Release 2.8.1
Fixes a problem introduced in 2.8.0 for machines whose ID is in /etc/machine-id #3886 Many thanks to contributor @avestuk for this fix.
Also move Kubernetes API calls out of Weave Net daemon #3885
- this reduces the size of the 'weaver' binary and stops it crashing when run on 32-bit ARM.
Release 2.8.0
This release makes some important changes to trim the "attack surface" of the Kubernetes install, and improves a couple of reported issues.
- Workaround to fix ipset conflict with iptables #3851, #3882
- Kubernetes: move kernel and CNI setup to init container #3880
- For K8s, stop running in host PID namespace #3876
- NetworkPolicy: avoid logging dropped packets that were not actually dropped #3852
- Build with Go version 1.15.6 #3883
Many thanks to contributors @drigz, @KevDBG and @NeonSludge.
Release 2.7.0
This release improves resiliency in a number of areas, and extends the Prometheus metrics exported by Weave Net.
Change in behaviour: on Kubernetes, the client source IP is preserved
when calling from a pod to a service.
This feature, introduced in version 2.4.0 and previously turned on by
setting NO_MASQ_LOCAL=1 is now on by default. #3389, #3756
Features
- Reload router iptables rules if they get cleared, e.g. when firewalld restarts. #3802 (weave-npc rules are not reloaded)
- Add new
typeandencryptionlabels toweave_connectionsmetric #3788, #3789 - Weave Net now exports Go metrics for heap size, garbage collection, etc. #3838
- Register container name and its network aliases with weaveDNS #3084, #3090
- Make DNS listen address configurable #1770, #3231
Bug fixes
- weave-npc could crash if you deleted a Kubernetes Namespace containing pods #3833, #3836
- Ensure that weave-npc exits and restarts if it crashes #3764, #3792, #3841
- Avoid weave-kube failing on startup due to iptables lock #3828, #3835
Build and test
- Reduce size of containers (weaveworks/weave goes from 99MB to 83MB) #3624, #3726
- Weave Net is now built with Go 1.14.4, which should improve performance #3838
- CI tests are now run against Docker 19.03.1, Kubernetes 1.14.0 #3687
Many thanks to contributors @berlic, @gobomb, @hairyhenderson, @naemono, @nesc58
Release 2.6.5
Fixes a bug that would leak memory every time a fast-datapath connection was stopped. #3808 Also avoid a crash when the machine has ipv6 disabled. #3815
Release 2.6.4
Improves the iptables rule added in 2.6.3 to block just the Weave Net control port and avoid blocking other uses of 127.0.0.1. #3811
Release 2.6.3
This release has a couple of security improvements, and some other fixes.
- Block non-local traffic to the Weave control port #3805
- Tell Linux not to accept router advisory messages #3801
- Network Policy Controller: add a metric to show errors while operating #3804
- Network Policy Controller: don't treat named port as a fatal error #3790
Release 2.6.2
This release fixes a regression found in 2.6.1 release and removes a possible case of CPU spinning when pcap is used in sleeve mode
Bug fixes
- Weave Net can not be used in fastdp mode and always falls back to sleeve mode #3781, #3783
- Restrict timeout value passed to pcap library to a value less than 2^31 microseconds to prevent CPU spinning #3782
Release 2.6.1
This release fixes a bug discovered since the release of Weave Net 2.6.0 and an improvement to support iptables 1.8
Bug fixes
- Weave Net on node restart unable to form connections to peers and connections get stuck in pending state and stops responding to API endpoint #3762 #3763
Other improvements
- Weave Net Kubernetes images by default uses iptables 1.8 with legacy (netfilter) backend with option to choose netfilter as backend #3465, #3747
Release 2.6.0
This release reduces CPU and memory usage in larger clusters, by sending notifications to a smaller set of peers and coalescing updates to reduce topology recalculation. #3715, #3732
The default soft limit on connections has been raised from 100 to 200.
Bug fixes
- Fix a race condition in Kubernetes addon when reclaiming IP addresses after node deletion #3724, #3716
- Buffer events so Docker won't drop them, and Weave Net can clean up after dead containers #3432, #3705
- Weave reconnect occasionally fails after network interface disconnect #3666, #3669, #3676
- Ingress NetworkPolicy would accepts all traffic when specifying both IPBlock and port #3653, #3654
Kubernetes improvements
- Support both podSelector and namespaceSelector in NetworkPolicy #3312, #3647
- Only add default-drop egress rule if network policies are in use #3639
- Manifests use 'apps/v1' rather than deprecated 'apps/v1beta1' #3660
- Avoid Weave Net pods being evicted by setting priorityClassName: system-node-critical #3697
- Manifests use recommended DNS policy ClusterFirstWithHostNet #3692
- Weave Net now tolerates 'NoExecute' taint #3655
- Allow extra arguments to NetworkPolicy controller to be set in an environment variable #3683
- Stop reporting a failure to connect to self #3454, #3585
- Minor reduction in log noise when reclaiming IPs #3710
Other improvements
- Avoid isolating nodes which have restarted by automatically repairing inconsistencies in IP allocation data #1962, #3637, #3708
- Build Weave Net for the s390x architecture #3685
- When a IP address is requested that may be in use, make several attempts to claim it before returning an error #3725
- Improve logging for IP allocation updates #3627, #3630
- Improve 'expecting PMTU update' log message on initial connection #3603
Build and test
- Shut down Kubernetes on node when testing node deletion #3716
- Update the base 'Alpine' container image to version 3.8 #3701
- Update Go to version 1.13.3 #3712
- Update gopacket library #3590
- Pin busybox version to 1.28 to avoid CI failure in Python test #3689
- Remove obsolete weave-daemonset.yaml file #3674
Thanks to contributors @christian-2, @hpdvanwyk, @guirish, @kitt1987, @mmerrill3, @Pensu, @scritchley, @sidharthsurana, @tanishq-dubey
Release 2.5.2
This release fixes several bugs causing inconsistencies in IPAM and fixes a panic in daemon that reclaims and forgets deleted nodes in Kubernetes clusters.
