release: prepare for 1.8

CHANGELOG.md

@@ -1,5 +1,100 @@
 # CHANGELOG
 
+## 1.8.0 -- 2021/09/07
+### New Feature
+- Underlay/Vlan network refactoring to adapt more complicate network infrastructure
+- Share same OVN infrastructure with OpenStack and run Pods in OpenStack VPC
+- Support SecurityGroup in VPCs
+- Support Service in VPCs
+- Adapt to vfio-pci driver type device
+- Use annotation to dynamic change tunnel interface
+- Pod level annotation to control traffic mirror
+- Kube-OVN ipam supports custom routes
+- Switch to enable/disable OVN network policy support
+- Switch to enable/disable OVN LB
+- Switch to enable/disable gateway connectivity check
+
+### Performance
+- New fastpath module which can reduce about 40% latency and cpu usage
+- New performance tuning guide to boost the performance and comparison for different network
+- Enable tx offload again as fix for double nat kernel issue
+
+### Monitoring
+- Diagnose command 'kubectl ko' support trace in underlay networking
+- Diagnose command 'kubectl ko' support cluster operations status/kick/backup
+
+### Security
+- fix CVE-2021-33910
+- Add go build security options
+- Fix CVE-2021-3121
+- fix CVE-2021-3538
+- Update base image to ubuntu:21.04
+
+### Mics
+- update kind to v0.11.1
+- fix gofmt lint
+- ci: use stable golang version
+- update ovn to 21.03
+
+### Test
+- update underlay e2e testing
+- fix subnet e2e
+- fix dual stack cluster created by kind
+- Correct vlan e2e testing
+- Remove dpdk ci
+
+### Bugfix
+- fix CRD provider-networks.kubeovn.io
+- fix ipsets, subnets using underlay networking should not be included in ipsets
+- update qos ingress_policing_burst
+- match chassis until timeout
+- delete overlapped var subnet
+- fix: if nftables not exists do no exit
+- delete ecmp route when node is deleted
+- fix cleanup.sh
+- fix image version
+- fix iptables
+- ignore empty strings when counting lbs
+- fix external_ids:pod_netns
+- delete attachment ips
+- update qos process
+- fix: panic when node has nil annotations
+- append pod/exec resource for vpc nat gw
+- fix underlay networking on node reboot
+- fix default bind socket of cni server
+- if the string of ip is empty,program will die
+- fix uninstall.sh
+- ensure provider nic is up
+- fix: bad udp checksum when access nodeport
+- fix IPv6-related issues
+- fix issues in underlay networking
+- avoid Pod IP to be the same with node internal IP
+- fix subnet conflict check for node address
+- fix ipset on pod creation/deletion
+- delete subnet AvailableIPs and UsingIPs para
+- fix: ovn-northd svc flip flop
+- delete residual ovs internal ports
+- initialize ipsets on cni server startup
+- Fix acl overlay issues
+- Fix available ips count of subnet
+- Fix lsp may lost when server pressure is high
+- Cleanup kube-ovn-monitor resource
+- Remove wait ovn sb
+- Remove kube-ovn-controller rollout check
+- Delete process of ip crd delete in cni delete request
+- Delete ecmp route when node is not ready
+- Ignore update pod nic annotation when not nil
+- Clean up gateway chassis list for external gw
+- Node route should filter out 'vpc'
+- Do not delete statefulset pod when update pod
+- Add master check when a node adding to a cluster and config sb/nb address
+- Fix IP/route transfer on node reboot
+- Fix uninstall.sh execution in OVS pods
+- Add node internal ip into ovn-ic advertise blacklist
+- Fix bug for deleting ovn-ic lrp failed
+- Keep subnet's vlan empty if not specified
+- Add field defaultNetworkType in configmap ovn-config
+
 ## 1.7.0 -- 2021/06/03
 
 ### New Feature

dist/images/ovn-ic-db-docker.sh

@@ -1 +1 @@
-docker run -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.7.1 bash start-ic-db.sh
+docker run -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.8.0 bash start-ic-db.sh

docs/cluster-interconnection.md

@@ -13,12 +13,12 @@ only L3 connectivity for gateway nodes is required.
 ## Auto Route Step
 1. Run Interconnection Controller in a region that can be accessed by other cluster
 ```bash
-docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.7.1 bash start-ic-db.sh
+docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.8.0 bash start-ic-db.sh
 ```
 ​		If `containerd` replaces `docker` then the command is as follows:
 
 ```shell
-ctr run  -d --net-host --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw"  kubeovn/kube-ovn:v1.7.1 ovn-ic-db bash start-ic-db.sh
+ctr run  -d --net-host --mount="type=bind,src=/etc/ovn/,dst=/etc/ovn,options=rbind:rw" --mount="type=bind,src=/var/run/ovn,dst=/var/run/ovn,options=rbind:rw" --mount="type=bind,src=/var/log/ovn,dst=/var/log/ovn,options=rbind:rw"  kubeovn/kube-ovn:v1.8.0 ovn-ic-db bash start-ic-db.sh
 ```
 
