antrea | Kubernetes Ecosystem Directory

Bot releases are hidden (Show)

antrea - Antrea v2.0.0 Latest Release

Published by tnqn 6 months ago

Added

Support LoadBalancerIPMode in AntreaProxy to implement K8s KEP-1860. (#6102, @hongliangl)
Add sameLabels field support for Antrea ClusterNetworkPolicy peer Namespace selection to allow users to create ACNPs that isolate Namespaces based on their label values. (#4537, @Dyanngg)
Add multiple physical interfaces support for the secondary network bridge. (#5959, @aroradaman)
Use a Node's primary NIC as the secondary OVS bridge physical interface. (#6108, @aroradaman)
Add user documentation for Antrea native secondary network support. (#6015 #6042, @jianjuns @antoninbas)
Add a new versioned API NetworkPolicyEvaluation and a new antctl sub-command for querying the effective policy rule applied to particular traffic. (#5740 #6112, @qiyueyao)

Changed

Multiple deprecated APIs, fields and options have been removed from Antrea.
- Remove deprecated v1alpha1 CRDs Tier, ClusterNetworkPolicy, NetworkPolicy, Traceflow and ExternalEntity. (#6162 #6177 #6238, @luolanzone @hjiajing @antoninbas)
- Remove deprecated v1alpha2 and v1alpha3 CRDs ClusterGroups, ExternalIPPool, ClusterGroup and Group. (#6049 #6239, @luolanzone @antoninbas)
- Remove deprecated ServiceAccount field in ClusterSet type for Antrea Multi-cluster. (#6134, @luolanzone)
- Remove deprecated options enableIPSecTunnel,multicastInterfaces, multicluster.enable and legacyCRDMirroring. (#5158, @luolanzone)
- Clean up unused code for NodePortLocal and remove the deprecated nplPortRange config. (#5943, @luolanzone)
- Clean up deprecated APIServices. (#6002, @tnqn)
Documentation has been updated to reflect recent changes and provide better guidance to users.
- Add upgrade instructions for Antrea v2.0. (#6261, @antoninbas)
- Update the OVS pipeline document and workflow diagram to keep them up to date. (#5412, @hongliangl)
- Clarify documentation for IPPool and ExternalIPPool CRDs. (#6183, @antoninbas)
- Document Pods using FQDN based policies must respect DNS TTL. (#6230, @tnqn)
- Document the limitations of Audit Logging for policy rules. (#6225, @antoninbas)
Optimizing Antrea binaries size.
- Optimize package organization to reduce antctl binary size. (#6037, @tnqn)
- Reduce antrea-cni binary size by removing unnecessary import packages. (#6038, @tnqn)
- Strip all debug symbols from Go binaries by default. (#6035, @antoninbas)
- Disable cgo for all Antrea binaries. (#5988, @antoninbas)
Increase the minimum supported Kubernetes version to v1.19. (#6089, @hjiajing)
Add OVS groups dump information to support bundle to help troubleshooting. (#6195, @shikharish)
Add egressNodeName in flow records for Antrea Flow Aggregator. (#6012, @Atish-iaf)
Add EgressNode field in the Traceflow Egress observation to include the name of the Egress Node. (#5949, @Atish-iaf)
Upgrade IPPool CRD to v1beta1 and make the subnet definition consistent with the one in ExternalIPPool CRD. (#6036, @mengdie-song)
Request basic memory for antrea-controller to improve its scheduling and reduce its OOM adjustment score, enhancing overall robustness. (#6233, @tnqn)
Increase default rate limit of antrea-controller to improve performance for batch requests. (#6231, @tnqn)
Remove Docker support for antrea-agent on Windows, update Windows documentation to remove all Docker-specific instructions, and all mentions of (userspace) kube-proxy. (#6019 #6255, @XinShuYang @antoninbas)
Stop publishing the legacy unified image. (#6182, @antoninbas)
Avoid unnecessary DNS queries for FQDN rule of NetworkPolicy in antrea-agent. (#6200, @tnqn)
Stop using projects.registry.vmware.com for user-facing images. (#6073, @antoninbas)
Fall back to lenient decoding when strict decoding config fails to tolerate unknown fields and duplicate fields, ensuring forward compatibility of configurations. (#6156, @tnqn)
Skip loading openvswitch kernel module if it's already built-in. (#5979, @antoninbas)
Persist TLS certificate and key of antrea-controller and sync the CA cert periodically to improve robustness. (#5955 #6205, @tnqn)
Add more validations for ExternalIPPool CRD to improve robustness. (#5898, @aroradaman)
Add Antrea L7 NetworkPolicy logs for allowed HTTP traffic. (#6014, @qiyueyao)
Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
Add a flag for antctl to print OVS table names when users run antctl get ovsflows --table-names-only. (#5895 #6100, @luolanzone)
Improve log message when antrea-agent fails to join a new Node. (#6048, @roopeshsn)
Remove the prefix rancher-wins when collecting antrea-agent logs on Windows. (#6223, @wenyingd)
Upgrade K8s libraries to v0.29.2. (#5843, @hjiajing)
Upgrade base image from UBI8 to UBI9 for Antrea UBI images. (#5737, @xliuxu)

