v0.13.1-rc2

Release notes:

31dbe1c Move from glog to klog
a85e127 fix(host-gw): failed to restart if gateway hnsep existed
e5a30da ipsec: use well known paths of charon daemon
e951cf7 client-go version bump

v0.13.1-rc1

Key commits since the previous release:

ba8c216 upgrade client-go to 1.19.4
4378130 move from juju/errors to pkg/errors
be073e8 upgrade to go1.15.5
1a1b6f1 subnets: move forward the cursor to skip illegal subnet
8a1bcf6 Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
c2d3069 preserve AccessKey & AccessKeySecret environment on sudo fix some typo in doc.
1850b09 iptables: handle errors that prevent rule deletes

v0.13.0

Key commits in this release:

b2f9d5e Use multi-arch Docker images in the Kubernetes manifest
e7682f1 Accept existing XMRF policies and update them intead of raising errors
0a5fca3 Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64
a352879 Use "docker manifest" to publish multi-arch Docker images
221a83c Add NET_RAW capability to support cri-o
393b18b remove glide
5dc1ff6 switch to go modules
70b1095 Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers
75fe1e0 documentation: set priorityClassName to system-node-critical
9374813 Added a hint for firewall rules
e2f31ac Disabling ipv6 accept_ra explicitely on the created interface
8477bba use alpine 3.12 everywhere
d31b0dc windows: replace old netsh (rakelkar/gonetsh) with powershell commands
38c583b fix CVE-2019-14697
42c1cc9 Bugfix: VtepMac would be empty when lease re-acquire for windows
0806642 Use stable os and arch label for node
82ca072 doc(awsvpc): correct the required permissions

v0.13.0-rc2

Pre release with multi-arch images

v0.13.0-rc1

A few of the key commits:

0a5fca3 Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64
221a83c Add NET_RAW capability to support cri-o
117c102 pass waitgroup pointer
393b18b remove glide
5dc1ff6 switch to go modules
70b1095 Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers
75fe1e0 documentation: set priorityClassName to system-node-critical
9374813 Added a hint for firewall rules
e2f31ac Disabling ipv6 accept_ra explicitely on the created interface
8477bba use alpine 3.12 everywhere
d31b0dc windows: replace old netsh (rakelkar/gonetsh) with powershell commands
38c583b fix CVE-2019-14697
42c1cc9 Bugfix: VtepMac would be empty when lease re-acquire for windows
0806642 Use stable os and arch label for node
82ca072 doc(awsvpc): correct the required permissions
5f56647 update troubleshooting.md

v0.12.0

A short summary of some key commits:

905c5d6 fix deleteLease
477d9fa Use publicIP lookup iface if --public-ip indicated
251ecdb kubernetes 1.16 cni error
701c2e8 Add cniVersion to general CNI plugin configuration.
cdcef37 Needs to clear NodeNetworkUnavailable flag on Kubernetes
1d43a1e Replaces gorillalabs go-powershell with bhendo/go-powershell
3e31d3b Make VXLAN device learning attribute configurable
ac54a74 change nodeSelector to nodeAffinity and schedule the pod to linux node
0106d23 This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap
5c7091b EnableNonPersistent flag for Windows Overlay networks
9d18981 snap package.
90764d2 Update lease with DR Mac
aac870e main.go: add the "net-config-path" flag
219cb89 Deploy Flannel with unprivileged PSP
fc9cdb1 Enable local host to local pod connectivity in Windows VXLAN
403cffd Update hcsshim for HostRoute policy in Windows VXLAN

v0.11.0

This release of flannel contains exciting new support for Windows (host-gw and vxlan), an enviable IPSec backend and some conformance and stability changes.

A short summary of some key commits:
#1078 Get HNS networks using V2 schema (thanks @ksubrmnn)
#1061 Remote subnet feature (thanks @ksubrmnn)
#1042 Windows "host-gw" & "vxlan" support (thanks @thxCode)
#997 Allow changing subnet/kube annotation prefix (thanks @kopiczko)
#1045 Do not define keys for tolerations (thanks @outcoldman)
#1016 Use latest Go version (thanks @tomdee)
#978 Make the iptables FORWARD chain rules optional (thanks @KashifSaadat)
#949 Add link to flannel-node-annotator (thanks @alvaroaleman)
#987 add recycling for old iptables rules (thanks @mainred)
#1000 subnet: handle unknown state in delete event (thanks @ggaaooppeenngg)
#989 Documentation/k8s: add daemonsets for all archs (thanks @lentzi90)
#1005 Update kube-flannel-rbac.yml (thanks @somashekhar)
#940 Log all the available interfaces when none were found (thanks @dmathieu)
#941 backend/udp: Use a /32 prefix for the flannel0 interface (thanks @celskeggs)
#935 Added new flag -iptables-resync (thanks @SleepyBrett)
#930 translate alicloud-vpc-backend.md (thanks @DiamondYuan)
#929 Add IPSec backend (thanks @tomdee)

v0.10.0

This release of flannel contains many new features and improvements. Highlights include

• A new IPIP backend.
• A configuration for using Wireguard with the extensions backend.
• Some build changes. All images are now based on Alpine Linux.
• Initial groundwork for Windows support.
• Some changes to how subnets are configured. Flannel now performs additional checks on the configuration options that users supply.
• Changes to the kubernetes manifests
  • The CNI configuration is now specified as a .conflist which allows multiple plugins to be chained. If you are upgrading flannel by just applying the new manifest, then kubernetes will continue to use the old .conf instead of the new .conflist until you manually delete the .conf file. See discussion in #855 (comment) for more details.
  • The CNI configuration now includes the portmap plugin to provide hostPort functionality. You must ensure that the plugin is installed on your host (it will be if you have at least version 0.6.0 of the CNI plugins). This kubernetes manifest in this repo does not install any CNI binaries so you must install another way.
• A number of other bug fixes and improvements. See below for the full list.

