Notable Changes

• Greatly Fixed and Improved Hairpinning:
  • Reduced the number of iptables rules when Hairpinning is enabled by ensuring it is only enabled on local nodes (see: #1208)
  • Fixed an issue where hairpinning rules weren't being updated on service / endpoint updates (see: #1200)
  • Fixed issue where hairpinning rules weren't being regenerated correctly (see: #1200)
• DSR Fixes
  • Fixed an issue where sometimes FWMarks generated for DSR would collide
  • Fixed issue where DSR mangle table definitions were not being cleaned up
• Improved efficiency of kube-router's advertisements with iBGP peers (see: #1188 thanks to @lx1036 )
• Fixed issue where peer might not be seen correctly as established due to a bad double-negative condition (see: #1184 thanks to @lx1036 )
• Updated from GoLang 1.16 to 1.17
• Updated Alpine base container from 3.14 to 3.15
• Updated GoBGP library from v2.29.0 to v2.34.0
• Removed duplicate metrics controller_iptables_sync_total_time & controller_iptables_sync_total_count (see: #1216)
• Reduced error spam for condition that wasn't really an error case when looking for FWMarks for DSR services

Changelog

• a1b76512 go.mod: Bump a couple of golang dependencies
• c3d260d7 build(deps): bump github.com/aws/aws-sdk-go from 1.42.24 to 1.42.25
• 0752e9a9 build(deps): bump k8s.io/klog/v2 from 2.40.0 to 2.40.1
• 5e7c01e2 build(deps): bump github.com/aws/aws-sdk-go from 1.42.23 to 1.42.24
• 1c32d1a2 build(deps): bump k8s.io/klog/v2 from 2.30.0 to 2.40.0
• 68082680 build(deps): bump github.com/docker/docker
• fa2da0a2 pkg/cri: Replace deprecated grpc.WithInsecure
• a9f76bef build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0
• 3c968d9c build(deps): bump github.com/aws/aws-sdk-go from 1.42.20 to 1.42.23
• 2bf4c707 Bump to go 1.17.5 / alpine 3.15
• a9f00846 Revert "feat(metrics): add more iptables sync metrics" (#1216)
• b7468978 feat(nsc): only hairpin endpoints on local node (#1208)
• 51a6be3e Update to gobgp-2.34.0
• 8e9dfcd6 build(deps): bump github.com/aws/aws-sdk-go from 1.42.18 to 1.42.20
• 2ca39f14 fix(nsc): properly check hairpinning rule
• 146786ad fix(nsc): sync hairpinning on service modification
• 8f13f069 fix(nsc): don't overwrite err & add comments
• 9ca012c7 build(deps): bump google.golang.org/grpc from 1.41.0 to 1.42.0
• 51a23d18 build(deps): bump github.com/docker/docker
• b5f6978b build(deps): bump github.com/aws/aws-sdk-go from 1.38.70 to 1.42.18
• 4b5f3f4a build(deps): bump github.com/containernetworking/plugins
• 81be1d8e build(deps): bump k8s.io/cri-api from 0.21.4 to 0.22.4
• f650d23a build(deps): bump k8s.io/client-go from 0.21.4 to 0.22.4
• fe65d4cc build(deps): bump github.com/onsi/gomega from 1.11.0 to 1.17.0
• 5101a4fe fix(nsc): remove error for lookupFWMarkByService
• bf325e16 fix(go.mod): update image-spec v1.0.2
• 4c86d3dd fix(go.mod): update containerd to v1.5.8
• b9a9246e fix(lint): don't error on deprecated protobuf funcs
• 9fd17497 fix(go.mod): add google.golang.org/protobuf v1.26.0
• c2649f5d build(deps): bump github.com/golang/protobuf from 1.4.3 to 1.5.2
• b0882791 Fix typo in filter rule comment
• 73b7c22a fix(bgp policy): sort the slice items before deep equal(#1188)
• 8e7d5852 fix(bgp): use PeerState_ESTABLISHED logic like function name(#1184)
• bee2c208 fix bug when adding ip rule for fwmark (#1178)
• 55a0dd10 Update golang to v1.16.9
• 6056080f Update gobgp to v2.32.0
• 8dacef8d go.mod: Update dependencies
• b24cf264 feat(README): add go report card status
• c3f90c54 Fix Misc DSR Issues (#1174)
• 8572f3a1 fact(hairpin): remove one last direct ref of KUBE-ROUTER-HAIRPIN
• 5e1d033a fix(sysctl): revert is fatal check for some conditions
• feb16d0d doc(NSC): add some comments around DSR
• 8f3861de fact(sysctl): consolidate sysctl usage into utils
• da5f8e00 fix: address minor PR feedback and misspells
• 0b145f6c feat(.golangci.yml): enable durationcheck linter
• a6043831 feat(Makefile): add lint to the default makefile action
• 419c078c feat(.golangci.yml): enable unparam linter and remediate
• d1218d15 feat(.golangci.yml): enable unconvert linter and remediate
• 1d90e215 feat(.golangci.yml): enable stylecheck linter and remediate
• 86c2229b feat(.golangci.yml): enable additional linters
• 85f28411 feat(.golangci.yml): enable long lines linter and remediate
• ee09adb5 feat(.golangci.yml): enable additional linters and set max results to always show
• 874a746e feat(.golangci.yml): enable gosec and remediate
• 6208bfac feat(.golangci.yml): enable gomnd and remediate
• 1b4cc61e feat(.golangci.yml): enable exhaustive and remediate
• f52fdddd feat(.golangci.yml): enable gocritic and remediate
• d6ccc225 feat(.golangci.yml): enable goconst and remediate
• b8a795ec feat(.golangci.yml): enable gochecknoinits and remediate
• c5f4c00d feat(.golangci.yml): enable dupl and remediate
• d1686e7d .golangci.yml: Update allow-list for linters
• 7aeffbc2 Makefile: Update golangci-lint to 1.42.0
• b4b231f6 Update to gobgp-2.31.0
• 12bba88e build(deps): bump google.golang.org/grpc from 1.39.1 to 1.40.0

