v2.0.0-rc2

Summary

Addresses some of the bugs that were introduced with the initial IPv6 work.

Noteably the service controller (--run-service-proxy) functionality is still missing (#1432).

Please test and let us know if you find any issues so that we can fix them up before cutting a 2.0.0 proper release.

Contributions

Special thanks to @whooo for contributing fixes and @rwagoner for testing and reporting bugs.

Changelog

• 7bd940e - use JoinHostPort for GRPC listen address <Erik Larsson>
• 39bd27f - add generation of router id based on hash of primary IP <Erik Larsson>
• 9a9c61a - fix(ecmp_vip.go): ClusterIP -> ClusterIPs <Aaron U'Ren>
• 6f3405e - feat(bgp_policies_test.go): use different IP ranges <Aaron U'Ren>
• ea68a39 - fix(bgp_policies.go): don't get BGP peers twice <Aaron U'Ren>

v2.0.0-rc1

Summary

This is a pre-release or release candidate for the upcoming v2.0.0 release of kube-router. The most prominent feature of this release is the addition of dual-stack support for some parts of kube-router. With this release candidate, the following functions have been upgraded to be dual-stack compatible:

• CNI Supports Dual-Stack
• Router / BGP Supports Dual-Stack
• Network Policies Supports Dual-Stack

The major outlier here being the Proxy (--run-service-proxy) portion of kube-router has not had dual-stack support integrated yet. Also, this represents a major refactor on the kube-router code base, so it would be good to get this tested in at least a few different environments before forming a full release.

You'll also notice that this has been tagged as a major release version. This is due to the fact that there are breaking changes in this version of kube-router that are not backwards compatible with previous versions of kube-router. Specifically, tunnel names have changed, so if you run kube-router with an overlay network (ipip tunnels), you'll want to deploy this update carefully. At this point, the project recommends doing a rolling-reboot of nodes after the application of this release candidate to ensure that unused tunnels are properly cleaned up and don't have a negative impact on traffic flows.

More details about this release will be shared in the IPv6 / Dual-Stack documentation page shortly: https://github.com/cloudnativelabs/kube-router/blob/master/docs/ipv6.md

Contributions

The kube-router project would like to give a big thanks to @vadorovsky and @thomasferrandiz who graciously contributed all of the dual-stack functionality for the Network Policy Controller!