Fixed

Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
Disable libcapng to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu)
Fix a race condition in antrea-agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
Use 65000 MTU upper bound for interfaces in encap mode to account for the MTU automatically configured by OVS on tunnel ports, and avoid packet drops on some clusters. (#5997, @antoninbas)
Install multicast related iptables rules only on IPv4 chains to fix the antrea-agent initialization failure occurred when the Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)
Remove incorrect AntreaProxy warning on Windows when proxyAll is disabled. (#6242, @antoninbas)
Explicitly set kubelet's log files in Prepare-Node.ps1 on Windows, to ensure that they are included in support bundle collections. (#6221, @wenyingd)
Add validation on antrea-agent options to fail immediately when encryption is requested and the Multicast feature enabled. (#5920, @wenyingd)
Don't print the incorrect warning message when users run antrea-controller --version outside of K8s. (#5993, @prakrit55)
Record event when EgressIP is uninstalled from a Node and remains unassigned. (#6011, @jainpulkit22)
Fix a bug that the local traffic cannot be identified on networkPolicyOnly mode. (#6251, @hongliangl)
Use reserved OVS controller ports for the default Antrea ports to fix a potential ofport mismatch issue. (#6202, @antoninbas)

antrea - Antrea v1.13.4

Published by tnqn 6 months ago

Added

Enable Windows OVS container to run on pristine host environment, without requiring some dependencies to be installed manually ahead of time. (#5440, @NamanAg30)

Changed

Stop using projects.registry.vmware.com for user-facing images. (#6073, @antoninbas)
Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
Disable cgo for all Antrea binaries. (#5988, @antoninbas)

Fixed

Disable libcapng to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu)
Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)
Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)
Install Multicast related iptables rules only on IPv4 chains to fix the Antrea agent initialization failure occurred when Multicast feature is enabled in dual-stack clusters. (#6123, @wenyingd)

antrea - Antrea v1.14.3

Published by tnqn 7 months ago

Changed

Stop using projects.registry.vmware.com for user-facing images. (#6073, @antoninbas)
Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
Disable cgo for all Antrea binaries. (#5988, @antoninbas)

Fixed

Disable libcapng to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu)
Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)

antrea - Antrea v1.15.1

Published by tnqn 7 months ago

Changed

Stop using projects.registry.vmware.com for user-facing images. (#6073, @antoninbas)
Persist TLS certificate and key of antrea-controller and periodically sync the CA cert to improve robustness. (#5955, @tnqn)
Disable cgo for all Antrea binaries. (#5988, @antoninbas)

