kube-router | Docker Ecosystem Directory

Bot releases are visible (Hide)

kube-router - v2.1.3 Latest Release

Published by github-actions[bot] 5 months ago

Summary

Another bugfix release. This one fixes an issue with TCP MSS clamping (e.g. packet MTU's not being properly negotiated during TCP handshake) and an issue where iptables wasn't properly identifying that rules existed in chains causing iptables definitions to increase with every call to sync NetworkPolicy ending up in linear growth of iptables rule definitions.

Contributions

Special thanks to @rkojedzinszky for fixing the TCP MSS clamping on DSR services.

Other Notes

The iptables definition growth was seemingly caused by iptables user-space tooling v1.8.10 which means that this likely only affected users of the kube-router container that was updated to alpine 3.19. User's using kube-router as a daemon outside a container runtime, may want to be wary of updating the iptables user-space to that version.

Changelog

f6c45f37 - feat(alpine): revert 3.19 -> 3.18 <Aaron U'Ren>
e980a17b - fix(nsc): remove previous TCPMSS rules during setting up DSR <Richard Kojedzinszky>
defdf64a - fix(nsc): remove previous TCPMSS rules <Aaron U'Ren>
b1070f11 - feat(nsc): apply TCPMSS rules on kube-bridge interface only <Richard Kojedzinszky>
5fdde068 - fix(nsc): TCPMSS rules are created per-service and for reply packets only <Richard Kojedzinszky>

kube-router - v2.1.2

Published by github-actions[bot] 5 months ago

Summary

Fixes a problem where ipsets were not getting tracked correctly across different IP families for dual-stack clusters. This caused instances where communication with the pod would no longer work correctly after a pod, that had a NetworkPolicy applied to it, got a new IP address such as during restarts or the like.

Changelog

82f7917e - fix(ipset): reset ipset handler before use <Aaron U'Ren>
d086841a - fact(ipset): simplify cleanup code by reducing family complexity <Aaron U'Ren>
28585f65 - fix(ipset.go): make IP families distinct in ipset handler <Aaron U'Ren>
2d2850aa - feat(ipset.go): add set type and new line to debug msg <Aaron U'Ren>

kube-router - v2.1.1

Published by github-actions[bot] 6 months ago

Summary

This release fixes a lot of issues that have been present since the release of v2.0.0. v2.0.0 has been gaining adoption slowly and it has only been recently that users have been reporting some of the issues related with dual-stack configurations.

The big additions for this release include:

Fixing broken compatibility with iptables-legacy systems experienced with the upstream kube-router container since version v2.1.0 (which is when Alpine 3.19 was introduced). There are now tests to ensure that this type of regression doesn't happen again.
Fixes IPv6 network policy which has been substantially broken since v2.0.0. When IPv6 network policy was introduced, it was missed that iptables statements need to reference these sets via the inet6 prefix in order to use them correctly. As such, most network policies were not correctly applying.
kube-router no longer activates the hairpin controller which was introduced in v2.1.0, instead relying on user's correctly configuring their CNI with hairpinMode: true (see https://www.kube-router.io/docs/user-guide/#hairpin-mode for more details)
Adds fallback logic for referencing rt_tables, the path of which changed in versions of iproute2 v6.5.0 and above. Users that have newer systems, enable DSR, and run kube-router within a container should check to ensure this file is mounted correctly within the kube-router container.
kube-router no longer tries and fails to enter pods to setup DSR for pods that are not scheduled on it's node
kube-router no longer tries and fails to setup DSR for pods that are part of the host's network
Fixes --cleanup-config mode which has been broken since v2.0.0 (please see docs for updated examples of how to run this from within a container)

Special Note for Users that Run Hairpin Mode Enabled Services

If you use hairpin mode either as a service annotation or a CLI parameter to kube-router, we recommend that you check your CNI configuration file to ensure that you are setting "hairpinMode":true on the bridge CNI plugin. This is the only way that hairpin mode will work correctly as the previous hairpin controller built into kube-router has now been disabled as it was a tricky implementation and had significant problems with irregular containers.

If you find that you need to add this to your CNI config file, please ensure that kubelet has been restarted, and that any pods that rely on hairpinning have been restarted as well.

See https://www.kube-router.io/docs/user-guide/#hairpin-mode for more information.

Contributions

A big thanks @elchenberg & @xujunjie-cover for contributing fixes for this release!

Changelog

e42792f4 - kubeadm-kuberouter-all-features-dsr.yaml: update to include hairpinMode <Aaron U'Ren>
317c754a - fix(hairpin): rely on CNI hairpin mode <Aaron U'Ren>
9d9b796d - fix(service_endpoints_sync): bail out of DSR when HostNetwork detected <Aaron U'Ren>
a633849d - feat(NSC.utils): add getPodListForService & getServiceForServiceInfo <Aaron U'Ren>
b270750f - fact: nsc.getPodObjectForEndpoint -> nsc.getPodObjectForEndpointIP <Aaron U'Ren>
567c8913 - fix(linux_networking): add more information to errors <Aaron U'Ren>
e40f46ed - fix(user-guide.md): update cleanup example <Aaron U'Ren>
ecaad2c6 - fix(cleanup): add missing handlers for cleanup <Aaron U'Ren>
7755b4a6 - fix(node.go): improve logic for GetNodeObject <Aaron U'Ren>
d12f422f - fix(policy): generate ipv6 names correctly <Aaron U'Ren>
2c7151b5 - fix(policy.go): use new utility method ipSetName <Aaron U'Ren>
c762eaf2 - feat(ipset): add more name utilities <Aaron U'Ren>
ada3179c - fix: wrong ipset name used by ip6tables. <xujunjie-cover>
b423b1fe - feat(NSC): ensure rp_filter is set correctly <Aaron U'Ren>
af1b07ae - fix(service_endpoints_sync.go): error to be indicative of failure type <Aaron U'Ren>
421a1130 - fix(DSR): setup DSR inside pod on local eps only <Aaron U'Ren>
886c1d7c - feat(Dockerfile): use iptables-wrapper go binary <elchenberg>
683ef6e3 - feat(Dockerfile): remove obsolete nsswitch.conf creation <elchenberg>
c685f2f7 - feat(Dockerfile): add checks for required binaries <elchenberg>
b1cc1584 - fix(Dockerfile): install iptables-legacy package <elchenberg>
4b011db7 - Fix typo <Jean-Philippe Evrard>
5b4975b7 - build(deps): bump github.com/osrg/gobgp/v3 from 3.23.0 to 3.25.0 <dependabot[bot]>
f37444f7 - build(deps): bump golang.org/x/net from 0.22.0 to 0.24.0 <dependabot[bot]>
8ab6f492 - build(deps): bump google.golang.org/grpc from 1.62.0 to 1.63.2 <dependabot[bot]>
bd640c31 - build(deps): bump github.com/aws/aws-sdk-go from 1.51.11 to 1.51.21 <dependabot[bot]>
1bae5d5a - build(deps): bump actions/stale from 8 to 9 <dependabot[bot]>
b1f7b9aa - build(deps): bump github.com/stretchr/testify from 1.8.4 to 1.9.0 <dependabot[bot]>
58fe1393 - build(deps): bump github.com/onsi/gomega from 1.31.1 to 1.32.0 <dependabot[bot]>
5c871a50 - build(deps): bump docker/setup-buildx-action from 2 to 3 <dependabot[bot]>
5fc29148 - build(deps): bump github.com/aws/aws-sdk-go from 1.51.2 to 1.51.11 <dependabot[bot]>
a7375766 - build(deps): bump docker/login-action from 2 to 3 <dependabot[bot]>
260759f5 - build(deps): bump actions/setup-go from 4 to 5 <dependabot[bot]>
1db3438b - fix: rt_tables -> rt-tables in daemonset examples <Aaron U'Ren>
70920609 - fix(rt_tables): add path fallback logic <Aaron U'Ren>
7f677917 - build(deps): bump github.com/docker/docker <dependabot[bot]>
0a2a9d44 - build(deps): bump github/codeql-action from 2 to 3 <dependabot[bot]>
614d4728 - doc(DSR): add /etc/iproute2/rt_tables caveat <Aaron U'Ren>
19099187 - build(deps): bump the k8s-dependencies group with 4 updates <dependabot[bot]>
f9d1528a - build(deps): bump docker/setup-qemu-action from 2 to 3 <dependabot[bot]>
603afcea - build(deps): bump google.golang.org/protobuf from 1.32.0 to 1.33.0 <dependabot[bot]>
49bde6e8 - build(deps): bump goreleaser/goreleaser-action from 4 to 5 <dependabot[bot]>
ef105688 - build(deps): bump docker/build-push-action from 4 to 5 <dependabot[bot]>
1811ae8a - build(deps): bump github.com/aws/aws-sdk-go from 1.50.30 to 1.51.2 <dependabot[bot]>
48186246 - build(deps): bump golang.org/x/net from 0.21.0 to 0.22.0 <dependabot[bot]>
8c5bdbf7 - build(deps): bump actions/checkout from 3 to 4 <dependabot[bot]>
785f8148 - dependabot: Group kubernetes dependencies <Manuel Rüger>
5bbbd13f - doc(CONTRIBUTING.md): fix relative link <Aaron U'Ren>
cff45a66 - docs(index.md): improve styling <Aaron U'Ren>

