You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.
Add TrafficControl feature to control the transmission of Pod traffic; it allows users to mirror or redirect traffic originating from specific Pods or destined for specific Pods to a local network device or a remote destination via a tunnel of various types. (#3644#3580#3487, @tnqn@hongliangl@wenqiq)
Refer to this document for more information about this feature.
Refer to this cookbook for more information about using this feature to provide network-based intrusion detection service to your Pods.
Add support for the IPsec Certificate-based Authentication. (#3778, @xliuxu)
Add an Antrea Agent configuration option ipsec.authenticationMode to specify authentication mode. Supported options are "psk" (default) and "cert".
Add an Antrea Controller configuration option ipsecCSRSigner.autoApprove to specify the auto-approve policy of Antrea CSR signer for IPsec certificates management. By default, Antrea will auto-approve the CertificateSingingRequest (CSR) if it is verified.
Add an Antrea Controller configuration option ipsecCSRSigner.selfSignedCA to specify whether to use auto-generated self-signed CA certificate. By default, Antrea will auto-generate a self-signed CA certificate.
Add the following capabilities to Antrea-native policies:
Add support for matching multicast and IGMP traffic. (#3660, @liu4480)
Add support for rule-level statistics for multicast and IGMP traffic. (#3449, @ceclinux)
Add the following capabilities to the Multicast feature:
Add antctl get podmulticaststats command to query Pod-level multicast traffic statistics in Agent mode. (#3449, @ceclinux)
Add "MulticastGroup" API to query Pods that have joined multicast groups; kubectl get multicastgroups can generate requests and output responses of the API. (#3354#3449, @ceclinux)
Add an Antrea Agent configuration option multicast.igmpQueryInterval to specify the interval at which the antrea-agent sends IGMP queries to Pods. (#3819, @liu4480)
Add the following capabilities to the Multi-cluster feature:
Add the Multi-cluster Gateway functionality which supports routing Multi-cluster Service traffic across clusters through tunnels between the Gateway Nodes. It enables Multi-cluster Service access across clusters, without requiring direct reachability of Pod IPs between clusters. (#3689#3463#3603, @luolanzone)
Add support for Traceflow on Windows. (#3022, @gran-vmv)
Add support for containerd to antrea-eks-node-init.yml. (#3840, @antoninbas)
Add an Antrea Agent configuration option disableTXChecksumOffload to support cases in which the datapath's TX checksum offloading does not work properly. (#3832, @tnqn)
Add support for InternalTrafficPolicy in AntreaProxy. (#2792, @hongliangl)
Add the following documentations:
Add documentation for the Antrea Agent RBAC permissions and how to restrict them using Gatekeeper/OPA. (#3694, @antoninbas)
Improve validation for egress.to.namespaces.match of AntreaClusterNetworkPolicy rules. (#3727, @qiyueyao)
Deprecate the Antrea Agent configuration option multicastInterfaces in favor of multicast.multicastInterfaces. (#3898, @tnqn)
Reduce permissions of Antrea Agent ServiceAccount. (#3691, @xliuxu)
Create a Secret in the Antrea manifest for the antctl and antrea-agent ServiceAccount as K8s v1.24 no longer creates a token for each ServiceAccount automatically. (#3730, @antoninbas)
Implement garbage collector for IP Pools to clean up allocations and reservations for which owner no longer exists. (#3672, @annakhm)
Preserve client IP if the selected Endpoint is local regardless of ExternalTrafficPolicy. (#3604, @hongliangl)
Add a Helm chart for Antrea and use the Helm templates to generate the standard Antrea YAML manifests. (#3578, @antoninbas)
Make "Agent mode" antctl work out-of-the-box on Windows. (#3645, @antoninbas)
Truncate SessionAffinity timeout values of Services instead of wrapping around. (#3609, @antoninbas)
Move Antrea Windows log dir from C:\k\antrea\logs\ to C:\var\log\antrea\. (#3416, @GraysonWu)
Limit max number of data values displayed on Grafana panels. (#3812, @heanlan)
Support deploying ClickHouse with Persistent Volume. (#3608, @yanjunz97)
Remove support for ELK Flow Collector. (#3738, @heanlan)
Improve documentation for Antrea-native policies. (#3512, @Dyanngg)
