Skip to content

Release v0.12.2
Compare
Choose a tag to compare
@antoninbas antoninbas released this 26 Feb 22:27
· 10 commits to release-0.12 since this release
v0.12.2
908adfd

Fixed

  • Ensure that NodePort traffic does not bypass NetworkPolicies. (#1816, @tnqn)
    • NodePort traffic for which ExternalTrafficPolicy is set to Cluster goes through SNAT before NetworkPolicies are enforced; after SNAT the source IP is the IP of the local gateway interface (antrea-gw0)
    • Users will need to define the appropriate NetworkPolicies to allow ingress access to isolated Pods for NodePort traffic
    • This new behavior only applies to Linux Nodes using the OVS system datapath (default)
  • Clean up stale IP addresses on Antrea host gateway interface. (#1900, @antoninbas)
    • If a Node leaves and later rejoins a cluster, a new Pod CIDR may be allocated to the Node for each supported IP family and the gateway receives a new IP address (first address in the CIDR)
    • If the previous addresses are not removed from the gateway, we observe connectivity issues across Nodes
Assets 24