kube-router - v1.6.1

Published by github-actions[bot] 6 months ago

Just some small fixes for DSR on the v1.6.X release line.

Changelog

4d8eecda - feat(ci.yml): don't update latest tag for v1.6 releases <Aaron U'Ren>
a382475c - fix(rt_tables): add path fallback logic <Aaron U'Ren>

kube-router - v2.1.0

Published by github-actions[bot] 8 months ago

Summary

The major theme of this kube-router release is to make kube-router fully conformant with the end-to-end upstream sig-network tests. These are tests that the Kubernetes project provides for testing significant networking features and becoming conformant with the tests means that the networking functionality of kube-router is more consistent with other network providers like kube-proxy, Calico, and Cilium.

Major New Features / Fixes

kube-router's init container now installs CNI plugins when they are missing. The location for these plugins can be controlled by setting the environment variable HOST_BIN_PATH within the init container, but will default to /opt/cni/bin. This is something that all major Kubernetes networking providers do, but kube-router has not done in the past. For more information on CNI plugins, please see: https://github.com/containernetworking/plugins
kube-router now implements .spec.healthCheckNodePort which has long been a part of the Kubernetes service specification, but kube-router hasn't implemented it until now. This port is meant to give visibility about whether or not an endpoint for a service exists on a node to workloads outside the Kubernetes cluster. If a service endpoint is on the node, then this port returns a 200 HTTP response, otherwise it returns a 503 HTTP response if no endpoint exists on the node. By choosing a node that contains an endpoint, a client can ensure source IP preservation.
Hairpinning in kube-router is now fixed. kube-router now has a dedicated controller to ensuring that the veth interface inside the container is in promiscuous mode. This used to be handled by kubelet and then it was handled by docker-shim and then it was removed entirely. As far as I can tell, it was never ported to containerd or cri-o. Without this functionality, return traffic ends up getting black-holed before it is routed outside of the container. For more details see: https://github.com/cloudnativelabs/kube-router/commit/0f3714b9b758f24de0b1911c148bdba8d87de9b6
Users can now specify --metrics-addr to choose the IP address that kube-router listens on when providing Prometheus metrics
Users can now specify custom protocol timeouts for IPVS services exposed by kube-router
- --service-tcp-timeout - (default: 0s preserves system value, typically 900 seconds)
- --service-tcpfin-timeout - (default: 0s preserves system value, typically 120 seconds)
- --service-udp-timeout - (default: 0s preserves system value, typically 300 seconds)
kube-router now abides by the service label service.kubernetes.io/service-proxy-name. Setting this label to something other than kube-router will result in kube-router ignoring the service
kube-router now honors spec.internalTrafficPolicy and implements spec.externalTrafficPolicy correctly. For more information see: https://kubernetes.io/docs/reference/networking/virtual-ips/#traffic-policies for more information

Backward Compatibility Breaks

kube-router now serves traffic to endpoints that that have a status of either ready or serving. See: https://kubernetes.io/docs/concepts/services-networking/endpoint-slices/#conditions for more information on the differences between these conditions. Before this release, kube-router only served traffic to ready endpoints, which improperly ignored pods that were in Terminating status. This change makes kube-router compliant with the upstream standards.

The release switches from Alpine base 3.18 to 3.19 which changes the iptables backend from iptables to nftables. This is a pretty big change, since the two backends are not mixable. The kube-router project recommends coupling this upgrade with a rolling restart of the nodes in your cluster so that the iptables rules get flushed alongside the upgrade.

Other Notes

If you're running kube-router in a container and use hairpinning, make sure that hostPID: true is set on your kube-router pod. This is the only way that kube-router is able to properly set the veth interface into promiscuous mode. This attribute has now been added to all of the official kube-router DeaemonSet YAML files

Major Dependency Updates

This release also updates:

Alpine base container from 3.18 to 3.19
Go from v1.20 to v1.21
Kubernetes from v1.28 to v1.29

Contributions

Thanks to:

@nextsux - For improving overlay tunnel device binding
@jpiper - For adding the ability to configure an IP to bind metrics to
@mrueg - For always keeping our dependencies up to date
@AlexisDucastel - For testing the CNI plugin installation functionality
@hakman - For helping us improve the upstream e2e tests and providing kOps support and feedback

Changelog (from v2.0.1 - v2.1.0)