Changelog

• a9b8adf - fix(NPC): add warning for unsupported family <Aaron U'Ren>
• 74a0803 - fix(NPC): don't add chains for missing family <Aaron U'Ren>
• abcefb4 - doc(bgp.md): clean up grammar and syntax <Aaron U'Ren>
• f4668fd - fix(NPC/pod): check drop policy on ipv4 & ipv6 <Aaron U'Ren>
• 6bd6d94 - fix(bgp_policies): add empty DS set checking <Aaron U'Ren>
• ae15ebb - fact(bgp_policies): rename clusterIPPrefixSet -> serviceVIPIPPrefixSet <Aaron U'Ren>
• ed29baa - fact(bgp_policies): abstract get DS for GoBGP <Aaron U'Ren>
• 6a1bab2 - fix(ecmp_vip): handle ipv4 & ipv6 protocols <Aaron U'Ren>
• 437da14 - test(bgp_policies_test): add local address <Aaron U'Ren>
• 3129bf2 - fix(node): do nil checking on FindBestIP util funcs <Aaron U'Ren>
• 8183b18 - fix(NRC): ensure local addr IP is bindable early <Aaron U'Ren>
• bd0d00f - fix(bgp_peers): adv. AfiSafi based on capabability <Aaron U'Ren>
• b714bba - fix(bgp_peers): do peer only if IP protos match <Aaron U'Ren>
• 230aa58 - fix(NRC): error when nec. host IP not found <Aaron U'Ren>
• dd7c47e - fix(NRC): add IPv6 logic to bgp-local-addresses <Aaron U'Ren>
• 70b3f30 - feat(ci): run CI on version prep branches and MRs <Aaron U'Ren>
• e4e1088 - fix(options): make clusterIP specification similar to other options <Aaron U'Ren>
• 93d6169 - fix(NPC): actually separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
• ef72d90 - fact(NPC): pluralize newIPTablesHandler <Aaron U'Ren>
• 5fb874f - feat(NRC): make NRC dual stack <Aaron U'Ren>
• 35b3f37 - fact(NRC): convert BGP set names to const <Aaron U'Ren>
• d27f2fe - feat(pod_cidr): handle multiple pod CIDRs <Aaron U'Ren>
• 51d7db8 - fix(kube-router.go): metric message -> not error <Aaron U'Ren>
• eb4e6f9 - fix(NPC): separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
• d128b17 - fix(node.go): make node address errors more helpful <Aaron U'Ren>
• 06c39d6 - fix golangci issues <Thomas Ferrandiz>
• bdc0600 - fix test compilation error <Thomas Ferrandiz>
• 9e8ee3a - go mod <Thomas Ferrandiz>
• 59a4fa1 - use createGenericHashIPSet <Thomas Ferrandiz>
• b1181f1 - rename utilsnet import to netutils <Thomas Ferrandiz>
• cba00b2 - syncPodFirewallChains: loop on all NodeIp to find the pods running on a given Node - Load PodIp in podInfo struct and use it instead of pod.ips[0].IP <Thomas Ferrandiz>
• 3958095 - refactor whitelisting of cluster IP Range <Thomas Ferrandiz>
• 1433bee - Validate that ClusterIP service range type matches the configuration and update documentation <Thomas Ferrandiz>
• 9aa7bcd - godoc update <Thomas Ferrandiz>
• 344b3cd - remove redundant default value <Thomas Ferrandiz>
• 318a29c - rename Adresses <Thomas Ferrandiz>
• a7e5803 - Turn IPTablesSaveRestore into an interface <Thomas Ferrandiz>
• 033444b - init iptablesCmdHandlers and ipSetHandlers inside NewNetworkPolicyController <Thomas Ferrandiz>
• a38c97c - disable ipv6 by default <Thomas Ferrandiz>
• 1bc0435 - netpol: Add dual-stack support <Michal Rostecki>

v1.5.3

Special thanks to Richard Kojedzinszky @rkojedzinszky for contributing to this release!

Changelog

• e6fd1b2 - Support for kube-router.io/peer.localips annotation (#1392) (5 days ago) <@rkojedzinszky>

The above fixes an issues that were generated during the 1.5.X release line where we defaulted the peering address on the kube-router side to the Kubernetes node's primary IP. This secured and simplified the peering interface for most users, but caused issues for some users that wanted to have more control over the peering address from their Kubernetes nodes. User's in this situation can now use the kube-router.io/peer.localips annotation to define the local IP address that they would like to use for each peer.

v1.5.2

Special thanks to @makhov and @jnummelin for contributing to this release!

Changelog

• fe3e8b0 - Bump to go 1.19 / alpine 3.16 <@mrueg>
• 8574163 - iptables mode selection fixed. iptables-wrapper script updated to the latest upstream version <@makhov>

The primary reason for this bug fix was to update Alpine to 3.16 so that we got a more recent version of the iptables user-space binaries in the kube-router container (iptables-1.8.8). This helps address the issues found by @jnummelin in #1370 where iptables mark attributes can be lost when the host's user-space version of iptables is greater than the kube-router container's version.

As per the newly updated docs: https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#requirements it is recommended that users who:

• use kube-router as a container deployment AND...
• operate iptables from the host's user-space tooling AND...
• utilize the network policy feature-set of kube-router (--run-firewall)

Keep the host's user-space tooling (e.g. iptables, ipset, ipvsadm, etc.) in sync with the version contained in kube-router's container as much as possible to avoid potential problems with firewall rule data loss.

