@bboreham bboreham released this Sep 13, 2018 · 75 commits to master since this release

Assets 7

Release 2.4.1

This release fixes several bugs causing inconsistencies in IPAM for Kubernetes users whose clusters scale up and down over time.

Bug fixes

  • Nodes unable to connect after Kubernetes addon erroneously reclaimed node without any IP addresses #3392, #3393
  • Kubernetes addon could have run out of free IP addresses after nodes are deleted #3384, #3400
  • Kubernetes addon had reduced free IP addresses due to not reclaiming IP addresses when node name is re-used #3397

Other improvements

  • Support --label in WEAVE_DOCKER_ARGS when starting Weave #3370,#3371
  • Add missing --token argument in help for weave launch #3226, #3379
  • Print defunct processes after smoke-tests #3362

Full list of changes

@brb brb released this Jul 25, 2018 · 107 commits to master since this release

Assets 7

Release 2.4.0

This release introduces a support for Kubernetes Egress Network Policy (#2624, #3313)
and adds a mechanism for preserving the client source IP address to enable
externalTrafficPolicy: Local on Kubernetes (#2924, #3298).

In this release we stop supporting the Kubernetes legacy Network Policy previously controlled with the --use-legacy-netpol flag.

Bug fixes

  • Increase the ipset list size which prevents weave-npc from crashing on older
    kernels when more than eight Kubernetes Namespaces are used (#3289, #3305).
  • Avoid a possible livelock when reclaiming IP address space in weave-kube (#3317).
  • Ensure xtables.lock is mounted as a file so that kube-proxy can take the lock
    if it has started after Weave Net (#3351, #3353).
  • Upgrade the CNI plugin symlinks only if the plugin has changed (#3337, #3345).

Other improvements

  • Manipulate the Kubernetes node status NetworkUnavailable so that Pods can be
    scheduled on nodes when the GCE cloud provider is in use (#3249, #3307, #3332, #3334).
  • Refrain from creating a subprocess for configuring a network interface in
    a container network namespace (#3291).
  • Protect against handling the CNI plugin request with the host namespace which
    prevents Weave Net from misconfiguring the host network (#3206, #3346).
  • Weave Net can be run on minikube VM (#3124).
  • Add org.opencontainers.image.* labels to Dockerfiles to improve association
    of the container images with git revisions (#3299).
  • Improve the error message when running weave reset on Kubernetes (#3319).

Build and Testing

  • Use dep instead of git submodules for managing external packages (#3268).
  • Fix usage of manifest-tool in Makefile (#3320).
  • Update Kubernetes to 1.11 for the integration tests (#3340).

External Contributors

Thanks to the following contributors:

Full list of changes

@brb brb released this Apr 9, 2018 · 233 commits to master since this release

Assets 6

Release 2.3.0

Security fixes

  • By default, do not expose Weave "/status" and "/report" to all (0.0.0.0) when
    running on Kubernetes #3271

Other improvements

  • Increase the default connection limit for Weave peers (from 30 to 100) when
    running on Kubernetes, so that more peers could directly connect #3265

Build and test

  • Build Weave Net with Go 1.10.1 #3273
  • Run integration tests against Kubernetes 1.10.0 #3266

Full list of changes

@brb brb released this Mar 12, 2018 · 269 commits to master since this release

Assets 6

Release 2.2.1

Bug fixes

  • Fix a bug in weave-npc which would allow ingress traffic to Kubernetes Pods selected by a NetworkPolicy in which source and destination selectors were the same #3222,#3237
  • Fix a bug in weave-npc which would crash if a previously deleted Kubernetes Namespace has been created again #3247,#3250

Other improvements

  • Increase the default connection limit for Weave peers (from 30 to 100), so that more peers could directly connect #3234
  • When doing a rolling update of Weave Net on Kubernetes, allow each node five seconds to initialize before rolling next Weave Net Pod, so that issues at startup will halt the rollout and not spread across the whole cluster #3235
  • Install common CA certificates from Alpine Linux package instead of copying them manually #3236

Upgrading the Weave Net Kubernetes addon (weave-kube)

Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

External contributors

Thanks to the following contributors:

Full list of changes

@bboreham bboreham released this Jan 30, 2018 · 282 commits to master since this release

Assets 6

Release 2.2.0

This release improves the way Weave Net configures Linux network devices and network filter rules, so that it is more robust in the face of unexpected changes in its environment. #3204,#3224

As a consequence of these changes, the weave attach command will now fail unless the Weave Net daemon is up and running - previously it was possible to run independently as long as you managed all IP addresses
yourself.

