Simple, resilient multi-host containers networking and more.
APACHE-2.0 License
Bot releases are hidden (Show)
Published by bboreham over 3 years ago
Fixes a problem introduced in 2.8.0 for machines whose unique ID is in /etc/machine-id
#3886
Many thanks to contributor @avestuk for this fix.
Also move Kubernetes API calls out of Weave Net daemon #3885 - this reduces the size of the 'weaver' binary and stops it crashing when run on 32-bit ARM.
Published by bboreham almost 4 years ago
This release makes some important changes to trim the "attack surface" of the Kubernetes install, addressing CVE-2020-26278, and improves a couple of reported issues.
Many thanks to contributors @drigz, @KevDBG and @NeonSludge.
Published by bboreham about 4 years ago
This release improves resiliency in a number of areas, and extends the Prometheus metrics exported by Weave Net.
Change in behaviour: on Kubernetes, the client source IP is preserved when calling from a pod to a service.
This feature, introduced in version 2.4.0 and previously turned on by setting NO_MASQ_LOCAL=1
is now on by default. #3389, #3756
type
and encryption
labels to weave_connections
metric #3788, #3789Many thanks to contributors @berlic, @gobomb, @hairyhenderson, @naemono, @nesc58
Published by bboreham over 4 years ago
Fixes a bug that would leak memory every time a fast-datapath connection was stopped. #3808
Also avoid a crash when the machine has ipv6 disabled. #3815
Published by bboreham over 4 years ago
Improves the iptables rule added in 2.6.3 to block just the Weave Net control port, and avoid blocking other uses of 127.0.0.1. #3811
Published by bboreham over 4 years ago
Note 2.6.4 was created to relax the iptables blocking rule added in this release, because it turned out to be too strict.
This release has a couple of security improvements, and some other fixes.
Note that we still recommend to remove CAP_NET_RAW access from untrusted containers.
Published by murali-reddy over 4 years ago
fixes a regression found in 2.6.1 release and fix to prevent CPU spinning
Published by murali-reddy over 4 years ago
support for iptables 1.8 and a bug-fix
Published by bboreham almost 5 years ago
This release reduces CPU and memory usage in larger clusters, by sending notifications to a smaller set of peers and coalescing updates to reduce topology recalculation. #3715, #3732
The default soft limit on connections has been raised from 100 to 200.
Thanks to contributors @christian-2, @hpdvanwyk, @guirish, @kitt1987,
@mmerrill3, @Pensu, @scritchley, @sidharthsurana, @tanishq-dubey
Published by murali-reddy over 5 years ago
This release fixes several bugs causing inconsistencies in IPAM and fixes a
panic in daemon that reclaims and forgets deleted nodes in Kubernetes clusters.
weave forget
for deleted nodes. Fixes panic that occurs in reclaim daemon resulting in weave to attempt to connect to dead nodes #3613, #3623Published by murali-reddy over 5 years ago
This release fixes bugs reported for 2.5 release and small improvements.
Published by bboreham almost 6 years ago
This release adds support for Kubernetes hostPort
mapping (#3016,#3356) and the ipBlock
NetworkPolicy feature (#3168,#3367)
weave
network bridge is accessible on Linux kernels older than 3.14 #3442, #3297, #3239weave
network device is in the Down state #3133, #3381--without-masquerade
option to weave expose
, so external services can see the original container IP address #3388fastdp
works on the 4.19 kernel #3430Thanks to the following contributors:
Published by bboreham about 6 years ago
This release fixes several bugs causing inconsistencies in IPAM for Kubernetes users whose clusters scale up and down over time.
--label
in WEAVE_DOCKER_ARGS
when starting Weave #3370,#3371--token
argument in help for weave launch
#3226, #3379Published by brb about 6 years ago
This release introduces a support for Kubernetes Egress Network Policy (#2624, #3313)
and adds a mechanism for preserving the client source IP address to enable
externalTrafficPolicy: Local
on Kubernetes (#2924, #3298).
In this release we stop supporting the Kubernetes legacy Network Policy previously controlled with the --use-legacy-netpol
flag.
xtables.lock
is mounted as a file so that kube-proxy can take the lockNetworkUnavailable
so that Pods can beorg.opencontainers.image.*
labels to Dockerfiles to improve associationweave reset
on Kubernetes (#3319).dep
instead of git submodules
for managing external packages (#3268).manifest-tool
in Makefile (#3320).Thanks to the following contributors:
Published by brb over 6 years ago
Published by brb over 6 years ago
weave-kube
)Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
Thanks to the following contributors:
Published by bboreham over 6 years ago
This release improves the way Weave Net configures Linux network devices and network filter rules, so that it is more robust in the face of unexpected changes in its environment. #3204,#3224
As a consequence of these changes, the weave attach
command will now fail unless the Weave Net daemon is up and running - previously it was possible to run independently as long as you managed all IP addresses
yourself.
weave-kube
)Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
Thanks to the following contributors:
@vetal4444
Published by bboreham almost 7 years ago
This release fixes a race-condition in the IP reclaim code for weave-kube where, if multiple nodes ran the reclaim process at exactly the same time, two nodes could end up fighting over the same space and break connectivity #3190, #3192
weave-kube
) from pre-version 2.1:There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies
from the networking.k8s.io
API group used by the 'v1' policies and a new role to create ConfigMaps:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net
To use old network policies:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true
Published by bboreham almost 7 years ago
This release fixes a couple of bugs discovered since the release of Weave Net 2.1.0
weave-kube
) from pre-version 2.1:There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies
from the networking.k8s.io
API group used by the 'v1' policies and a new role to create ConfigMaps:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net
To use old network policies:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true
Thanks to the following contributors:
@zignig