This will hold true, until there is some resolve to the upstream issue (https://bugzilla.netfilter.org/show_bug.cgi?id=1632) which would help us identify when there might be potential for conflict or loss in the future before writing rules.

v1.5.1

Changelog

• 8a17e3e1 - fix(NSC): don't check protocol on DSR svcs (21 minutes ago) <Aaron U'Ren>
• 422edd29 - fix(ipset): remove initval during ipset parse (21 minutes ago) <Aaron U'Ren>
• 86aa942a - fix(bgp): set graceful restart on enabled family (21 minutes ago) <Aaron U'Ren>
• b0da24c4 - fix: remove multiple MTU reductions (22 minutes ago) <Aaron U'Ren>

Special thanks to @opipenbe & @camrossi for finding and reporting issues

v1.5.0

What's Changed

• go.mod: Update containerd to 1.5.9 by @mrueg in #1231
• build(deps): bump github.com/aws/aws-sdk-go from 1.42.31 to 1.42.35 by @dependabot in #1234
• build(deps): bump google.golang.org/grpc from 1.43.0 to 1.44.0 by @dependabot in #1236
• build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 by @dependabot in #1241
• build(deps): bump github.com/aws/aws-sdk-go from 1.42.35 to 1.42.44 by @dependabot in #1242
• change to account for internet headers also when setting MSS by @noillir in #1232
• Refactor ExternalIP Service Handling by @aauren in #1246
• Added multiarch image build support for s390x by @guirish in #1250
• build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.18.1 by @dependabot in #1243
• Update dependencies by @mrueg in #1255
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.2 to 1.43.8 by @dependabot in #1258
• Update containerd 1.5.10 & golang by @mrueg in #1259
• doc: update kube-proxy cleanup commands by @aauren in #1260
• start peering connection to neighbors from node's advertise-ip by @tamihiro in #777
• skip binding device to ipip tunnel if node's interface is loopback by @tamihiro in #779
• fix(NPC): make code more understandable by @lx1036 in #1261
• Add Route Sync Routine by @aauren in #1262
• build(deps): bump github.com/containernetworking/plugins from 1.0.1 to 1.1.1 by @dependabot in #1264
• build(deps): bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #1269
• build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 by @dependabot in #1270
• build(deps): bump k8s.io/klog/v2 from 2.40.1 to 2.60.1 by @dependabot in #1271
• build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.13+incompatible by @dependabot in #1272
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.8 to 1.43.23 by @dependabot in #1273
• feat(bgp): add custom BGP import rejection policy support via node annotation by @lucasmundim in #1153
• build(deps): bump github.com/onsi/gomega from 1.18.1 to 1.19.0 by @dependabot in #1274
• build(deps): bump github.com/docker/docker from 20.10.13+incompatible to 20.10.14+incompatible by @dependabot in #1275
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.23 to 1.43.30 by @dependabot in #1276
• fix(NPC): add missing quotes by @aauren in #1278
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.30 to 1.43.33 by @dependabot in #1279
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.33 to 1.43.45 by @dependabot in #1284
• build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #1287
• build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 by @dependabot in #1288
• build(deps): bump github.com/aws/aws-sdk-go from 1.43.45 to 1.44.10 by @dependabot in #1291
• build(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.16+incompatible by @dependabot in #1295
• build(deps): bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #1296
• build(deps): bump github.com/aws/aws-sdk-go from 1.44.10 to 1.44.14 by @dependabot in #1297
• build(deps): bump github.com/aws/aws-sdk-go from 1.44.14 to 1.44.22 by @dependabot in #1301
• build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #1304
• fix(constant): use constant from resourcelock package by @lx1036 in #1298
• Bump golang / k8s / goreleaser by @mrueg in #1306
• build(deps): bump github.com/aws/aws-sdk-go from 1.44.22 to 1.44.24 by @dependabot in #1307

New Contributors

• @noillir made their first contribution in #1232

Full Changelog: v1.4.0...v1.5.0

v1.4.0

Notable Changes

• Greatly Fixed and Improved Hairpinning:
  • Reduced the number of iptables rules when Hairpinning is enabled by ensuring it is only enabled on local nodes (see: #1208)
  • Fixed an issue where hairpinning rules weren't being updated on service / endpoint updates (see: #1200)
  • Fixed issue where hairpinning rules weren't being regenerated correctly (see: #1200)
• DSR Fixes
  • Fixed an issue where sometimes FWMarks generated for DSR would collide
  • Fixed issue where DSR mangle table definitions were not being cleaned up
• Improved efficiency of kube-router's advertisements with iBGP peers (see: #1188 thanks to @lx1036 )
• Fixed issue where peer might not be seen correctly as established due to a bad double-negative condition (see: #1184 thanks to @lx1036 )
• Updated from GoLang 1.16 to 1.17
• Updated Alpine base container from 3.14 to 3.15
• Updated GoBGP library from v2.29.0 to v2.34.0
• Removed duplicate metrics controller_iptables_sync_total_time & controller_iptables_sync_total_count (see: #1216)
• Reduced error spam for condition that wasn't really an error case when looking for FWMarks for DSR services