Bug fixes
- leaking IP addresses in IPAM when weave-net hangs or restarting #3587, #3638
- Panic in kube-utils after config map update error resulting in reclaim daemon not performing weave forget on deleted node #3613, #3623
- preventing inconsistent IPAM entries and resolving the conflict in case of conflict during IPAM ring merge #3629, #3635, #3632, #3444
Release 2.5.1
This release fixes bugs reported for 2.5 release and small improvements.
Bug fixes
- prevent warnings in kernal logs due to use of physdev model for non-bridged traffic #3449, #3453
- Check and report the error occurred while getting the list of Kubernetes peers #3581, #3582
Other improvements
- Update Ruby version to match Weaveworks website #3458
- Fix the link to "Troubleshooting the Kubernetes Addon" section in the docs #3461
- Document concept of connection limit in Weave #3395, #3413
Release 2.5.0
This release adds support for Kubernetes hostPort mapping (#3016,#3356)
and the ipBlock NetworkPolicy feature (#3168,#3367)
Bug fixes
- Fix a crash at start-up on Docker for Mac #3405, #3408
- Network policy: block ingress traffic when no namespaceSelector or podSelector is specified #3347
- Reclaim IP addresses which are locked by a non-existent peer #3386, #3416
- Fix a crash when blank IP data was loaded #3067, #3415
Other improvements
- If a connection is downgraded to the slower "sleeve" mode, Weave Net will now periodically try to upgrade it to "fast datapath" again. #1737, #3385
- Reclaim removed Kubernetes nodes' IP space when they are deleted, rather than on next restart #3372, #3399
- Replace Kubernetes livenessProbe with readinessProbe, so the pod is not killed if it runs slowly #3471, #3421
- In Kubernetes NetworkPolicy controller, remove the need to maintain a set of local pod IP addresses #3344, #3423
- Don't crash on Kubernetes named port in NetworkPolicy, just report as unsupported #3375
- Ensure the
weavenetwork bridge is accessible on Linux kernels older than 3.14 #3442, #3297, #3239 - Better reporting in the logs if the
weavenetwork device is in the Down state #3133, #3381 - Change log-level to debug of calls through the Docker proxy, to reduce noise #3439
- Add
--without-masqueradeoption toweave expose, so external services can see the original container IP address #3388 - Include Kubernetes cluster information in checkpoint call #3324,#3431
- Bump go-odp dependency, so that
fastdpworks on the 4.19 kernel #3430
Build and Testing
- CI builds on master branch now publish images for all platforms
- Fix golint path and use https for download of libpcap #3435
- Update Kubernetes client-go to v8.0.0, removing code licenced under LGPL3 #3358,#3366
- Migrate CircleCI to V2, which is much faster #3255,#3270
External Contributors
Thanks to the following contributors:
- @Ashiroq
- @leprechau
- @lkpdn
Release 2.4.1
This release fixes several bugs causing inconsistencies in IPAM for Kubernetes users whose clusters scale up and down over time.
Bug fixes
- Nodes unable to connect after Kubernetes addon erroneously reclaimed node without any IP addresses #3392, #3393
- Kubernetes addon could have run out of free IP addresses after nodes are deleted #3384, #3400
- Kubernetes addon had reduced free IP addresses due to not reclaiming IP addresses when node name is re-used #3397
Other improvements
- Support
--labelinWEAVE_DOCKER_ARGSwhen starting Weave #3370,#3371 - Add missing
--tokenargument in help forweave launch#3226, #3379 - Print defunct processes after smoke-tests #3362
Release 2.4.0
This release introduces a support for Kubernetes Egress Network Policy (#2624, #3313)
and adds a mechanism for preserving the client source IP address to enable
externalTrafficPolicy: Local on Kubernetes (#2924, #3298).
Bug fixes
- Increase the ipset list size which prevents weave-npc from crashing on older kernels when more than eight Kubernetes Namespaces are used (#3289, #3305).
- Avoid a possible livelock when reclaiming IP address space in weave-kube (#3317).
- Ensure
xtables.lockis mounted as a file so that kube-proxy can take the lock if it has started after Weave Net (#3351, #3353). - Upgrade the CNI plugin symlinks only if the plugin has changed (#3337, #3345).
Other improvements
- Manipulate the Kubernetes node status
NetworkUnavailableso that Pods can be scheduled on nodes when the GCE cloud provider is in use (#3249, #3307, #3332, #3334). - Refrain from creating a subprocess for configuring a network interface in a container network namespace (#3291).
- Protect against handling the CNI plugin request with the host namespace which prevents Weave Net from misconfiguring the host network (#3206, #3346).
- Weave Net can be run on minikube VM (#3124).
- Add
org.opencontainers.image.*labels to Dockerfiles to improve association of the container images with git revisions (#3299). - Improve the error message when running
weave reseton Kubernetes (#3319).
Build and Testing
- Use
depinstead ofgit submodulesfor managing external packages (#3268). - Fix usage of
manifest-toolin Makefile (#3320). - Update Kubernetes to 1.11 for the integration tests (#3340).
