Releases: weaveworks/weave
Weave 2.5.2
Release 2.5.2
This release fixes several bugs causing inconsistencies in IPAM and fixes a
panic in daemon that reclaims and forgets deleted nodes in Kubernetes clusters.
Bug fixes
- In Kubernetes cluster, when a pod is deleted and at the same time if weave-net pod is restarting or in rare occasion like when weave-kube container is hung then IP address assigned to the pod is not freed and never released, potentially running out of IP's to allocate to the pod's on the node #3587, #3638
- In Kubernetes cluster a reclaim daemon runs as part of kube-utils that automates
weave forgetfor deleted nodes. Fixes panic that occurs in reclaim daemon resulting in weave to attempt to connect to dead nodes #3613, #3623 - make Weave's IPAM resilient by preventing inconsistent IPAM entries to occur in the ring and resolve the conflict if they occur durning IPAM ring merge #3629, #3635, #3632, #3444
Weave Net 2.5.1
Weave Net 2.5.0
Release 2.5.0
This release adds support for Kubernetes hostPort mapping (#3016,#3356) and the ipBlock NetworkPolicy feature (#3168,#3367)
Bug fixes
- Fix a crash at start-up on Docker for Mac #3405, #3408
- Network policy: block ingress traffic when no namespaceSelector or podSelector is specified #3347
- Reclaim IP addresses which are locked by a non-existent peer #3386, #3416
- Fix a crash when blank IP data was loaded #3067, #3415
Other improvements
- If a connection is downgraded to the slower "sleeve" mode, Weave Net will now periodically try to upgrade it to "fast datapath" again. #1737, #3385
- Reclaim removed Kubernetes nodes' IP space and stop trying to connect to them when they are deleted, rather than on next restart #3372, #3399
- Replace Kubernetes livenessProbe with readinessProbe, so the pod is not killed if it runs slowly #3471, #3421
- In Kubernetes NetworkPolicy controller, remove the need to maintain a set of local pod IP addresses #3344, #3423
- Don't crash on Kubernetes named port in NetworkPolicy, just report as unsupported #3375
- Ensure the
weavenetwork bridge is accessible on Linux kernels older than 3.14 #3442, #3297, #3239 - Better reporting in the logs if the
weavenetwork device is in the Down state #3133, #3381 - Change log-level to debug of calls through the Docker proxy, to reduce noise #3439
- Add
--without-masqueradeoption toweave expose, so external services can see the original container IP address #3388 - Include Kubernetes cluster information in checkpoint call #3324,#3431
- Bump go-odp dependency, so that
fastdpworks on the 4.19 kernel #3430
Build and Testing
- CI builds on master branch now publish images for all platforms
- Fix golint path and use https for download of libpcap #3435
- Update Kubernetes client-go to v8.0.0, removing code licenced under LGPL3 #3358,#3366
- Migrate CircleCI to V2, which is much faster #3255,#3270
External Contributors
Thanks to the following contributors:
Weave Net 2.4.1
Release 2.4.1
This release fixes several bugs causing inconsistencies in IPAM for Kubernetes users whose clusters scale up and down over time.
Bug fixes
- Nodes unable to connect after Kubernetes addon erroneously reclaimed node without any IP addresses #3392, #3393
- Kubernetes addon could have run out of free IP addresses after nodes are deleted #3384, #3400
- Kubernetes addon had reduced free IP addresses due to not reclaiming IP addresses when node name is re-used #3397
Other improvements
Weave 2.4.0
Release 2.4.0
This release introduces a support for Kubernetes Egress Network Policy (#2624, #3313)
and adds a mechanism for preserving the client source IP address to enable
externalTrafficPolicy: Local on Kubernetes (#2924, #3298).
In this release we stop supporting the Kubernetes legacy Network Policy previously controlled with the --use-legacy-netpol flag.
Bug fixes
- Increase the ipset list size which prevents weave-npc from crashing on older
kernels when more than eight Kubernetes Namespaces are used (#3289, #3305). - Avoid a possible livelock when reclaiming IP address space in weave-kube (#3317).
- Ensure
xtables.lockis mounted as a file so that kube-proxy can take the lock
if it has started after Weave Net (#3351, #3353). - Upgrade the CNI plugin symlinks only if the plugin has changed (#3337, #3345).