Changelog

• a1b7651 go.mod: Bump a couple of golang dependencies
• c3d260d build(deps): bump github.com/aws/aws-sdk-go from 1.42.24 to 1.42.25
• 0752e9a build(deps): bump k8s.io/klog/v2 from 2.40.0 to 2.40.1
• 5e7c01e build(deps): bump github.com/aws/aws-sdk-go from 1.42.23 to 1.42.24
• 1c32d1a build(deps): bump k8s.io/klog/v2 from 2.30.0 to 2.40.0
• 6808268 build(deps): bump github.com/docker/docker
• fa2da0a pkg/cri: Replace deprecated grpc.WithInsecure
• a9f76be build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
• 3c968d9 build(deps): bump github.com/aws/aws-sdk-go from 1.42.20 to 1.42.23
• 2bf4c70 Bump to go 1.17.5 / alpine 3.15
• a9f0084 Revert "feat(metrics): add more iptables sync metrics" (#1216)
• b746897 feat(nsc): only hairpin endpoints on local node (#1208)
• 51a6be3 Update to gobgp-2.34.0
• 8e9dfcd build(deps): bump github.com/aws/aws-sdk-go from 1.42.18 to 1.42.20
• 2ca39f1 fix(nsc): properly check hairpinning rule
• 146786a fix(nsc): sync hairpinning on service modification
• 8f13f06 fix(nsc): don't overwrite err & add comments
• 9ca012c build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
• 51a23d1 build(deps): bump github.com/docker/docker
• b5f6978 build(deps): bump github.com/aws/aws-sdk-go from 1.38.70 to 1.42.18
• 4b5f3f4 build(deps): bump github.com/containernetworking/plugins
• 81be1d8 build(deps): bump k8s.io/cri-api from 0.21.4 to 0.22.4
• f650d23 build(deps): bump k8s.io/client-go from 0.21.4 to 0.22.4
• fe65d4c build(deps): bump github.com/onsi/gomega from 1.11.0 to 1.17.0
• 5101a4f fix(nsc): remove error for lookupFWMarkByService
• bf325e1 fix(go.mod): update image-spec v1.0.2
• 4c86d3d fix(go.mod): update containerd to v1.5.8
• b9a9246 fix(lint): don't error on deprecated protobuf funcs
• 9fd1749 fix(go.mod): add google.golang.org/protobuf v1.26.0
• c2649f5 build(deps): bump github.com/golang/protobuf from 1.4.3 to 1.5.2
• b088279 Fix typo in filter rule comment
• 73b7c22 fix(bgp policy): sort the slice items before deep equal(#1188)
• 8e7d585 fix(bgp): use PeerState_ESTABLISHED logic like function name(#1184)
• bee2c20 fix bug when adding ip rule for fwmark (#1178)
• 55a0dd1 Update golang to v1.16.9
• 6056080 Update gobgp to v2.32.0
• 8dacef8 go.mod: Update dependencies
• b24cf26 feat(README): add go report card status
• c3f90c5 Fix Misc DSR Issues (#1174)
• 8572f3a fact(hairpin): remove one last direct ref of KUBE-ROUTER-HAIRPIN
• 5e1d033 fix(sysctl): revert is fatal check for some conditions
• feb16d0 doc(NSC): add some comments around DSR
• 8f3861d fact(sysctl): consolidate sysctl usage into utils
• da5f8e0 fix: address minor PR feedback and misspells
• 0b145f6 feat(.golangci.yml): enable durationcheck linter
• a604383 feat(Makefile): add lint to the default makefile action
• 419c078 feat(.golangci.yml): enable unparam linter and remediate
• d1218d1 feat(.golangci.yml): enable unconvert linter and remediate
• 1d90e21 feat(.golangci.yml): enable stylecheck linter and remediate
• 86c2229 feat(.golangci.yml): enable additional linters
• 85f2841 feat(.golangci.yml): enable long lines linter and remediate
• ee09adb feat(.golangci.yml): enable additional linters and set max results to always show
• 874a746 feat(.golangci.yml): enable gosec and remediate
• 6208bfa feat(.golangci.yml): enable gomnd and remediate
• 1b4cc61 feat(.golangci.yml): enable exhaustive and remediate
• f52fddd feat(.golangci.yml): enable gocritic and remediate
• d6ccc22 feat(.golangci.yml): enable goconst and remediate
• b8a795e feat(.golangci.yml): enable gochecknoinits and remediate
• c5f4c00 feat(.golangci.yml): enable dupl and remediate
• d1686e7 .golangci.yml: Update allow-list for linters
• 7aeffbc Makefile: Update golangci-lint to 1.42.0
• b4b231f Update to gobgp-2.31.0
• 12bba88 build(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0

