This release fix bugs found in v1.1.0.
- Use legacy iptables to replace default iptables in centos:8 image
- Mount etc/origin/ovn to ovs-ovn
- Fix bugs in go-ping
- Fix yaml indent error
- Fix panic when handles networkpolicy
- Make graph more sensitive to changes
In this version, we refactor IPAM to separate IP allocation logical from OVN. On top of that we provide a general cluster wide IPAM utility for other CNI plugins. Now other CNI plugins like macvlan/host-device/vlan etc can take advantage of subnet and static ip allocation functions in Kube-OVN. Please check this document to see how we combine Kube-OVN and Multus-CNI to provide multi-nic container network.
- Separate IPAM logical form OVN
- Add support for Multus-CNI
- Recycle address if pod in failed or succeeded phase
- Delete chassis form ovn-sb when node deleted
- Only enqueue updatePod when needed
- Add x86 optimization CFLAGS
- Add support to disable encapsulation checksum
- Diagnose will check Kube-OVN components status
- Diagnose will check crd status
- Diagnose will check kube-proxy and coredns status
- Use uuid to fetch lb vips
- Add inactivity_probe back
- Update svc might remove other svc that with same prefix
- IP prefix might be empty
- Enqueue subnet update to add route
- Add iptables to accept container traffic
- Update OVN to 20.03 and OVS to 2.13
- Add support for Kubernetes 1.17
- Put all component in one image to reduce distribute burden
- Add scripts to build ovs
- Add one script installer
- Add uninstall script
- Add more e2e tests
This release fix bugs found in v1.0.0
- Use uuid to fetch lb vips
- Add inactivity_probe back
- Update svc might remove other svc that with same prefix
- IP prefix might be empty
- Enqueue subnet update to add route
Kube-OVN has evolved a year from the first release and the core function set is stable with lots of tests and community feedback. It's time to run Kube-OVN in production!
- Disable ovn-nb inactivity_probe to enhance ovn-nbctl daemon performance
- Config ovn-openflow-probe-interval to prevent disconnection when cluster is large
- Pick ovn upstream patch to enhance ovn-controller performance
- Display controller logs in kubectl-ko diagnose
- Expose cni operation metrics
- Pinger check portbindings between local ovs and ovs-sb
- Pinger add timeout for dns/ovs/ovn check
- Add e2e test framework
- Move all components to kube-system namespace to use a higher priorityClass
- Refactor code for better readability
- If cidr block not ends with zero, reformat the cidr block
- CniServer will resync iptables to avoid manually or other software change the iptable
- Do not return not found error when first add node
- Restart ovn-nbctl daemon when it hangs
- RunGateway will restart in case init failed.
- When subnet cidr conflict requeue the subnet
- Recompute ovn-controller periodically to avoid inconsistency
- Wait for flow installed before cni return
- Add back missing lsp gc
- Delete lb if it has no backends
- Update ovn to 2.12.0 and pick performance and raft bugfix from upstream
- Modify upstream ovn to reduce memory footprint
- CniServer filter pod in informer list-watch and disable resync
- Skip evicted pod when enqueueAddPod and enqueueUpdatePod
- When controller restart skip pod already create lsp
- As lr-route-add with --may-exist will replace exist route, no need for another delete
- Pinger support to check external address
- When all ip in subnet is used create lsp will panic with index out of range err
- Mount /var/run/netns into kube-ovn-cniserver for kind
- Use ep.subset.port.name to infer target port number
- Typo in start-ovs.sh
- When delete node recycle related ip/route resource
- Nbctl need timeout to avoid hang infinitely
- Block subnet deletion when there is any ip in use
- IP conflict when use ippool
- GC logical_switch_port form listing pods and nodes
- Do not add unallocated pod to port-group
- PodSelector in networkpolicy should only consider pods in the same ns
- Support kind installation
- Use label to select leader to avoid pod status misleading
- Add wait in cniserver and controller to reduce errors and restarts
This release fix bugs found in v0.9.0
- When all ip in subnet is used create lsp will panic with index out of range err
- Mount /var/run/netns into kube-ovn-cniserver for kind
- Use ep.subset.port.name to infer target port number
- Typo in start-ovs.sh
- When delete node recycle related ip/route resource
- Nbctl need timeout to avoid hang infinitely
- Block subnet deletion when there any ip in use
This release is mainly about controller performance, stability and bugfix
- Improve kube-ovn-pinger metrics to check apiserver and dns
- Add kube-ovn-controller metrics to show the controller status
- Add grafana templates to visualize metrics
- Adjust client-go param to increase parallelism
- Adjust ovn-db and ovn-controller resource
- Merge some ovn-nb requests and remove most wait=ovn-nb params
- LB init conflict when use multiple kube-ovn-controller
- Static Route might lost during leader election
- If pod have not a status.PodIP skip add/del static route
- Add keepalive to ovn-controller
- Add qlen when set egress QoS
- Add ingress_policing_burst to accurate limit ingress bandwidth
- GC resources when kube-ovn-controller starts
- Re-annotate related namespaces when subnet deleted.
