Squat Kilo Versions Save

Version 0.6.0 of Kilo focuses primarily on improving usability and optimizing performance, notably by reducing the number of iptables operations. 0.6.0 includes the following changes:

• feature: add initial compatibility for running as an add-on with Cilium https://github.com/squat/kilo/pull/312
• enhancement: change order of iptables encapsulation rules to reduce the number of iptables operations https://github.com/squat/kilo/pull/317
• enhancement: instrument the iptables operations with Prometheus metrics https://github.com/squat/kilo/pull/323
• fix: only write the WireGuard private key if the key was generated https://github.com/squat/kilo/pull/347
• enhancement: avoid NAT-ing packets to service CIDRs https://github.com/squat/kilo/pull/351
• enhancement: reduce iptables updates by applying rules in optimized order https://github.com/squat/kilo/pull/324
• enhancement: enable for zero-downtime updates of Kilo by not cleaning up the WireGuard interface https://github.com/squat/kilo/pull/327

Version 0.5.0 of Kilo is a small release but brings important fixes, most notably correct support for nftables. Before this version, Kilo only supported adding firewall rules via the legacy iptables API, meaning networking may have not worked as expected on nftables-based systems. 0.5.0 includes the following changes:

• fix: support for nftables-based systems https://github.com/squat/kilo/pull/302
• enhancement: expose CPU and memory profiles; this is helpful for analyzing and debugging the Kilo agent https://github.com/squat/kilo/pull/305
• enhancement: update CNI to 0.4.0 https://github.com/squat/kilo/pull/300

Note: it is strongly recommended for all users upgrade to this version of Kilo.

Version 0.4.1 of Kilo is a small patch release that ensures that all manifests included in the tag reference container images with the same tag. Thanks to @clive-jevons for #292.

Version 0.4.0 of Kilo is a huge release that introduces lots of new features and bug fixes:

• feature: introduce kgctl connect, a command to establish and maintain a VPN connection from a host, e.g. a laptop, to the cluster #269
• feature: add a validating webhook for the Kilo Peer CRD #233
• feature: add an HTTP endpoint for rendering the cluster topology graph #214
• feature: allow configuring the MTU of the Kilo WireGuard interface #215
• feature: add flag to prioritize private IP addresses during endpoint discovery #232
• enhancement: exclude local IP addresses discovered during hostname resolution #230
• enhancement: add a flag to enable a default FORWARD policy on iptables #244
• enhancement: add documentation and manifests for monitoring Kilo and WireGuard #251
• enhancement: detect if IPv6 is disabled #260
• enhancement: reduce the cluster role permissions required by Kilo #211
• enhancement: automatically generate kubeconfig for K3s deployments #212
• enhancement: install with Arkade #288
• fix: fix the generated routes for nodes behind NAT #285
• fix: respect allowed location IPs in the generated configuration for peers #287

Version 0.3.1 fixes a bug with the scoping of Kilo's Peer CustomResourceDefinition, which incorrectly caused the Peers to be namespaced (#226). Note: to upgrade from the affected version of Kilo, 0.3.0, take the following steps:

1. delete the old Kilo Peer CRD: kubectl delete crd peers.kilo.squat.ai; and
2. apply the Kilo Peer CRD manifest: kubectl apply -f https://raw.githubusercontent.com/squat/kilo/0.3.1/manifests/crds.yaml.

Version 0.3.0 includes additions to the docs, some bug fixes, and the following major features:

• support NAT to NAT communication via UDP hole punching thanks to #146 and @JulienVdG
• upgrade the Peer CRD to apiextension v1 instead of the deprecated apiextension v1beta1 #186 Note: Kilo now requires users to deploy the Peer CRD manually; to upgrade an existing cluster, take the following steps:
  1. update the Kilo image;
  2. delete the old Kilo Peer CRD: kubectl delete crd peers.kilo.squat.ai; and
  3. apply the Kilo Peer CRD manifest: kubectl apply -f https://raw.githubusercontent.com/squat/kilo/0.3.0/manifests/crds.yaml
• publish kgctl binaries for Apple's M1 architecture #187
• introduced end to end tests
• automatically detect the granularity of the Kilo mesh; so no more need for kgctl --mesh-granularity full #197
• support configuring nodes as gateways to allowed IPs outside the cluster #164

Version 0.2.0 of Kilo includes several bug fixes and the following major features:

• enable peers to use DNS names as their endpoints
• support building and running the kgctl binary on Darwin and Windows
• allow specifying a custom topology label on nodes
• enable running Kilo with userspace WireGuard
• automatically detect nodes with no private IPs and place them into unique logical locations
• reduce calls to iptables by caching lookups
• add a --resync-period flag to control the update time between reconciliation
• manually disable private IP addresses with an annotation

Version 0.1.0 marks the first official release of the Kilo project. To date, Kilo supports the following major features:

• creating multi-cloud and multi-region Kubernetes clusters;
• defining custom mesh topologies;
• allowing independent WireGuard peers to join the mesh, including other Kubernetes clusters;
• operating Kilo on top of Flannel for greater compatibility;
• functioning in an interoperable manner with Kubernetes NetworkPolicies; and
• analyzing the WireGuard mesh with a custom CLI utility, i.e. kgctl.

For more information and documentation, please take a look at the Kilo documentation at https://kilo.squat.ai.