Other improvements
- Manipulate the Kubernetes node status
NetworkUnavailableso that Pods can be
scheduled on nodes when the GCE cloud provider is in use (#3249, #3307, #3332, #3334). - Refrain from creating a subprocess for configuring a network interface in
a container network namespace (#3291). - Protect against handling the CNI plugin request with the host namespace which
prevents Weave Net from misconfiguring the host network (#3206, #3346). - Weave Net can be run on minikube VM (#3124).
- Add
org.opencontainers.image.*labels to Dockerfiles to improve association
of the container images with git revisions (#3299). - Improve the error message when running
weave reseton Kubernetes (#3319).
Build and Testing
- Use
depinstead ofgit submodulesfor managing external packages (#3268). - Fix usage of
manifest-toolin Makefile (#3320). - Update Kubernetes to 1.11 for the integration tests (#3340).
External Contributors
Thanks to the following contributors:
Weave 2.3.0
Release 2.3.0
Security fixes
- By default, do not expose Weave "/status" and "/report" to all (0.0.0.0) when
running on Kubernetes #3271
Other improvements
- Increase the default connection limit for Weave peers (from 30 to 100) when
running on Kubernetes, so that more peers could directly connect #3265
Build and test
Weave 2.2.1
Release 2.2.1
Bug fixes
- Fix a bug in weave-npc which would allow ingress traffic to Kubernetes Pods selected by a NetworkPolicy in which source and destination selectors were the same #3222,#3237
- Fix a bug in weave-npc which would crash if a previously deleted Kubernetes Namespace has been created again #3247,#3250
Other improvements
- Increase the default connection limit for Weave peers (from 30 to 100), so that more peers could directly connect #3234
- When doing a rolling update of Weave Net on Kubernetes, allow each node five seconds to initialize before rolling next Weave Net Pod, so that issues at startup will halt the rollout and not spread across the whole cluster #3235
- Install common CA certificates from Alpine Linux package instead of copying them manually #3236
Upgrading the Weave Net Kubernetes addon (weave-kube)
Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
External contributors
Thanks to the following contributors:
Weave 2.2.0
Release 2.2.0
This release improves the way Weave Net configures Linux network devices and network filter rules, so that it is more robust in the face of unexpected changes in its environment. #3204,#3224
As a consequence of these changes, the weave attach command will now fail unless the Weave Net daemon is up and running - previously it was possible to run independently as long as you managed all IP addresses
yourself.
Other improvements
- Update library miekg/dns for CVE-2017-15133 (details under embargo) #3223,#3227
- Reduce the volume of logging from weave-npc #3183
- Add ability to set log level for Docker "v2" plugin, and change default log level from DEBUG to INFO #3197
- Downgrade log messages about Discovery and Expiration to DEBUG level #3202,#3203
- Use command-line parameter for WeaveDNS address in Docker proxy #3196
Bug fixes
- Ensure that rules to block traffic for NetworkPolicy are placed ahead of rules that Kubernetes has added to allow other traffic #3209,#3210
Build and test
- Update CI tests to use Kubernetes 1.9.2 #3229
- Remove "daily update" from test VMs that only run for a few minutes #3224
Upgrading the Weave Net Kubernetes addon (weave-kube)
Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:
kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"
External Contributors
Thanks to the following contributors:
@vetal4444
Weave 2.1.3
Release 2.1.3
This release fixes a race-condition in the IP reclaim code for weave-kube where, if multiple nodes ran the reclaim process at exactly the same time, two nodes could end up fighting over the same space and break connectivity #3190, #3192
Upgrading the Weave Net Kubernetes addon (weave-kube) from pre-version 2.1:
There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net
To use old network policies:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true
Weave Net 2.1.2
Release 2.1.2
This release fixes a couple of bugs discovered since the release of Weave Net 2.1.0
Bug fixes
- Fix crash seen when starting 10-15 nodes simultaneously #3184,#3186
- Fix NetworkPolicy blocking traffic if updates come out of order from Kubernetes #3177,#3181
Upgrading the Weave Net Kubernetes addon (weave-kube) from pre-version 2.1:
There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net
To use old network policies:
kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true
External Contributors
Thanks to the following contributors:
@zignig