Kubernetes networking based on Open vSwitch
Note for UBI users: The UBI8-based image tags for this release (antrea/antrea-ubi:v1.14.0 and projects.registry.vmware.com/antrea/antrea-ubi:v1.14.0) were unusable (Antrea containers will crash immediately on startup) because of a bug and we have decided to delete them from the registries. Please use the tags for release v1.14.1 instead (antrea/antrea-ubi:v1.14.1 and projects.registry.vmware.com/antrea/antrea-ubi:v1.14.1). Ubuntu-based image tags (antrea/antrea-ubuntu:v1.14.0 and projects.registry.vmware.com/antrea/antrea-ubuntu:v1.14.0) are unaffected and fully functional.
IPAllocated and IPAssigned conditions to Egress status to improve Egress visibility. (#5282, @AJPL88 @tnqn)SupportBundle for both Antrea Agent and Antrea Controller. (#5538, @aniketraj1947)Install-WindowsCNI-Containerd.ps1 script to make it compatible with containerd 1.7. (#5528, @NamanAg30)antreaProxy.enable to allow users to disable this feature. (#5401, @hongliangl)antctl get featuregates output. (#5314, @cr7258)PacketInMeter and the size of PacketInQueue. (#5460, @GraysonWu)hostAliases to Helm values for Flow Aggregator. (#5386, @yuntanghsu)/bin/sh and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)EndpointDNAT only when Antrea Multi-cluster is enabled. (#5411, @hongliangl)drop in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)kubectl get multicastgroups even when the Multicast is enabled. (#5367, @ceclinux)antctl tf CLI failure when the Traceflow is using an IPv6 address. (#5588, @Atish-iaf)PacketInQueue to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)ovs_meter_packet_dropped_count metrics to fix a bug that the metrics are not showing up if OVS Meter is not supported on the system. (#5413, @tnqn)drop in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter and the size of PacketInQueue. (#5460, @GraysonWu)enableStretchedNetworkPolicy is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)kubectl get multicastgroups even when the Multicast is enabled. (#5367, @ceclinux)PacketInQueue to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)drop in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter and the size of PacketInQueue. (#5460, @GraysonWu)enableStretchedNetworkPolicy is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)kubectl get multicastgroups even when the Multicast is enabled. (#5367, @ceclinux)ovs_meter_packet_dropped_count metrics to fix a bug that the metrics are not showing up if OVS Meter is not supported on the system. (#5413, @tnqn)PacketInQueue to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)drop in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter and the size of PacketInQueue. (#5460, @GraysonWu)kubectl get multicastgroups even when the Multicast is enabled. (#5367, @ceclinux)enableStretchedNetworkPolicy is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)PacketInQueue to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)ContainerRuntime to allow users to configure the container runtime while using the script Prepare-Node.ps1 on K8s Windows Node. (#5071, @NamanAg30)antctl upgrade api-storage in antctl to support resource storage version migration for Antrea CRDs. (#5198, @hongliangl)service.kubernetes.io/topology-mode in AntreaProxy since the old service.kubernetes.io/topology-aware-hints annotation has been deprecated in Kubernetes 1.27. (#5241, @mengdie-song)service.kubernetes.io/service-proxy-name in AntreaProxy to align with KEP 2447. (#4973, @hongliangl)sort-by flag in more antctl get commands for more fields. (#4346, @jainpulkit22)kubeAPIServerOverride option to allow users to override the kube-apiserver address for antrea-controller. (#5056, @tnqn)proxyAll by default for AntreaProxy on Windows because the kube-proxy userspace datapath has been removed since Kubernetes 1.26. (#4980, @XinShuYang)40000-41000 to avoid conflicts with the Windows default dynamic port range. (#5107, @XinShuYang)--insecure option to support both secure and insecure connections. (#5135, @antoninbas)<Namespace>/<Name>) to which the NP rule is applied. (#5101, @antoninbas)libOpenflow and ofnet library versions to fix a PacketIn2 response parse error. (#5154, @wenyingd)libOpenflow library to v0.12.1 to fix an antrea-agent crash issue when marshaling the IGMPv3 query packet. (#5320, @ceclinux)antctl mc codes to fix a rollback failure. (#5138, @luolanzone)modifyFlows function of the OpenFlow client to avoid unexpected flow error. (#5125, @Dyanngg)The Multicast, TopologyAwareHints, and NodeIPAM features are graduated from Alpha to Beta. The TopologyAwareHints, NodeIPAM features are enabled by default. Multicast can be enabled with a new Antrea Agent configuration parameter: multicast.enable.
sourcePort and sourceEndPort in Antrea-native policy API to match traffic initiated from specific ports. (#4687, @Dyanngg)logLabel to Antrea-native policy CRDs; the user-provided label is added to audit logs. (#4748, @qiyueyao)clientCAFile to allow user to specify client CA. (#4664, @wenyingd)status.egressIP field for Egress to represent the effective Egress IP. (#4603, @tnqn)Failed phase in ANP status for the case when all Agents have reported the status and at least one failure is received. (#4608, @wenyingd)ovs_flow_count Prometheus metrics. (#4893, @cr7258)