Full Changelog:

• 6ed5596f - feat(pod.go): add conntrack invalid state drop <Aaron U'Ren>
• f9e2249d - incorporate review comments <Murali Reddy>
• ba62db45 - ensure withdrawn external IP's on service update, are not used by any other service. i.e) check if external IP really not used by any service <Murali Reddy>
• c7ed2d51 - fix(NPC): don't rely on exit code for chain check (#1157) <Aaron U'Ren>
• a60c5a87 - fix(bgp_policies_test.go): Add missing import statement to all test cases <Lucas Mundim>
• be96deab - fix(bgp_policies_test.go): fails if there are any unexpected statement <Lucas Mundim>

Change Log Highlights

This adds a bunch of fixes for some small to medium sized issues with the 1.3.0 release. Notable changes include:

• --cleanup-config flag should now be more comprehensive. There were a couple of bugs introduced in the 1.3 release that caused this flag to not function at all. These have been fixed. Additionally, it now cleans up most, if not all kube-router artifacts, where before it would leave some lingering parts of the Network Policy Controller.
• injectRoutes(), the part of the Network Routes Controller that is responsible for injecting host routes based on BGP advertisements, has been completely overhauled.
  • Routes are now cleaned up and removed from the host when nodes leave. This prevents bugs around black-hole routes that are created when nodes are decommissioned and that IP space is later reused by a new node.
  • Performance is improved by checking if the route is a withdrawal first, rather than adding the route and then immediately removing it
  • Logging has been updated to no longer be so spammy for default actions
  • Code has been refactored to be easier to read and understand
• IPVS metrics are now removed after the service is deleted rather than being continuously posted to prometheus (thanks @bhcleek!)
• kube-router nodes are now protected from default route BGP advertisements. Before this, kube-router had the potential to overwrite the default route on the node causing the node to no longer be contactable (thanks @lucasmundim!)
• Additional ipset locking was missing causing some errors around multiple invocations. This has been fixed.