a7d7ac5d - feat(alpine): update 3.18 -> 3.19 <Aaron U'Ren>
5b56e6c6 - feat(goreleaser): update v1.21.2 -> v1.24.0 <Aaron U'Ren>
a6488004 - feat(moq): update v0.3.2 -> v0.3.4 <Aaron U'Ren>
46a1b179 - feat(go): upgrade 1.20.13 -> 1.21.7 + dep update <Aaron U'Ren>
c3562897 - feat(lint): update markdownlint v0.37.0 -> 0.39.0 <Aaron U'Ren>
47fe189f - feat(lint): update golangci-lint and fix lint errors <Aaron U'Ren>
9a136c1b - feat(NSC): implement NodePort Health Check <Aaron U'Ren>
7aec8d04 - doc(NSC): add comment for hairpin controller <Aaron U'Ren>
959022fd - feat(NSC): add endpoint statuses to internal struct <Aaron U'Ren>
16daa08c - feat(NSC): add endpoints that are ready or serving <Aaron U'Ren>
efddb2ea - Bump dependencies <Manuel Rüger>
3a1efa0e - dual_stack_issue_report.md: remove issue report template <Aaron U'Ren>
dda7ce61 - doc(cni): CNI requirements and install process <Aaron U'Ren>
a57a2261 - feat(cni): add binaries to host when missing <Aaron U'Ren>
98eea791 - doc(user-guide.md): add info about traffic policies <Aaron U'Ren>
fcd21b47 - feat: fully support service traffic policies <Aaron U'Ren>
84042603 - feat: increase unit test coverage <Aaron U'Ren>
24505f03 - fact(service_endpoints_sync.go): standardize error handling <Aaron U'Ren>
d3cf4d13 - feat(NSC): add / clarify log messages <Aaron U'Ren>
d757f49d - feat(NSC): honor headless label <Aaron U'Ren>
8afdee87 - fact(NSC): differentiate headless services <Aaron U'Ren>
30d37695 - fact(NSC): update Errorf syntax <Aaron U'Ren>
a0fe844a - feat(NSC): honor service-proxy-name label <Aaron U'Ren>
ced5102d - feat(NSC): add IPVS service timeouts <Aaron U'Ren>
47290a7e - build(deps): bump k8s.io/client-go from 0.28.3 to 0.28.4 <dependabot[bot]>
27f2283b - build(deps): bump k8s.io/cri-api from 0.28.3 to 0.28.4 <dependabot[bot]>
a6de8cb9 - build(deps): bump github.com/aws/aws-sdk-go from 1.48.10 to 1.48.16 <dependabot[bot]>
eb462bae - feat(linux_networking.go): add more error info <Aaron U'Ren>
eb262887 - fix(manifests): add hostPID for hairpin <Aaron U'Ren>
aebaa48e - fix(NSC): handle endpoint slice ready nil <Aaron U'Ren>
0f3714b9 - fix(hairpin): set hairpin_mode for veth iface <Aaron U'Ren>
3ea293d5 - build(deps): bump github.com/aws/aws-sdk-go from 1.47.9 to 1.48.10 <dependabot[bot]>
4b863e90 - build(deps): bump k8s.io/api from 0.28.3 to 0.28.4 <dependabot[bot]>
f575d318 - build(deps): bump github.com/osrg/gobgp/v3 from 3.20.0 to 3.21.0 <dependabot[bot]>
724588c6 - build(deps): bump golang.org/x/net from 0.18.0 to 0.19.0 <dependabot[bot]>
448f8b6f - build(deps): bump github.com/aws/aws-sdk-go from 1.45.24 to 1.47.9 <dependabot[bot]>
0209ac56 - build(deps): bump google.golang.org/grpc from 1.58.3 to 1.59.0 <dependabot[bot]>
b00a997e - build(deps): bump github.com/onsi/gomega from 1.29.0 to 1.30.0 <dependabot[bot]>
595d3e46 - build(deps): bump golang.org/x/net from 0.17.0 to 0.18.0 <dependabot[bot]>
fcf0ad91 - prometheus metrics: add option to specify listen address <Jason Piper>
961c63b0 - build(deps): bump github.com/onsi/gomega from 1.27.10 to 1.29.0 <dependabot[bot]>
b13cedc5 - build(deps): bump k8s.io/client-go from 0.28.2 to 0.28.3 <dependabot[bot]>
49314ab6 - build(deps): bump k8s.io/cri-api from 0.28.2 to 0.28.3 <dependabot[bot]>
e0861fc9 - build(deps): bump github.com/osrg/gobgp/v3 from 3.19.0 to 3.20.0 <dependabot[bot]>
44d81088 - build(deps): bump github.com/docker/docker <dependabot[bot]>
66890d5f - feat: Disable binding overlay tunnels to specific device <Martin -nexus- Mlynář>
f41defce - build(deps): bump google.golang.org/grpc from 1.58.2 to 1.58.3 <dependabot[bot]>
9d6b6474 - doc(user-guide): remove bootkube, add k3s <Aaron U'Ren>
e8be179e - doc(RELEASE.md): add more information <Aaron U'Ren>
a00778e7 - feat(.goreleaser.yml): add prerelease and header to release <Aaron U'Ren>
eb30de91 - lint: add markdownlint to linting <Aaron U'Ren>
dad4991d - doc: update and format all documentation <Aaron U'Ren>
64426896 - doc(user-guide.md): update formatting <Aaron U'Ren>
dbd741a5 - doc(introduction.md): update and format <Aaron U'Ren>
43791045 - doc(generic.md): update and format <Aaron U'Ren>
1957907b - doc(kubeadm.md): update and format <Aaron U'Ren>

kube-router - v2.0.1

Published by github-actions[bot] 12 months ago

Summary

Fixes a major bug for single stack systems in the service proxy controller. Additionally adds a warning between release v2.0.0 - v2.1.0 about breaking changes.

Changelog

b36775a5 - feat(version): add version message mechanism <Aaron U'Ren>
503f9fe7 - fix(NSC): only run for enabled families <Aaron U'Ren>
9b0c575a - build(deps): bump golang.org/x/net from 0.16.0 to 0.17.0 <dependabot[bot]>
8ccd687a - fix(Makefile): version and build date for v2 <Aaron U'Ren>

kube-router - v2.0.0

Published by github-actions[bot] about 1 year ago

Summary

kube-router v2.0.0 is a major release that the project has been working on for almost a year. We're very excited to finally enable some long-requested features.

Its worth noting, that almost 50% of the existing code base had to be modified in order to bring this release to fruition. We've done testing via the several release candidates that we've released over the last few months (huge thanks to all of the users that engaged that by submitting fixes or reporting bugs), but I'm sure that there are still a few out there that we haven't caught yet.

The project recommends that users approach deploying this release to their production critical clusters with caution. If you do find a bug, please open a new GitHub Issue with the Report a v2.0.0 Release Issue issue type so that we can resolve it as soon as possible.

Major New Features

Dual-Stack implemented in all kube-router controllers (e.g. --run-firewall, --run-router, --run-loadbalancer, & --run-service-proxy)
IPAM management for LoadBalancer service types (previously kube-router would only perform BGP, firewall, and proxy functionality and users would need to supplement kube-router with something like MetalLB to get IPs from a pool for their LoadBalancer services)
FoU tunneling capability added for pod networking (previously only ipip was supported)

Backward Compatibility Breaks

Tunnel names have changed, so if you run kube-router with an overlay network (ipip tunnels), you'll want to deploy this update carefully. At this point, the project recommends doing a rolling-reboot of nodes after the application (or as part of) of this release to ensure that unused tunnels are properly cleaned up and don't have a negative impact on traffic flows.

As part of this work, kube-router now needs to be able to get, list, and watch EndpointSlice objects. Please make sure to update your ClusterRole RBAC before deploying this release if you use kube-router with the --run-service-proxy functionality enabled or you'll get an error. For examples of this RBAC please see the daemonset examples.

Other Notes

Dual-stack handling is fairly complex and it comes with a few gotchas. Users that want to enable dual-stack features should carefully read the IPv6 / Dual-Stack Support in kube-router documentation to ensure that they fully understand the feature set, requirements, and limitations.

If you want to run the new load balancer controller (e.g. --run-loadbalancer) kube-router will need some additional RBAC and requires a few environment variables set. See load-balancer allocation docs for more information.

For more information on enabling or migrating to FoU tunneling and any caveats on doing so, please see the Tunnels in kube-router documentation.

Now that kube-router has dual-stack capability, it doesn't make sense to have an annotation that can only represent a single pod CIDR any longer. As such, with this release we are announcing the deprecation of the kube-router.io/pod-cidr annotation in favor of the new kube-router.io/pod-cidrs annotation see the IPv6 / Dual-Stack Support in kube-router documentation for more information.

Major Dependency Updates

This release also updates:

Alpine base container from 3.17 to 3.18
Go from v1.19 to v1.20
Kubernetes from v1.25 to v1.27
GoBGP from v3.11.0 to v3.17.0.

Contributions

A release this big would not be possible without an awesome community. Thanks so much to all of the following people that helped play a part in this release: @brandond, @iggy, @whooo, @BoleynSu, @k-raval, @rwagoner, @vadorovsky, @thomasferrandiz, and @mrueg

Changelog (from v1.6.0 - v2.0.0)