 2. Create `ovn-ic-config` ConfigMap in each cluster `kube-system` namespace. Edit and apply the yaml below in each cluster.
@@ -91,7 +91,7 @@ For manually adding routes, you need to find the
 ## Manually Route Step
 1. Same as AutoRoute step 1,run Interconnection Controller in a region that can be accessed by other cluster
 ```bash
-docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v1.7.1 bash start-ic-db.sh
+docker run --name=ovn-ic-db -d --network=host -v /etc/ovn/:/etc/ovn -v /var/run/ovn:/var/run/ovn -v /var/log/ovn:/var/log/ovn kubeovn/kube-ovn:v8.0 bash start-ic-db.sh
 ```
 2. Create `ic-config` ConfigMap in each cluster. Edit and apply the yaml below in each cluster. Note that `auto-route` is set to `false`
 ```yaml

docs/install.md

@@ -26,10 +26,10 @@ Kube-OVN provides a one script install to easily install a high-available, produ
 1. Download the stable release installer scripts
 
 For Kubernetes version>=1.16
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/install.sh`
 
 For Kubernetes version<1.16
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/install-pre-1.16.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/install-pre-1.16.sh`
 
 If you want to try the latest developing Kube-OVN, try the script below
 `wget https://raw.githubusercontent.com/alauda/kube-ovn/master/dist/images/install.sh`
@@ -42,7 +42,7 @@ If you want to try the latest developing Kube-OVN, try the script below
  JOIN_CIDR="100.64.0.0/16"              # Subnet CIDR used for connectivity between nodes and Pods, Do NOT overlap with NODE/POD/SVC CIDR
  LABEL="node-role.kubernetes.io/master" # The node label to deploy OVN DB
  IFACE=""                               # The nic to support container network can be a nic name or a group of regex separated by comma e.g. `IFACE=enp6s0f0,eth.*`, if empty will use the nic that the default route use
- VERSION="v1.7.1"
+ VERSION="v1.8.0"
 ```
 
 This basic setup works for default overlay network. If you are using default underlay/vlan network, please refer [Vlan/Underlay Support](vlan.md)
@@ -66,22 +66,22 @@ For Kubernetes version before 1.17 please use the following command to add the n
     `kubectl label node <Node on which to deploy OVN DB> kube-ovn/role=master`
 2. Install Kube-OVN related CRDs
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/yamls/crd.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/crd.yaml`
 3. Get ovn.yaml and replace `$addresses` in the file with IP address of the node that will host the OVN DB and the OVN Control Plane:
 
-    `curl -O https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/yamls/ovn.yaml`
+    `curl -O https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/ovn.yaml`
 
     `sed -i 's/\$addresses/<Node IP>/g' ovn.yml`
 4. Install native OVS and OVN components:
 
     `kubectl apply -f ovn.yaml`
 5. Install the Kube-OVN Controller and CNI plugins:
 
-    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/yamls/kube-ovn.yaml`
+    `kubectl apply -f https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn.yaml`
 
 For high-available ovn db, see [high available](high-available.md)
 
-If you want to enable IPv6 on default subnet and node subnet, please apply https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/yamls/kube-ovn-ipv6.yaml on Step 3.
+If you want to enable IPv6 on default subnet and node subnet, please apply https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn-ipv6.yaml on Step 3.
 
 ## More Configuration
 
@@ -196,7 +196,7 @@ kubectl create -n kube-system configmap admin-conf --from-file=config=admin.conf
 1. Remove Kubernetes resources:
 
  ```bash
- wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/cleanup.sh
+ wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/cleanup.sh
  bash cleanup.sh
  ```
 

docs/ipv6.md

@@ -2,4 +2,4 @@
 
 Through Kube-OVN does support both protocol subnets coexist in a cluster, Kubernetes control plan now only support one protocol. So you will lost some ability like probe and  service discovery if you use a protocol other than the kubernetes control plan. We recommend you use only one same ip protocol that same with kubernetes control plan.
 