- Check the short name of kubernetes services which is independent of the cluster domain name
- Daemonset updateStrategy changes to OnDelete for grace update
- Use new upstream ovn with some kube-ovn related modification
- Remove most privilege container
- When use nodelocaldns, do not nat the local dns server ip
- Support active-backup mode centralized gateway high available
- Kubectl plugin to trace/tcpdump/diagnose pod network traffic
- Pinger to test cluster network quality and expose metrics to Prometheus
- Join subnet ip now can be displayed by
kubectl get ip
- Enable port security to prevent Mac and IP spoofing
- Allow nodes to pods traffic for private subnet
- Support hostport
- Update OVN/OVS to 2.11.3
- Update Go to 1.13
- Reserve vNic for statefulset pods, statefulset pod will reuse previous nic info during statefulset lifetime
- New IP CRD, now you can use
kubectl get ipto obtain ip allocation info
- Check logical switch existence before related operations
- Calculate default values for custom subnet
- Auto unbind previous subnet when namespace bind to a new subnet
- Subnet CRD now has status field to show ip allocation statistic and subnet condition
- Write subnet annotations back to bind namespace
- Enable traffic mirror by default
- Support select all type NetworkPolicy rules
- Private subnet now applies acl to all ports not only gateway ports
- Control plan components now can communicate with IPv6 protocol
- New logo
- 中文文档
- Test Kube-OVN compatible on CentOS 7.5/Ubuntu 16.04 and Ubuntu 18.04
- Add support for Kubespray and kubeasz installation tools
- Rename cni conf to
00-kube-ovn.conflistto improve kubelet priority - Basic TCP performance test on aliyun.
- Support traffic mirror
- Use webhook to check ip conflict
- Beta IPv6 support
- Use subnet CRD to replace namespace annotation
- Use go mod to manage dependency
- Remove RBAC dependency on cluster-admin
- Use kubernetes nodename to replace hostname
- Support NetworkPolicy by OVN ACL
- User can choose interface for inter-host communication
- User can set mtu of pod interface
- Set kernel args when start cniserver
- Add pprof and use it as liveness/readiness probe
- Assign default gw for default switch and node switch
- Expose more cmd args to configure controller and daemon
- Remove mask field from ip annotation
This is a bugfix version
- manual static ip allocation and automatic allocation should use different ip validation
- json: cannot unmarshal string into Go value of type request.PodResponse
- use ovsdb-client to get leader info to avoid log rotation
- use default-gw as default-exclude-ips and expose args to docs
- to cleanup all created resources, not only kube-ovn namespace.
- ovndb now support cluster ha mode
- kube-ovn-controller now support ha mode by leader election
- Pod IP can be exposed to external network directly
- Update OVN to 2.11.1 to fix some known bugs
- Parallelize kube-ovn process to improve control plane performance
- Add vagrant files to do e2e tests
- Use ovs-ctl and ovn-ctl to do health check
- Check subnet cidr conflict
- Validate namespace and pod annotations
- Daemon wait for node annotations ready
- Reuse node annotations when kube-ovn-controller restart
- Namespaced Gateway for external connectivity
- Daemon ovn-nbctl to improve performance
- Daemon init node gw before running controller
- Activate node switch by ping
- Fix ovn-nbctl daemon output format bugs
- ACL allow error
- Distributed Gateway for external connectivity
- Dynamic QoS for pod ingress/egress bandwidth
- Subnet isolation
- Delete empty lb to improve performance
- Delete lb at node switch
- Delete ovn embedded dns
- Fix ovn restart failed issue
- IP/Mac automatic allocation
- IP/Mac static allocation
- Namespace bind subnet
- Namespaces share subnet
- Connectivity between node and pod
- Pod can not access external network
- No HA for control plan