1c89be87 - feat(go): upgrade 1.20.7 -> 1.20.9 <Aaron U'Ren>
3db03ccf - feat(dep): upgrade all dependencies <Aaron U'Ren>
d2c3858c - feat(goreleaser): upgrade v1.14.1 -> v1.21.2 <Aaron U'Ren>
1a4896f4 - feat(lint): upgrade golangci-lint v1.50.1 -> v1.54.2 <Aaron U'Ren>
678b7129 - fix(ecmp_vip.go): non-local service advertisement <Aaron U'Ren>
1a891c33 - fix(dsr): add family specific link inside pod <Aaron U'Ren>
514a8af7 - fix(dsr): add family for fwmark <Aaron U'Ren>
c92f76aa - fix(service_endpoints_sync.go): use save command <Aaron U'Ren>
9abe20d5 - fix(NSC): compare all pod IPs for endpoint check <Aaron U'Ren>
9f23cf5a - fix(linux_networking.go): add better error messages <Aaron U'Ren>
7ce09a64 - fix(linux_networking.go): don't return err on warn <Aaron U'Ren>
9d63cc68 - feat(debug): add some extra debug at level 3 <Aaron U'Ren>
4c6e19f2 - feat(ipset): consolidate ipset usage across controllers <Aaron U'Ren>
c62e1b79 - feat(linux_networking.go): add more logging info <Aaron U'Ren>
da73dea6 - feat(NSC): use EndpointSlice instead of Endpoints <Aaron U'Ren>
15cd4eb0 - feat(nsc): add more insight into sync steps <Aaron U'Ren>
81bc9e20 - fix(nsc): don't modify netmask during flag setup <Aaron U'Ren>
903466b7 - fix(nsc): fail fast during init <Aaron U'Ren>
25ecb098 - feat(nsc): add dualstack capabilities <Aaron U'Ren>
f397a1f0 - feat: increase log level for save/restore msgs <Aaron U'Ren>
a6cd5b00 - lint(metrics_controller.go): reduce line length <Aaron U'Ren>
68a7d03b - fix: take family metrics out of defer <Aaron U'Ren>
301e856a - fix(NPC): remove redundant assign <Aaron U'Ren>
b06b4f05 - Move ipset restore outside policy loop <Brad Davidson>
e34ef29f - Add additional save/restore metrics <Brad Davidson>
aa107d63 - Make metrics registerer/gathererer replacable <Brad Davidson>
e6f668cb - fix: syntax updates for Go 1.20.X and k8s 1.27 <Aaron U'Ren>
5cf1265f - fix(NRC): prevent adding routes with mixed families <Aaron U'Ren>
bab0d4ff - feat(bgp_policies.go): don't override-nexthop for internal peers <Aaron U'Ren>
afdf553f - add loadbalancer address allocator <Erik Larsson>
7699d165 - doc(tunnels.md): add info about changing live clusters <Aaron U'Ren>
ddf857de - doc(tunnel): add information about tunnels <Aaron U'Ren>
944ab917 - fix(FoU): make more robust <Aaron U'Ren>
bac4ae62 - fix(FoU): add docs, sanity checking, and logic reduction <Aaron U'Ren>
2a57d6c1 - Adding FoU encapsulation over IPIP tunnel : added checks for restart and multi-node cases <Kartik Raval>
6ce37e61 - Support for FoU encapsulation for IPIP tunnel <Kartik Raval>
48610217 - fix(NPC): update IPBlocks to be ipFamily specific <Aaron U'Ren>
f0d7f1e1 - netpol: Fix ipset only containing one IP when port name is used. <Boleyn Su>
384ed97a - fix(bgp_policy): allow for statement add / remove <Aaron U'Ren>
1d5c9ce2 - fix(ecmp_vip): update VIPs based on svc change <Aaron U'Ren>
f5ac980b - fix(bgp_policies.go): return -> continue on family set evaluation <Aaron U'Ren>
3387f5c1 - use JoinHostPort for GRPC listen address <Erik Larsson>
76ffcbdb - add generation of router id based on hash of primary IP <Erik Larsson>
57c9b086 - fix(ecmp_vip.go): ClusterIP -> ClusterIPs <Aaron U'Ren>
fe939782 - feat(bgp_policies_test.go): use different IP ranges <Aaron U'Ren>
31c22ff6 - fix(bgp_policies.go): don't get BGP peers twice <Aaron U'Ren>
06f5f8ba - feat(go): update package version to /v2 <Aaron U'Ren>
e51ee3ae - fix(NPC): add warning for unsupported family <Aaron U'Ren>
4e1679f0 - fix(NPC): don't add chains for missing family <Aaron U'Ren>
a2bb2ba8 - doc(bgp.md): clean up grammar and syntax <Aaron U'Ren>
0ecb51de - fix(NPC/pod): check drop policy on ipv4 & ipv6 <Aaron U'Ren>
367aedf8 - fix(bgp_policies): add empty DS set checking <Aaron U'Ren>
aeb51ba6 - fact(bgp_policies): rename clusterIPPrefixSet -> serviceVIPIPPrefixSet <Aaron U'Ren>
6e038360 - fact(bgp_policies): abstract get DS for GoBGP <Aaron U'Ren>
67254ad2 - fix(ecmp_vip): handle ipv4 & ipv6 protocols <Aaron U'Ren>
5f952e0f - test(bgp_policies_test): add local address <Aaron U'Ren>
ec12fda8 - fix(node): do nil checking on FindBestIP util funcs <Aaron U'Ren>
5d7f62c5 - fix(NRC): ensure local addr IP is bindable early <Aaron U'Ren>
67abc4b8 - fix(bgp_peers): adv. AfiSafi based on capabability <Aaron U'Ren>
c491bcb4 - fix(bgp_peers): do peer only if IP protos match <Aaron U'Ren>
0023dedc - fix(NRC): error when nec. host IP not found <Aaron U'Ren>
4f284be5 - fix(NRC): add IPv6 logic to bgp-local-addresses <Aaron U'Ren>
51f46964 - feat(ci): run CI on version prep branches and MRs <Aaron U'Ren>
b3e07682 - fix(options): make clusterIP specification similar to other options <Aaron U'Ren>
a31511d9 - fix(NPC): actually separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
096da81f - fact(NPC): pluralize newIPTablesHandler <Aaron U'Ren>
ddb0e63c - feat(NRC): make NRC dual stack <Aaron U'Ren>
01f2ff2a - fact(NRC): convert BGP set names to const <Aaron U'Ren>
85cecb6e - feat(pod_cidr): handle multiple pod CIDRs <Aaron U'Ren>
c18d811f - fix(kube-router.go): metric message -> not error <Aaron U'Ren>
3db482be - fix(NPC): separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
9d2b3c72 - fix(node.go): make node address errors more helpful <Aaron U'Ren>
d7e2a146 - fix golangci issues <Thomas Ferrandiz>
12561f9f - fix test compilation error <Thomas Ferrandiz>
e5f272e9 - go mod <Thomas Ferrandiz>
76e5d20c - use createGenericHashIPSet <Thomas Ferrandiz>
b3dcaa08 - rename utilsnet import to netutils <Thomas Ferrandiz>
4256a607 - syncPodFirewallChains: loop on all NodeIp to find the pods running on a given Node - Load PodIp in podInfo struct and use it instead of pod.ips[0].IP <Thomas Ferrandiz>
92e91df9 - refactor whitelisting of cluster IP Range <Thomas Ferrandiz>
6fea9c2d - Validate that ClusterIP service range type matches the configuration and update documentation <Thomas Ferrandiz>
16d3cd18 - godoc update <Thomas Ferrandiz>
d1f3839b - remove redundant default value <Thomas Ferrandiz>
d6dcf767 - rename Adresses <Thomas Ferrandiz>
26d06c40 - Turn IPTablesSaveRestore into an interface <Thomas Ferrandiz>
3839ec1d - init iptablesCmdHandlers and ipSetHandlers inside NewNetworkPolicyController <Thomas Ferrandiz>
5b7da83c - disable ipv6 by default <Thomas Ferrandiz>
5d04a9fd - netpol: Add dual-stack support <Michal Rostecki>
08f05a80 - fix(moq): chown generated moqs <Aaron U'Ren>
ee85441c - fix(moq): remove previous moqs before generation <Aaron U'Ren>
4556aa3b - fix(lint): convert sh -> bash <Aaron U'Ren>
3c16d3cd - feat(close_stale.yml): increase operations 30 -> 100 <Aaron U'Ren>
0d12e617 - feat(close_stale.yml): add workflow for closing stale issues & PRs <Aaron U'Ren>
b084c2ae - fix: available typo <guoguangwu>
82cd7c97 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.334 to 1.45.1 <dependabot[bot]>
16474cf9 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.332 to 1.44.334 <dependabot[bot]>
0110d1d3 - Partially revert riscv64 support <Manuel Rüger>
9805c79b - Makefile: Bump go + alpine as well <Manuel Rüger>
ade98d6b - Bump go 1.20 + k8s 1.27 <Manuel Rüger>
e7a521a0 - feat(ci.yml): add ppc64le and riscv64 to ci <Aaron U'Ren>
8b76e9c5 - Add RISC-V 64 support <Iggy Jackson>
70defa4d - build(deps): bump github.com/aws/aws-sdk-go from 1.44.313 to 1.44.332 <dependabot[bot]>
8de9b641 - build(deps): bump golang.org/x/net from 0.12.0 to 0.14.0 <dependabot[bot]>
d6a4045d - doc(ipv6): add differences in --override-nexthop <Aaron U'Ren>
85bcde85 - build(deps): bump github.com/coreos/go-iptables from 0.6.0 to 0.7.0 <dependabot[bot]>
099664a7 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.313 <dependabot[bot]>
9372d620 - build(deps): bump github.com/osrg/gobgp/v3 from 3.16.0 to 3.17.0 <dependabot[bot]>
c50bdfc3 - build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.10 <dependabot[bot]>
98479d8d - build(deps): bump github.com/aws/aws-sdk-go from 1.44.308 to 1.44.309 <dependabot[bot]>
64784c40 - build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 <dependabot[bot]>
b900acbf - .github: Add github-actions dependabot config <Manuel Rüger>
fb37a647 - build(deps): bump golang.org/x/net from 0.10.0 to 0.12.0 <dependabot[bot]>
a42466a8 - build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 <dependabot[bot]>
371a3a83 - build(deps): bump github.com/osrg/gobgp/v3 from 3.14.0 to 3.16.0 <dependabot[bot]>
09940db7 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.44.308 <dependabot[bot]>
5d39fe05 - build(deps): bump github.com/prometheus/client_golang <dependabot[bot]>
68e0fe5b - build(deps): bump k8s.io/cri-api from 0.27.2 to 0.27.4 <dependabot[bot]>
1701f9c7 - build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 <dependabot[bot]>
d5fcc784 - build(deps): bump github.com/docker/docker <dependabot[bot]>
7a3a495a - build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 <dependabot[bot]>
dd3b75a0 - build(deps): bump github.com/docker/docker <dependabot[bot]>

