
• Add a new Failed phase in ANP status for the case when all Agents have reported the status and at least one failure is received. (#4608, @wenyingd)
• Check the existence of AntreaAgentInfo CRD before operating on it for worker Node or ExternalNode. (#4762, @wenyingd)
• Stop serving v1alpha2 version of the ClusterGroup CRD. (#4812, @antoninbas)
• Optimize the cached flows in Antrea Agent to reduce Agent memory usage. (#4495, @wenyingd)
• Replace PacketIn/Controller with PacketIn2/Controller2 to improve packetin handler. (#4768, @GraysonWu)
• Change to look up Pods by name instead of IP address to fetch labels in Flow Aggregator, to avoid obtaining incorrect Pods when Pod turnover is high. (#4942, @dreamtalen)
• Do not export Services of type ExternalName in Antrea Multi-cluster; this is consistent with the upstream Multi-cluster Service KEP. (#4814, @luolanzone)
• Update Multi-cluster user guide to provide more details for Gateway enablement. (#4889, @luolanzone)
• Update documentation for recent MetalLB versions. (#4803, @antoninbas)
• Add support for short-circuiting in AntreaProxy to ensure that the traffic from Pod/Node clients to
  external addresses behaves the same way as the traffic from external clients to external addresses. (#4815, @hongliangl)
• Add OVS table name as label for ovs_flow_count Prometheus metrics. (#4893, @cr7258)
• Make IGMP query versions configurable for Antrea Multicast. (#4876, @ceclinux)
• Document the limit of maximum receiver group number on a Linux Node for Antrea Multicast. (#4850, @ceclinux)
• Upgrade K8s libraries to v0.26.4. (#4935, @heanlan)
• Bump up whereabouts to v0.6.1. (#4988, @hjiajing)

Fixed

• Unify AntreaProxy behavior across Linux and Windows. Windows agents now configure only a single route for all Service ClusterIPs and can restore routes after they are deleted by accident. (#3889, @hongliangl)
• Use LOCAL instead of CONTROLLER as the in_port of packet-out messages to fix a Windows agent crash issue. (#4992, @tnqn)
• Run agent modules that rely on Services access after AntreaProxy is ready to fix a Windows agent crash issue. (#4946, @tnqn)
• Improve Windows cleanup scripts to avoid unexpected failures. (#4722 #5013, @wenyingd)
• Fix a bug that a deleted NetworkPolicy is still enforced when a new NetworkPolicy with the same name exists. (#4986, @tnqn)
• Make FQDN NetworkPolicy work for upper case FQDNs. (#4934, @GraysonWu)
• Fix a bug that K8s Networkpolicy audit logging doesn't work for Service access. (#4780, @qiyueyao)
• Fix Service not being updated correctly when stickyMaxAgeSeconds or InternalTrafficPolicy is updated. (#4845, @tnqn)
• Fix EndpointSlice API availablility check to resolve the issue that AntreaProxy always falls back to the Endpoints API when EndpointSlice is enabled. (#4852, @tnqn)
• In Antrea Agent Service CIDR discovery, prevent headless Services from updating the discovered Service CIDR to avoid overwriting the default route of host network unexpectedly. (#5008, @hongliangl)
• Fix the Antrea Agent crash issue when a large amount of multicast receivers with different multicast IPs on one Node start together. (#4870, @ceclinux)
• Fix the Antrea Agent crash issue which is caused by a concurrency bug in Multicast feature with encap mode. (#4903, @ceclinux)
• Use a random port when the UDP source port in a Traceflow is 0. (#4963, @gran-vmv)
• Set default flag to 2 for TCP Traceflow to fix a Traceflow timeout issue when the flag is not provided. (#4948, @luolanzone)
• Fix concurrent map write bug for LabelIdentity controller in Antrea Multi-cluster. (#4994, @Dyanngg)
• Fix a race condition between stale controller and ResourceImport reconcilers in Antrea Multi-cluster controller. (#4853, @Dyanngg)
• Bump up Suricata to 6.0.12 to fix a L7 NetworkPolicy issue. (#4968, @xliuxu)
• Fix discovered Service CIDR flapping on Agent start. (#5017, @tnqn)

Release v1.11.1

Changed

• Document the limit of maximum receiver group number on a Linux Node for multicast. (#4850, @ceclinux)

Fixed

• Fix Service not being updated correctly when stickyMaxAgeSeconds or InternalTrafficPolicy is updated. (#4845, @tnqn)
• Fix EndpointSlice API availablility check to resolve the issue that AntreaProxy always falls back to the Endpoints API when EndpointSlice is enabled (#4852, @tnqn)
• Fix the Antrea Agent crash issue when large amount of multicast receivers with different multicast IPs on one Node start together.(#4870, @ceclinux)

Release v1.9.1

Changed

• Upgrade Antrea base image to ubuntu:22.04. (#4459 #4499, @antoninbas)

Fixed

• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Fix OpenFlow Group being reused with wrong type because groupDb cache was not cleaned up. (#4592, @ceclinux)
• Add a periodic job to rejoin dead Nodes to fix Egress not working properly after long network downtime. (#4491, @tnqn)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix potential deadlocks and memory leaks of memberlist maintenance in large-scale clusters. (#4469, @wenyingd)
• Fix connectivity issues caused by MAC address changes with systemd v242 and later. (#4428, @wenyingd)
• Fix a ClusterInfo export bug when Multi-cluster Gateway changes. (#4412, @luolanzone)
• Fix OpenFlow rules not being updated when Multi-cluster Gateway updates. (#4388, @luolanzone)
• Set no-flood config with ports for TrafficControl after Agent restarting. (#4318, @hongliangl)