External Contributors
Thanks to the following contributors:
- @kitt1987
- @louismunro
- @Nodraak
- @stevenjohnstone
Release 2.3.0
Security fixes
- By default, do not expose Weave "/status" and "/report" to all (0.0.0.0) when running on Kubernetes #3271
Other improvements
- Increase the default connection limit for Weave peers (from 30 to 100) when running on Kubernetes, so that more peers could directly connect #3265
Build and test
- Build Weave Net with Go 1.10.1 #3273
- Run integration tests against Kubernetes 1.10.0 #3266
Release 2.2.1
Bug fixes
- Fix a bug in weave-npc which would allow ingress traffic to Kubernetes Pods selected by a NetworkPolicy in which source and destination selectors were the same #3222,#3237
- Fix a bug in weave-npc which would crash if a previously deleted Kubernetes Namespace has been created again #3247,#3250
Other improvements
- Increase the default connection limit for Weave peers (from 30 to 100), so that more peers could directly connect #3234
- When doing a rolling update of Weave Net on Kubernetes, allow each node five seconds to initialize before rolling next Weave Net Pod, so that issues at startup will halt the rollout and not spread across the whole cluster #3235
- Install common CA certificates from Alpine Linux package instead of copying them manually #3236
External contributors
Thanks to the following contributors:
- @alok87
Release 2.2.0
This release improves the way Weave Net configures Linux network devices and network filter rules, so that it is more robust in the face of unexpected changes in its environment. #3204,#3224
As a consequence of these changes, the weave attach command will now
fail unless the Weave Net daemon is up and running - previously it was
possible to run independently as long as you managed all IP addresses
yourself.
Other improvements
- Update library miekg/dns for CVE-2017-15133 (details under embargo) #3223,#3227
- Reduce the volume of logging from weave-npc #3183
- Add ability to set log level for Docker "v2" plugin, and change default log level from DEBUG to INFO #3197
- Downgrade log messages about Discovery and Expiration to DEBUG level #3202,#3203
- Use command-line parameter for WeaveDNS address in Docker proxy #3196
Bug fixes
- Ensure that rules to block traffic for NetworkPolicy are placed ahead of rules that Kubernetes has added to allow other traffic #3209,#3210
Build and test
- Update CI tests to use Kubernetes 1.9.2 #3229
- Remove "daily update" from test VMs that only run for a few minutes #3224
External Contributors
Thanks to the following contributors: @vetal4444
Release 2.1.3
This release fixes a race-condition in the IP reclaim code for weave-kube where two nodes could end up fighting over the same space and break connectivity #3190, #3192
Release 2.1.2
This release fixes a couple of bugs discovered since the release of Weave Net 2.1.0
##Bug fixes
- Fix crash seen when starting 10-15 nodes simultaneously #3184,#3186
- Fix NetworkPolicy blocking traffic if updates come out of order from Kubernetes #3177,#3181
Thanks to the following contributors: @zignig
Release 2.1.1
As 2.1.0, but fixing a couple of installation glitches. #3175,#3176
Release 2.1.0
##New Features
Improved Kubernetes Network Policy - Weave Net now supports the
'v1' policies introduced in Kubernetes 1.7 as well as the 'beta'
policies supported previously. See Kubernetes 1.7 changelog
for differences. To use old policies, --use-legacy-netpol argument
should be passed to weave-npc. #3105,#3141,#3151,#3169
Weave Net now reclaims IP addresses owned by Kubernetes nodes which have been deleted from the cluster - this avoids running out of IP addresses when many nodes are added and deleted over a long period. #2797,#3149,#3170,#3172
##Other improvements
- Export a Prometheus-style metric giving count of unreachable peers #3119
- Update 'gopacket' library to reduce memory use by approx 15MB #3160
- Replace bundling the 'docker' binary with our own code to avoid security vulnerability alerts and save space #2957,#3110
##Bug fixes
- When
weave exposeis used, allow traffic into the Weave network - up till version 1.12 Docker would do this for us, but in 1.13 they stopped so now we do it. This change makesweave exposerequire Weave Net to be running. #2758,#3122 - Arm64 build now works on non-kubernetes installs #2832,#3110
- TX offload was being disabled in 'awsvpc' mode, which slows down packet sending #3089
- Removed spurious 'nil' in logs from CNI DEL operation #3143
##Build and test
- Images are now also built for the ppc64le platform #3129
- Tweak build scripts to run on OSX as well as Linux #3135
##External Contributors
Thanks to the following contributors: @caarlos0 @dtshepherd
Release 2.0.5
Bug fixes
- Fix /etc/hosts inside containers so the container's name resolves to its Weave Net address #3136,#3138
- New weave-kube config for Kubernetes 1.7 and 1.8 which resolves an intermittent conflict with kube-proxy that could break Weave Net until reboot #2998,#3134
- Remove persistence file in
weave resetwhen using Docker plugin V2 #3103,#3114
Build and test
- Some trivial changes to placate go-lint #3137
Release 2.0.4
Bug fixes
- weave-npc failed on Centos 7, due to older 'ipset' version in kernel #3099,#3100
Release 2.0.3
Bug fixes
- Weave-npc would crash on a policy with no 'from' part - regression introduced in 2.0.2 #3095,#3096,#3097
Release 2.0.2
Bug fixes and minor improvements
- Fix race condition in weave-npc which would intermittently block all traffic for a namespace #3057,#3059
- Ensure Fast Datapath works on machines that need to mount the kernel module dynamically #3080
- Regression: weave-npc would block everything if
kubelet --hostname-overridewas used #3049,#3051 - Fix netfilter rules to block containers from accessing the Weave Net control endpoint #3093
- If DNS server is off then disable proxy DNS registration, to avoid spurious errors #3054,#3088
- Add comments to each iptables rule and ipset, to help when troubleshooting #3064
- Remove code that checked for an outdated fallback address for Kubernetes api-server #3071
- Add a label to the weavedb image so it can be filtered out by tools #3066
- Fix various build and continuous-integration failures #3061
- Print 'help' text faster in the weave script #3056
- Add an option to create continuous integration hosts in different ways #3060
- Remove remnants of the pre-2.0 proxy and plugin from build and test #3035,#3036
Release 2.0.1
Bug fixes and minor improvements
- Fall back to slower data path (
sleeve), rather than crashing, when the machine lacks VXLAN support (required for “fast data path”,fastdp) #3043 - Fix bug in processing of arguments when Docker has TLS enabled, rather than crashing with invalid peers list, e.g.