Other improvements

  • Update library miekg/dns for CVE-2017-15133 (details under embargo) #3223,#3227
  • Reduce the volume of logging from weave-npc #3183
  • Add ability to set log level for Docker "v2" plugin, and change default log level from DEBUG to INFO #3197
  • Downgrade log messages about Discovery and Expiration to DEBUG level #3202,#3203
  • Use command-line parameter for WeaveDNS address in Docker proxy #3196

Bug fixes

  • Ensure that rules to block traffic for NetworkPolicy are placed ahead of rules that Kubernetes has added to allow other traffic #3209,#3210

Build and test

  • Update CI tests to use Kubernetes 1.9.2 #3229
  • Remove "daily update" from test VMs that only run for a few minutes #3224

Upgrading the Weave Net Kubernetes addon (weave-kube)

Apply the latest DaemonSet manifest, either attached to this release or from the config generator at Weave Cloud:

kubectl apply -f "https://cloud.weave.works/k8s/net?k8s-version=$(kubectl version | base64 | tr -d '\n')"

External Contributors

Thanks to the following contributors:
@vetal4444

Full list of changes

@bboreham bboreham released this Dec 4, 2017 · 348 commits to master since this release

Assets 6

Release 2.1.3

This release fixes a race-condition in the IP reclaim code for weave-kube where, if multiple nodes ran the reclaim process at exactly the same time, two nodes could end up fighting over the same space and break connectivity #3190, #3192

Upgrading the Weave Net Kubernetes addon (weave-kube) from pre-version 2.1:

There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net

To use old network policies:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true

Full list of changes

@bboreham bboreham released this Nov 27, 2017 · 356 commits to master since this release

Assets 6

Release 2.1.2

This release fixes a couple of bugs discovered since the release of Weave Net 2.1.0

Bug fixes

  • Fix crash seen when starting 10-15 nodes simultaneously #3184,#3186
  • Fix NetworkPolicy blocking traffic if updates come out of order from Kubernetes #3177,#3181

Upgrading the Weave Net Kubernetes addon (weave-kube) from pre-version 2.1:

There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net

To use old network policies:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true

External Contributors

Thanks to the following contributors:
@zignig

Full list of changes

@bboreham bboreham released this Nov 17, 2017 · 362 commits to master since this release

Assets 6

Release 2.1.1

As 2.1.0, but fixing a couple of installation glitches - #3175,#3176

New Features

Improved Kubernetes Network Policy - Weave Net now supports the 'v1' policies introduced in Kubernetes 1.7 as well as the 'beta' policies supported previously. See Kubernetes 1.7 changelog for differences. To use old policies, --use-legacy-netpol argument should be passed to weave-npc. #3105,#3141,#3151,#3169

Weave Net now reclaims IP addresses owned by Kubernetes nodes which have been deleted from the cluster - this avoids running out of IP addresses when many nodes are added and deleted over a long period. #2797,#3149,#3170,#3172

Upgrading the Weave Net Kubernetes addon (weave-kube)

There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net

To use old network policies:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true

Other improvements

  • Export a Prometheus-style metric giving count of unreachable peers #3119
  • Update 'gopacket' library to reduce memory use by approx 15MB #3160
  • Replace bundling the 'docker' binary with our own code to avoid security vulnerability alerts and save space #2957,#3110

Bug fixes

  • When weave expose is used, allow traffic into the Weave network - up till version 1.12 Docker would do this for us, but in 1.13 they stopped so now we do it. This change makes weave expose to require Weave Net to be running. #2758,#3122
  • Arm64 build now works on non-kubernetes installs #2832,#3110
  • TX offload was being disabled in 'awsvpc' mode, which slows down packet sending #3089
  • Removed spurious 'nil' in logs from CNI DEL operation #3143

Build and test

  • Images are now also built for the ppc64le platform #3129
  • Tweak build scripts to run on OSX as well as Linux #3135

External Contributors

Thanks to the following contributors:
@caarlos0
@dtshepherd

Full list of changes.

Pre-release

@bboreham bboreham released this Nov 17, 2017 · 367 commits to master since this release

Assets 6

Release 2.1.0

NOTE This release had an error in the installation; please do not use. Replaced by 2.1.1.