Full Changelog

• d173c988 - (HEAD -> master, tag: v1.3.1, origin/master, origin/HEAD) Update to go-1.16.7 and go dependencies (3 days ago) <Manuel Rüger>
• bffdc729 - fix(npc): ordering of firewall / service rules (#1144) (4 days ago) <Aaron U'Ren>
• 35d334ca - fix: add sleeps between iptables and ipset cleanup (8 days ago) <Aaron U'Ren>
• cafd69df - fix(NRC): reduce logging for egress cleanup errors (8 days ago) <Aaron U'Ren>
• fb070265 - fix(NSC): actually remove IPVS definitions (8 days ago) <Aaron U'Ren>
• bbc0666a - fix(NSC): add exists checking to Cleanup() (8 days ago) <Aaron U'Ren>
• 1a8c3548 - fix(NPC): Cleanup() function overhaul (8 days ago) <Aaron U'Ren>
• 9bc55dc1 - fix(NPC): missed ipset locking (8 days ago) <Aaron U'Ren>
• 031d7526 - feat(NPC): minor performance improvement (8 days ago) <Aaron U'Ren>
• 5156f878 - Add a default route 0.0.0.0/8 import policy deny rule (8 days ago)
• 693c48a3 - build(deps): bump k8s.io/klog/v2 from 2.9.0 to 2.10.0 (11 days ago) <dependabot[bot]>
• e9f9c446 - build(deps): bump k8s.io/cri-api from 0.21.2 to 0.21.3 (11 days ago) <dependabot[bot]>
• f24df682 - feat(go.mod): upgrade from 1.13 to 1.16 (11 days ago) <Aaron U'Ren>
• 2e08d479 - fix(go.mod): containerd CVE-2021-32760 (11 days ago) <Aaron U'Ren>
• abf9bd95 - Update GoBGP to v2.30.0 (11 days ago) <Manuel Rüger>
• ad86041f - build(deps): bump k8s.io/client-go from 0.21.2 to 0.21.3 (11 days ago) <dependabot[bot]>
• fc3973c8 - .github/ci.yml: Don't build containers for dependabot updates (11 days ago) <Manuel Rüger>
• d5a18cac - remove IPVS metrics (#1133) (2 weeks ago)
• 06e246ff - fix(NRC): PR feedback fixes (2 weeks ago) <Aaron U'Ren>
• 445ad9a1 - fix(injectRoute): process withdrawls first (2 weeks ago) <Aaron U'Ren>
• 2e590a41 - fix(NRC): consolidate route delete logic (2 weeks ago) <Aaron U'Ren>
• d0501c07 - fix(injectRoute): cleanup tunnels & routes when peer drops (2 weeks ago) <Aaron U'Ren>
• 94640acf - doc(injectRoute): improve comments on logic flow (2 weeks ago) <Aaron U'Ren>
• 4959da43 - feat(NRC): reduce verbosity of log messages for common overlay cases (2 weeks ago) <Aaron U'Ren>
• 38222a35 - fact(injectRoute): extract setupOverlayTunnel() and cleanupTunnels() (2 weeks ago) <Aaron U'Ren>
• 63c3b90e - fact(injectRoute): extract parseBGPPath method to simplify (2 weeks ago) <Aaron U'Ren>
• e9be04ef - fix: add nil checking to ipsetMutex cleanup actions (#1129) (4 weeks ago) <Aaron U'Ren>
• c26f98c9 - fix(ci): only run build actions on non-forks (6 weeks ago) <Aaron U'Ren>
• f3e8fc00 - fix(README.md): update badge link to GitHub Actions (6 weeks ago) <Aaron U'Ren>
• f8214ef8 - .github/workflows: Fix yaml error (6 weeks ago) <Manuel Rüger>
• 8697d81d - .github: Fix tag workflow (6 weeks ago) <Manuel Rüger>
• 36e1de9a - go.mod: Update dependencies (6 weeks ago) <Manuel Rüger>
• fc4ddef2 - .github: Fix tag workflow (6 weeks ago) <Manuel Rüger>
• 9b7f98e0 - .github: Fix Tag/Push workflow (6 weeks ago) <Manuel Rüger>