Fixed

Disable libcapng to make logrotate run as root in UBI images to fix an OVS crash issue. (#6052, @xliuxu)
Fix nil pointer dereference when ClusterGroup/Group is used in NetworkPolicy controller. (#6077, @tnqn)
Fix race condition in agent Traceflow controller when a tag is associated again with a new Traceflow before the old Traceflow deletion event is processed. (#5954, @tnqn)
Change the maximum flags from 7 to 255 to fix the wrong TCP flags validation issue in Traceflow CRD. (#6050, @gran-vmv)
Update maximum number of buckets to 700 in OVS group add/insert_bucket message. (#5942, @hongliangl)
Use 65000 MTU upper bound for interfaces in encap mode in case of large packets being dropped unexpectedly. (#5997, @antoninbas)
Skip loading openvswitch kernel module if it's already built-in. (#5979, @antoninbas)

antrea - Antrea v1.15.0

Published by tnqn 9 months ago

Added

Support Egress using IPs from a subnet that is different from the default Node subnet
. (#5799, @tnqn)
- Refer to this document for more information about this feature.
Add a migration tool to support migrating from other CNIs to Antrea. (#5677, @hjiajing)
- Refer to this document for more information about this tool.
Add L7 network flow export support in Antrea that enables exporting network flows with L7 protocol information. (#5218, @tushartathgur)
- Refer to this document for more information about this feature.
Add a new feature NodeNetworkPolicy that allows users to apply ClusterNetworkPolicy to Kubernetes Nodes. (#5658 #5716, @hongliangl @Atish-iaf)
- Refer to this document for more information about this feature.
Add Antrea flexible IPAM support for the Multicast feature. (#4922, @ceclinux)
Support Talos clusters to run Antrea as the CNI, and add Talos to the K8s installers document. (#5718 #5766, @antoninbas)
Support secondary network when the network configuration in NetworkAttachmentDefinition does not include IPAM configuration. (#5762, @jianjuns)
Add instructions to install Antrea in encap mode in AKS. (#5901, @antoninbas)

Changed

Change secondary network Pod controller to subscribe to CNIServer events to support bridging and VLAN network. (#5767, @jianjuns)
Use Antrea IPAM for secondary network support. (#5427, @jianjuns)
Create different images for antrea-agent and antrea-controller to minimize the overall image size, speeding up the startup of both antrea-agent and antrea-controller. (#5856 #5902 #5903, @jainpulkit22)
Don't create tunnel interface (antrea-tun0) when using Wireguard encryption mode. (#5885 #5909, @antoninbas)
Record an event when Egress IP assignment changes for better troubleshooting. (#5765, @jainpulkit22)
Update Windows documentation with clearer installation guide and instructions. (#5789, @antoninbas)
Enable IPv4/IPv6 forwarding on demand automatically to eliminate the need for user intervention or dependencies on other components. (#5833, @tnqn)
Add ability to skip loading kernel modules in antrea-agent to support some specialized distributions (e.g.: Talos). (#5754, @antoninbas)
Add NetworkPolicy rule name in Traceflow observation. (#5667, @Atish-iaf)
Use Traceflow API v1beta1 instead of the deprecated API version in antctl traceflow. (#5689, @Atish-iaf)
Replace net.IP with netip.Addr in FlowExporter which optimizes the memory usage and improves the performance of the FlowExporter. (#5532, @antoninbas)
Update kubemark from v1.18.4 to v1.29.0 for antrea-agent-simulator. (#5820, @luolanzone)
Upgrade CNI plugins to v1.4.0. (#5747 #5813, @antoninbas @luolanzone)
Update the document for Egress feature's options and usage on AWS cloud. (#5436, @tnqn)
Add Flexible IPAM design details in antrea-ipam.md. (#5339, @gran-vmv)

