Kube-router, a turnkey solution for Kubernetes networking.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by mrueg over 2 years ago
Full Changelog: https://github.com/cloudnativelabs/kube-router/compare/v1.4.0...v1.5.0
Published by mrueg almost 3 years ago
Published by aauren almost 3 years ago
<Aaron U'Ren>
<Murali Reddy>
<Murali Reddy>
<Aaron U'Ren>
<Lucas Mundim>
<Lucas Mundim>
Published by mrueg over 3 years ago
afd5dd7e .github/workflows: Fix yaml error
127132b1 .github: Fix tag workflow
112deed4 go.mod: Update dependencies
de5526e2 .github: Fix tag workflow
e79f024e .github: Fix Tag/Push workflow
4a3940f5 .github/workflows: Small fix
e433f0ef Apply review feedback
0914305d Build binaries via Dockerfile, migrate to Github Actions
366b95f2 build(deps): bump github.com/prometheus/client_golang
cef7f47e build(deps): bump k8s.io/cri-api from 0.21.0 to 0.21.2
2521525a gobgp: Version bump to 2.29.0
59b2c447 build(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0
039f87d3 build(deps): bump github.com/aws/aws-sdk-go from 1.38.55 to 1.38.70
7f6115dd build(deps): bump k8s.io/client-go from 0.21.1 to 0.21.2
73b1b03b cache the check of wait option support in iptables-restore
751981c3 update alpine image to 3.14 for latest iptables-restore command with --wait option, and use wait where its available
468670be go.mod: Update to gobgp 2.28.0
c8f7daf7 fix lint errors
2c4dd7d5 addressing review comments
4c8cfc9c bug fix
93fe004c bug fixes
3d407dc4 make rules to ACCPET related/established traffic as first entry in pod firewall chain
d684ec0c add logic to explicitly ACCEPT traffic from/to the pod if its permitted by applicable network policies. If there are no network policies then by default ACCEPT the pod traffic
21473edf Add support for kubernetes endport field (#1080)
91a1b374 .github: Add Go Releaser Step (#1100)
011b7aa1 fix typo Gracefule -> Graceful
b39923a8 build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
5ed68d4a build(deps): bump github.com/aws/aws-sdk-go from 1.38.30 to 1.38.55
ea1605e1 build(deps): bump github.com/onsi/ginkgo from 1.16.1 to 1.16.4
863bd4d7 build(deps): bump k8s.io/klog/v2 from 2.8.0 to 2.9.0
2a56d3c2 build(deps): bump github.com/docker/docker
cf08cf5d build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0
abd4eea6 build(deps): bump k8s.io/client-go from 0.21.0 to 0.21.1
7e92ad9b fix(goreleaser): add version and date to published binaries
d90c7532 fact(NPC): refactor isPodUpdateNetPolRelevant
1a82db75 fix(NPC): check if new pod is actionable
3dc5c3fb fix(NPC): remove HostNetwork check from OnPodUpdate
13e0a398 fix(NPC): check if pod is actionable
fa8d69ed fix: add locking around ipset invocations
e8a81f31 .github: Enable dependabot to manage dependencies
21c52909 feat(iptables): add upstream wrapper script
295c8620 travis-deploy: Log into docker
612d9a39 Update Build and Test Procedures
c38c3acf build-image: Remove outdated script
4306e5d4 feat(DSR): make TCPMSS based on primary link MTU
a6105962 fact(GetMTUFromNodeIP): move up a layer of abstraction
e223ea80 Fix DSR(tunneling) mode mtu limit
45b7fd1d fix(NPC): parse NodePorts as unsigned ints
14a03a62 fix(bgp.md): misspellings and doc conformance
9cbc3763 feat(bgp): add BGP communities support via node annotation
ae9d0e31 fix(bgp_policies_test.go): actually test policy
fa7bcdeb fix(bgp_policies_test.go): use startBgpServer()
a5d65607 fact(bgp_policies_test): move BGP policy tests into their own file
b2d8af48 doc(bgp.md): add info about password file configs
fce90b07 Oops, i guess my unit test was flaky in #1068
e94cba60 go.mod: Update dependencies
0ad00df0 Mention k0sproject in getting started guide
2460189a skip host network pods when selecting pods to apply ingress/egress netpol
52551279 skip hostnetwok pod's from enforcing network policies
c555f912 update maintainers (#1074)
bd5ee4f7 fix(nsc): Overly eager IPVS updating
f0e1a13b Makefile: Apply workaround for go install on multi-arch
e8c1ba7e Use go install for gobgp
8d473173 moq: Regenerate
66247fec Update dependencies
a821284e Update to go 1.16
18d2a3b9 Swap temporary IPSets during ipset restore (#1068)
ef827d3d fix: protect uint32 conversion
1816886c fix: remove possible BGP password leak via logs
be01f317 fact: other misc cleanups
0faf772f fix: don't overload function names with vars
53cfbe30 fix: return early when we might be holding nil references
4efa5ccc fact: remove function parameters that are never referenced
a86b3fad fact: handle errors from Close() explicitely
57ddac3a fact(NSC): consolidate repeat logic
96675e62 fix: don't capitalize error messages
e9c77d0a fix(comments): misspellings and bad doc strings
1c961ba3 fix: don't check upper bound of 16 bit int
94785f1a .github: Add codeql scanner
70aa0287 doc(testing.md): remove vagrant-based testing doc
2931e538 fix(vagrant): remove vagrant stuff that hasn't worked in a while
46f54e96 Fix PMTU discovery for service IPs (#733)
d74f5c8a doc(user-guide.md): clarify externalips hairpin option
5fc39db6 Add hairpin support for externalIps
7d47aefe Replace github.com/golang/glog with k8s.io/klog/v2
