v1.4.1: Merge pull request #991 from containernetworking/dependabot/docker/do…

…t-github/actions/retest-action/alpine-3.19

build(deps): bump alpine from 3.18 to 3.19 in /.github/actions/retest-action

CNI Plugins v1.4.0

New features:

• (#832). tap: allow for a tap device to be created as a bridge port
• (#914). [tuning] add ability to set tx queue len

Improvements:

• (#969). Add CNI_NETNS_OVERRIDE
• (#979). Add ndisc_notify in ipvlan for ipv6 ndp
• (#974). macvlan: enable ipv6 ndisc_notify
• (#950). Create IPAM files with 0600 permissions
• (#924). More efficient iptables usage.
• (#902). spoofcheck: Make use of go-nft's ApplyConfigEcho(). This is much faster
• (#874). Add routes propagation for VRF plugin

Build:

• (#982). Bump to golang:1.21-alpine
• (#948). build: Use POSIX sh for shell scripts

Bug fixes:

• (#954). macvlan cmdDel: handle deletion when master has been deleted
• (#927). vrf: fix route filter to use output iface

CNI Plugins v1.3.0

This release introduces a new plugin: tap. Thanks to @mmirecki for contributing this

New features:

• (#784). tap: This PR adds a plugin to create tap devices.
• (#829). bridge: add vlan trunk support
• (#875). bridge: Add parameter to disable default vlan
• (#814). macvlan: Add support for in-container master
• (#813). ipvlan: Add support for in-container master
• (#781). vlan: Add support for in-container master

Improvements:

• (#880). bridge: read only required chain on cni del instead of the entire ruleset
• (#873). bridge, spoof check: remove drop rule index

Bug fixes:

• (#892). sbr: Ignore LinkNotFoundError during cmdDel null
• (#887). ptp: Fix ValidateExpectedRoute with non default routes and nil GW
• (#885). tuning: fix cmdCheck when using IFNAME
• (#831). Fix overwritten error var in getMTUByName
• (#821). Only check or del ipv6 when an IPv6 is configured

CNI Plugins v1.2.0

Changelog:

New plugins & features

• (#743). dummy: Create a Dummy CNI plugin that creates a virtual interface
• (#725). V2 API support for win-overlay CNI
• (#693). tuning Add sysctl allowList

Bug fixes

• (#809). bridge: refresh host-veth mac after port add
• (#802). Add IPv6 support for AddDefaultRoute
• (#779). Fix path substitution to enable setting sysctls on vlan interfaces
• (#782). host-local: fix bug on getting NextIP of addresses with first byte
• (#709). dhcp: Fix client id in renew/release

Improvements & Cleanups:

• (#772). portmap support masquerade all
• (#733). bridge: support IPAM DNS settings
• (#702). bridge: call ipam.ExecDel after clean up device in netns #702
• (#768). dhcp: Cleanup Socket and Pidfile on exit
• (#792). dhcp: Update Allocate method to reuse lease if present
• (#755). dhcp: Use the same options for acquiring, renewing lease
• (#730). tuning Check for duplicated sysctl keys
• (#739). build: support riscv64
• (#712). bug: return errors when iptables and ip6tables are unusable
• (#719). Make description for static plugin more exact

As always, many thanks to our contributors.

CNI plugins v1.1.1

Plugins release v1.1.1

This is a patch release that fixes the following bugs in v1.1.0:

• #702 bridge: call ipam.ExecDel after clean up device in netns
• #709 ipam/dhcp: Fix client id in renew/release

v1.1.0 Changelog:

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

CNI Plugins v1.1.0

This release brings a number of new features, along with the usual
smattering of bug fixes and cleanups.

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

🎉 CNI Plugins v1.0.1 🎉

CNI Plugins v1.0.1 is here

This release adds support for CNI Spec v1.0. Additionally, it officially declares CNI as a stable project.

The Flannel CNI plugin has been moved to a separate project, and is no longer included here.