v1.3.2

Full Changelog:

• 6ed5596 - feat(pod.go): add conntrack invalid state drop <Aaron U'Ren>
• f9e2249 - incorporate review comments <Murali Reddy>
• ba62db4 - ensure withdrawn external IP's on service update, are not used by any other service. i.e) check if external IP really not used by any service <Murali Reddy>
• c7ed2d5 - fix(NPC): don't rely on exit code for chain check (#1157) <Aaron U'Ren>
• a60c5a8 - fix(bgp_policies_test.go): Add missing import statement to all test cases <Lucas Mundim>
• be96dea - fix(bgp_policies_test.go): fails if there are any unexpected statement <Lucas Mundim>

v1.3.1

Change Log Highlights

This adds a bunch of fixes for some small to medium sized issues with the 1.3.0 release. Notable changes include:

• --cleanup-config flag should now be more comprehensive. There were a couple of bugs introduced in the 1.3 release that caused this flag to not function at all. These have been fixed. Additionally, it now cleans up most, if not all kube-router artifacts, where before it would leave some lingering parts of the Network Policy Controller.
• injectRoutes(), the part of the Network Routes Controller that is responsible for injecting host routes based on BGP advertisements, has been completely overhauled.
  • Routes are now cleaned up and removed from the host when nodes leave. This prevents bugs around black-hole routes that are created when nodes are decommissioned and that IP space is later reused by a new node.
  • Performance is improved by checking if the route is a withdrawal first, rather than adding the route and then immediately removing it
  • Logging has been updated to no longer be so spammy for default actions
  • Code has been refactored to be easier to read and understand
• IPVS metrics are now removed after the service is deleted rather than being continuously posted to prometheus (thanks @bhcleek!)
• kube-router nodes are now protected from default route BGP advertisements. Before this, kube-router had the potential to overwrite the default route on the node causing the node to no longer be contactable (thanks @lucasmundim!)
• Additional ipset locking was missing causing some errors around multiple invocations. This has been fixed.