lookup --tlsverify: no such host#3039 - Add
kube-systemnamespace back toweave-kube's YAMLs, preventing omissions leading to errors likeerror contacting APIServer: the server does not allow access to the requested resource#3033,#3042 - Fix release script to prevent ARM64 binaries to end up in AMD64
net-plugin, leading toError response from daemon: dial unix /run/docker/plugins/<id>/weave.sock: connect: no such file or directorywhen installingnet-plugin#3045 weave resetandweave rmpeernow only contact Weave Cloud when Weave Net is configured with a Weave Cloud token, preventing unnecessary requests and potentially confusing401 Unauthorizederrors in Weave Net’s logs #3044
Release 2.0.0
New Features
Peer Discovery via Weave Cloud
You can now get all your Weave Net peers to find each other via the Weave Cloud service, instead of maintaining a list of peers at startup. #2799,#2827
See the docs page for more details
New Docker Plugin
Docker has a new plugin
system which improves the
installation UX and solves some issues around startup. This means
Weave Net 2.0 can now run with Docker in "swarm mode" and supports the
docker service command. #2396,#2397,#2651,#2727,#2805,#2816,#2905,
#2906,#2929,#2932,#2945,#2950,#2956,#2963,#2964,#2966,#3019
The previous Docker Plugin is still available and can be installed as before.
All of Weave Net now runs in one container
Previously we had three separate containers for routing, Docker API proxy and Docker plugin. Running everything in one simplifies start-up and removes the need to detect various error conditions. #1642,#2897,#2936,#2945,#2946,#2951,#2960
The individual commands ‘weave launch-router’, ‘weave launch-plugin’, etc., have been removed. You can turn off the plugin and proxy with new command-line options. In keeping with Semantic Versioning, we have changed the major version number for this release.
Other new features
- Kubernetes configuration now comes from our “Launch Generator” that allows different options to be selected via URL. #2754,#2903,#3000,#3001
weave-kubenow stores data about IP allocation in/var/lib/weaveon the host instead of in a Kubernetes volume. This means that the data will persist across pod deletion and re-creation, e.g. during an upgrade of Weave Net, which makes restarts more reliable. #2610,#2967weave-kubeturned on rolling updates, so careful manual handling of updates is no longer required. #3024
Bug fixes
- Kubernetes Network Policies which allowed a specific set of pods to connect would block all pods on other hosts. Revert the change in v1.9.6 which ignored pods on other hosts #3025,#3028
Features removed
weave runhas been removed. This was the original method provided to start containers with Weave Net, but it always required care over timing of start-up, and we now provide three alternative, better, ways. You can replicate the effect by callingdocker runthenweave attach. Similarlyweave startandweave restartwere removed. #2353,#2885- Everything deprecated more than one release ago has been removed, so
if you use it now you get an error rather than a warning. This
includes the ‘create-bridge’ command and older command-line
arguments, e.g.
--iprangewas replaced by--ipalloc-range#2901,#2909,#2913,#2942,#2989,#2991
Functions moved from shell-script to Go code.
This enables more precise error-checking and runs a bit faster. It has
also enabled us to shrink the size of images downloaded: weave-kube
is 101MB compared to 163MB previously #2953,#2954,#2974
Specific items that moved from shell-script to Go:
- Setting up the
weavebridge #1958,#2975,#2977,#2978 - Container attachment #2947
- Creation of the ’weave’ default plugin network #2920
Minor improvements
- You can now restart the Weave Net router without requiring the proxy to be enabled #2112
- Plugin (legacy version) now respects
--ipalloc-default-subnetoption #2919 - The
weavescript now detects and issues an error message ifweave-kubeis running and you attempt to launch again from the script. #2709/#2966 - It is now possible to choose the the MAC address of the
weavebridge using--name, in case your hosts have identical unique IDs. #2900 - Relaxed Kubernetes tolerations for Weave Net's daemonset in order to match any node (previously, only taints directed at master). #3018
- Kubernetes'
seLinuxOptionsconfiguration is now empty by default, to reduce spurious failures on hosts not using seLinux. #3001 - Improved reliability of namespace changes via
nsenter. #2992 weave psnow fetches the list container IDs internally, rather than calling out todocker ps#2814,#2898- at startup, actively remove dead containers’ Weave Net IP addresses from IPAM #3013
- at startup, only check live containers to see if they have an existing Weave Net IP address #2815,#2829
- Weave Net CNI plugin now logs but does not raise an error if anything goes wrong during network interface delete, to be more compatible with Kubernetes 1.6. #2928
- Stop running a shell in “privileged” mode when it’s only writing a file #2838
- New internal REST endpoint to return all IP address mappings. #1350
- Changed the wording where we do not log the password #2833
- Fixed typo in plugin error messages #2894
Build and test
- Weave Net is now built with Go version 1.8, which has better code generation and garbage collection #2914
- During smoke-tests, use a webserver instead of just
pingso we get a more realistic test that the Weave network is working #2918 - When installing dependencies for the build container, use a keyserver port that's better for firewalls #2812
- Kubernetes test script now scales up to more hosts, and works with Kubernetes 1.6 #2837,#2853,#2923
- Other minor build improvements and refactoring #2760,#2910
Release 1.9.8
Bug fixes and minor improvements
- Fix weave-npc blocking NodePort and any other non-local access #3011,#3014
- Fix bug where IPAM would duplicate a fixed IP address assigned via Docker plugin #3003,#3010
Release 1.9.7
This is identical to 1.9.6 with one additional bug-fix:
- weave-npc would block everything if
kubelet --hostname-overridewas used #2995,#2996
Release 1.9.6
Bug fixes and minor improvements
- Ensure that Kubernetes pods can contact a service implemented within the same pod, by turning on "hairpin mode". This is required because of a quiet change between Kubernetes 1.5 and 1.6. #2993
- Network Policy Controller (
