CNI Plugins v1.3.0

This release introduces a new plugin: tap. Thanks to @mmirecki for contributing this

New features:

• (#784). tap: This PR adds a plugin to create tap devices.
• (#829). bridge: add vlan trunk support
• (#875). bridge: Add parameter to disable default vlan
• (#814). macvlan: Add support for in-container master
• (#813). ipvlan: Add support for in-container master
• (#781). vlan: Add support for in-container master

Improvements:

• (#880). bridge: read only required chain on cni del instead of the entire ruleset
• (#873). bridge, spoof check: remove drop rule index

Bug fixes:

• (#892). sbr: Ignore LinkNotFoundError during cmdDel null
• (#887). ptp: Fix ValidateExpectedRoute with non default routes and nil GW
• (#885). tuning: fix cmdCheck when using IFNAME
• (#831). Fix overwritten error var in getMTUByName
• (#821). Only check or del ipv6 when an IPv6 is configured

CNI Plugins v1.2.0

Changelog:

New plugins & features

• (#743). dummy: Create a Dummy CNI plugin that creates a virtual interface
• (#725). V2 API support for win-overlay CNI
• (#693). tuning Add sysctl allowList

Bug fixes

• (#809). bridge: refresh host-veth mac after port add
• (#802). Add IPv6 support for AddDefaultRoute
• (#779). Fix path substitution to enable setting sysctls on vlan interfaces
• (#782). host-local: fix bug on getting NextIP of addresses with first byte
• (#709). dhcp: Fix client id in renew/release

Improvements & Cleanups:

• (#772). portmap support masquerade all
• (#733). bridge: support IPAM DNS settings
• (#702). bridge: call ipam.ExecDel after clean up device in netns #702
• (#768). dhcp: Cleanup Socket and Pidfile on exit
• (#792). dhcp: Update Allocate method to reuse lease if present
• (#755). dhcp: Use the same options for acquiring, renewing lease
• (#730). tuning Check for duplicated sysctl keys
• (#739). build: support riscv64
• (#712). bug: return errors when iptables and ip6tables are unusable
• (#719). Make description for static plugin more exact

As always, many thanks to our contributors.

CNI plugins v1.1.1

Plugins release v1.1.1

This is a patch release that fixes the following bugs in v1.1.0:

• #702 bridge: call ipam.ExecDel after clean up device in netns
• #709 ipam/dhcp: Fix client id in renew/release

v1.1.0 Changelog:

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

CNI Plugins v1.1.0

This release brings a number of new features, along with the usual
smattering of bug fixes and cleanups.

One minor-but-major change is that we no longer wait for IPv6 Duplicate
Address Detection to complete. This reduces execution time by 2 seconds.

New features:

• firewall: support ingressPolicy=(open|same-bridge) for isolating bridges as in Docker (#584)
• dhcp ipam: support customizing dhcp options from CNI args (#670)
• Allow setting sysctls on a particular interface (#669)
• bridge: Add macspoofchk support (#639).

Bug fixes:

• portmap: fix bug that new udp connection deletes all existing conntrack entries (#705)
• portmap: fix checkPorts result when chain does not exist (#707)
• dhcp: fixed DHCP problem that broke when fast retry was added (#681)
• ipvlan: Send Gratuitous ARP after IPs are set (#675)

Improvements

• host-device: Bring interfaces up after moving into container (#679)
• Explicitly Disable Duplicate Address Detection For Container Side Veth (#695)
• Replace arping package with arp_notify (#687)
• host-device: add ipam support for dpdk device (#642)

Other changes

• Ignore NetNS path errors on delete (#686)
• Fix confusing error msg invalid cidr (#638)

🎉 CNI Plugins v1.0.1 🎉

CNI Plugins v1.0.1 is here

This release adds support for CNI Spec v1.0. Additionally, it officially declares CNI as a stable project.

The Flannel CNI plugin has been moved to a separate project, and is no longer included here.

Changes since v1.0.0 🤦‍♂️

• plugins: fix bug where support for CNI version 0.4.0 or 1.0.0 was dropped

Changes since v0.9.1

⚠️ Breaking Changes

• plugins: remove flannel (#633). Flannel's CNI plugin now has its own repository

📈 New Features

• bridge: Add mac field to specify container iface mac (#636).
• (generic) Allow multiple routes to be added for the same prefix (#615). Enables ECMP.
• (sbr): Add multi IP support (#623).

✨ Other improvements

• (generic): place veth peer in host namspace directly (#645).
• (windows): refactor win-bridge, support HNSv2 (#617).
• (host-local): support ip/prefix in env args and CNI args (#630).
• (host-local): support custom IPs allocation through runtime configuraton (#599).
• (tuning): always update MAC in CNI result (#626).
• (tuning): Add support of altering the allmulticast flag (#624).

