v1.1.0-rc1

• This release brings in to much needed updates to critcal vendored dependencies
  - gobgp is updated latest version 2.19
  - k8s.io/client-go, k8s.io/apimachinery, k8s.io/api are updated to v0.18.6
• Also dep is no longer used, we will be using go modules going forward for dependency management
• Go 1.13 is version used for building kube-router and gobgp binaries

and couple of bug fixes.

Changelog

ac556ab pin goreleaser to v0.142.0, latest is causing errors
3c734fb merge gobgp-update into master (#982)
cebe8b7 Merge pull request #981 from cloudnativelabs/lint-errors
3b992e4 fix build break due to go linter errros
7cd5235 fix(network_policy): missed gofmt on #970
827ce55 Permit ExternalIP on input (#970)
c6ef3b8 Merge pull request #975 from mrueg/conv-fix
4d1fc8d Fix unnecessary conversions
b7610a0 Merge pull request #974 from aauren/add_kube-router_options_to_issue_template
b4203cb feat(bug_report.md): add parameters section to bug report
7613a73 add IfaceHasNoAddr check for external ip delete error (#971)
0cca5f1 Merge pull request #969 from aauren/fact/sort_options
f6210da fact(options): alphabetize imports
797ee0a fact(options): alphabetize options by parameter name
202f92b fact(options): alphabetize struct fields
4307bdd ISSUE_TEMPLATE: Add missing headers (#966)
36daba8 Setup Issue Templates (#963)
e35dc9d Merge pull request #958 from coufalja/random-all
68dba40 Clean original iptables rule if --random-fully is supported
d5af1a9 Merge pull request #961 from cloudnativelabs/remove_deprecated_cluster-cidr_option
5ef989c fix(options): remove deprecated cluster-cidr option
19a5b1a Merge pull request #959 from cloudnativelabs/goreleaser-ldflags
ece8987 .goreleaser.yml: Add LDFLAGS
a33089d [testing] run go linters (#943)
8d424ea Fix pod egress rule cleanup
3e33a9c Merge pull request #957 from qingkunl/add_nsswitch_conf
d66a3bb Activate --random-fully where supported
23b2b99 Bump go-iptables
17f2786 add /etc/nsswitch.conf in Dockerfile
3ab31ab Merge pull request #955 from cloudnativelabs/fix-build-break
bb35b9a fix lint error: minor fix to catch the error from .bgpServer.Stop()
031a992 Merge pull request #786 from jdrahos/rr_ipv4_785
aec73b8 fix(nsc): update IPVS svc when timeout changes (#952)
1c18462 The bgp-holdtime function parameter of setting holdtime is added to adjust the holdtime of BGP negotiation with the connected network devices. (#921)
3fd8dc5 Merge pull request #953 from aauren/bgp_graceful_restart_time
b07f53f fix(graceful_restart): gofmt and doc fixes so unit tests pass
1c594b2 Allow setting BGP Graceful restart time from CLI
27857d3 Merge pull request #822 from kvaps/fix-821
c61dc8f fix tolerations
8023f6a Allow to configure cluster id using IPv4 strings

v1.0.1

Changelog

6af898b add /etc/nsswitch.conf in Dockerfile
9c9e935 fix lint error: minor fix to catch the error from .bgpServer.Stop()
8e65593 Allow to configure cluster id using IPv4 strings
606edcc fix(nsc): update IPVS svc when timeout changes (#952)
7a104ba fix tolerations

v1.0.0

Breaking changes and knows issues:

If you are upgrading from v1.0.0-rc4 or earlier version following breaking changes apply:

• The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
• if you have egress network policies applied to workload, you need to ensure proper value for service-cluster-ip-range and service-node-port-range configured to ensure pod's can access service cluster IP's and NodePort services

Changelog

b6acd0a stop processing service and endpoints updates if network service (#939)
b7aad2e doc(user-guild.md): add info about proxy and SNAT (#935)
c71eb9a proxy: only output Error log when there's an error (#942)
fb93467 Merge pull request #929 from aauren/handle_branches_with_slashes
3156f43 Makefile: remove slashes from git branch if they exist

v1.0.0-rc6

Bug fix release. Fixes for regressions found in v1.0.0-rc5

thanks @eeeeeta for reporting and fixing the regression

Breaking changes and knows issues:

If you are upgrading from v1.0.0-rc4 or earlier version please see release notes for v1.0.0-rc5. Same breaking changes and known issues apply for this release as well

Changelog

4f9a794 Merge pull request #931 from cloudnativelabs/pr914-feedback
1bec864 avoide listing a chain if the rule already exists
309c803 Merge pull request #928 from eeeeeta/fix-generate-fwmark
a2ac2f0 fix unintentional Sprint of two-argument generateFwmark() call
a23017d Merge pull request #927 from cloudnativelabs/bgppolicies
81d717d fix false negative errors in creating BGP defined sets

v1.0.0-rc5

This release has serveral improvements to network policies implementation in kube-router and cleanup of code base to fix all go lint errors and few bug fixes.

