v1.2.0

This release addresses performance issues related to network policy enforcement. Network policy enforcement is significanly faster. Also support for DSR(Direct server return) functionality has been expanded to any CRI's in additions to Docker.

Thanks to all the contributors who submitted the PR's and helped with testing.

Changelog

f4b7d61 support egress to namedport without dst address (#1037)
43c3c9d Handle headless services (#1047)
1fb0820 fix(npc): sync npc on pod label changes (#1046)
40512f1 serialize the iptables changes by NRC and NPC while starting
99cb40b while doing ipset restore, ensure sets are flushed before adding entries
187a3f2 fix(ipset): add type option to RefreshSet
d1e1923 prevent iptable command calls when necessary rules already exists
fe515d1 fix(pod.go): ensure traffic at end of chain is only dropped once
22b031b feat(metrics): add more iptables sync metrics
95299a4 fix(pod.go): comment quoting issues
afd866c use ipset save and restore to modify ipset to reduce exec calls
888cac9 use iptables-save and iptables-restore commands to consolidate individual iptables command that are run during full network policies sync
8f2e26a Update deps for k8s, cni and golang (#1030)
8105734 metrics: Add metric for build_info (#1031)
49b9add Making IPIP/tunnel and override-nexthop independent (#1025)
53d66eb adding missing vendor files
ca2008e feat: simple CRI implementation in addition to Docker, required for DSR functionality. CRI compliant runtimes support (e.g. containerd, cri-o, etc.) (#1027)
2ba6f40 It appears as though this line is no longer relevant (#1029)
ee9f6d8 Update dependencies (go-iptables, cni) (#996)
c4eba17 Makefile: Drop outdated glide command (#1018)
c145885 resolving merge conflicts of PR-964
54b921f Merge remote-tracking branch 'iamakulov/master'
4e13a1d Update RBAC apiVersion from v1beta1 to v1 (#1016)
e16f207 npc code restructuring (#1007)
4c05ef2 Return an error if BatchAdd errors
1a487d2 Remove options passed to .Refresh()
a79eded Improve ipset performance with large sets

v1.1.1

Changelog

f8aed0c fix(nrc): multiple services with the same VIP
46e903a remove deprecated netpol beta API support (#1001)
7769a0c Update golang.org/x/net dependency
def8f54 Update to golang 1.15 and alpine-3.12
2b3f39c Update bgp.md (#1000)
fd5af18 Cleanup non-DSR externalIPs

v1.1.0

• This release updates critcal vendored dependencies
  - gobgp is updated latest version 2.19
  - k8s.io/client-go, k8s.io/apimachinery, k8s.io/api are updated to v0.18.8
• Also dep is no longer used, we will be using go modules going forward for dependency management
• Go 1.13 is version used for building kube-router and gobgp binaries

breaking changes

• starting from this release kube-router by default tries to auto-configure MTU for both pod interfaces and kube-bridge bridge interface. If you do not wish to change the MTU please set --auto-mtu to false. Please see https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#mtu if you would like to manually configure the MTU value.

Changelog

400e496 update go.sum
d1a2316 .gitignore: Drop vendor folder (#993)
8e3f36c Add LoadBalancer to getExternalIPs (#995)
92b914e review comments
7904b7c addressing review comments
947bb24 fix lint error
db1bd56 set mtu in cni spec to auto configure MTU's of the pod's veth's and kube-bridge interfaces
d32d651 go.mod: Vendor newer prometheus and k8s (#990)
5a5e835 fix(network_policy): mask mark reset on FW marks (#992)
824614d Add Support for Reading Peer Passwords via a File (#986)

v1.1.0-rc1

• This release brings in to much needed updates to critcal vendored dependencies
  - gobgp is updated latest version 2.19
  - k8s.io/client-go, k8s.io/apimachinery, k8s.io/api are updated to v0.18.6
• Also dep is no longer used, we will be using go modules going forward for dependency management
• Go 1.13 is version used for building kube-router and gobgp binaries

and couple of bug fixes.