Changelog

afd5dd7e .github/workflows: Fix yaml error
127132b1 .github: Fix tag workflow
112deed4 go.mod: Update dependencies
de5526e2 .github: Fix tag workflow
e79f024e .github: Fix Tag/Push workflow
4a3940f5 .github/workflows: Small fix
e433f0ef Apply review feedback
0914305d Build binaries via Dockerfile, migrate to Github Actions
366b95f2 build(deps): bump github.com/prometheus/client_golang
cef7f47e build(deps): bump k8s.io/cri-api from 0.21.0 to 0.21.2
2521525a gobgp: Version bump to 2.29.0
59b2c447 build(deps): bump google.golang.org/grpc from 1.38.0 to 1.39.0
039f87d3 build(deps): bump github.com/aws/aws-sdk-go from 1.38.55 to 1.38.70
7f6115dd build(deps): bump k8s.io/client-go from 0.21.1 to 0.21.2
73b1b03b cache the check of wait option support in iptables-restore
751981c3 update alpine image to 3.14 for latest iptables-restore command with --wait option, and use wait where its available
468670be go.mod: Update to gobgp 2.28.0
c8f7daf7 fix lint errors
2c4dd7d5 addressing review comments
4c8cfc9c bug fix
93fe004c bug fixes
3d407dc4 make rules to ACCPET related/established traffic as first entry in pod firewall chain
d684ec0c add logic to explicitly ACCEPT traffic from/to the pod if its permitted by applicable network policies. If there are no network policies then by default ACCEPT the pod traffic
21473edf Add support for kubernetes endport field (#1080)
91a1b374 .github: Add Go Releaser Step (#1100)
011b7aa1 fix typo Gracefule -> Graceful
b39923a8 build(deps): bump google.golang.org/grpc from 1.37.0 to 1.38.0
5ed68d4a build(deps): bump github.com/aws/aws-sdk-go from 1.38.30 to 1.38.55
ea1605e1 build(deps): bump github.com/onsi/ginkgo from 1.16.1 to 1.16.4
863bd4d7 build(deps): bump k8s.io/klog/v2 from 2.8.0 to 2.9.0
2a56d3c2 build(deps): bump github.com/docker/docker
cf08cf5d build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0
abd4eea6 build(deps): bump k8s.io/client-go from 0.21.0 to 0.21.1
7e92ad9b fix(goreleaser): add version and date to published binaries
d90c7532 fact(NPC): refactor isPodUpdateNetPolRelevant
1a82db75 fix(NPC): check if new pod is actionable
3dc5c3fb fix(NPC): remove HostNetwork check from OnPodUpdate
13e0a398 fix(NPC): check if pod is actionable
fa8d69ed fix: add locking around ipset invocations
e8a81f31 .github: Enable dependabot to manage dependencies
21c52909 feat(iptables): add upstream wrapper script
295c8620 travis-deploy: Log into docker
612d9a39 Update Build and Test Procedures
c38c3acf build-image: Remove outdated script
4306e5d4 feat(DSR): make TCPMSS based on primary link MTU
a6105962 fact(GetMTUFromNodeIP): move up a layer of abstraction
e223ea80 Fix DSR(tunneling) mode mtu limit
45b7fd1d fix(NPC): parse NodePorts as unsigned ints
14a03a62 fix(bgp.md): misspellings and doc conformance
9cbc3763 feat(bgp): add BGP communities support via node annotation
ae9d0e31 fix(bgp_policies_test.go): actually test policy
fa7bcdeb fix(bgp_policies_test.go): use startBgpServer()
a5d65607 fact(bgp_policies_test): move BGP policy tests into their own file
b2d8af48 doc(bgp.md): add info about password file configs
fce90b07 Oops, i guess my unit test was flaky in #1068
e94cba60 go.mod: Update dependencies
0ad00df0 Mention k0sproject in getting started guide
2460189a skip host network pods when selecting pods to apply ingress/egress netpol
52551279 skip hostnetwok pod's from enforcing network policies
c555f912 update maintainers (#1074)
bd5ee4f7 fix(nsc): Overly eager IPVS updating
f0e1a13b Makefile: Apply workaround for go install on multi-arch
e8c1ba7e Use go install for gobgp
8d473173 moq: Regenerate
66247fec Update dependencies
a821284e Update to go 1.16
18d2a3b9 Swap temporary IPSets during ipset restore (#1068)
ef827d3d fix: protect uint32 conversion
1816886c fix: remove possible BGP password leak via logs
be01f317 fact: other misc cleanups
0faf772f fix: don't overload function names with vars
53cfbe30 fix: return early when we might be holding nil references
4efa5ccc fact: remove function parameters that are never referenced
a86b3fad fact: handle errors from Close() explicitely
57ddac3a fact(NSC): consolidate repeat logic
96675e62 fix: don't capitalize error messages
e9c77d0a fix(comments): misspellings and bad doc strings
1c961ba3 fix: don't check upper bound of 16 bit int
94785f1a .github: Add codeql scanner
70aa0287 doc(testing.md): remove vagrant-based testing doc
2931e538 fix(vagrant): remove vagrant stuff that hasn't worked in a while
46f54e96 Fix PMTU discovery for service IPs (#733)
d74f5c8a doc(user-guide.md): clarify externalips hairpin option
5fc39db6 Add hairpin support for externalIps
7d47aefe Replace github.com/golang/glog with k8s.io/klog/v2
6bedf270 Drop vendor, update dependencies, upgrade docker images (#1052)

Changelog

afd5dd7 .github/workflows: Fix yaml error

Changelog

112deed go.mod: Update dependencies

Changelog

e79f024 .github: Fix Tag/Push workflow

Changelog

91a1b37 .github: Add Go Releaser Step (#1100)