The full list of changes

IPIP

#842 Add new ipip backend (thanks @chenchun)

Wireguard

#898 backend/extension: Add Wireguard configuration (thanks @tomdee)

Builds

#859 Makefile: Stop building ACIs (thanks @tomdee)
#860 Makefile: Cleanup, alpine and amd64 only UDP (thanks @tomdee)
#863 MAINTAINER is deprecated, using LABEL now (thanks @cglewis)

Windows

#911 flannel: Get flannel running on windows (thanks @tomdee)
#879 backend: Get flannel building on windows with stubs (thanks @jroggeman)
#903 Fix to build/release windows binaries from Linux (thanks @madhanrm)
#854 network: move ipmasq management into platform-specific files (thanks @jroggeman)

Handling of subnet config

This changes could cause problems when using very small subnets.
#896 subnet/config.go: Fix handling of subnet config (thanks @tomdee)
#894 subnet/config.go: Ensure that Subnets are aligned (thanks @tomdee)

Manifests

#855 make sure flanneld got QoS class "Guaranteed" to have lower oom_score_adj (thanks @Dieken)
#888 Add portmap plugin to CNI conf (thanks @osoriano)
#884 Documentation/Manifests: Improve YMLs. (thanks @Gacko)
#849 kube-flannel-cfg: enable hairpin mode (thanks @Dieken)
#910 Correct Spelling ClusterRoleBinding (thanks @abhaydiwan)

Bug fixes and small improvments

#843 Remove unexpected route from route list (thanks @chenchun)
#840 Fix #712, allow overwriting the public IP of a Kubernetes node (thanks @alvaroaleman)
#897 backend/vxlan: Return correct MTU value (thanks @tomdee)

Automated testing

#845 Add support for multiarch e2e tests (thanks @mkumatag)
#816 Improve functional tests (thanks @tomdee)
#850 Fix TTY error while running e2e tests in container (thanks @mkumatag)
#876 Fix e2e tests for non-amd64 archs (thanks @mkumatag)
#861 Remove leftover containers (thanks @mkumatag)
#858 travis: Only run the tests once (thanks @tomdee)

Logging

#827 Fix printf verb %s of wrong type (thanks @sakeven)
#893 subnet/etcdv2/local_manager.go: Fix startup log (thanks @tomdee)
#873 Log kubernetes public ip override (thanks @alvaroaleman)
#828 Fix error message in ipmasq (thanks @sakeven)

Documentation Changes

#912 automated PR: update CoC (thanks @ericchiang)
#907 fixes typo (thanks @karthequian)
#857 README.md: fix link to kubernetes documentation (thanks @ysim)
#856 Comment out the PR template message and add release note section (thanks @gunjan5)
#880 [DOC] Clarify GCE route quota is only 100 by default (thanks @yuvipanda)
#868 fix typo (thanks @vissible)
#839 All lowercase filename (thanks @athai)

v0.9.1

This release of flannel contains a single fix (#872) to improve compatibility with newer versions of Docker.

Install on kubernetes

• kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.1/Documentation/kube-flannel.yml

The Docker image can be downloaded from quay.io

Please provide feedback through one of the following channels:

• Slack: #flannel on Calico Users Slack
• Mailing list: coreos-dev
• IRC: #coreos on freenode.org

v0.9.0

This release of flannel brings some significant improvements to the vxlan backend.

• No longer listen for netlink messages. This improves flannel performance at high scale (especially on heavily loaded systems) and minimizes the possibility for dropped traffic when the flannel deamon is stopped (e.g. during upgrades).
• Fully compatible with previous versions of flannel to allow for easy upgrade
• Adds support for new "direct routing" mode where packets are only VXLAN encapsulated if there isn't a directly connected route to the destination host.

It also adds a retry mechanism to the --ip-masq feature to ensure that iptables rules are correct.

There are a number of other important bug fixes and improvements. See the complete list below.

Install on kubernetes

• kubectl apply -f https://raw.githubusercontent.com/coreos/flannel/v0.9.0/Documentation/kube-flannel.yml

The Docker image can be downloaded from quay.io

Please provide feedback through one of the following channels:

• Slack: #flannel on Calico Users Slack
• Mailing list: coreos-dev
• IRC: #coreos on freenode.org

The complete list of PRs in this release
#808 Always ensure iptables masquerade rules are installed (thanks @julia-stripe)
#817 Makefile: Stop pulling the unused lib from kube-cross
#809 subnet/*: Remove unused reservations code
#811 Remove Library copy commands from dockefiles (thanks @mkumatag)
#807 backend/hostgw: Improve robustness, add logging and comments
#787 backend/vxlan: Add support for "direct routing"
#803 Fix route deletion when replacing route in hostgw backend (thanks @julia-stripe)
#800 Add flag validation for subnet-lease-renew-margin (thanks @ruoshan)
#785 backend/vxlan: simplify vxlan processing
#791 add ca-certificates (thanks @oilbeater)
#789 Remove broken reference (thanks @athai)
#777 main.go: Remove sleep during shutdown
#776 Remove RevokeLease from manager interface
#778 Remove wait() from backendmanager. Nothing calls it