6bedf270 Drop vendor, update dependencies, upgrade docker images (#1052)
Published by mrueg over 3 years ago
afd5dd7 .github/workflows: Fix yaml error
Published by mrueg over 3 years ago
112deed go.mod: Update dependencies
Published by mrueg over 3 years ago
e79f024 .github: Fix Tag/Push workflow
Published by mrueg over 3 years ago
91a1b37 .github: Add Go Releaser Step (#1100)
Published by aauren over 3 years ago
fdfa27dc fix: add locking around ipset invocations
cb3a91ae fact(NPC): refactor isPodUpdateNetPolRelevant
f586d52a fix(NPC): check if new pod is actionable
85208653 fix(NPC): remove HostNetwork check from OnPodUpdate
81d52c21 fix(NPC): check if pod is actionable
476c07c8 feat(iptables): add upstream wrapper script
6baff81a fix(NPC): parse NodePorts as unsigned ints
c139c044 Oops, i guess my unit test was flaky in #1068
e49c255e skip host network pods when selecting pods to apply ingress/egress netpol
a042e0ea skip hostnetwok pod's from enforcing network policies
9f790015 fix(nsc): Overly eager IPVS updating
6aa3fa92 Replace github.com/golang/glog with k8s.io/klog/v2
162e64d0 Drop vendor, update dependencies, upgrade docker images (#1052)
Published by mrueg over 3 years ago
1943023b Swap temporary IPSets during ipset restore (#1068)
Published by mrueg over 3 years ago
6bc6110b dont return error if there are no CIDR details configured in cni conflist
c309b276 skip logging Error when there is no Service object for an Endpoint
Published by murali-reddy over 3 years ago
This release addresses performance issues related to network policy enforcement. Network policy enforcement is significanly faster. Also support for DSR(Direct server return) functionality has been expanded to any CRI's in additions to Docker.
Thanks to all the contributors who submitted the PR's and helped with testing.
f4b7d613 support egress to namedport without dst address (#1037)
43c3c9de Handle headless services (#1047)
1fb08200 fix(npc): sync npc on pod label changes (#1046)
40512f10 serialize the iptables changes by NRC and NPC while starting
99cb40b0 while doing ipset restore, ensure sets are flushed before adding entries
187a3f23 fix(ipset): add type option to RefreshSet
d1e1923b prevent iptable command calls when necessary rules already exists
fe515d1b fix(pod.go): ensure traffic at end of chain is only dropped once
22b031be feat(metrics): add more iptables sync metrics
95299a4c fix(pod.go): comment quoting issues
afd866c0 use ipset save and restore to modify ipset to reduce exec calls
888cac91 use iptables-save and iptables-restore commands to consolidate individual iptables command that are run during full network policies sync
8f2e26a6 Update deps for k8s, cni and golang (#1030)
81057340 metrics: Add metric for build_info (#1031)
49b9add0 Making IPIP/tunnel and override-nexthop independent (#1025)
53d66ebd adding missing vendor files
ca2008e5 feat: simple CRI implementation in addition to Docker, required for DSR functionality. CRI compliant runtimes support (e.g. containerd, cri-o, etc.) (#1027)
2ba6f408 It appears as though this line is no longer relevant (#1029)
ee9f6d89 Update dependencies (go-iptables, cni) (#996)
c4eba17a Makefile: Drop outdated glide command (#1018)
c1458853 resolving merge conflicts of PR-964
54b921f1 Merge remote-tracking branch 'iamakulov/master'
4e13a1db Update RBAC apiVersion from v1beta1 to v1 (#1016)
e16f2077 npc code restructuring (#1007)
4c05ef20 Return an error if BatchAdd errors
1a487d21 Remove options passed to .Refresh()
a79ededd Improve ipset performance with large sets
Published by mrueg almost 4 years ago
f8aed0c9 fix(nrc): multiple services with the same VIP
46e903aa remove deprecated netpol beta API support (#1001)
7769a0cb Update golang.org/x/net dependency
def8f547 Update to golang 1.15 and alpine-3.12
2b3f39c2 Update bgp.md (#1000)
fd5af182 Cleanup non-DSR externalIPs
Published by murali-reddy about 4 years ago
k8s.io/client-go
, k8s.io/apimachinery
, k8s.io/api
are updated to v0.18.8
dep
is no longer used, we will be using go modules going forward for dependency managementbreaking changes
kube-bridge
bridge interface. If you do not wish to change the MTU please set --auto-mtu
to false. Please see https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#mtu if you would like to manually configure the MTU value.400e4963 update go.sum
d1a23160 .gitignore: Drop vendor folder (#993)
8e3f36c6 Add LoadBalancer to getExternalIPs (#995)
92b914e7 review comments
7904b7c9 addressing review comments
947bb246 fix lint error
db1bd561 set mtu
in cni spec to auto configure MTU's of the pod's veth's and kube-bridge interfaces
d32d651d go.mod: Vendor newer prometheus and k8s (#990)
5a5e835d fix(network_policy): mask mark reset on FW marks (#992)
824614d1 Add Support for Reading Peer Passwords via a File (#986)
Published by murali-reddy about 4 years ago
k8s.io/client-go
, k8s.io/apimachinery
, k8s.io/api
are updated to v0.18.6
dep
is no longer used, we will be using go modules going forward for dependency managementand couple of bug fixes.
