Kubernetes networking based on Open vSwitch
Note for UBI users: The UBI8-based image tags for this release (antrea/antrea-ubi:v1.14.0
and projects.registry.vmware.com/antrea/antrea-ubi:v1.14.0
) were unusable (Antrea containers will crash immediately on startup) because of a bug and we have decided to delete them from the registries. Please use the tags for release v1.14.1 instead (antrea/antrea-ubi:v1.14.1
and projects.registry.vmware.com/antrea/antrea-ubi:v1.14.1
). Ubuntu-based image tags (antrea/antrea-ubuntu:v1.14.0
and projects.registry.vmware.com/antrea/antrea-ubuntu:v1.14.0
) are unaffected and fully functional.
IPAllocated
and IPAssigned
conditions to Egress status to improve Egress visibility. (#5282, @AJPL88 @tnqn)SupportBundle
for both Antrea Agent and Antrea Controller. (#5538, @aniketraj1947)Install-WindowsCNI-Containerd.ps1
script to make it compatible with containerd 1.7. (#5528, @NamanAg30)antreaProxy.enable
to allow users to disable this feature. (#5401, @hongliangl)antctl get featuregates
output. (#5314, @cr7258)PacketInMeter
and the size of PacketInQueue
. (#5460, @GraysonWu)hostAliases
to Helm values for Flow Aggregator. (#5386, @yuntanghsu)/bin/sh
and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)EndpointDNAT
only when Antrea Multi-cluster is enabled. (#5411, @hongliangl)drop
in ARPSpoofGuardTable
to effectively prevent ARP spoofing. (#5378, @hongliangl)kubectl get multicastgroups
even when the Multicast is enabled. (#5367, @ceclinux)antctl tf
CLI failure when the Traceflow is using an IPv6 address. (#5588, @Atish-iaf)PacketInQueue
to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)ovs_meter_packet_dropped_count
metrics to fix a bug that the metrics are not showing up if OVS Meter is not supported on the system. (#5413, @tnqn)drop
in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh
and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter
and the size of PacketInQueue
. (#5460, @GraysonWu)enableStretchedNetworkPolicy
is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)kubectl get multicastgroups
even when the Multicast is enabled. (#5367, @ceclinux)PacketInQueue
to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)drop
in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh
and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter
and the size of PacketInQueue
. (#5460, @GraysonWu)enableStretchedNetworkPolicy
is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)kubectl get multicastgroups
even when the Multicast is enabled. (#5367, @ceclinux)ovs_meter_packet_dropped_count
metrics to fix a bug that the metrics are not showing up if OVS Meter is not supported on the system. (#5413, @tnqn)PacketInQueue
to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)drop
in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)/bin/sh
and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)PacketInMeter
and the size of PacketInQueue
. (#5460, @GraysonWu)kubectl get multicastgroups
even when the Multicast is enabled. (#5367, @ceclinux)enableStretchedNetworkPolicy
is enabled for Antrea Multi-cluster. (#5404 #5449, @Dyanngg)PacketInQueue
to reduce the DNS response delay when a Pod has any FQDN policy applied. (#5456, @tnqn)ContainerRuntime
to allow users to configure the container runtime while using the script Prepare-Node.ps1
on K8s Windows Node. (#5071, @NamanAg30)antctl upgrade api-storage
in antctl to support resource storage version migration for Antrea CRDs. (#5198, @hongliangl)service.kubernetes.io/topology-mode
in AntreaProxy since the old service.kubernetes.io/topology-aware-hints
annotation has been deprecated in Kubernetes 1.27. (#5241, @mengdie-song)service.kubernetes.io/service-proxy-name
in AntreaProxy to align with KEP 2447. (#4973, @hongliangl)sort-by
flag in more antctl get
commands for more fields. (#4346, @jainpulkit22)kubeAPIServerOverride
option to allow users to override the kube-apiserver address for antrea-controller. (#5056, @tnqn)proxyAll
by default for AntreaProxy on Windows because the kube-proxy userspace datapath has been removed since Kubernetes 1.26. (#4980, @XinShuYang)40000-41000
to avoid conflicts with the Windows default dynamic port range. (#5107, @XinShuYang)--insecure
option to support both secure and insecure connections. (#5135, @antoninbas)<Namespace>/<Name>
) to which the NP rule is applied. (#5101, @antoninbas)libOpenflow
and ofnet
library versions to fix a PacketIn2 response parse error. (#5154, @wenyingd)libOpenflow
library to v0.12.1 to fix an antrea-agent crash issue when marshaling the IGMPv3 query packet. (#5320, @ceclinux)antctl mc
codes to fix a rollback failure. (#5138, @luolanzone)modifyFlows
function of the OpenFlow client to avoid unexpected flow error. (#5125, @Dyanngg)The Multicast, TopologyAwareHints, and NodeIPAM features are graduated from Alpha to Beta. The TopologyAwareHints, NodeIPAM features are enabled by default. Multicast can be enabled with a new Antrea Agent configuration parameter: multicast.enable
.
sourcePort
and sourceEndPort
in Antrea-native policy API to match traffic initiated from specific ports. (#4687, @Dyanngg)logLabel
to Antrea-native policy CRDs; the user-provided label is added to audit logs. (#4748, @qiyueyao)clientCAFile
to allow user to specify client CA. (#4664, @wenyingd)status.egressIP
field for Egress to represent the effective Egress IP. (#4603, @tnqn)Failed
phase in ANP status for the case when all Agents have reported the status and at least one failure is received. (#4608, @wenyingd)ovs_flow_count
Prometheus metrics. (#4893, @cr7258)