Changelog

fdfa27dc fix: add locking around ipset invocations
cb3a91ae fact(NPC): refactor isPodUpdateNetPolRelevant
f586d52a fix(NPC): check if new pod is actionable
85208653 fix(NPC): remove HostNetwork check from OnPodUpdate
81d52c21 fix(NPC): check if pod is actionable
476c07c8 feat(iptables): add upstream wrapper script
6baff81a fix(NPC): parse NodePorts as unsigned ints
c139c044 Oops, i guess my unit test was flaky in #1068
e49c255e skip host network pods when selecting pods to apply ingress/egress netpol
a042e0ea skip hostnetwok pod's from enforcing network policies
9f790015 fix(nsc): Overly eager IPVS updating
6aa3fa92 Replace github.com/golang/glog with k8s.io/klog/v2
162e64d0 Drop vendor, update dependencies, upgrade docker images (#1052)

Changelog

1943023b Swap temporary IPSets during ipset restore (#1068)

Changelog

6bc6110b dont return error if there are no CIDR details configured in cni conflist
c309b276 skip logging Error when there is no Service object for an Endpoint

This release addresses performance issues related to network policy enforcement. Network policy enforcement is significanly faster. Also support for DSR(Direct server return) functionality has been expanded to any CRI's in additions to Docker.

Thanks to all the contributors who submitted the PR's and helped with testing.

Changelog

f4b7d613 support egress to namedport without dst address (#1037)
43c3c9de Handle headless services (#1047)
1fb08200 fix(npc): sync npc on pod label changes (#1046)
40512f10 serialize the iptables changes by NRC and NPC while starting
99cb40b0 while doing ipset restore, ensure sets are flushed before adding entries
187a3f23 fix(ipset): add type option to RefreshSet
d1e1923b prevent iptable command calls when necessary rules already exists
fe515d1b fix(pod.go): ensure traffic at end of chain is only dropped once
22b031be feat(metrics): add more iptables sync metrics
95299a4c fix(pod.go): comment quoting issues
afd866c0 use ipset save and restore to modify ipset to reduce exec calls
888cac91 use iptables-save and iptables-restore commands to consolidate individual iptables command that are run during full network policies sync
8f2e26a6 Update deps for k8s, cni and golang (#1030)
81057340 metrics: Add metric for build_info (#1031)
49b9add0 Making IPIP/tunnel and override-nexthop independent (#1025)
53d66ebd adding missing vendor files
ca2008e5 feat: simple CRI implementation in addition to Docker, required for DSR functionality. CRI compliant runtimes support (e.g. containerd, cri-o, etc.) (#1027)
2ba6f408 It appears as though this line is no longer relevant (#1029)
ee9f6d89 Update dependencies (go-iptables, cni) (#996)
c4eba17a Makefile: Drop outdated glide command (#1018)
c1458853 resolving merge conflicts of PR-964
54b921f1 Merge remote-tracking branch 'iamakulov/master'
4e13a1db Update RBAC apiVersion from v1beta1 to v1 (#1016)
e16f2077 npc code restructuring (#1007)
4c05ef20 Return an error if BatchAdd errors
1a487d21 Remove options passed to .Refresh()
a79ededd Improve ipset performance with large sets

Changelog

f8aed0c9 fix(nrc): multiple services with the same VIP
46e903aa remove deprecated netpol beta API support (#1001)
7769a0cb Update golang.org/x/net dependency
def8f547 Update to golang 1.15 and alpine-3.12
2b3f39c2 Update bgp.md (#1000)
fd5af182 Cleanup non-DSR externalIPs

• This release updates critcal vendored dependencies
  - gobgp is updated latest version 2.19
  - k8s.io/client-go, k8s.io/apimachinery, k8s.io/api are updated to v0.18.8
• Also dep is no longer used, we will be using go modules going forward for dependency management
• Go 1.13 is version used for building kube-router and gobgp binaries

breaking changes

• starting from this release kube-router by default tries to auto-configure MTU for both pod interfaces and kube-bridge bridge interface. If you do not wish to change the MTU please set --auto-mtu to false. Please see https://github.com/cloudnativelabs/kube-router/blob/master/docs/user-guide.md#mtu if you would like to manually configure the MTU value.