Fixed

Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)
Prioritize L7 NetworkPolicy flows over TrafficControl to avoid a potential issue that a TrafficControl CR with a redirect action to the same Pod could bypass the L7 engine. (#5768, @hongliangl)
Delete OVS port and flows before releasing Pod IP. (#5788, @tnqn)
Store NetworkPolicy in filesystem as fallback data source to let antre-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
Fix Clean-AntreaNetwork.ps1 invocation in Prepare-AntreaAgent.ps1 for containerized OVS on Windows. (#5859, @antoninbas)
Add missing space to kubelet args in Prepare-Node.ps1 so that kubelet can start successfully on Windows. (#5858, @antoninbas)
Fix antctl trace-packet command failure which is caused by missing arguments. (#5838, @luolanzone)
Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
Set net.ipv4.conf.antrea-gw0.arp_announce to 1 to fix an ARP request leak when a Node or hostNetwork Pod accesses a local Pod and AntreaIPAM is enabled. (#5657, @gran-vmv)
Skip enforcement of ingress NetworkPolicies rules for hairpinned Service traffic (Pod accessing itself via a Service). (#5687 #5705, @GraysonWu)
Add host-local IPAM GC on startup to avoid potential IP leak issue after antrea-agent restart. (#5660, @antoninbas)
Fix the CrashLookBackOff issue when using the UBI-based image. (#5723, @antoninbas)
Remove redundant log in fillPodInfo/fillServiceInfo to fix log flood issue, and update DestinationServiceAddress for deny connections. (#5592 #5704, @yuntanghsu)
Enhance HNS network initialization on Windows to avoid some corner cases. (#5841, @XinShuYang)
Fix endpoint querier rule index in response to improve troubleshooting. (#5783, @qiyueyao)
Avoid unnecessary rule reconciliations in FQDN controller. (#5893, @Dyanngg)
Update Windows OVS download link to remove the invalid certificate preventing unsigned OVS driver installation. (#5839, @XinShuYang)
Fix IP annotation not working on StatefulSets for Antrea FlexibleIPAM. (#5715, @gran-vmv)
Add DHCP IP retries in PrepareHNSNetwork to fix potential IP retrieving failure. (#5819, @XinShuYang)
Revise antctl mc deploy to support Antrea Multi-cluster deployment update when the manifests are changed. (#5257, @luolanzone)

antrea - Antrea v1.14.2

Published by tnqn 9 months ago

Changed

Enable IPv4/IPv6 forwarding on demand automatically to eliminate the need for user intervention or dependencies on other components. (#5833, @tnqn)

Fixed

Store NetworkPolicy in filesystem as fallback data source to let antrea-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
Fix Clean-AntreaNetwork.ps1 invocation in Prepare-AntreaAgent.ps1 for containerized OVS on Windows. (#5859, @antoninbas)
Add missing space to kubelet args in Prepare-Node.ps1 so that kubelet can start successfully on Windows. (#5858, @antoninbas)
Update Windows OVS download link to remove the redundant certificate to fix OVS driver installation failure. (#5839, @XinShuYang)
Add DHCP IP retries in PrepareHNSNetwork on Windows to fix the potential race condition issue where acquiring a DHCP IP address may fail after CreateHNSNetwork. (#5819, @XinShuYang)
Fix antctl trace-packet command failure which is caused by arguments missing issue. (#5838, @luolanzone)
Fix incorrect MTU configurations for the WireGuard encryption mode and GRE tunnel mode. (#5880 #5926, @hjiajing @tnqn)

