Releases: weaveworks/weave
Weave Net 2.8.1
Release 2.8.1
Fixes a problem introduced in 2.8.0 for machines whose unique ID is in /etc/machine-id #3886
Many thanks to contributor @avestuk for this fix.
Also move Kubernetes API calls out of Weave Net daemon #3885 - this reduces the size of the 'weaver' binary and stops it crashing when run on 32-bit ARM.
Contributors
Assets 7
Weave latest (2.8.1)
Weave Net 2.8.0
Release 2.8.0
This release makes some important changes to trim the "attack surface" of the Kubernetes install, addressing CVE-2020-26278, and improves a couple of reported issues.
- Workaround to fix ipset conflict with iptables #3851, #3882
- Kubernetes: move kernel and CNI setup to init container #3880
(We also stopped including config for Kubernetes releases 1.6 and 1.7 which are very old.) - For K8s, stop running in host PID namespace #3876
- NetworkPolicy: avoid logging dropped packets that were not actually dropped #3852
- Build with Go version 1.15.6 #3883
Many thanks to contributors @drigz, @KevDBG and @NeonSludge.
Weave Net 2.7.0
Release 2.7.0
This release improves resiliency in a number of areas, and extends the Prometheus metrics exported by Weave Net.
Change in behaviour: on Kubernetes, the client source IP is preserved when calling from a pod to a service.
This feature, introduced in version 2.4.0 and previously turned on by setting NO_MASQ_LOCAL=1 is now on by default. #3389, #3756
Features
- Reload router iptables rules if they get cleared, e.g. when firewalld restarts. #3802 (weave-npc rules are not reloaded)
- Add new
typeandencryptionlabels toweave_connectionsmetric #3788, #3789 - Weave Net now exports Go metrics for heap size, garbage collection, etc. #3838
- Register container name and its network aliases with weaveDNS #3084, #3090
- Make DNS listen address configurable #1770, #3231
Bug fixes
- weave-npc could crash if you deleted a Kubernetes Namespace containing pods #3833, #3836
- Ensure that weave-npc exits and restarts if it crashes #3764, #3792, #3841
- Avoid weave-kube failing on startup due to iptables lock #3828, #3835
Build and test
- Reduce size of containers (weaveworks/weave goes from 99MB to 83MB) #3624, #3726
- Weave Net is now built with Go 1.14.4, which should improve performance #3838
- CI tests are now run against Docker 19.03.1, Kubernetes 1.14.0 #3687
Many thanks to contributors @berlic, @gobomb, @hairyhenderson, @naemono, @nesc58
Weave 2.6.5
Weave 2.6.4
Release 2.6.4
Improves the iptables rule added in 2.6.3 to block just the Weave Net control port, and avoid blocking other uses of 127.0.0.1. #3811
Weave 2.6.3
Note 2.6.4 was created to relax the iptables blocking rule added in this release, because it turned out to be too strict.
Release 2.6.3
This release has a couple of security improvements, and some other fixes.
Note that we still recommend to remove CAP_NET_RAW access from untrusted containers.
- Block non-local traffic to the Weave control port [CVE-2020-8558] #3805
- Tell Linux not to accept router advisory messages [CVE-2020-11091] #3801
- Network Policy Controller: add a metric to show errors while operating #3804
- Network Policy Controller: don't treat named port as a fatal error #3790
Weave 2.6.2
Release 2.6.2
fixes a regression found in 2.6.1 release and fix to prevent CPU spinning
Bug fixes
Weave 2.6.1
Note a regression was reported #3781 - we advise waiting for resolution before upgrading
Release 2.6.1
support for iptables 1.8 and a bug-fix
Bug fixes
- removes a possible deadlock which could cause Weave Net on node restart to stop connecting to peers and stops responding to API requests #3762 #3763
Other improvements
Weave Net 2.6.0
Release 2.6.0
This release reduces CPU and memory usage in larger clusters, by sending notifications to a smaller set of peers and coalescing updates to reduce topology recalculation. #3715, #3732
The default soft limit on connections has been raised from 100 to 200.
Bug fixes
- Fix a race condition in Kubernetes addon when reclaiming IP addresses after node deletion #3724, #3716
- Buffer events so Docker won't drop them, and Weave Net can clean up after dead containers #3432, #3705
- Weave reconnect occasionally fails after network interface disconnect #3666, #3669, #3676
- Ingress NetworkPolicy would accepts all traffic when specifying both IPBlock and port #3653, #3654
Kubernetes improvements
- Support both podSelector and namespaceSelector in NetworkPolicy #3312, #3647
- Only add default-drop egress rule if network policies are in use #3639
- Manifests use 'apps/v1' rather than deprecated 'apps/v1beta1' #3660
- Avoid Weave Net pods being evicted by setting priorityClassName: system-node-critical #3697
- Manifests use recommended DNS policy ClusterFirstWithHostNet #3692
- Weave Net now tolerates 'NoExecute' taint #3655
- Allow extra arguments to NetworkPolicy controller to be set in an environment variable #3683
- Stop reporting a failure to connect to self #3454, #3585
- Minor reduction in log noise when reclaiming IPs #3710
Other improvements
- Avoid isolating nodes which have restarted by automatically repairing inconsistencies in IP allocation data #1962, #3637, #3708
- Build Weave Net for the s390x architecture #3685
- When a IP address is requested that may be in use, make several attempts to claim it before returning an error #3725
- Improve logging for IP allocation updates #3627, #3630
- Improve 'expecting PMTU update' log message on initial connection #3603
Build and test
- Shut down Kubernetes on node when testing node deletion #3716
- Update the base 'Alpine' container image to version 3.8 #3701
- Update Go to version 1.13.3 #3712
- Update gopacket library #3590
- Pin busybox version to 1.28 to avoid CI failure in Python test #3689
- Remove obsolete weave-daemonset.yaml file #3674
Thanks to contributors @christian-2, @hpdvanwyk, @guirish, @kitt1987,
@mmerrill3, @Pensu, @scritchley, @sidharthsurana, @tanishq-dubey