weave-npc) now checks local addresses only, so it doesn't interfere with cross-cluster traffic. It should be more efficient too #2622,#2973,#2979 - Stop reporting back to Kubernetes any issues encountered when deleting a pod's network interface. This is required because of a quiet change between Kubernetes 1.5 and 1.6. #2921,#2928
- Fixed an issue whereby
weave-npccouldn't start because oneipsetwas referring to another one and could not be destroyed #2915,#2949 - Improved the code which checks whether the kernel supports
ipset#2934,#2935 weave-npcnow creates ipsets with only valid xml characters in the name #2958,#2959
Build and Testing
- In build container use cross-compilers from debian package repository, so they match other components #2940
- Pin the version of the linting tool
shfmtso the set of things it checks is stable #2987 - Fix lint error in script that runs smoke-tests #2962
- Moved website publishing from Wordpress to Netlify #2986
Release 1.9.5
Bug fixes and minor improvements
- Improve log messages generated if "hairpin" conditions are detected, to make clear which kind is likely to cause problems #2808/#2926
- Filter out IPv6 peer addresses from Kubernetes; Weave Net currently only supports IPv4 #2904/#2912
- Fix rare crash during initialization of weave-kube #2893/#2892
- Include overlay and encryption modes in checkpoint reports, in case this is relevant to a version upgrade #2771/#2907
Build and Testing
- Ensure CI build can run gcloud tools #2887
- Prevent kubeadm from upgrading Kubernetes if we are trying to test an older version #2886
- Upgrade build scripts to support Kubernetes 1.6 #2880
Release 1.9.4
Bug fixes and minor improvements
- Support Kubernetes 1.6 by creating a new DaemonSet #2777,#2801
- Support Kubernetes 1.6 by allowing CNI callers to send a network-delete request for a container that is not running or has never been attached to the network #2850
- Leave non-weave ipsets alone in Network Policy Controller (e.g. when running Weave Net alonside keepalived-vip) #2751,#2846
- Fix various small issues revealed by 'staticcheck' tool #2843,#2857
- Avoid leaving 'defunct' processes when weave-kube container restarts #2836,#2845
- When using the CNI plugin with a non-standard network configuration file, the weave bridge could get the same IP as a container, if 'weave expose' hadn't run at that point #2839,#2856
Build and Testing
- Check that no defunct processes remain after each test #2852
- Update build and test scripts to work with Kubernetes 1.6 beta #2851
Release 1.9.3
Bug fixes and minor improvements
- Fixed a race condition in Fast Datapath encrypted connections which could lead Weave Net to crash: #2824, #2825.
Release 1.9.2
Bug fixes and minor improvements
- Fix a weave-kube bug when
br_netfilterorxt_setmodule is compiled into kernel #2820/#2821 - Detect the absence of the required
xt_setkernel module #2821
Release 1.9.1
Bug fixes and minor improvements
- Fix a race condition when the Weave Net container is restarted which could allow a new container to be allocated the same IP address as an existing one #2784,#2787
- Handle the message type received when a pod has been deleted during Kubernetes api-server fail-over #2772,#2773
- Make weave-kube work with
dockerd --iptables=false#2726 - Ensure we have the right kernel modules loaded for Network Policy in weave-kube #2819
- Reference-count addresses in Network Policy Controller, to avoid errors when updates come in an unexpected order #2792,#2795
- Allow the soft connection limit to be raised in weave-kube, so larger clusters can be created #2781
- WeaveDNS was incorrectly case-sensitive for reverse DNS lookups #2817,#2818
Build and Testing
- Scripts to create VMs to run automated tests were rewritten to use Terraform and Ansible, to make it much easier to test with different versions of components such as Docker and Kubernetes #2647,#2694,#2775,#2796
- Upgrade to latest Weaveworks common build-tools #2780
- Improve encryption tests #2793
- Update vishvananda/netlink library to bring in changes we had previously forked #2790
- Slight change to the build container to avoid permission errors and slow builds #2761,#2802
Release 1.9.0
Highlights:
- Encryption is now available for Fast Datapath connections, which greatly improves the performance. #1644,#2687
- We now build images for Intel/AMD 64-bit, ARM and ARM 64-bit. #2713
- Weave Net Docker images are now labelled with description, vendor, etc. #2712
weave status connectionsnow shows the MTU #2389,#2663- CNI plugin is now a stand-alone binary that does not depend on Docker #2594,#2662
- Embedded docker client updated to version 1.10.3 #2395
NOTE: The move to multi-architecture required that we update the embedded Docker client, and this has the effect that this release of Weave Net will not work with Docker installations older than 1.10.
Release 1.8.2
Bug fixes and minor improvements
- Fixed a bug where looping flows were installed which caused high CPU usage #2650, #2674
- Fixed a bug where Kubernetes master could not contact pods #2673, #2683
- Fixed a bug where weave-kube was crashing in a loop due to invalid Weave bridge state #2657
- Fixed a bug where iptables NAT rules were not appended due to "temporary unavailable" iptables error #2679
- Added a detection of enabling the hairpin mode on the Weave bridge port which caused installation of looping flows #2674
- Added a detection of overlaps between Weave and the host IP address ranges when launching weave-kube #2669, #2672
- Added logging of connections blocked by weave-npc #2546, #2573
More details in the change log.
Release 1.8.1
Bug fixes and minor improvements
- Fixed weave-npc crash from Succeeded/Failed pods #2632,#2658
- Fixed occasional failure to create Weave bridge on node reboot #2617,#2637
- Fixed a bug where weave-kube would fail to install when run with unrelease snapshot builds #2642
- Improved conformance to CNI spec by not releasing IP addresses when a container dies #2643
- Improved troubleshooting of install failure by creating CNI config after Weave Net is up #2570
- "up to date" shown even when the version check was blocked by firewall #2537,#2565,#2645
- "Unable to claim" message on re-launching Weave after using CNI #2548,#2577
- Eliminated spurious IP reclaim operations when IPAM was disabled #2567,#2644
- Include
jqtool in our build VM configuration #2656
Release 1.8.0
Highlights:
- Exposed network policy controller Prometheus metrics weaveworks-experiments/weave-npc#23, #2595, #2549
- Exposed router Prometheus metrics #2535, #2547, #2523, #2579, #2578, #2568, #2560, #2561
More details in the change log.