antrea - Antrea v1.13.3

Published by tnqn 9 months ago

Fixed

Update Install-WindowsCNI-Containerd.ps1 script to make it compatible with containerd 1.7. (#5528, @NamanAg30)
Store NetworkPolicy in filesystem as fallback data source to let antrea-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
Fix Clean-AntreaNetwork.ps1 invocation in Prepare-AntreaAgent.ps1 for containerized OVS on Windows. (#5859, @antoninbas)
Fix antctl trace-packet command failure which is caused by arguments missing issue. (#5838, @luolanzone)
Skip enforcement of ingress NetworkPolicies rules for hairpinned Service traffic (Pod accessing itself via a Service). (#5687 #5705, @GraysonWu)
Set net.ipv4.conf.antrea-gw0.arp_announce to 1 to fix an ARP request leak when a Node or hostNetwork Pod accesses a local Pod and AntreaIPAM is enabled. (#5657, @gran-vmv)
Add DHCP IP retries in PrepareHNSNetwork on Windows to fix the potential race condition issue where acquiring a DHCP IP address may fail after CreateHNSNetwork. (#5819, @XinShuYang)

antrea - Antrea v1.12.3

Published by tnqn 9 months ago

Fixed

Update Install-WindowsCNI-Containerd.ps1 script to make it compatible with containerd 1.7. (#5528, @NamanAg30)
Store NetworkPolicy in filesystem as fallback data source to let antre-agent fallback to use the files if it can't connect to antrea-controller on startup. (#5739, @tnqn)
Support Local ExternalTrafficPolicy for Services with ExternalIPs when Antrea proxyAll mode is enabled. (#5795, @tnqn)
Enable Pod network after realizing initial NetworkPolicies to avoid traffic from/to Pods bypassing NetworkPolicy when antrea-agent restarts. (#5777, @tnqn)
Fix a deadlock issue in NetworkPolicy Controller which causes a FQDN resolution failure. (#5566 #5583, @Dyanngg @tnqn)
Skip enforcement of ingress NetworkPolicies rules for hairpinned Service traffic (Pod accessing itself via a Service). (#5687 #5705, @GraysonWu)
Set net.ipv4.conf.antrea-gw0.arp_announce to 1 to fix an ARP request leak when a Node or hostNetwork Pod accesses a local Pod and AntreaIPAM is enabled. (#5657, @gran-vmv)
Fix antctl tf CLI failure when the Traceflow is using an IPv6 address. (#5588, @Atish-iaf)
Fix NetworkPolicy span calculation to avoid out-dated data when multiple NetworkPolicies have the same selector. (#5554, @tnqn)
Fix SSL library downloading failure in Install-OVS.ps1 on Windows. (#5510, @XinShuYang)
Fix rollback invocation after CmdAdd failure in CNI server. (#5548, @antoninbas)
Do not apply Egress to traffic destined for ServiceCIDRs to avoid performance issue and unexpected behaviors. (#5495, @tnqn)
Do not delete IPv6 link-local route in route reconciler to fix cross-Node Pod traffic or Pod-to-external traffic. (#5483, @wenyingd)

antrea - Release v1.14.1

Published by tnqn 11 months ago

Fixed

Fix the CrashLookBackOff issue when using the UBI-based image. (#5723, @antoninbas)
Skip enforcement of ingress NetworkPolicies rules for hairpinned Service traffic (Pod accessing itself via a Service). (#5687 #5705, @GraysonWu)
Set net.ipv4.conf.antrea-gw0.arp_announce to 1 to fix an ARP request leak when a Node or hostNetwork Pod accesses a local Pod and AntreaIPAM is enabled. (#5657, @gran-vmv)

antrea - Release v1.13.2

Published by tnqn 12 months ago

Fixed

Fix antctl tf CLI failure when the Traceflow is using an IPv6 address. (#5588, @Atish-iaf)
Fix a deadlock issue in NetworkPolicy Controller which causes a FQDN resolution failure. (#5566 #5583, @Dyanngg @tnqn)
Fix NetworkPolicy span calculation to avoid out-dated data when multiple NetworkPolicies have the same selector. (#5554, @tnqn)
Fix SSL library downloading failure in Install-OVS.ps1 on Windows. (#5510, @XinShuYang)
Fix rollback invocation after CmdAdd failure in CNI server. (#5548, @antoninbas)
Do not apply Egress to traffic destined for ServiceCIDRs to avoid performance issue and unexpected behaviors. (#5495, @tnqn)
Do not delete IPv6 link-local route in route reconciler to fix cross-Node Pod traffic or Pod-to-external traffic. (#5483, @wenyingd)

