v1.7.0

Release for v1.7.0

New Feature

• Support configuration for cni-bin-dir and cni-conf-dir
• Support for vpc nat gateway
• Support for multus ovn nic
• Support ecmp static route for centralized gateway
• Support vxlan tunnel encapsulation
• Support hybrid mode for geneve and vlan
• Support external egress gateway
• Support underlay mode with single nic
• Support kube-ovn-speaker announce service ip
• Support kube-ovn-speaker graceful restart
• Support interconnection between OpenStack and Kubernetes

Bugfix

• Restart when init ping failed
• Make sure northd leader change
• Wrong split in FindLoadbalancer function
• Ip6tables check error
• Reset ovn0 addr
• Masq traffic to ovn0 from other nodes
• Add missing ovn-ic-db schema
• Update ipam cidr when subnet changes
• Disable offload for genev_sys_6081
• Configure nic failed when ifname empty
• Udp checksum offload error
• Restart ovn-controller to force ovn-ic flows update
• Update usingips check when update finalizer for subnet
• Livenessprobe fail if ovn nb/ovn sb not running
• Release norhtd lock when power off
• Fix chassis check for node
• Pod terminating not recycle ip when controller not ready

Monitoring

• Split ovn-monitor from ovn-central as an independent deployment
• Optimization for ovn/ovs status metric
• Add more command to diagnose results, such as ovs-dpctl, ovs-ofctl, ovs-appctl and so on

Performance

• Support use ovs internal-port instead of veth pair to implement pod nic

Test

• Add e2e for ofctl/dpctl/appctl
• Add service e2e
• Add single node e2e
• Add e2e tests for external egress gateway

Mics

• Update ovn to 20.12 and ovs to 2.15
• Update Go to 1.16

v1.6.3

This release mainly fix bugs found in 1.6.2

Bugfix

• fix: do not nat route traffic
• fix: release ip addresses even if pods not found
• security: fix crypto CVE
• fix: add address_set to avoid error message
• fix: add node to pod allow acl
• Handler the parse config error before used
• fix: del might panic if duplicate delete
• fix: do not re-generate ts port
• fix: get_leader_ip always return fist node ip
• fix: do not gc learned routes
• fix: remove tty error notification
• fix ovn nb reconnect
• perf: reclaim heap memory after compaction
• fix: leader may change during startup, use cluster connection to set options
• fix SNAT on pod startup

v1.6.2

This release mainly fix bugs found in 1.6.1

Bugfix

• udp checksum offload error
• restart ovn-controller to force ovn-ic flows update
• update usingips check when update finalizer for subnet
• add node address allocate check when init
• livenessprobe fail if ovn nb/ovn sb not running
• ignore ip6tabels check for v4 hostIP
• release norhtd lock when power off
• fix chassis check for node
• configure nic failed when ifname empty

v1.6.1

This release mainly fix bugs found in 1.6.0

Bugfix

• DualStack error logs
• IP count error in DualStack mode
• ip6tables check error
• Update ipam cidr when subnet changes
• When address is empty, skip route/nat deletion
• Waiting pod network ready takes too long
• Add new iptables clean up commands
• Pod terminating not recycle ip when controller not ready
• Restart when init ping failed
• Make sure northd leader change
• Check required module before start
• Underlay gateway flood logs
• Wrong split in FindLoadbalancer function
• Reset ovn0 addr
• Set default db addr same with leader node to fix nb and sb error 'bind: Address already in use'
• Masq traffic to ovn0 from other nodes

Misc

• Update ovn to 20.12 and ovs to 2.15

v1.6.0 -- VPC, DualStack, BGP Gateway and more

New Feature

• Basic support for custom VPC
• DualStack support
• Overlay to underlay gateway through BGP
• Support binding pod to subnet
• Support distributed eip
• Support disable interconnection for specific subnet
• Iface now support regex
• install.sh supports DPDK resource configuration
• Remove cluster ip dependency for ovn/ovs components
• Change base image to ubuntu
• Update OVN to 20.09

Monitoring

• Add OVN/OVS monitor
• Add ovs client latency metrics
• Add ping total count metric
• Add ovs-vsctl show to diagnose results
• Add kubectl describe no to diagnose results
• Add ovs-vsctl show to diagnose results
• Add available IP metrics
• Add more dashboard

Mics

• CI: change to official docker buildx action
• Perf: remove default acl rules
• ci: add github code scan
• Add version info
• Reduce image size
• Perf: accelerate ic and ex gw update
• Refactor iptable logs
• Tolerate all taints
• OVN/OVS log rotation
• Update Go to 1.15
• Multi arch image

Bugfix

• Remove not alive pod in networkpolicy portGroup
• Delete Pod when marked with deletionTimestamp
• Use the internal IP when node try to connect to pod
• Do not advertise node switch cidr when enable ovn-ic
• Wrong proto str for udp diagnose
• IPv6 len mismatch
• Add default SSL var for compatibility
• Wrong ipv6 network format when update subnet
• Broken RPM link
• Default SSL var for compatibility
• Wrong iptable order
• Check multicast and loopback subnet
• CodeQL scan warnings
• Fix cleanup scripts
• Check ipv6 requirement before start
• Check if ovn-central ip exists in NODE_IPS before start
• Fix the problem of confusion between old and new versions of crd
• Fix external-address config description
• Add resources limits to avoid eviction
• NAT rules can be modified
• Masquerade other nodes to local pod to avoid NodePort triangle traffic
• OVN-IC support SSL
• Pod static ip validation
• Multiple rule networkpolicy issues
• Modify service vip parse error
• CNIServer default encap ip use node ip

v1.5.2 -- Bugfix

New Feature

• Iface now support regex
• install.sh supports DPDK resource configuration
• Masquerade other nodes to local pod to avoid NodePort triangle traffic