Release 1.7.2
Bug fixes and minor improvements
- Fixed an error where the Docker plugin could fail to attach a
container with a
bridge "weave" not presenterror #2540/#2541 - Fixed
cannot connect to itselfpanic on weave launch #2527/#2543 - Fixed inferred initial peer count when target peers includes self #2481/#2543
- Fixed compilation on Raspberry Pi #2506/#2538
Release 1.7.1
Bug fixes and minor improvements
- Added utility to recover container addresses without asking Docker #2531
- Improved CI #2274
Release 1.7.0
Highlights:
- weave-kube - Deploy Weave Net to Kubernetes with a single command
- weave-npc - Kubernetes network policy controller implementation
More details in the change log.
Release 1.6.2
Bug fixes and minor improvements
- Fixed hang after stopping and restarting on Docker 1.12 #2469/#2502
- Avoid an error on Google container images by checking for tx offload support #2504
- Fixed an issue where the supplied peer list could be ignored when restarting after failure #2503/#2509
- Check for empty peer name on launch #2495/#2501
More details in the change log.
Release 1.6.1
Bug fixes and minor improvements
weave pswas occasionally failing to list allocated addresses of containers #2388/#2418/#2445weave launch[-router]on 4.2 kernel would appear to succeed even if the fast datapath VXLAN UDP port was in use by a different process #2375/#2474- Launching the proxy would fail when the Docker daemon could not be detected #2457/#2424
- The CNI plugin did not work with Apache Mesos #2394/#2442
- Router stopped working after a restart in the AWSVPC mode #2381/#2409
- Router crashed when the Docker API endpoint parameter was explicitly set to empty #2421/#2467
- The CNI plugin did not work on recent versions of Docker for Mac #2434/#2442
- The CNI plugin assigns an IP to the bridge if necessary, which avoids failures if
weave exposehas not run yet #2471 - Distinguish peer name collisions from attempts to connect to self in logs #2460
- Improve host clock skew detection message #2174
- Improve the error message returned when executing
weave launch-pluginwithout the router running #2293/#2416 - The
create-bridgesubcommand was not enabled in the fast datapath mode #2464/2466 - Allow users to omit
weave setup[-cni]by initializing the CNI plugin on thelaunch[-router]subcommand #2435/#2442 - Reduce verbosity of fast datapath miss event logs #1852/#2417
- Include the
ipamoption in the help output of thestatussubcommand #2425/#2426 - Remove a harmless duplication of the
--no-dnsparameter #2430 - Internal refactoring
- Improvements to testing and building
- Improvements to the documentation
More details in the change log.
Release 1.6.0
Highlights
- A new AWS VPC mode that leverages Amazon Virtual Private Cloud for near-native network performance, as an alternative to the Sleeve and Fast Datapath overlays
- Docker 1.12 introduced some internal changes that made it incompatible with previous version of Weave Net - this version restores compatibility
- An operational guide detailing best practices for deploying and operating Weave Net
- Changes to the target peer list are remembered across restarts, making it much easier to deploy resilient networks
- The version checkpoint now transmits network mode (e.g. 'awsvpc') and kernel/docker versions to us to inform and guide our development efforts. See the installation documentation for instructions on disabling the checkpoint feature.
More details in the change log.
Release 1.5.2
Bug fixes and minor improvements
- Weave Proxy did not flush the initial http header in the Docker event stream, which could cause Docker Swarm to show all nodes pending. #2306/#2311
- When using the CNI plugin, if a container was removed and quickly replaced by another using the same IP address, other containers might be unable to contact it. Send an address resolution protocol message to update them. #2313
- Avoid Docker hanging for 1 minute in
weave launchif the plugin had not shut down cleanly #2286/#2292 - Print an error message when Weave bridge mode is changed without
weave reset#2304 - Eliminate spurious warning message from IP allocator on plugin shutdown #2300/#2319
- Display error message when address requested in a subnet that is too small (/31 or /32) #2282/#2321
- Add short wait after
weave resetto allow updates to reach peers #2280 - Weave was occasionally unable to claim existing IP address immediately after launch #2275/#2281
- Refactor some integration tests to run faster and more reliably #2291
Release 1.5.1
Bug fixes and minor improvements
- Persisted data that was rendered invalid by changing peer name or allocation range is detected and removed automatically, preventing crashes and hangs #2246/#2209/#2249
weave rmpeerpersists the range takeover in case the peer on which it was executed dies subsequently #2238- Launching a container with an explicit
WEAVE_CIDRin the allocation range now waits instead of erroring if the allocator hasn't finished initialising #2232/#2265 - Weave DNS now responds to AAAA queries with an empty answer section, instead of NXDOMAIN which could be cached and block subsequent resolution of A records #2244/#2252
- Many improvements to the documentation.
More details in the change log.
Release 1.5.0
Highlights
- A new Container Network Interface plugin.
- This release is much more robust against unscheduled restarts, because it persists key data to disk.
- New configuration options that are useful when you create or auto-scale larger networks.
- Weave now periodically checks for updates (can be disabled)
Plus many bug fixes and minor enhancements. More details below and in the change log.
Release 1.4.6
Fixes some issues encountered by our users.
- Restarting a peer could leave stale entries in WeaveDNS #1867/#2023/#2081
- Weave proxy occasionally failing to attach any new containers #2016/#2049
Other fixes:
- Resolved a crash when a restarting peer re-connected to a peer that had not received the latest IPAM data #2083/#2092
- Make IP address space available immediately after a dead peer is removed #2068
Release 1.4.5
Higher performance for multicast and broadcast traffic when using Weave's Fast Datapath
- The flow rule to deliver broadcast and multicast packets in-kernel was not created correctly, hence every such packet caused a context-switch to the software router #2003/#2008
Other fixes:
- Remove DNS entries for containers that are being restarted by Docker but are not live yet #1977/#1989
- Don't let one failing allocation attempt prevent others from succeeding; they could be in different subnets which are more available #1996/#2001
- Don't complain on second router launch on kernels that lack support for Fast Datapath #1929/#1983
- Fix build broken by change in libnetwork IPAM API #1984/#1985
Release 1.4.4
Fixing a rather serious issue that slipped through our preparations for Docker 1.10:
- Restarting Docker or rebooting your machine while the Weave Net plugin is running causes Docker 1.10.0 to fail to start #1959/#1963
Also one other small fix:
- Avoid a hang when trying to use plugin and proxy at the same time #1956/#1961
Release 1.4.3
Preparing for Docker 1.10, plus some bug-fixes.
