Releases: kubeovn/kube-ovn
v1.5.2 -- Bugfix
New Feature
- Iface now support regex
install.shsupports DPDK resource configuration- Masquerade other nodes to local pod to avoid NodePort triangle traffic
Monitoring
- Add ping total count metric
- Add
ovs-vsctlshow to diagnose results - Add
kubectl describe noto diagnose results
Bugfix
- Fix cleanup scripts
- Update Go to 1.15
- Check ipv6 requirement before start
- Check if ovn-central ip exists in
NODE_IPSbefore start - Fix external-address config description
- Fix the problem of confusion between old and new versions of crd
- Add resources limits to avoid eviction
- NAT rules can be modified
Mics
- Refactor iptable logs
- Tolerate all taints
- OVN/OVS log rotation
v1.5.1 -- Bugfix
This release mainly fix bugs found in v1.5.0 and add function of binding pod to specified subnet
New Feature
- Support binding pod to subnet
Bugfix
- Remove not alive pod in networkpolicy portGroup
- Delete Pod when marked with deletionTimestamp
- Use internal IP when node try to connect to pod
- Do not advertise node switch cidr when enable ovn-ic
- Wrong proto str for udp diagnose
- Wrong ipv6 network format when update subnet
- Broken RPM link
- Default SSL var for compatibility
- Wrong iptable order
- Check multicast and loopback subnet
- CodeQL scan warnings
Mics
- CI: change to official docker buildx action
- Perf: remove default acl rules
- Perf: accelerate ic and ex gw update
Pod EIP, graceful update and more dashboard
From v1.5.0 Kube-OVN takes use of OVN distributed gateway router to implement SNAT and EIP functions. Users now can controller the external IP of a groups of pods. SFC functions is also integrated into OVN to further extend the capability of OVN. In this version, users can also enabled the TLS connection between Kube-OVN components to secure the communication. We also enhance the monitoring and diagnose tools, more metrics and Grafana dashboards are added to better expose the internal stats of the network.
New Feature
- Pod level SNAT and EIP support, please check the Guide
- Integrate SFC function into OVN
- OVN-Controller graceful stop
- Mirror config can be updated dynamically
- Set more metadata to interface external-ids
Security
- Support TLS connection between components
- Change DB file access mode
Monitoring
- Add more metrics to pinger dashboard
- Add more metrics to kube-ovn-cni and a new Grafana dashboard
- Diagnose show ovn-nb and ovn-sb overview
Mics
- Update CI k8s to 1.19
- Change kube-ovn-cni updateStrategy
- Move CNI conf when kube-ovn-cni ready
Bugfix
- Use NodeName as OVN chassis name
- Stop OVN-IC if disabled
- Uninstall scripts will clean up ipv6 iptables and ipset
- Bridging-mapping may conflict, if enable vlan and external gateway
- Pinger ipv6 mode fetch portmaping failed
- Pinger diagnose should reuse cmd args
Multi-Cluster Network, ACL logs and more!
From 1.4, Kube-OVN can connect multiple cluster into one network. Pods in different cluster can communicate with others by Pod IP directly. This version also add ACL log function that can record when and why a packet is dropped by NetworkPolicy. We also enhance many dependency and improve the performance. Please look the changelog for more detail.
New Feature
- Integrate OVN-IC to support multi-cluster networking, Multi-Cluster Networking Steps
- Enable ACL log to record networkpolicy drop packets
- Reserve source ip for NodePort service to local pod
- Support vlan subnet switch to underlay gateway
Bugfix
- Add forward accept rules
- kubectl-ko cannot find nic
- Prevent vlan/subnet init error logs
- Subnet ACL might conflict if allSubnets and subnet cidr overlap
- Missing session lb
Misc
- Update ovs to 2.14
- Update golang to 1.15
- Suppress logs
- Add psp rules
- Remove juju log dependency
v1.3.0 -- Hadware Offload, Gateway QoS and Pod Gateway
From v1.3.0, Kube-OVN support hardware offload which can significantly improve data plane performance and save CPU resource. This version also add gateway qos, pod gateway, session affinity loadbalancer and more features for security and monitoring.