Monitoring

• Add ping total count metric
• Add ovs-vsctl show to diagnose results
• Add kubectl describe no to diagnose results

Bugfix

• Fix cleanup scripts
• Update Go to 1.15
• Check ipv6 requirement before start
• Check if ovn-central ip exists in NODE_IPS before start
• Fix external-address config description
• Fix the problem of confusion between old and new versions of crd
• Add resources limits to avoid eviction
• NAT rules can be modified

Mics

• Refactor iptable logs
• Tolerate all taints
• OVN/OVS log rotation

v1.5.1 -- Bugfix

This release mainly fix bugs found in v1.5.0 and add function of binding pod to specified subnet

New Feature

• Support binding pod to subnet

Bugfix

• Remove not alive pod in networkpolicy portGroup
• Delete Pod when marked with deletionTimestamp
• Use internal IP when node try to connect to pod
• Do not advertise node switch cidr when enable ovn-ic
• Wrong proto str for udp diagnose
• Wrong ipv6 network format when update subnet
• Broken RPM link
• Default SSL var for compatibility
• Wrong iptable order
• Check multicast and loopback subnet
• CodeQL scan warnings

Mics

• CI: change to official docker buildx action
• Perf: remove default acl rules
• Perf: accelerate ic and ex gw update

Pod EIP, graceful update and more dashboard

From v1.5.0 Kube-OVN takes use of OVN distributed gateway router to implement SNAT and EIP functions. Users now can controller the external IP of a groups of pods. SFC functions is also integrated into OVN to further extend the capability of OVN. In this version, users can also enabled the TLS connection between Kube-OVN components to secure the communication. We also enhance the monitoring and diagnose tools, more metrics and Grafana dashboards are added to better expose the internal stats of the network.

New Feature

• Pod level SNAT and EIP support, please check the Guide
• Integrate SFC function into OVN
• OVN-Controller graceful stop
• Mirror config can be updated dynamically
• Set more metadata to interface external-ids

Security

• Support TLS connection between components
• Change DB file access mode

Monitoring

• Add more metrics to pinger dashboard
• Add more metrics to kube-ovn-cni and a new Grafana dashboard
• Diagnose show ovn-nb and ovn-sb overview

Mics

• Update CI k8s to 1.19
• Change kube-ovn-cni updateStrategy
• Move CNI conf when kube-ovn-cni ready

Bugfix

• Use NodeName as OVN chassis name
• Stop OVN-IC if disabled
• Uninstall scripts will clean up ipv6 iptables and ipset
• Bridging-mapping may conflict, if enable vlan and external gateway
• Pinger ipv6 mode fetch portmaping failed
• Pinger diagnose should reuse cmd args

Multi-Cluster Network, ACL logs and more!

From 1.4, Kube-OVN can connect multiple cluster into one network. Pods in different cluster can communicate with others by Pod IP directly. This version also add ACL log function that can record when and why a packet is dropped by NetworkPolicy. We also enhance many dependency and improve the performance. Please look the changelog for more detail.

New Feature

• Integrate OVN-IC to support multi-cluster networking, Multi-Cluster Networking Steps
• Enable ACL log to record networkpolicy drop packets
• Reserve source ip for NodePort service to local pod
• Support vlan subnet switch to underlay gateway

Bugfix

• Add forward accept rules
• kubectl-ko cannot find nic
• Prevent vlan/subnet init error logs
• Subnet ACL might conflict if allSubnets and subnet cidr overlap
• Missing session lb

Misc

• Update ovs to 2.14
• Update golang to 1.15
• Suppress logs
• Add psp rules
• Remove juju log dependency

v1.3.0 -- Hadware Offload, Gateway QoS and Pod Gateway

From v1.3.0, Kube-OVN support hardware offload which can significantly improve data plane performance and save CPU resource. This version also add gateway qos, pod gateway, session affinity loadbalancer and more features for security and monitoring.

New Feature

• Hardware offload to boost performance in Bare-Metal environment
• Assigning a specific pod as gateway
• Central gateway QoS
• Session affinity service
• Round-robbin IP allocation to relieve IP conflict

Security

• Use gosec to audit code security
• Use trivy to scan and fix image CVEs
• Update loopback plugin to fix CVEs

Bugfix

• Missing package for arm images
• Node annotation overwrite incorrectly
• Create/Delete order might lead ip conflict
• Add MSS rules to resolve MTU issues

Monitoring

• kubectl-ko support ovs-tracing
• Pinger support metrics to resolve external address

Misc

• Update OVN to 20.06
• CRD version upgrade to v1
• Optimize ARM build
• Refactor ovs cmd with ovs.Exec
• OVS-DPDK support config file
• Add DPDK tools in OVS_DPDK image
• Reduce image size of OVS-DPDK