Thanks @mrueg @aauren @liuxu623 for your the PR's.

Thanks @aauren for reporting regression in v1.0.0-rc4 and critical feedback on network policy implementation some of which are addressed in this release.

Note: This release has following breaking changes:

• The way network policies are configured using iptables on the nodes has been modified to keep built in chains cleaner. You need to flush the iptables filter table or reboot the node before running this version of kube-router
• if you have egress network policies applied to workload, you need to ensure proper value for service-cluster-ip-range and service-node-port-range configured to ensure pod's can access service cluster IP's and NodePort services

Note: This release has following known issues:

• please see #934

Changelog

e858e26 change ACCEPT to RETURN with mark when a netpol is matched so that we run through (#915)
4d6b0b8 whitelist traffic to cluster IP and node ports in INPUT chain to bypass netwrok policy enforcement (#914)
210dc3d avoids adding kube-router specific rules to enforce network policies in (#909)
8f5c959 full sync when namespace labels change (#917)
12674d5 Add golangci-lint support (#895)
4a08e11 Dockerfile: Update to alpine:3.11 (#918)
cb48a7f fix(network_routes): missing node ip -> error log (#904)
d2178da fix(ecmp_vip): check for nil nodename (#903)

v1.0.0-rc4

Thanks to @aauren for your contributions!

Changelog

837554b Fix Memory Consumption in network_policy_controller (#902)

v1.0.0-rc3

Changelog

#900 - Fix Network Policy Cleanup Code
#894 - .goreleaser.yml: Multiarch build
#898 - Use same image for container and initContainer

Thanks @mrueg & @cfrantsen for your contributions!

v1.0.0-rc2

We are excited to release rc2 candidate for v1.0 release.

thanks @rmb938 @CertainLach @mrueg @ufou @ldx @bumyongchoi @filintod @aauren @paulbsch for your contribution

Changelog

f695c75 Merge pull request #892 from cloudnativelabs/proxy-healtchecks
e04ac66 ensure hearbeats are sent during sync done for add/delete/update events of service, endpoints
361d6fe outbound traffic from pod should be intercepted in filter table INPUT chain (#891)
df40aa5 push multi-arch images to the dev registry (#890)
1af329c nflog the packet that will be dropped by network policy enforcement (#889)
f3ea1a6 Merge pull request #888 from CertainLach/master
86ebd28 Fix for same issue as #750, but for network_routes_controller
21ea5a5 Add multi-arch support for container images. (#885)
2462137 .travis.yml: Update manifest-tool to 1.0.2 (#886)
ea4f2db Merge pull request #747 from ufou/enable_bgp_restart_default
6640c65 mount host /run/xtables.lock to kube-router container which will be (#884)
ffad338 Handle missing routing tables (#865)
f5db29e honor the ClientIP session affinity timeout when set. (#882)
7777b9a use Spec.PolicyTypes for the type of network policy (#883)
0f21f87 withdraw external IP from advertisement only if the deleted service is the last service using external IP (#850)
3e67159 Update selectors to allow matchexpressions as well as matlabels (#881)
b5e9bd3 intercept pod egress traffic going through the OUTPUT chain of filter table and run through the (#875)
4c764f5 handle DeletedFinalStateUnknown objects in DeleteFunc handlers (#856)
19e5637 switch --set to less ambiguous --match-set (#874)
2c4911b Fix unit test failure due to switch of listing node API objects from (#869)
d838253 Add Numberly to USERS.md (#867)
33724aa read the necessary API objects from local cache instead of listing from the API server (#864)
5c5dc41 add Globo.com to USERS.md (#858)
945a8ca Update USERS.md (#857)
3b9f22b add enix as user (#855)
c857f5d add DigitalOcean to USERS.md (#852)
97ec4dd adding kube-router users list (#851)
0857436 use endpoint (IP, port) tuple to track active endpoints of a service in use. Currently only endpoint IP (#842)
4f627bc Enable ppc64le builds (#847)
8f0bcfb Enabling --bgp-graceful-restart by default when the router component is deployed via daemonset

v1.0.0-rc1

Note: Please note behaviour change that is introduced by 13421da. Functionally service proxy will remain same but kube-router now will internally use SNAT instead of MASQUERADE

Changelog

9db9a49 populate pod CID in network routing controler to simulate reading from node spec once at begining (#844)
148736b fix gofmt
459e52e fix unhealthy on api server down (#813)
97c682e Ignore deletion of unknown IPVS rules (#830)
13421da Use SNAT instead of MASQUERADE to source NAT outbound IPVS traffic (#668)

v0.4.0

restrict externalTrafficPolicy=Local interpretation only to NodePort …