New Feature
- Hardware offload to boost performance in Bare-Metal environment
- Assigning a specific pod as gateway
- Central gateway QoS
- Session affinity service
- Round-robbin IP allocation to relieve IP conflict
Security
- Use gosec to audit code security
- Use trivy to scan and fix image CVEs
- Update loopback plugin to fix CVEs
Bugfix
- Missing package for arm images
- Node annotation overwrite incorrectly
- Create/Delete order might lead ip conflict
- Add MSS rules to resolve MTU issues
Monitoring
- kubectl-ko support ovs-tracing
- Pinger support metrics to resolve external address
Misc
- Update OVN to 20.06
- CRD version upgrade to v1
- Optimize ARM build
- Refactor ovs cmd with ovs.Exec
- OVS-DPDK support config file
- Add DPDK tools in OVS_DPDK image
- Reduce image size of OVS-DPDK
v1.2.1 -- Bugfix
This release fix bugs found in v1.2.0
Bugfix
- Add back privilege for IPv6
- Update loopback cni to fix CVE issues
- Node annotations overwrite incorrectly
- Create/Delete order might lead to ip conflict
Geneve, Vlan, BGP and DPDK all in one network plugin
In this version, Kube-OVN support vlan and dpdk type network interfaces for higher performance requirement.
Thanks for Intel and Ruijie Networks guys who contribute these features.
Previously to expose Pod IP to external network, admins have to manually add static routes.
Now admins can try the new BGP features to dynamically announce routes to external network.
From this version, subnet CIDR can be changed after creation, and routes will be changed if gateway type is modified.
New Feature
- Kube-OVN now supports OVS-DPDK, high performance dpdk application can run in pod
- Kube-OVN now supports vlan underlay network to achieve better network performance
- Kube-OVN now supports using BGP to announce Pod IP routes to external network
- Subnet validator will check if subnet CIDR conflicts with svc or node CIDR
- Subnet CIDR can be changed after creation
- When subnet gateway changed, routes will aromatically changed
Monitoring
- Check if dns and kubernetes svc exist
- Make grafana dashboard more sensitive to changes
Misc
- Patch upstream ovn to reduce lflow count
- Add support for arm64 platform
- Add support for kubernetes 1.18
- Use github action to perform CI tasks
- Optimize some log information
- Move image to dockerhub
Bugfix:
- OVS local interface table mac_in_use row is lower case, but pod annotation store mac in Upper case
- fork go-ping to fix ping lost issues
- Networkpolicy controller will panic if label is nil
- Some concurrent panic when handle pod and subnet update
- Some IPv6 break issues
- Use kubectl version to avoid handshake errors in apiserver
v1.1.1 -- Bugfix
This release fix bugs found in v1.1.0.
Bugfix
- Use legacy iptables to replace default iptables in centos:8 image
- Mount etc/origin/ovn to ovs-ovn
- Fix bugs in go-ping
- Fix yaml indent error
- Fix panic when handles networkpolicy
Monitoring
- Make graph more sensitive to changes
Multi-nic, Hairpin LB and One-click Installation
v1.1.0 -- 2020/04/07
In this version, we refactor IPAM to separate IP allocation logical from OVN. On top of that we provide a general cluster wide IPAM utility for other CNI plugins. Now other CNI plugins like macvlan/host-device/vlan etc can take advantage of subnet and static ip allocation functions in Kube-OVN.Please check this document to see how we combine Kube-OVN and Multus-CNI to provide multi-nic container network.
This version also update OVN to 20.03 and OVS to 2.13 with some x86 related optimization, which increase the control plan data plan performance and we finally support hairpin LB now.
This version also simplify the installation steps by merge all components into one image and add a new one-click installation script to help users setup a high-available, production-ready Kube-OVN container network. Please look the installation guide
IPAM
- Separate IPAM logical form OVN
- Add support for Multus-CNI
Performance
- Recycle address if pod is in failed or succeeded phase
- Delete chassis form ovn-sb when node deleted
- Only enqueue updatePod when needed
- Add x86 optimization CFLAGS
- Add support to disable encapsulation checksum
Monitor
- Diagnose will check Kube-OVN components status
- Diagnose will check crd status
- Diagnose will check kube-proxy and coredns status
Bugfix
- Use uuid to fetch lb vips
- Add inactivity_probe back
- Update svc might remove other svc that with same prefix
- IP prefix might be empty
- Enqueue subnet update to add route
- Add iptables to accept container traffic
Chore
- Update OVN to 20.03 and OVS to 2.13
- Add support for Kubernetes 1.17
- Put all component in one image to reduce distribute burden
- Add scripts to build ovs
- Add one script installer
- Add uninstall script
- Add more e2e tests