Changelog

ac556ab pin goreleaser to v0.142.0, latest is causing errors
3c734fb merge gobgp-update into master (#982)
cebe8b7 Merge pull request #981 from cloudnativelabs/lint-errors
3b992e4 fix build break due to go linter errros
7cd5235 fix(network_policy): missed gofmt on #970
827ce55 Permit ExternalIP on input (#970)
c6ef3b8 Merge pull request #975 from mrueg/conv-fix
4d1fc8d Fix unnecessary conversions
b7610a0 Merge pull request #974 from aauren/add_kube-router_options_to_issue_template
b4203cb feat(bug_report.md): add parameters section to bug report
7613a73 add IfaceHasNoAddr check for external ip delete error (#971)
0cca5f1 Merge pull request #969 from aauren/fact/sort_options
f6210da fact(options): alphabetize imports
797ee0a fact(options): alphabetize options by parameter name
202f92b fact(options): alphabetize struct fields
4307bdd ISSUE_TEMPLATE: Add missing headers (#966)
36daba8 Setup Issue Templates (#963)
e35dc9d Merge pull request #958 from coufalja/random-all
68dba40 Clean original iptables rule if --random-fully is supported
d5af1a9 Merge pull request #961 from cloudnativelabs/remove_deprecated_cluster-cidr_option
5ef989c fix(options): remove deprecated cluster-cidr option
19a5b1a Merge pull request #959 from cloudnativelabs/goreleaser-ldflags
ece8987 .goreleaser.yml: Add LDFLAGS
a33089d [testing] run go linters (#943)
8d424ea Fix pod egress rule cleanup
3e33a9c Merge pull request #957 from qingkunl/add_nsswitch_conf
d66a3bb Activate --random-fully where supported
23b2b99 Bump go-iptables
17f2786 add /etc/nsswitch.conf in Dockerfile
3ab31ab Merge pull request #955 from cloudnativelabs/fix-build-break
bb35b9a fix lint error: minor fix to catch the error from .bgpServer.Stop()
031a992 Merge pull request #786 from jdrahos/rr_ipv4_785
aec73b8 fix(nsc): update IPVS svc when timeout changes (#952)
1c18462 The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices. (#921)
3fd8dc5 Merge pull request #953 from aauren/bgp_graceful_restart_time
b07f53f fix(graceful_restart): gofmt and doc fixes so unit tests pass
1c594b2 Allow setting BGP Graceful restart time from CLI
27857d3 Merge pull request #822 from kvaps/fix-821
c61dc8f fix tolerations
8023f6a Allow to configure cluster id using IPv4 strings

v1.0.1

Changelog

6af898b add /etc/nsswitch.conf in Dockerfile
9c9e935 fix lint error: minor fix to catch the error from .bgpServer.Stop()
8e65593 Allow to configure cluster id using IPv4 strings
606edcc fix(nsc): update IPVS svc when timeout changes (#952)
7a104ba fix tolerations

v1.0.0

Breaking changes and knows issues:

If you are upgrading from v1.0.0-rc4 or earlier version following breaking changes apply:

• The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
• if you have egress network policies applied to workload, you need to ensure proper value for service-cluster-ip-range and service-node-port-range configured to ensure pod's can access service cluster IP's and NodePort services

Changelog

b6acd0a stop processing service and endpoints updates if network service (#939)
b7aad2e doc(user-guild.md): add info about proxy and SNAT (#935)
c71eb9a proxy: only output Error log when there's an error (#942)
fb93467 Merge pull request #929 from aauren/handle_branches_with_slashes
3156f43 Makefile: remove slashes from git branch if they exist

v1.0.0-rc6

Bug fix release. Fixes for regressions found in v1.0.0-rc5

thanks @eeeeeta for reporting and fixing the regression

Breaking changes and knows issues:

If you are upgrading from v1.0.0-rc4 or earlier version please see release notes for v1.0.0-rc5. Same breaking changes and known issues apply for this release as well

Changelog

4f9a794 Merge pull request #931 from cloudnativelabs/pr914-feedback
1bec864 avoide listing a chain if the rule already exists
309c803 Merge pull request #928 from eeeeeta/fix-generate-fwmark
a2ac2f0 fix unintentional Sprint of two-argument generateFwmark() call
a23017d Merge pull request #927 from cloudnativelabs/bgppolicies
81d717d fix false negative errors in creating BGP defined sets

v1.0.0-rc5

This release has serveral improvements to network policies implementation in kube-router and cleanup of code base to fix all go lint errors and few bug fixes.

Thanks @mrueg @aauren @liuxu623 for your the PR's.

Thanks @aauren for reporting regression in v1.0.0-rc4 and critical feedback on network policy implementation some of which are addressed in this release.

Note: This release has following breaking changes:

• The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
• if you have egress network policies applied to workload, you need to ensure proper value for service-cluster-ip-range and service-node-port-range configured to ensure pod's can access service cluster IP's and NodePort services

Note: This release has following known issues:

• please see #934

Changelog

e858e26 change ACCEPT to RETURN with mark when a netpol is matched so that we run through (#915)
4d6b0b8 whitelist traffic to cluster IP and node ports in INPUT chain to bypass netwrok policy enforcement (#914)
210dc3d avoids adding kube-router specific rules to enforce network policies in (#909)
8f5c959 full sync when namespace labels change (#917)
12674d5 Add golangci-lint support (#895)
4a08e11 Dockerfile: Update to alpine:3.11 (#918)
cb48a7f fix(network_routes): missing node ip -> error log (#904)
d2178da fix(ecmp_vip): check for nil nodename (#903)

v1.0.0-rc4

Thanks to @aauren for your contributions!

Changelog

837554b Fix Memory Consumption in network_policy_controller (#902)

v1.0.0-rc3

Changelog

#900 - Fix Network Policy Cleanup Code
#894 - .goreleaser.yml: Multiarch build
#898 - Use same image for container and initContainer

Thanks @mrueg & @cfrantsen for your contributions!