ac556abe pin goreleaser to v0.142.0, latest is causing errors
3c734fb9 merge gobgp-update into master (#982)
cebe8b73 Merge pull request #981 from cloudnativelabs/lint-errors
3b992e4c fix build break due to go linter errros
7cd5235b fix(network_policy): missed gofmt on #970
827ce551 Permit ExternalIP on input (#970)
c6ef3b88 Merge pull request #975 from mrueg/conv-fix
4d1fc8d6 Fix unnecessary conversions
b7610a06 Merge pull request #974 from aauren/add_kube-router_options_to_issue_template
b4203cb5 feat(bug_report.md): add parameters section to bug report
7613a735 add IfaceHasNoAddr check for external ip delete error (#971)
0cca5f12 Merge pull request #969 from aauren/fact/sort_options
f6210dac fact(options): alphabetize imports
797ee0ae fact(options): alphabetize options by parameter name
202f92bb fact(options): alphabetize struct fields
4307bdd1 ISSUE_TEMPLATE: Add missing headers (#966)
36daba87 Setup Issue Templates (#963)
e35dc9d6 Merge pull request #958 from coufalja/random-all
68dba40d Clean original iptables rule if --random-fully is supported
d5af1a91 Merge pull request #961 from cloudnativelabs/remove_deprecated_cluster-cidr_option
5ef989c4 fix(options): remove deprecated cluster-cidr option
19a5b1a3 Merge pull request #959 from cloudnativelabs/goreleaser-ldflags
ece89870 .goreleaser.yml: Add LDFLAGS
a33089d2 [testing] run go linters (#943)
8d424ea0 Fix pod egress rule cleanup
3e33a9c7 Merge pull request #957 from qingkunl/add_nsswitch_conf
d66a3bb0 Activate --random-fully where supported
23b2b99c Bump go-iptables
17f2786f add /etc/nsswitch.conf in Dockerfile
3ab31ab9 Merge pull request #955 from cloudnativelabs/fix-build-break
bb35b9ad fix lint error: minor fix to catch the error from .bgpServer.Stop()
031a9926 Merge pull request #786 from jdrahos/rr_ipv4_785
aec73b87 fix(nsc): update IPVS svc when timeout changes (#952)
1c184624 The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices. (#921)
3fd8dc5b Merge pull request #953 from aauren/bgp_graceful_restart_time
b07f53f4 fix(graceful_restart): gofmt and doc fixes so unit tests pass
1c594b28 Allow setting BGP Graceful restart time from CLI
27857d3a Merge pull request #822 from kvaps/fix-821
c61dc8ff fix tolerations
8023f6a7 Allow to configure cluster id using IPv4 strings
Published by mrueg about 4 years ago
6af898bc add /etc/nsswitch.conf in Dockerfile
9c9e9350 fix lint error: minor fix to catch the error from .bgpServer.Stop()
8e655934 Allow to configure cluster id using IPv4 strings
606edccd fix(nsc): update IPVS svc when timeout changes (#952)
7a104ba0 fix tolerations
Published by murali-reddy over 4 years ago
If you are upgrading from v1.0.0-rc4 or earlier version following breaking changes apply:
service-cluster-ip-range
and service-node-port-range
configured to ensure pod's can access service cluster IP's and NodePort servicesb6acd0a1 stop processing service and endpoints updates if network service (#939)
b7aad2e0 doc(user-guild.md): add info about proxy and SNAT (#935)
c71eb9ad proxy: only output Error log when there's an error (#942)
fb93467c Merge pull request #929 from aauren/handle_branches_with_slashes
3156f433 Makefile: remove slashes from git branch if they exist