🐛 Bug Fixes

• host-local: remove redundant startRange in RangeIterator to avoid mismatching with startIP (#583). Fixes possible infinite loop.
• portmap: use slashes in sysctl template to support interface names which separated by dots (#589).
• pkg/ipam: convert dots to slashes in interface names for sysctl (#585).
• win-bridge: fix panic while calling HNS api (#590). fix a nil pointer panic while calling HNS API (V1) on win-bridge.
• [macvlan] Stop setting proxy-arp on macvlan interface (#586).

As always, thanks to our dedicated maintainers and contributors!

🎉 CNI Plugins v1.0.0 🎉

CNI Plugins v1.0.0 is here

This release adds support for CNI Spec v1.0. Additionally, it officially declares CNI as a stable project.

Changes since v0.9.1

⚠️ Breaking Changes

• plugins: remove flannel (#633). Flannel's CNI plugin now has its own repository

📈 New Features

• bridge: Add mac field to specify container iface mac (#636).
• (generic) Allow multiple routes to be added for the same prefix (#615). Enables ECMP.
• (sbr): Add multi IP support (#623).

✨ Other improvements

• (generic): place veth peer in host namspace directly (#645).
• (windows): refactor win-bridge, support HNSv2 (#617).
• (host-local): support ip/prefix in env args and CNI args (#630).
• (host-local): support custom IPs allocation through runtime configuraton (#599).
• (tuning): always update MAC in CNI result (#626).
• (tuning): Add support of altering the allmulticast flag (#624).

🐛 Bug Fixes

• host-local: remove redundant startRange in RangeIterator to avoid mismatching with startIP (#583). Fixes possible infinite loop.
• portmap: use slashes in sysctl template to support interface names which separated by dots (#589).
• pkg/ipam: convert dots to slashes in interface names for sysctl (#585).
• win-bridge: fix panic while calling HNS api (#590). fix a nil pointer panic while calling HNS API (V1) on win-bridge.
• [macvlan] Stop setting proxy-arp on macvlan interface (#586).

As always, thanks to our dedicated maintainers and contributors!

CNI plugins v0.9.1

This is a minor update to the CNI plugins that bumps a few dependencies and includes some small behavior tweaks.

New behavior:

• DHCP timeout is configurable (#565).
• host-device: Add support for DPDK device (#490). Host-device plugin is a noop for DPDK devices

Fixes:

• vlan: fix error message text by removing ptp references (#566). Fixing a few error messages that the vlan plugin returns. These appear to be mistaken references to the ptp plugin.
• vlan: Fix error handling for delegate IPAM plugin (#568).
• deps: bump coreos/go-iptables (#563). Closes #544

CNI plugins v0.9.0

Welcome to v0.9.0 of the CNI community plugins.

New Stuff

Thanks to @fedepaol, we have the VRF chained plugin, which will create a linux VRF device and move any interfaces in to it.

Behavior changes

• tuning: revert values on delete (#540). Useful when using the host-device plugin.

Bug fixes

• Delete stale UDP conntrack entries when adding new Portmaps to containers (#553).

Other improvements

• flannel: allow input ipam parameters as basis for delegate (#532).
• move off of Travis 😢
• we have a shiny new website: https://www.cni.dev
• ipvlan: make master config as optional (#534).

CNI Plugins v0.8.7

This is a minor release with some bugfixes and minor improvements:

New Features

• macvlan: set mac address from args and capabilities (#480).

Bugfixes & Cleanups

• flannel: remove net conf file after DEL succeed (#449).
• portmap should not perform deletions if not portMapping config received (#509).
• portmap: don't use unspecified address as iptables rule destination (#487).
• Fix race condition in GetCurrentNS (#523).
• firewall: fix generate of admin chain comment (#506).
• Fix handling of delay in acquiring lease with stp turned on (#501).
• host-device: Bring interfaces down before moving (#486).

CNI plugins v0.8.6

This is a minor release with some bugfixes and small improvements

New features

• Support device id in host device plugin (#471).
• win-bridge: add support for portMappings capability (#475).
• Make host-device to work with virtio net device (#453).

Small improvements

• ptp, bridge: disable accept_ra on the host-side interface (#484).
• modify the error url of windowscontainer (#460).
• portmap: Apply the DNAT hairpin to the whole subnet (#469). The DNAT hairpin rule only allow the container itself to access the ports it is exposing thru the host IP. Other containers in the same subnet might also want to access this service via the host IP, so apply this rule to the whole subnet instead of just for the container.
• Unlock OS thread after netns is restored (#455).

Bugfixes

• plugins/meta/sbr: Adjusted ipv6 address mask to /128 (#479). A /64 mask was used which routed an entire cidr based on source, not only the bound address.
• check bridge's port state (#468). fix #463
• Reset the route flag before moving the rule (#472).
• replace juju/errors because of CNCF license scan (#458). ref to #457
• loopback: Fix ipv6 address checks (#442). Fixes a minor bug in loopback plugin. The IPv6 address check loops over IPv4 addresses.

As always, thanks to all the contributors.