kube-router - v2.0.0-rc7

Published by github-actions[bot] about 1 year ago

Summary

The big headline of this release is support for dual-stack capabilities in the Network Services Controller (--proxy option). This was the last major outstanding feature milestone that was left to round out the v2.0.0 release. Now the entire kube-router code base has support for dual-stack capabilities.

As part of this work, kube-router now needs to be able to get, list, and watch EndpointSlice objects. Please make sure to update your ClusterRole RBAC before deploying this release if you use kube-router with the --proxy functionality enabled or you'll get an error. For examples of this RBAC please see the daemonset examples from the prep-v2.0 branch.

I want to make this release candidate available for the community to test for the next 1 - 2 weeks, and get a chance to resolve any open issues. After this, if the release candidate is stable, I'll merge the prep-v2.0 branch to master and make an official v2.0.0 release. This release has been a long time in coming and I'm excited to get it out there! A huge thanks to everyone that has helped test it and contributed to it!

Additionally, this release fixed a significant performance regression with Network Policies that was introduced in the v2.0.0 codebase during dual-stack implementation.

This release also updates Go from 1.19 to 1.20 and adds support for Kubernetes v1.27. We also upgraded our Alpine base version from 3.17 to 3.18 and GoBGP from v3.11.0 to v3.17.0.

Contributions

Big thanks goes to @brandond (and the k3s project) for finding and fixing the Network Policy performance issues and also adding additional metrics to the Network Policy Controller for increased observability.

Thanks @iggy for adding RISC-V 64 support for kube-router binaries. We are not yet building official container images for RISC-V 64 because Alpine doesn't yet officially support it, but when they do we'll enable container builds for RISC-V64 as well.

Changelog

65ac87d4 - fix(ecmp_vip.go): non-local service advertisement <Aaron U'Ren>
d7806879 - fix(dsr): add family specific link inside pod <Aaron U'Ren>
907565d8 - fix(dsr): add family for fwmark <Aaron U'Ren>
9e865352 - fix(service_endpoints_sync.go): use save command <Aaron U'Ren>
4761bbb5 - fix(NSC): compare all pod IPs for endpoint check <Aaron U'Ren>
6758598f - fix(linux_networking.go): add better error messages <Aaron U'Ren>
b2d2b59b - fix(linux_networking.go): don't return err on warn <Aaron U'Ren>
d2ae639f - feat(debug): add some extra debug at level 3 <Aaron U'Ren>
a3c56949 - feat(ipset): consolidate ipset usage across controllers <Aaron U'Ren>
854440d9 - feat(linux_networking.go): add more logging info <Aaron U'Ren>
327e894c - feat(NSC): use EndpointSlice instead of Endpoints <Aaron U'Ren>
f8d9812c - feat(nsc): add more insight into sync steps <Aaron U'Ren>
b03f3b75 - fix(nsc): don't modify netmask during flag setup <Aaron U'Ren>
859658ab - fix(nsc): fail fast during init <Aaron U'Ren>
d4250779 - feat(nsc): add dualstack capabilities <Aaron U'Ren>
56cd602a - feat: increase log level for save/restore msgs <Aaron U'Ren>
2d4ad45e - lint(metrics_controller.go): reduce line length <Aaron U'Ren>
a1db5175 - fix: take family metrics out of defer <Aaron U'Ren>
fc34ae55 - fix(NPC): remove redundant assign <Aaron U'Ren>
bbcedc83 - Move ipset restore outside policy loop <Brad Davidson>
92201bb7 - Add additional save/restore metrics <Brad Davidson>
df7905bd - Make metrics registerer/gathererer replacable <Brad Davidson>
d3ecb4e3 - fix: syntax updates for Go 1.20.X and k8s 1.27 <Aaron U'Ren>
08f05a80 - fix(moq): chown generated moqs <Aaron U'Ren>
ee85441c - fix(moq): remove previous moqs before generation <Aaron U'Ren>
4556aa3b - fix(lint): convert sh -> bash <Aaron U'Ren>
3c16d3cd - feat(close_stale.yml): increase operations 30 -> 100 <Aaron U'Ren>
0d12e617 - feat(close_stale.yml): add workflow for closing stale issues & PRs <Aaron U'Ren>
b084c2ae - fix: available typo <guoguangwu>
82cd7c97 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.334 to 1.45.1 <dependabot[bot]>
16474cf9 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.332 to 1.44.334 <dependabot[bot]>
0110d1d3 - Partially revert riscv64 support <Manuel Rüger>
9805c79b - Makefile: Bump go + alpine as well <Manuel Rüger>
ade98d6b - Bump go 1.20 + k8s 1.27 <Manuel Rüger>
e7a521a0 - feat(ci.yml): add ppc64le and riscv64 to ci <Aaron U'Ren>
8b76e9c5 - Add RISC-V 64 support <Iggy Jackson>
70defa4d - build(deps): bump github.com/aws/aws-sdk-go from 1.44.313 to 1.44.332 <dependabot[bot]>
8de9b641 - build(deps): bump golang.org/x/net from 0.12.0 to 0.14.0 <dependabot[bot]>

kube-router - v2.0.0-rc6

Published by github-actions[bot] about 1 year ago

Summary

Adds a new controller for kube-router which allows it to do IP address allocation for load-balancer type services. Previously, one had to use something like MetalLB for this functionality, now kube-router is able to handle this itself. See load-balancer allocation docs for more information.

Contributions

Huge thanks to @whooo for contributing the load-balancer allocation code

Changelog

55efa331 - fix(NRC): prevent adding routes with mixed families <Aaron U'Ren>
77009153 - feat(bgp_policies.go): don't override-nexthop for internal peers <Aaron U'Ren>
c94ff7cf - add loadbalancer address allocator <Erik Larsson>

kube-router - v2.0.0-rc5

Published by github-actions[bot] about 1 year ago

Summary

Updates dependencies and incorporates a bug fix from the mainline branch where advertisement annotations were not being evaluated correctly.