Release v1.8.1

Changed

• Add OVS connection check to Agent's liveness probes for self-healing on OVS disconnection. (#4126, @tnqn)
• Upgrade Antrea base image to ubuntu:22.04. (#4459 #4499, @antoninbas)

Fixed

• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Add a periodic job to rejoin dead Nodes to fix Egress not working properly after long network downtime. (#4491, @tnqn)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix potential deadlocks and memory leaks of memberlist maintenance in large-scale clusters. (#4469, @wenyingd)
• Fix connectivity issues caused by MAC address changes with systemd v242 and later. (#4428, @wenyingd)
• Fix OpenFlow rules not being updated when Multi-cluster Gateway updates. (#4388, @luolanzone)
• Set no-flood config with ports for TrafficControl after Agent restarting. (#4318, @hongliangl)
• Fix packet resubmission issue when AntreaProxy is enabled and AntreaPolicy is disable. (#4261, @GraysonWu)
• Fix data race when Multi-cluster controller reconciles ServiceExports concurrently. (#4305, @Dyanngg)
• Fix multicast group not removed from cache when it is uninstalled. (#4176, @wenyingd)
• Fix nil pointer error when there is no ClusterSet found during MemberClusterAnnounce validation. (#4154, @luolanzone)
• Remove redundant Openflow messages when syncing an updated group to OVS. (#4160, @hongliangl)

Release v1.7.3

Fixed

• Fix race conditions in NetworkPolicyController. (#4028, @tnqn)
• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4419 #4654 #4674, @xliuxu @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)

Release v1.11.0

• The EndpointSlice feature is graduated from Alpha to Beta and is therefore enabled by default.

Added

• Add the following capabilities to Antrea-native policies:
  • ClusterSet scoped policy rules now support with the namespaces field. (#4571, @Dyanngg)
  • Layer 7 policy rules now support traffic logging. (#4625, @qiyueyao)
  • The implementation of FQDN policy rules has been extended to process DNS packets over TCP. (#4612 #4732, @GraysonWu @tnqn)
• Add the following capabilities to the AntreaProxy feature:
  • Graduate EndpointSlice from Alpha to Beta; antrea-agent now listens to EndpointSlice events by default. (#4634, @hongliangl)
  • Support ProxyTerminatingEndpoints in AntreaProxy. (#4607, @hongliangl)
  • Support rejecting requests to Services without available Endpoints. (#4656, @hongliangl)
• Add the following capabilities to Egress policies:
  • Support limiting the number of Egress IPs that can be assigned to a Node via new configuration option egress.maxEgressIPsPerNode or Node annotation "node.antrea.io/max-egress-ips". (#4593 #4627, @tnqn)
  • Add antctl get memberlist CLI command to get memberlist state. (#4611, @Atish-iaf)
• Support "noEncap", "hybrid", and "networkPolicyOnly" in-cluster traffic encapsulation modes with Multi-cluster Gateway. (#4407, @luolanzone)
• Enhance CI to validate Antrea with Rancher clusters. (#4496, @jainpulkit22)

Changed

• Ensure cni folders are created when starting antrea-agent with containerd on Windows. (#4685, @XinShuYang)
• Decrease log verbosity value for antrea-agent specified in the Windows manifest for containerd from 4 to 0. (#4676, @XinShuYang)
• Bump up cni and plugins libraries to v1.1.1. (#4425, @wenyingd)
• Upgrade OVS version to 2.17.5. (#4742, @antoninbas)
• Extend the message length limitation in the Conditions of Antrea-native policies to 256 characters. (#4574, @wenyingd)
• Stop using ClusterFirstWithHostNet DNSPolicy for antrea-agent; revert it to the default value. (#4548, @antoninbas)
• Perform Service load balancing within OVS for Multi-cluster Service traffic, when the local member Service of the Multi-cluster Service is selected as the destination. (#4693, @luolanzone)
• Rename the multicluster.enable configuration parameter to multicluster.enableGateway. (#4533, @jianjuns)
• Add the multicluster.enablePodToPodConnectivity configuration parameter for antrea-agent to enable Multi-cluster Pod-to-Pod connectivity. (#4605, @hjiajing)
• No longer install Whereabouts CNI to host. (#4617, @jianjuns)
• Add an explicit Secret for the vm-agent ServiceAccount to the manifest for non-Kubernetes Nodes. (#4560, @wenyingd)
• Change the toService.scope field of Antrea ClusterNetworkPolicy to an enum. (#4562, @GraysonWu)

Fixed

• Fix route deletion for Service ClusterIP and LoadBalancerIP when AntreaProxy is enabled. (#4711, @tnqn)
• Fix Service routes being deleted on Agent startup on Windows. (#4470, @hongliangl)
• Avoid duplicate Node Results in Live Traceflow Status. (#4715, @antoninbas)
• Fix OpenFlow Group being reused with wrong type because groupDb cache was not cleaned up. (#4592, @ceclinux)
• Ensure NO_FLOOD is always set for IPsec tunnel ports and TrafficControl ports. (#4654 #4419, @xliuxu)
• Fix Agent crash in dual-stack clusters when any Node is not configured with an IP address for each address family. (#4480, @hongliangl)
• Fix antctl not being able to talk with GCP kube-apiserver due to missing platforms specific imports. (#4494, @luolanzone)

Antrea v1.11.0-alpha.0

The main purpose of this pre-release is to validate the updated release workflow.