-To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.
+To enable IPv6 support you need to modify the installation yaml to specify the default subnet and node subnet cidrBlock and gateway with a ipv6 format. You can apply this [v6 version yaml](https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/yamls/kube-ovn-ipv6.yaml) at [installation step 3](install.md#to-install) for a quick start.

docs/kubectl-plugin.md

@@ -9,7 +9,7 @@ To enable kubectl plugin, kubectl version of 1.12 or later is recommended. You c
 1. Get the `kubectl-ko` file
 
 ```bash
-wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/kubectl-ko
+wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/kubectl-ko
 ```
 
 2. Move the file to one of $PATH directories

docs/vlan.md

@@ -48,7 +48,7 @@ With default Vlan mode, Kube-OVN creates a default subnet named `ovn-default` wh
 
 1. Get the installation script
 
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/install.sh`
 
 2. Edit the `install.sh`, set `NETWORK_TYPE` to `vlan` and `VLAN_INTERFACE_NAME` to related host interface.
 
@@ -158,7 +158,7 @@ NOTICE: From v1.7.1 on, `hybrid` mode will be no longer supported since Kube-OVN
 
 1. Get the installation script
 
-`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.7/dist/images/install.sh`
+`wget https://raw.githubusercontent.com/alauda/kube-ovn/release-1.8/dist/images/install.sh`
 
 2. Edit the `install.sh`, modify `NETWORK_TYPE` to `hybrid`, `VLAN_INTERFACE_NAME` to related host interface.
 > NOTE: if your nodes have different nic name for vlan device you could use regex for VLAN_INTERFACE_NAME or label those nodes with

docs/vpc.md

@@ -105,7 +105,7 @@ metadata:
   name: ovn-vpc-nat-gw-config
   namespace: kube-system
 data:
-  image: kubeovn/vpc-nat-gateway:v1.7.1  # Docker image for vpc nat gateway
+  image: kubeovn/vpc-nat-gateway:v1.8.0  # Docker image for vpc nat gateway
   enable-vpc-nat-gw: true                  # 'true' for enable, 'false' for disable
   nic: eth1                                # The nic that connect to underlay network, use as the 'master' for macvlan
 ```

yamls/kube-ovn-ipv6.yaml

@@ -38,7 +38,7 @@ spec:
       hostNetwork: true
       containers:
         - name: kube-ovn-controller
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command:
             - /kube-ovn/start-controller.sh
@@ -123,7 +123,7 @@ spec:
       hostPID: true
       initContainers:
         - name: install-cni
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/install-cni.sh"]
           securityContext:
@@ -134,7 +134,7 @@ spec:
               name: cni-bin
       containers:
         - name: cni-server
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command:
             - bash
@@ -242,7 +242,7 @@ spec:
       hostPID: true
       containers:
         - name: pinger
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           command:
             - /kube-ovn/kube-ovn-pinger
             - --external-address=2400:3200::1

yamls/kube-ovn.yaml

@@ -38,7 +38,7 @@ spec:
       hostNetwork: true
       containers:
         - name: kube-ovn-controller
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command:
             - /kube-ovn/start-controller.sh
@@ -135,7 +135,7 @@ spec:
       hostPID: true
       initContainers:
         - name: install-cni
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/install-cni.sh"]
           securityContext:
@@ -146,7 +146,7 @@ spec:
               name: cni-bin
       containers:
         - name: cni-server
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command:
             - bash
@@ -266,7 +266,7 @@ spec:
       hostPID: true
       containers:
         - name: pinger
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           command:
             - /kube-ovn/kube-ovn-pinger
             - --external-address=114.114.114.114
@@ -394,7 +394,7 @@ spec:
       serviceAccountName: ovn
       containers:
         - name: kube-ovn-monitor
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-ovn-monitor.sh"]
           securityContext:

yamls/ovn-dpdk.yaml

@@ -194,7 +194,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-central
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-db.sh"]
           securityContext:

yamls/ovn-ha.yaml

@@ -209,7 +209,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-central
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-db.sh"]
           securityContext:
@@ -332,7 +332,7 @@ spec:
       hostPID: true
       containers:
         - name: openvswitch
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-ovs.sh"]
           securityContext:

yamls/ovn.yaml

@@ -228,7 +228,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-central
-          image: "kubeovn/kube-ovn:v1.7.0"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-db.sh"]
           securityContext:
@@ -356,7 +356,7 @@ spec:
       hostPID: true
       containers:
         - name: openvswitch
-          image: "kubeovn/kube-ovn:v1.7.0"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command: ["/kube-ovn/start-ovs.sh"]
           securityContext:

yamls/speaker.yaml

@@ -29,7 +29,7 @@ spec:
       hostNetwork: true
       containers:
         - name: ovn-central
-          image: "kubeovn/kube-ovn:v1.7.1"
+          image: "kubeovn/kube-ovn:v1.8.0"
           imagePullPolicy: IfNotPresent
           command:
             - /kube-ovn/kube-ovn-speaker