Changelog

400e4963 update go.sum
d1a23160 .gitignore: Drop vendor folder (#993)
8e3f36c6 Add LoadBalancer to getExternalIPs (#995)
92b914e7 review comments
7904b7c9 addressing review comments
947bb246 fix lint error
db1bd561 set mtu in cni spec to auto configure MTU's of the pod's veth's and kube-bridge interfaces
d32d651d go.mod: Vendor newer prometheus and k8s (#990)
5a5e835d fix(network_policy): mask mark reset on FW marks (#992)
824614d1 Add Support for Reading Peer Passwords via a File (#986)

• This release brings in to much needed updates to critcal vendored dependencies
  - gobgp is updated latest version 2.19
  - k8s.io/client-go, k8s.io/apimachinery, k8s.io/api are updated to v0.18.6
• Also dep is no longer used, we will be using go modules going forward for dependency management
• Go 1.13 is version used for building kube-router and gobgp binaries

and couple of bug fixes.

Changelog

ac556abe pin goreleaser to v0.142.0, latest is causing errors
3c734fb9 merge gobgp-update into master (#982)
cebe8b73 Merge pull request #981 from cloudnativelabs/lint-errors
3b992e4c fix build break due to go linter errros
7cd5235b fix(network_policy): missed gofmt on #970
827ce551 Permit ExternalIP on input (#970)
c6ef3b88 Merge pull request #975 from mrueg/conv-fix
4d1fc8d6 Fix unnecessary conversions
b7610a06 Merge pull request #974 from aauren/add_kube-router_options_to_issue_template
b4203cb5 feat(bug_report.md): add parameters section to bug report
7613a735 add IfaceHasNoAddr check for external ip delete error (#971)
0cca5f12 Merge pull request #969 from aauren/fact/sort_options
f6210dac fact(options): alphabetize imports
797ee0ae fact(options): alphabetize options by parameter name
202f92bb fact(options): alphabetize struct fields
4307bdd1 ISSUE_TEMPLATE: Add missing headers (#966)
36daba87 Setup Issue Templates (#963)
e35dc9d6 Merge pull request #958 from coufalja/random-all
68dba40d Clean original iptables rule if --random-fully is supported
d5af1a91 Merge pull request #961 from cloudnativelabs/remove_deprecated_cluster-cidr_option
5ef989c4 fix(options): remove deprecated cluster-cidr option
19a5b1a3 Merge pull request #959 from cloudnativelabs/goreleaser-ldflags
ece89870 .goreleaser.yml: Add LDFLAGS
a33089d2 [testing] run go linters (#943)
8d424ea0 Fix pod egress rule cleanup
3e33a9c7 Merge pull request #957 from qingkunl/add_nsswitch_conf
d66a3bb0 Activate --random-fully where supported
23b2b99c Bump go-iptables
17f2786f add /etc/nsswitch.conf in Dockerfile
3ab31ab9 Merge pull request #955 from cloudnativelabs/fix-build-break
bb35b9ad fix lint error: minor fix to catch the error from .bgpServer.Stop()
031a9926 Merge pull request #786 from jdrahos/rr_ipv4_785
aec73b87 fix(nsc): update IPVS svc when timeout changes (#952)
1c184624 The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices. (#921)
3fd8dc5b Merge pull request #953 from aauren/bgp_graceful_restart_time
b07f53f4 fix(graceful_restart): gofmt and doc fixes so unit tests pass
1c594b28 Allow setting BGP Graceful restart time from CLI
27857d3a Merge pull request #822 from kvaps/fix-821
c61dc8ff fix tolerations
8023f6a7 Allow to configure cluster id using IPv4 strings

Changelog

6af898bc add /etc/nsswitch.conf in Dockerfile
9c9e9350 fix lint error: minor fix to catch the error from .bgpServer.Stop()
8e655934 Allow to configure cluster id using IPv4 strings
606edccd fix(nsc): update IPVS svc when timeout changes (#952)
7a104ba0 fix tolerations

Breaking changes and knows issues:

If you are upgrading from v1.0.0-rc4 or earlier version following breaking changes apply:

• The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
• if you have egress network policies applied to workload, you need to ensure proper value for service-cluster-ip-range and service-node-port-range configured to ensure pod's can access service cluster IP's and NodePort services

Changelog

b6acd0a1 stop processing service and endpoints updates if network service (#939)
b7aad2e0 doc(user-guild.md): add info about proxy and SNAT (#935)
c71eb9ad proxy: only output Error log when there's an error (#942)
fb93467c Merge pull request #929 from aauren/handle_branches_with_slashes
3156f433 Makefile: remove slashes from git branch if they exist