Changelog

099664a7 build(deps): bump github.com/aws/aws-sdk-go from 1.44.309 to 1.44.313 <dependabot[bot]>
9372d620 build(deps): bump github.com/osrg/gobgp/v3 from 3.16.0 to 3.17.0 <dependabot[bot]>
c50bdfc3 build(deps): bump github.com/onsi/gomega from 1.27.7 to 1.27.10 <dependabot[bot]>
98479d8d build(deps): bump github.com/aws/aws-sdk-go from 1.44.308 to 1.44.309 <dependabot[bot]>
64784c40 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 <dependabot[bot]>
b900acbf github: Add github-actions dependabot config <Manuel Rüger>
fb37a647 build(deps): bump golang.org/x/net from 0.10.0 to 0.12.0 <dependabot[bot]>
a42466a8 build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 <dependabot[bot]>
371a3a83 build(deps): bump github.com/osrg/gobgp/v3 from 3.14.0 to 3.16.0 <dependabot[bot]>
09940db7 build(deps): bump github.com/aws/aws-sdk-go from 1.44.273 to 1.44.308 <dependabot[bot]>
5d39fe05 build(deps): bump github.com/prometheus/client_golang <dependabot[bot]>
68e0fe5b build(deps): bump k8s.io/cri-api from 0.27.2 to 0.27.4 <dependabot[bot]>
1701f9c7 build(deps): bump github.com/stretchr/testify from 1.8.2 to 1.8.4 <dependabot[bot]>
d5fcc784 build(deps): bump github.com/docker/docker <dependabot[bot]>
7a3a495a build(deps): bump google.golang.org/protobuf from 1.30.0 to 1.31.0 <dependabot[bot]>
dd3b75a0 build(deps): bump github.com/docker/docker <dependabot[bot]>
5d718973 fix(NRC): withdraw advertised VIPs based on annotation <Aaron U'Ren>

kube-router - v1.6.0

Published by github-actions[bot] over 1 year ago

Summary

It has been a long time since we've done a minor release from the main stable development branch (May of 2022 if you can believe it). This release is less about features and more about bringing a bunch of dependency updates into a stable release.

Contributions

Special thanks to @juchem, @KSauter, & @tamihiro for their contributions on this release!

Changelog

Excludes bugfixes that were already present on the 1.5.X release line

5d718973 - fix(NRC): withdraw advertised VIPs based on annotation <Aaron U'Ren>
7db274e2 - feat(ci): specify GitHub actions cache <Aaron U'Ren>
10417cc4 - fact(Makefile): make spacing consistent <Aaron U'Ren>
f3dc9b35 - feat(ci): use caching for build, test, lint <Aaron U'Ren>
168a2b4b - fix(ci): checkout before go setup <Aaron U'Ren>
39ff9f67 - build(deps): bump google.golang.org/grpc from 1.55.0 to 1.56.1 <dependabot[bot]>
c22c6af6 - fix(ci.yml): remove deprecated goreleaser flag <Aaron U'Ren>
0b267b04 - feat(ci.yml): update github action versions <Aaron U'Ren>
ca182014 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.266 to 1.44.273 <dependabot[bot]>
4013c000 - build(deps): bump github.com/containernetworking/plugins <dependabot[bot]>
4a5014da - build(deps): bump k8s.io/cri-api from 0.27.1 to 0.27.2 <dependabot[bot]>
a026c8df - build(deps): bump google.golang.org/grpc from 1.54.0 to 1.55.0 <dependabot[bot]>
75597455 - build(deps): bump github.com/prometheus/client_golang <dependabot[bot]>
44327b8d - build(deps): bump github.com/aws/aws-sdk-go from 1.44.246 to 1.44.266 <dependabot[bot]>
438b1ed3 - build(deps): bump github.com/onsi/gomega from 1.27.6 to 1.27.7 <dependabot[bot]>
bb82f55f - build(deps): bump k8s.io/klog/v2 from 2.80.1 to 2.100.1 <dependabot[bot]>
cc70e7c5 - build(deps): bump github.com/docker/distribution <dependabot[bot]>
60e304f2 - build(deps): bump github.com/osrg/gobgp/v3 from 3.13.0 to 3.14.0 <dependabot[bot]>
ef4a8068 - go.mod: Bump dependencies <Manuel Rüger>
2b4087e2 - build(deps): bump github.com/docker/docker <dependabot[bot]>
e1825eda - build(deps): bump golang.org/x/net from 0.5.0 to 0.7.0 <dependabot[bot]>
ef77a2d5 - Fix lint <Manuel Rüger>
809f2fba - Update dependencies <Manuel Rüger>
4c751b09 - Register BGP sent metric <Kevin Sauter>
4c7ca8af - Add sent metric to vip bgp announcement. To distinguish between the different sent counters, the new "type" label can be used. <Kevin Sauter>
1d1ff059 - fix(NSC): add check for podCidr before use <Aaron U'Ren>
240cac29 - doc(ipv6): add additional information <Aaron U'Ren>
27f1d921 - doc(ipv6.md): incorporate review feedback <Aaron U'Ren>
e4464672 - feat(dual_stack_bug_report): add new issue template <Aaron U'Ren>
e1b1a31a - doc(ipv6.md): update for increased dual-stack support <Aaron U'Ren>
e2f0f18e - build(deps): bump github.com/vishvananda/netns from 0.0.2 to 0.0.3 <dependabot[bot]>
787e3b30 - build(deps): bump github.com/containernetworking/plugins <dependabot[bot]>
17a3df91 - build(deps): bump github.com/onsi/gomega from 1.24.1 to 1.25.0 <dependabot[bot]>
435f640b - build(deps): bump github.com/moby/ipvs from 1.0.2 to 1.1.0 <dependabot[bot]>
3007adab - build(deps): bump github.com/docker/docker <dependabot[bot]>
5df539dd - build(deps): bump golang.org/x/net from 0.4.0 to 0.5.0 <dependabot[bot]>
c367cc2b - build(deps): bump github.com/osrg/gobgp/v3 from 3.9.0 to 3.10.0 <dependabot[bot]>
31dd271c - build(deps): bump github.com/aws/aws-sdk-go from 1.44.157 to 1.44.171 <dependabot[bot]>
bfdbfbc9 - build(deps): bump github.com/docker/docker <dependabot[bot]>
47a10453 - build(deps): bump github.com/stretchr/testify from 1.8.0 to 1.8.1 <dependabot[bot]>
3e2af396 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.150 to 1.44.157 <dependabot[bot]>
c37d96f2 - build(deps): bump google.golang.org/grpc from 1.50.1 to 1.51.0 <dependabot[bot]>
557794af - build(deps): bump github.com/osrg/gobgp/v3 from 3.7.0 to 3.9.0 <dependabot[bot]>
faa52b86 - build(deps): bump golang.org/x/net from 0.2.0 to 0.4.0 <dependabot[bot]>
8d24611f - build(deps): bump github.com/prometheus/client_golang <dependabot[bot]>
c110f98b - build(deps): bump github.com/aws/aws-sdk-go from 1.44.146 to 1.44.150 <dependabot[bot]>
a06a6a83 - build(deps): bump github.com/onsi/gomega from 1.23.0 to 1.24.1 <dependabot[bot]>
31154f6e - build(deps): bump github.com/aws/aws-sdk-go from 1.44.138 to 1.44.146 <dependabot[bot]>
7137ca35 - README.md: remove kube-router.io link <Aaron U'Ren>
9c23ede4 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.124 to 1.44.138 <dependabot[bot]>
c41ec7ac - build(deps): bump github.com/onsi/gomega from 1.22.1 to 1.23.0 <dependabot[bot]>
88737658 - build(deps): bump github.com/docker/docker <dependabot[bot]>
a7a462b1 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.116 to 1.44.124 <dependabot[bot]>
f102bc58 - .github: Fix name of the RC step <Manuel Rüger>
e5336c82 - .github: Allow tagging RCs without updating :latest <Manuel Rüger>
a5e6ed00 - .github: Update github actions <Manuel Rüger>
0813b765 - feat(Makefile): make local builds behave like CI <Aaron U'Ren>
efd10015 - fix invalid MTU in CNI config file <Tamihiro Lee>
24f87340 - doc(user-guide.md): add info for netfilter tooling <Aaron U'Ren>
5e2e225b - build(deps): bump github.com/onsi/gomega from 1.20.2 to 1.22.1 <dependabot[bot]>
b45c2cca - build(deps): bump github.com/osrg/gobgp/v3 from 3.5.0 to 3.7.0 <dependabot[bot]>
ba5561e3 - Update go dependencies <Manuel Rüger>
2d821959 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.89 to 1.44.109 <dependabot[bot]>
cbea4bbb - build(deps): bump github.com/docker/docker <dependabot[bot]>
31b029a4 - build(deps): bump k8s.io/klog/v2 from 2.70.1 to 2.80.1 <dependabot[bot]>
35c7aa3b - build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.2 <dependabot[bot]>
71a61f3f - build(deps): bump github.com/aws/aws-sdk-go from 1.44.70 to 1.44.89 <dependabot[bot]>
df329c2a - build(deps): bump google.golang.org/grpc from 1.48.0 to 1.49.0 <dependabot[bot]>
39116b75 - logging ipset/iptables commands <Marcelo Juchem>
9eccc048 - build(deps): bump k8s.io/cri-api from 0.24.3 to 0.24.4 <dependabot[bot]>
951f801e - build(deps): bump k8s.io/client-go from 0.24.3 to 0.24.4 <dependabot[bot]>
7b55e9c5 - build(deps): bump github.com/osrg/gobgp/v3 from 3.2.0 to 3.5.0 <dependabot[bot]>
818fba27 - build(deps): bump github.com/prometheus/client_golang <dependabot[bot]>
32f6b1e1 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.66 to 1.44.70 <dependabot[bot]>
48fe83d1 - build(deps): bump github.com/containernetworking/cni from 1.1.1 to 1.1.2 <dependabot[bot]>
e1134d45 - build(deps): bump github.com/onsi/gomega from 1.19.0 to 1.20.0 <dependabot[bot]>
118270f2 - build(deps): bump google.golang.org/protobuf from 1.28.0 to 1.28.1 <dependabot[bot]>
6aa7edf0 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.56 to 1.44.66 <dependabot[bot]>
836b49ef - build(deps): bump k8s.io/cri-api from 0.24.2 to 0.24.3 <dependabot[bot]>
a5dc0819 - build(deps): bump k8s.io/client-go from 0.24.2 to 0.24.3 <dependabot[bot]>
a1117380 - build(deps): bump google.golang.org/grpc from 1.47.0 to 1.48.0 <dependabot[bot]>
aa57b834 - build(deps): bump k8s.io/klog/v2 from 2.70.0 to 2.70.1 <dependabot[bot]>
c9c3e8d4 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.46 to 1.44.56 <dependabot[bot]>
0c366c16 - build(deps): bump github.com/stretchr/testify from 1.7.4 to 1.8.0 <dependabot[bot]>
2ab1462a - build(deps): bump github.com/aws/aws-sdk-go from 1.44.38 to 1.44.46 <dependabot[bot]>
f452e779 - build(deps): bump k8s.io/klog/v2 from 2.60.1 to 2.70.0 <dependabot[bot]>
c93178df - build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.4 <dependabot[bot]>
5d749335 - build(deps): bump k8s.io/client-go from 0.24.1 to 0.24.2 <dependabot[bot]>
378c8e6d - build(deps): bump k8s.io/cri-api from 0.24.1 to 0.24.2 <dependabot[bot]>
e0b3728d - build(deps): bump github.com/docker/docker <dependabot[bot]>
5ac6f321 - build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 <dependabot[bot]>
1f3ece80 - build(deps): bump github.com/aws/aws-sdk-go from 1.44.27 to 1.44.38 <dependabot[bot]>
88266bc2 - fix(gobgp): update binary in container image to v3.2.0 <Aaron U'Ren>
2c5bb4c8 - feat(gobgp): update to v3.2.0 <Aaron U'Ren>
e370cb01 - gobgp: update to 3.X <Aaron U'Ren>
94158b98 - build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 <dependabot[bot]>
15e166cb - build(deps): bump github.com/aws/aws-sdk-go from 1.44.24 to 1.44.27 <dependabot[bot]>
a75a1fdc - build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 <dependabot[bot]>
0b4d1e00 - build(deps): bump github.com/moby/ipvs from 1.0.1 to 1.0.2 <dependabot[bot]>
be84ceb4 - .github/workflows/codeql-analysis.yml: Update to v2 <Manuel Rüger>