Changes since v1.0.0 🤦‍♂️

• plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped

Changes since v0.9.1

⚠️ Breaking Changes

• plugins: remove flannel (#633). Flannel's CNI plugin now has its own repository

📈 New Features

• bridge: Add mac field to specify container iface mac (#636).
• (generic) Allow multiple routes to be added for the same prefix (#615). Enables ECMP.
• (sbr): Add multi IP support (#623).

✨ Other improvements

• (generic): place veth peer in host namspace directly (#645).
• (windows): refactor win-bridge, support HNSv2 (#617).
• (host-local): support ip/prefix in env args and CNI args (#630).
• (host-local): support custom IPs allocation through runtime configuraton (#599).
• (tuning): always update MAC in CNI result (#626).
• (tuning): Add support of altering the allmulticast flag (#624).

🐛 Bug Fixes

• host-local: remove redundant startRange in RangeIterator to avoid mismatching with startIP (#583). Fixes possible infinite loop.
• portmap: use slashes in sysctl template to support interface names which separated by dots (#589).
• pkg/ipam: convert dots to slashes in interface names for sysctl (#585).
• win-bridge: fix panic while calling HNS api (#590). fix a nil pointer panic while calling HNS API (V1) on win-bridge.
• [macvlan] Stop setting proxy-arp on macvlan interface (#586).

As always, thanks to our dedicated maintainers and contributors!

🎉 CNI Plugins v1.0.0 🎉

CNI Plugins v1.0.0 is here

This release adds support for CNI Spec v1.0. Additionally, it officially declares CNI as a stable project.

Changes since v0.9.1

⚠️ Breaking Changes

• plugins: remove flannel (#633). Flannel's CNI plugin now has its own repository

📈 New Features

• bridge: Add mac field to specify container iface mac (#636).
• (generic) Allow multiple routes to be added for the same prefix (#615). Enables ECMP.
• (sbr): Add multi IP support (#623).

✨ Other improvements

• (generic): place veth peer in host namspace directly (#645).
• (windows): refactor win-bridge, support HNSv2 (#617).
• (host-local): support ip/prefix in env args and CNI args (#630).
• (host-local): support custom IPs allocation through runtime configuraton (#599).
• (tuning): always update MAC in CNI result (#626).
• (tuning): Add support of altering the allmulticast flag (#624).

🐛 Bug Fixes

• host-local: remove redundant startRange in RangeIterator to avoid mismatching with startIP (#583). Fixes possible infinite loop.
• portmap: use slashes in sysctl template to support interface names which separated by dots (#589).
• pkg/ipam: convert dots to slashes in interface names for sysctl (#585).
• win-bridge: fix panic while calling HNS api (#590). fix a nil pointer panic while calling HNS API (V1) on win-bridge.
• [macvlan] Stop setting proxy-arp on macvlan interface (#586).

As always, thanks to our dedicated maintainers and contributors!

CNI plugins v0.9.1

This is a minor update to the CNI plugins that bumps a few dependencies and includes some small behavior tweaks.

New behavior:

• DHCP timeout is configurable (#565).
• host-device: Add support for DPDK device (#490). Host-device plugin is a noop for DPDK devices

Fixes:

• vlan: fix error message text by removing ptp references (#566). Fixing a few error messages that the vlan plugin returns. These appear to be mistaken references to the ptp plugin.
• vlan: Fix error handling for delegate IPAM plugin (#568).
• deps: bump coreos/go-iptables (#563). Closes #544

CNI plugins v0.9.0

Welcome to v0.9.0 of the CNI community plugins.

New Stuff

Thanks to @fedepaol, we have the VRF chained plugin, which will create a linux VRF device and move any interfaces in to it.

Behavior changes

• tuning: revert values on delete (#540). Useful when using the host-device plugin.

Bug fixes

• Delete stale UDP conntrack entries when adding new Portmaps to containers (#553).

Other improvements

• flannel: allow input ipam parameters as basis for delegate (#532).
• move off of Travis 😢
• we have a shiny new website: https://www.cni.dev
• ipvlan: make master config as optional (#534).