antrea - Release v1.14.0

Published by tnqn 12 months ago

Added

Add rate-limit config to Egress to specify the rate limit of north-south egress traffic of this Egress. (#5425, @GraysonWu)
Add IPAllocated and IPAssigned conditions to Egress status to improve Egress visibility. (#5282, @AJPL88 @tnqn)
Add goroutine stack dump in SupportBundle for both Antrea Agent and Antrea Controller. (#5538, @aniketraj1947)
Add "X-Load-Balancing-Endpoint-Weight" header to AntreaProxy Service healthcheck. (#5299, @hongliangl)
Add log rotation configuration in Antrea Agent config for audit logs. (#5337 #5366, @antoninbas @mengdie-song)
Add GroupMembers API Pagination support to Antrea Go clientset. (#5533, @qiyueyao)
Add Namespaced Group Membership API for Antrea Controller. (#5380, @qiyueyao)
Support Pod secondary interfaces on VLAN network. (#5341 #5365 #5279, @jianjuns)
Enable Windows OVS container to run on pristine host environment, without requiring some dependencies to be installed manually ahead of time. (#5440, @NamanAg30)
Update Install-WindowsCNI-Containerd.ps1 script to make it compatible with containerd 1.7. (#5528, @NamanAg30)
Add a new all-in-one manifest for the Multi-cluster leader cluster, and update the Multi-cluster user guide. (#5389 #5531, @luolanzone)
Clean up auto-generated resources in leader and member clusters when a ClusterSet is deleted, and recreate resources when a member cluster rejoins the ClusterSet. (#5351 #5410, @luolanzone)

Changed

Multiple APIs are promoted from beta to GA. The corresponding feature gates are removed from Antrea config files.
- Promote feature gate EndpointSlice to GA. (#5393, @hongliangl)
- Promote feature gate NodePortLocal to GA. (#5491, @hjiajing)
- Promote feature gate AntreaProxy to GA, and add an option antreaProxy.enable to allow users to disable this feature. (#5401, @hongliangl)
Make antrea-controller not tolerate Node unreachable to speed up the failover process. (#5521, @tnqn)
Improve antctl get featuregates output. (#5314, @cr7258)
Increase the rate limit setting of PacketInMeter and the size of PacketInQueue. (#5460, @GraysonWu)
Add hostAliases to Helm values for Flow Aggregator. (#5386, @yuntanghsu)
Decouple Audit logging from AntreaPolicy feature gate to enable logging for NetworkPolicy when AntreaPolicy is disabled. (#5352, @qiyueyao)
Change Traceflow CRD validation to webhook validation. (#5230, @shi0rik0)
Stop using /bin/sh and invoke the binary directly for OVS commands in Antrea Agent. (#5364, @antoninbas)
Install flows for nested Services in EndpointDNAT only when Antrea Multi-cluster is enabled. (#5411, @hongliangl)
Make rate-limiting of PacketIn messages configurable; the same rate-limit value applies to each feature that is dependent on PacketIn messages (e.g, Traceflow) but the limit is enforced independently for each feature. (#5450, @GraysonWu)
Change the default flow's action to drop in ARPSpoofGuardTable to effectively prevent ARP spoofing. (#5378, @hongliangl)
Remove auto-generated suffix from ConfigMap names, and add config checksums as Deployment annotations in Windows manifests, to avoid stale ConfigMaps when updating Antrea while preserving automatic rolling of Pods. (#5545, @Atish-iaf)
Add a ClusterSet deletion webhook for the leader cluster to reject ClusterSet deletion if there is any MemberClusterAnnounce. (#5475, @luolanzone)
Update Go version to v1.21. (#5377, @antoninbas)