Full Changelog

• d173c98 - (HEAD -> master, tag: v1.3.1, origin/master, origin/HEAD) Update to go-1.16.7 and go dependencies (3 days ago) <Manuel Rüger>
• bffdc72 - fix(npc): ordering of firewall / service rules (#1144) (4 days ago) <Aaron U'Ren>
• 35d334c - fix: add sleeps between iptables and ipset cleanup (8 days ago) <Aaron U'Ren>
• cafd69d - fix(NRC): reduce logging for egress cleanup errors (8 days ago) <Aaron U'Ren>
• fb07026 - fix(NSC): actually remove IPVS definitions (8 days ago) <Aaron U'Ren>
• bbc0666 - fix(NSC): add exists checking to Cleanup() (8 days ago) <Aaron U'Ren>
• 1a8c354 - fix(NPC): Cleanup() function overhaul (8 days ago) <Aaron U'Ren>
• 9bc55dc - fix(NPC): missed ipset locking (8 days ago) <Aaron U'Ren>
• 031d752 - feat(NPC): minor performance improvement (8 days ago) <Aaron U'Ren>
• 5156f87 - Add a default route 0.0.0.0/8 import policy deny rule (8 days ago)
• 693c48a - build(deps): bump k8s.io/klog/v2 from 2.9.0 to 2.10.0 (11 days ago) <dependabot[bot]>
• e9f9c44 - build(deps): bump k8s.io/cri-api from 0.21.2 to 0.21.3 (11 days ago) <dependabot[bot]>
• f24df68 - feat(go.mod): upgrade from 1.13 to 1.16 (11 days ago) <Aaron U'Ren>
• 2e08d47 - fix(go.mod): containerd CVE-2021-32760 (11 days ago) <Aaron U'Ren>
• abf9bd9 - Update GoBGP to v2.30.0 (11 days ago) <Manuel Rüger>
• ad86041 - build(deps): bump k8s.io/client-go from 0.21.2 to 0.21.3 (11 days ago) <dependabot[bot]>
• fc3973c - .github/ci.yml: Don't build containers for dependabot updates (11 days ago) <Manuel Rüger>
• d5a18ca - remove IPVS metrics (#1133) (2 weeks ago)
• 06e246f - fix(NRC): PR feedback fixes (2 weeks ago) <Aaron U'Ren>
• 445ad9a - fix(injectRoute): process withdrawls first (2 weeks ago) <Aaron U'Ren>
• 2e590a4 - fix(NRC): consolidate route delete logic (2 weeks ago) <Aaron U'Ren>
• d0501c0 - fix(injectRoute): cleanup tunnels & routes when peer drops (2 weeks ago) <Aaron U'Ren>
• 94640ac - doc(injectRoute): improve comments on logic flow (2 weeks ago) <Aaron U'Ren>
• 4959da4 - feat(NRC): reduce verbosity of log messages for common overlay cases (2 weeks ago) <Aaron U'Ren>
• 38222a3 - fact(injectRoute): extract setupOverlayTunnel() and cleanupTunnels() (2 weeks ago) <Aaron U'Ren>
• 63c3b90 - fact(injectRoute): extract parseBGPPath method to simplify (2 weeks ago) <Aaron U'Ren>
• e9be04e - fix: add nil checking to ipsetMutex cleanup actions (#1129) (4 weeks ago) <Aaron U'Ren>
• c26f98c - fix(ci): only run build actions on non-forks (6 weeks ago) <Aaron U'Ren>
• f3e8fc0 - fix(README.md): update badge link to GitHub Actions (6 weeks ago) <Aaron U'Ren>
• f8214ef - .github/workflows: Fix yaml error (6 weeks ago) <Manuel Rüger>
• 8697d81 - .github: Fix tag workflow (6 weeks ago) <Manuel Rüger>
• 36e1de9 - go.mod: Update dependencies (6 weeks ago) <Manuel Rüger>
• fc4ddef - .github: Fix tag workflow (6 weeks ago) <Manuel Rüger>
• 9b7f98e - .github: Fix Tag/Push workflow (6 weeks ago) <Manuel Rüger>