kube-router - v2.0.0-rc4

Published by github-actions[bot] over 1 year ago

Summary

This release updates dependencies (including a switch to using Go 1.20 and Alpine 3.18), addresses some problems with IPv6 ipsets when port names are used, and adds FoU tunneling for environments that cannot support IPIP tunnels directly (cough Azure cough).

For more information on enabling FoU tunneling and any caveats on doing so, please see: https://github.com/cloudnativelabs/kube-router/blob/prep-v2.0/docs/tunnels.md

Contributions

Special thanks to @whooo, @BoleynSu, & @k-raval for their contributions to this release!

Changelog

cbdcf31e - Use alpine linux 3.18 for docker image <Erik Larsson>
22b4718d - doc(tunnels.md): add info about changing live clusters <Aaron U'Ren>
1863d54b - doc(tunnel): add information about tunnels <Aaron U'Ren>
b14d930e - fix(FoU): make more robust <Aaron U'Ren>
97a6a8f6 - fix(FoU): add docs, sanity checking, and logic reduction <Aaron U'Ren>
55dc26b2 - Adding FoU encapsulation over IPIP tunnel : added checks for restart and multi-node cases <Kartik Raval>
af708b4d - Support for FoU encapsulation for IPIP tunnel <Kartik Raval>
e3d6bcc5 - fix(NPC): update IPBlocks to be ipFamily specific <Aaron U'Ren>
0bcd9a48 - netpol: Fix ipset only containing one IP when port name is used. <Boleyn Su>

kube-router - v1.5.4

Published by github-actions[bot] over 1 year ago

While this is technically a bug fix release as it is fixing a bug with a long deprecated API, it does have the potential to break clients that are running with DSR configurations on unmaintained versions of cri-o or containerd.

The runtime/v1 release is only compatible with >=cri-o v1.21.0 and >=containerd v1.6.0. If you don't use DSR, or use the docker-shim, this change won't affect you.

On the converse side of things, this release is needed if you are using >=cri-o v1.26.0 or >=containerd v1.7.0 otherwise DSR will break because the runtime/v1alpha2 support was removed in those versions.

If you are between those two releases for your given container runtime, then both v1.5.3 and v1.5.4 will work for you.

Changelog

f350859 - fix(dsr): CRI runtime/v1alpha2 -> runtime/v1 <Aaron U'Ren>

kube-router - v2.0.0-rc3

Published by github-actions[bot] over 1 year ago

Summary

Addresses more of the bugs that were introduced with the initial IPv6 work. Specifically this addresses issues found with the routing functionality where BGP policies weren't updated under some circumstances and also some cases where VIPs weren't being withdrawn.

Noteably the service controller (--run-service-proxy) functionality is still missing (#1432).

Please test and let us know if you find any issues so that we can fix them up before cutting a 2.0.0 proper release.

Contributions

Special thanks to @rwagoner for testing and reporting bugs.

Changelog

a861f846 - fix(bgp_policy): allow for statement add / remove <Aaron U'Ren>
45588204 - fix(ecmp_vip): update VIPs based on svc change <Aaron U'Ren>
4365f61e - fix(bgp_policies.go): return -> continue on family set evaluation <Aaron U'Ren>

kube-router - v2.0.0-rc2

Published by github-actions[bot] over 1 year ago

Summary

Addresses some of the bugs that were introduced with the initial IPv6 work.

Noteably the service controller (--run-service-proxy) functionality is still missing (#1432).

Please test and let us know if you find any issues so that we can fix them up before cutting a 2.0.0 proper release.

Contributions

Special thanks to @whooo for contributing fixes and @rwagoner for testing and reporting bugs.