- Avoid hang in Docker v1.10 on
docker volume lsafterweave stop,weave stop-pluginorweave reset#1934/#1936 - Fix "unexpected EOF" from Docker 1.10 on
docker execwith Weave proxy--rewrite-inspectenabled #1911/#1917 - Avoid losing DNS entries and potentially double-allocating IP
Addresses allocated via plugin, on router restart; also extend
weave psto show IP addresses allocated via plugin #1745/#1921 - Stop creating lots of copies of
weavewaitprogram in Docker volumes #1757/#1935 - Prevent container starting prematurely when proxy in
--no-multicast-routemode #1942/#1943 - Log error message from plugin rather than crashing when weave not running #1906/#1918
- Warn, don't error, if unable to remove plugin network in 'weave stop', to avoid breaking the usual upgrade or config change process #1900/#1919
- Don't crash if network conditions suggest only very small packets will get through #1905/#1926
- Cope with unexpected errors during route traversal when starting container via proxy #1909/#1910/#1932
Release 1.4.2
Bug-fixes and minor improvements.
- A race condition in weavewait that would occasionally hang containers at startup #1882/#1884
- Having the plugin auto-restart prevents successful
weave launchon reboot #1869 - Work round weave router failure on CoreOS 4.3 caused by kernel bug #1854
weave launchwould exit with error code on docker <1.9 #1851- Running
eval $(weave env)multiple times would breakeval $(weave env --restore)#1824/#1825 - Don't complain in
weave stopabout "Plugin is not running" when plugin is not enabled #1840/#1841 weave --local launchwould fail if utility programdocker_tls_argscould not be found #1844- Improved error reporting when TLS arg detection fails #1843
- Improve error reporting when docker isn't running #1845
- Add
--trusted-subnetsusage toweavescript #1842 - weave run can hang under rare combinations of options #1858
Release 1.4.1
This is a bug-fix release to cover a few issues that came up since the release of 1.4.0.
- Weave would fail to launch when
$DOCKER_HOSTwas set to a TCP socket secured with TLS #1820/#1822 - Weave would fail to stop when run against Docker pre-1.9 #1815/#1817
- Issue a warning instead of failing on
--with-dnsoption to proxy, which was removed #1810/#1812 - Make
weave versionshow the plugin version #1797/#1813 - Make
weave launchshow when the a container is restarting #1778/#1814 - Make
weave launchfail if the plugin is running, for consistency with router and proxy. #1818/#1819
More details in the change log.
Release 1.4.0
Highlights
- The Docker Network plugin can now operate without a cluster store, so it is now run by default.
- You can now use the fast datapath over trusted links and Weave encryption over untrusted links, in the same network.
Plus many bug fixes and minor enhancements. More details below and in the change log.
Release 1.3.1
Highlights
- The minimum Docker version has been increased to 1.6 due to the
upcoming deprecation of Dockerhub access
for old clients. From December 7th onwards previous versions of the
weavescript will fail to pull down images from the hub; if you are unable to upgrade to 1.3.1 immediately you can work around this by runningweave --local setupin conjunction with a compatible Docker client installation - Docker networking plugin now works with older kernels and allows you to configure the MTU
More details in the change log.
Release 1.3.0
Highlights
This release includes a Docker Plugin, so you have the option to use Weave Net that way. More details in the change log.
Release 1.2.1
This release contains a number of bug fixes and minor enhancements. More details in the change log.
The release is fully compatible with 1.2.0 versions, so existing clusters can be upgraded incrementally.
Release 1.2.0
Highlights
This release introduces the Fast Data Path, which allows Weave networks to operate at near wire-level speeds. This new feature is enabled by default.
Other highlights:
- auto-configuration of TLS for the Weave Docker API proxy, making it easier to run Weave on Macs and in conjunction with tools like Docker Swarm
- support for restart policies on application containers and weave infrastructure containers
- better compatibility with recent and future Docker versions
More details in the change log.
Release 1.1.2
This release contains a small number of bug fixes. More details in the change log.
The release is fully compatible with 1.1.0 versions, so existing clusters can be upgraded incrementally. When upgrading from 1.0.x, note the compatibility information in the Installation & Upgrading instructions for Weave 1.1.0.
Release 1.1.1
This release contains a number of bug fixes and minor enhancements. More details in the change log.
The release is fully compatible with 1.1.0 versions, so existing clusters can be upgraded incrementally. When upgrading from 1.0.x, note the compatibility information in the Installation & Upgrading instructions for Weave 1.1.0.
Release v1.1.0
Highlights:
weave launchnow launches all weave components, simplifying startup.weave statushas been completely revamped, with a much improved presentation of the information, and the option to select and output data in JSON.- weaveDNS has been rewritten and embedded in the router. The new implementation simplifies configuration, improves performance, and provides fault resilience for services.
- the weave Docker API proxy now provides an even more seamless user experience, and enables easier integration of weave with other systems such as kubernetes.
- many usability improvements
- a few minor bug fixes, including a couple of security vulnerabilities
More details in the change log.
Release 1.0.3
This release contains a weaveDNS feature enhancement as well as minor fixes for improved stability and robustness.
More details in the change log.
The release is fully compatible with other 1.0.x versions, so existing clusters can be upgraded incrementally.
Release 1.0.2
This release fixes a number of bugs, including some security vulnerabilities in the Weave Docker API proxy, hangs and failures in address allocation, and sporadic failures in name resolution.