Kube-Router v1.3.0 / 2021-07-05

Changelog

afd5dd7 .github/workflows: Fix yaml error
127132b .github: Fix tag workflow
112deed go.mod: Update dependencies
de5526e .github: Fix tag workflow
e79f024 .github: Fix Tag/Push workflow
4a3940f .github/workflows: Small fix
e433f0e Apply review feedback
0914305 Build binaries via Dockerfile, migrate to Github Actions
366b95f build(deps): bump github.com/prometheus/client_golang
cef7f47 build(deps): bump k8s.io/cri-api from 0.21.0 to 0.21.2
2521525 gobgp: Version bump to 2.29.0
59b2c44 build(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0
039f87d build(deps): bump github.com/aws/aws-sdk-go from 1.38.55 to 1.38.70
7f6115d build(deps): bump k8s.io/client-go from 0.21.1 to 0.21.2
73b1b03 cache the check of wait option support in iptables-restore
751981c update alpine image to 3.14 for latest iptables-restore command with --wait option, and use wait where its available
468670b go.mod: Update to gobgp 2.28.0
c8f7daf fix lint errors
2c4dd7d addressing review comments
4c8cfc9 bug fix
93fe004 bug fixes
3d407dc make rules to ACCPET related/established traffic as first entry in pod firewall chain
d684ec0 add logic to explicitly ACCEPT traffic from/to the pod if its permitted by applicable network policies. If there are no network policies then by default ACCEPT the pod traffic
21473ed Add support for kubernetes endport field (#1080)
91a1b37 .github: Add Go Releaser Step (#1100)
011b7aa fix typo Gracefule -> Graceful
b39923a build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
5ed68d4 build(deps): bump github.com/aws/aws-sdk-go from 1.38.30 to 1.38.55
ea1605e build(deps): bump github.com/onsi/ginkgo from 1.16.1 to 1.16.4
863bd4d build(deps): bump k8s.io/klog/v2 from 2.8.0 to 2.9.0
2a56d3c build(deps): bump github.com/docker/docker
cf08cf5 build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0
abd4eea build(deps): bump k8s.io/client-go from 0.21.0 to 0.21.1
7e92ad9 fix(goreleaser): add version and date to published binaries
d90c753 fact(NPC): refactor isPodUpdateNetPolRelevant
1a82db7 fix(NPC): check if new pod is actionable
3dc5c3f fix(NPC): remove HostNetwork check from OnPodUpdate
13e0a39 fix(NPC): check if pod is actionable
fa8d69e fix: add locking around ipset invocations
e8a81f3 .github: Enable dependabot to manage dependencies
21c5290 feat(iptables): add upstream wrapper script
295c862 travis-deploy: Log into docker
612d9a3 Update Build and Test Procedures
c38c3ac build-image: Remove outdated script
4306e5d feat(DSR): make TCPMSS based on primary link MTU
a610596 fact(GetMTUFromNodeIP): move up a layer of abstraction
e223ea8 Fix DSR(tunneling) mode mtu limit
45b7fd1 fix(NPC): parse NodePorts as unsigned ints
14a03a6 fix(bgp.md): misspellings and doc conformance
9cbc376 feat(bgp): add BGP communities support via node annotation
ae9d0e3 fix(bgp_policies_test.go): actually test policy
fa7bcde fix(bgp_policies_test.go): use startBgpServer()
a5d6560 fact(bgp_policies_test): move BGP policy tests into their own file
b2d8af4 doc(bgp.md): add info about password file configs
fce90b0 Oops, i guess my unit test was flaky in #1068
e94cba6 go.mod: Update dependencies
0ad00df Mention k0sproject in getting started guide
2460189 skip host network pods when selecting pods to apply ingress/egress netpol
5255127 skip hostnetwok pod's from enforcing network policies
c555f91 update maintainers (#1074)
bd5ee4f fix(nsc): Overly eager IPVS updating
f0e1a13 Makefile: Apply workaround for go install on multi-arch
e8c1ba7 Use go install for gobgp
8d47317 moq: Regenerate
66247fe Update dependencies
a821284 Update to go 1.16
18d2a3b Swap temporary IPSets during ipset restore (#1068)
ef827d3 fix: protect uint32 conversion
1816886 fix: remove possible BGP password leak via logs
be01f31 fact: other misc cleanups
0faf772 fix: don't overload function names with vars
53cfbe3 fix: return early when we might be holding nil references
4efa5cc fact: remove function parameters that are never referenced
a86b3fa fact: handle errors from Close() explicitely
57ddac3 fact(NSC): consolidate repeat logic
96675e6 fix: don't capitalize error messages
e9c77d0 fix(comments): misspellings and bad doc strings
1c961ba fix: don't check upper bound of 16 bit int
94785f1 .github: Add codeql scanner
70aa028 doc(testing.md): remove vagrant-based testing doc
2931e53 fix(vagrant): remove vagrant stuff that hasn't worked in a while
46f54e9 Fix PMTU discovery for service IPs (#733)
d74f5c8 doc(user-guide.md): clarify externalips hairpin option
5fc39db Add hairpin support for externalIps
7d47aef Replace github.com/golang/glog with k8s.io/klog/v2
6bedf27 Drop vendor, update dependencies, upgrade docker images (#1052)