Changelog

7bd940e9 - use JoinHostPort for GRPC listen address <Erik Larsson>
39bd27f5 - add generation of router id based on hash of primary IP <Erik Larsson>
9a9c61a4 - fix(ecmp_vip.go): ClusterIP -> ClusterIPs <Aaron U'Ren>
6f3405ec - feat(bgp_policies_test.go): use different IP ranges <Aaron U'Ren>
ea68a394 - fix(bgp_policies.go): don't get BGP peers twice <Aaron U'Ren>

kube-router - v2.0.0-rc1

Published by github-actions[bot] over 1 year ago

Summary

This is a pre-release or release candidate for the upcoming v2.0.0 release of kube-router. The most prominent feature of this release is the addition of dual-stack support for some parts of kube-router. With this release candidate, the following functions have been upgraded to be dual-stack compatible:

CNI Supports Dual-Stack
Router / BGP Supports Dual-Stack
Network Policies Supports Dual-Stack

The major outlier here being the Proxy (--run-service-proxy) portion of kube-router has not had dual-stack support integrated yet. Also, this represents a major refactor on the kube-router code base, so it would be good to get this tested in at least a few different environments before forming a full release.

You'll also notice that this has been tagged as a major release version. This is due to the fact that there are breaking changes in this version of kube-router that are not backwards compatible with previous versions of kube-router. Specifically, tunnel names have changed, so if you run kube-router with an overlay network (ipip tunnels), you'll want to deploy this update carefully. At this point, the project recommends doing a rolling-reboot of nodes after the application of this release candidate to ensure that unused tunnels are properly cleaned up and don't have a negative impact on traffic flows.

More details about this release will be shared in the IPv6 / Dual-Stack documentation page shortly: https://github.com/cloudnativelabs/kube-router/blob/master/docs/ipv6.md

Contributions

The kube-router project would like to give a big thanks to @vadorovsky and @thomasferrandiz who graciously contributed all of the dual-stack functionality for the Network Policy Controller!

Changelog

a9b8adf1 - fix(NPC): add warning for unsupported family <Aaron U'Ren>
74a08036 - fix(NPC): don't add chains for missing family <Aaron U'Ren>
abcefb4e - doc(bgp.md): clean up grammar and syntax <Aaron U'Ren>
f4668fdf - fix(NPC/pod): check drop policy on ipv4 & ipv6 <Aaron U'Ren>
6bd6d94d - fix(bgp_policies): add empty DS set checking <Aaron U'Ren>
ae15ebbd - fact(bgp_policies): rename clusterIPPrefixSet -> serviceVIPIPPrefixSet <Aaron U'Ren>
ed29baa9 - fact(bgp_policies): abstract get DS for GoBGP <Aaron U'Ren>
6a1bab23 - fix(ecmp_vip): handle ipv4 & ipv6 protocols <Aaron U'Ren>
437da143 - test(bgp_policies_test): add local address <Aaron U'Ren>
3129bf26 - fix(node): do nil checking on FindBestIP util funcs <Aaron U'Ren>
8183b182 - fix(NRC): ensure local addr IP is bindable early <Aaron U'Ren>
bd0d00ff - fix(bgp_peers): adv. AfiSafi based on capabability <Aaron U'Ren>
b714bba7 - fix(bgp_peers): do peer only if IP protos match <Aaron U'Ren>
230aa587 - fix(NRC): error when nec. host IP not found <Aaron U'Ren>
dd7c47ef - fix(NRC): add IPv6 logic to bgp-local-addresses <Aaron U'Ren>
70b3f302 - feat(ci): run CI on version prep branches and MRs <Aaron U'Ren>
e4e10886 - fix(options): make clusterIP specification similar to other options <Aaron U'Ren>
93d61694 - fix(NPC): actually separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
ef72d90e - fact(NPC): pluralize newIPTablesHandler <Aaron U'Ren>
5fb874fa - feat(NRC): make NRC dual stack <Aaron U'Ren>
35b3f37b - fact(NRC): convert BGP set names to const <Aaron U'Ren>
d27f2fe6 - feat(pod_cidr): handle multiple pod CIDRs <Aaron U'Ren>
51d7db8f - fix(kube-router.go): metric message -> not error <Aaron U'Ren>
eb4e6f9a - fix(NPC): separate chain indices for ipv4 / ipv6 <Aaron U'Ren>
d128b175 - fix(node.go): make node address errors more helpful <Aaron U'Ren>
06c39d64 - fix golangci issues <Thomas Ferrandiz>
bdc0600a - fix test compilation error <Thomas Ferrandiz>
9e8ee3aa - go mod <Thomas Ferrandiz>
59a4fa16 - use createGenericHashIPSet <Thomas Ferrandiz>
b1181f1d - rename utilsnet import to netutils <Thomas Ferrandiz>
cba00b23 - syncPodFirewallChains: loop on all NodeIp to find the pods running on a given Node - Load PodIp in podInfo struct and use it instead of pod.ips[0].IP <Thomas Ferrandiz>
3958095d - refactor whitelisting of cluster IP Range <Thomas Ferrandiz>
1433bee6 - Validate that ClusterIP service range type matches the configuration and update documentation <Thomas Ferrandiz>
9aa7bcde - godoc update <Thomas Ferrandiz>
344b3cd1 - remove redundant default value <Thomas Ferrandiz>
318a29ce - rename Adresses <Thomas Ferrandiz>
a7e5803a - Turn IPTablesSaveRestore into an interface <Thomas Ferrandiz>
033444b6 - init iptablesCmdHandlers and ipSetHandlers inside NewNetworkPolicyController <Thomas Ferrandiz>
a38c97c1 - disable ipv6 by default <Thomas Ferrandiz>
1bc04354 - netpol: Add dual-stack support <Michal Rostecki>

kube-router - v1.5.3

Published by github-actions[bot] almost 2 years ago

Special thanks to Richard Kojedzinszky @rkojedzinszky for contributing to this release!

Changelog

e6fd1b25 - Support for kube-router.io/peer.localips annotation (#1392) (5 days ago) <@rkojedzinszky>

The above fixes an issues that were generated during the 1.5.X release line where we defaulted the peering address on the kube-router side to the Kubernetes node's primary IP. This secured and simplified the peering interface for most users, but caused issues for some users that wanted to have more control over the peering address from their Kubernetes nodes. User's in this situation can now use the kube-router.io/peer.localips annotation to define the local IP address that they would like to use for each peer.

kube-router - v1.5.2

Published by github-actions[bot] almost 2 years ago

Special thanks to @makhov and @jnummelin for contributing to this release!

Changelog

fe3e8b0b - Bump to go 1.19 / alpine 3.16 <@mrueg>
8574163c - iptables mode selection fixed. iptables-wrapper script updated to the latest upstream version <@makhov>

The primary reason for this bug fix was to update Alpine to 3.16 so that we got a more recent version of the iptables user-space binaries in the kube-router container (iptables-1.8.8). This helps address the issues found by @jnummelin in #1370 where iptables mark attributes can be lost when the host's user-space version of iptables is greater than the kube-router container's version.

As per the newly updated docs: https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#requirements it is recommended that users who:

use kube-router as a container deployment AND...
operate iptables from the host's user-space tooling AND...
utilize the network policy feature-set of kube-router (--run-firewall)

Keep the host's user-space tooling (e.g. iptables, ipset, ipvsadm, etc.) in sync with the version contained in kube-router's container as much as possible to avoid potential problems with firewall rule data loss.

This will hold true, until there is some resolve to the upstream issue (https://bugzilla.netfilter.org/show_bug.cgi?id=1632) which would help us identify when there might be potential for conflict or loss in the future before writing rules.

kube-router - v1.5.1

Published by github-actions[bot] about 2 years ago

Changelog

8a17e3e1 - fix(NSC): don't check protocol on DSR svcs (21 minutes ago) <Aaron U'Ren>
422edd29 - fix(ipset): remove initval during ipset parse (21 minutes ago) <Aaron U'Ren>
86aa942a - fix(bgp): set graceful restart on enabled family (21 minutes ago) <Aaron U'Ren>
b0da24c4 - fix: remove multiple MTU reductions (22 minutes ago) <Aaron U'Ren>

Special thanks to @opipenbe & @camrossi for finding and reporting issues

kube-router - v1.5.0

Published by mrueg over 2 years ago