More details in the change log.
The release is fully compatible with other 1.0.x versions, so existing clusters can be upgraded incrementally.
Release 1.0.1
This is a bug fix release, addressing the following issue:
- executing
docker runfrom a Docker 1.7 client against the weave proxy would report ano such imageerror when the requested image wasn't present on the Docker host, instead of downloading it.
Release 1.0.0
Highlights:
-
It is now easier than ever to start containers and for them to communicate, across multiple hosts. Automatic IP address allocation, and name resolution via weaveDNS are now enabled by default, and the proxy has become more fully-featured. In short, once weave has been launched the following is possible:
```` host1$ docker run --name=pingme -dti ubuntu host2$ docker run -ti ubuntu root@d11e9287f65b:/# ping pingme ```` -
Containers can now be load-balanced easily.
-
IP address allocation is now available across multiple subnets, and hence can be employed when running multiple, isolated applications.
-
The proxy now supports TLS connections, enabling its deployment when the communication between docker clients and the server must be secured.
There are many other new features, plus the usual assortment of bug fixes and improvements under the hood. More detail below and in the change log.
NB: This release changes the weave protocol version. Therefore, when upgrading an existing installation, all hosts need to be upgraded in order to for them to be able to communicate and form a network.
Release 0.11.2
This is a bug fix release, addressing the following issues:
weave rundid not respect DOCKER_CLIENT_ARGS. #855- Negative result cache did not expire if requeried within TTL. #845
More details in the change log.
NB: This release does not change the weave protocol version. Therefore, when upgrading an existing 0.11 installation incrementally, connectivity between peers will be retained.
Release 0.11.1
This is a bug fix release, addressing the following issues:
- The IP Allocator could crash in some relatively rare circumstances. #782/#783.
- When the proxy failed to attach a container to the weave network, there was no failure indication and descriptive error anywhere, and the application process would still start. Now an error is reported to the client (i.e. typically the Docker CLI), recorded in the proxy logs, and the container is terminated. #788/#799.
weave launch-proxy --with-ipamfailed to configure the entrypoint and DNS unless a (possibly blank)WEAVE_CIDRwas specified. Affected containers could start the application process w/o the weave network interface being available, and without functioning name resolution for the weaveDNS domain. #744/#747/#751/#752- The
weave statusoutput for the IP Allocator was misleadingly conveying a sense of brokenness when no IP allocation requests had been made yet. #787/#801 - When invoking
weave launch-proxytwice, the second invocation would output a blank line and terminate with a success exit status. Now it reports that the proxy is already running and exits with a non-zero status. #767/#780 weave launch-proxywas not respecting WEAVEPROXY_DOCKER_ARGS, so any user-supplied custom configuration for the weaveproxy container was ignored. #755/#780- The proxy was not intercepting API calls to the unversioned (1.0) Docker Remote API. Hence none of the weave functionality was available when Docker clients were using that version of the API. #770/#774/#777,#809
- The proxy would crash when certain elements of the
/containers/createJSON were missing. We are not aware of any Docker clients doing this, but it's been fixed regardless. #778/#777
More details in the change log.
NB: This release does not change the weave protocol version. Therefore, when upgrading an existing 0.11 installation incrementally, connectivity between peers will be retained.
Release 0.11.0
Highlights:
- automatic IP Address Management (IPAM), which allows application containers to be started and attached to the weave network without needing to supply an IP address.
- proxy for automatically attaching containers started with
ordinary
docker run, or the Docker remote API, to the weave network. - ability to add/remove extra DNS records.
- performance and scalability improvements
- fixes for a small number of bugs discovered during testing
More detail in the change log
NB: This release changes the weave protocol version. Therefore, when upgrading an existing installation, all hosts need to be upgraded in order to for them to be able to communicate and form a network.
Release 0.10.0
Highlights:
- bug fixes, in particular eradicating several deadlocks that could cause peer connection failures and hangs.
- performance and scalability improvements to the weave control plane, as a result of which it is now possible to construct much larger weave networks than previously.
- improved installation and administration, particularly the introduction of remote execution of the weave script in a container, permitting fully containerised deployment of weave.
- improved diagnostics, such as the reporting of connection failures
in
weave status. - new weaveDNS features, most notably the caching of DNS records for application containers, which makes finding container IP addresses via weaveDNS much faster.
More detail in the change log
NB: This release changes the Weave Docker image names. To upgrade
from an older version, 1) stop all application containers, 2) run
weave reset from the old version to remove all traces of weave, and
only then 3) install the new version.
Release 0.9.0
-
Improve WeaveDNS to the point where it can act as the name server for containers in nearly all situations.
-
Diagnose and report peer connectivity more comprehensively.
-
Adapt to changes in topology - adding & removing of weave peers, disruption of connectivity - more rapidly.
-
Cope with delays in downloading/running docker images/containers required for weave operation.
See the complete change log for more details.
Release 0.8.0
-
Align script and image version. When the
weavescript has a version number, i.e. it is part of an official release, it runs docker images matching that version. Thus the script and image versions are automatically aligned. Unversioned/unreleasedweavescripts run the 'latest'-tagged image versions. -
Eliminate dependency on ethtool and conntrack. Instead of requiring these to be installed on the host, weave invokes them via a
weavetoolsdocker image that contains minimally packaged versions of these utilities. -
New
weave setupcommand. This downloads all docker images used by weave. Invoking this is strictly optional; its main purpose is to facilitate automated installation of weave and preventing delays in subsequent weave command execution due to image downloading.
Release 0.7.0
This is the first release assigned a version number.
When downloading weave you now have the following choices...
- a specific version, e.g. https://github.com/weaveworks/weave/releases/download/v0.7.0/weave
- latest released version: https://github.com/weaveworks/weave/releases/download/latest_release/weave
- most recent 'master' commit: https://raw.githubusercontent.com/weaveworks/weave/master/weave
Previously the only documented download location was (3). We recommend that any automated scripts using that be changed to either (1) or (2).