Description:
This update for flannel fixes the following issues:
- Update to version 0.27.4:
* Removed PodSecurityPolicy manifest creation
* Fix interface IP address detection in dual-stack mode
* Fix: recreate VXLAN device (flannel.*) when external interface is deleted and re-added (#2247)
* golangci-lint: fix iptables_test
* firewall: add option to disable fully-random mode for MASQUERADE
* Bump the tencent group with 2 updates
* Bump github.com/coreos/go-systemd/v22 in the other-go-modules group
* Bump golang.org/x/sys in the other-go-modules group
* Bump the etcd group with 4 updates
* Bump etcd version in tests
* Stop using deprecated cache.NewIndexerInformer function
* Bump k8s test version
* Bump k8s deps to v0.31.11
* Bump the other-go-modules group with 2 updates
* helm chart: add nodeSelector in the helm chart
* Updated Alpine image
* Added flag to enable blackhole route locally for Canal
* Bump golang.org/x/sync in the other-go-modules group
* make enqueueLeaseEvent context aware and prevent dangling goroutines when context is done - fixed a typo/build error
* make retry interval exp backoff
* cont_when_cache_not_ready configurable with fail by default * use semaphore as opposed to raw signal channel
* Update pkg/subnet/kube/kube.go
* Fix deadlock in startup for large clusters
* enable setting resources in helm chart
* capture close() err on subnet file save (#2248)
* doc: document flag --iptables-forward-rules
* Bump netlink to v1.3.1
* fix: clean-up rules when starting instead of shutting down
* Bump k8s and sles test version
* Add modprobe br_netfilter step in test workflows
* test: don't run the workflows on "push" events
* Update to the latest flannel cni-plugins v1.7.1
* Move to go 1.23.6
- Update to version 0.26.6:
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Bump the etcd group with 4 updates
* Bump the tencent group with 2 updates
* Organize dependabot PR's more clearly by using groups
* Use peer's wireguard port, not our own
* Bump to codeql v3
* Pin all GHA to a specific SHA commit
* Bump github.com/golang-jwt/jwt/v4 from 4.5.1 to 4.5.2 (fix CVE-2025-30204, boo#1240516)
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Bump go.etcd.io/etcd/tests/v3 from 3.5.18 to 3.5.20
* add missing GH_TOKEN env var in release.yaml
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Upload chart archive with the release files
* make deps
* refactor release.yaml to reduce use of potentially vulnerable GH Actions
* Bump golang.org/x/net from 0.34.0 to 0.36.0
* enable setting CNI directory paths in helm chart
* Added cni file configuration on the chart
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/avast/retry-go/v4 from 4.6.0 to 4.6.1
- Update to version 0.26.4:
* Moved to github container registry
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump go.etcd.io/etcd/tests/v3 from 3.5.17 to 3.5.18
* fix: Fix high CPU usage when losing etcd connection and try to re-establish connection with exponential backoff
* Bump github.com/containernetworking/plugins from 1.6.1 to 1.6.2
* Bump alpine from 20240923 to 20250108 in /images
* Bump golang.org/x/net from 0.31.0 to 0.33.0
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/jonboulle/clockwork from 0.4.0 to 0.5.0
* feat: add bool to control CNI config installation using Helm
* fix: add missing MY_NODE_NAME env in chart
* Bump k8s deps to 0.29.12
* Don't panic upon shutdown when running in standalone mode
* Bump golang.org/x/crypto from 0.29.0 to 0.31.0
* Bump alpine from 20240807 to 20240923 in /images
* Bump github.com/containernetworking/plugins from 1.6.0 to 1.6.1
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/vpc
* Bump github.com/vishvananda/netns from 0.0.4 to 0.0.5
* Use the standard context library
* Bump github.com/tencentcloud/tencentcloud-sdk-go/tencentcloud/common
* Updated flannel cni image to 1.6.0
* Updated CNI plugins version on the README
* Bump sigs.k8s.io/knftables from 0.0.17 to 0.0.18
* Bump github.com/golang-jwt/jwt/v4 from 4.4.2 to 4.5.1
* Bump github.com/Microsoft/hcsshim from 0.12.8 to 0.12.9
* Added check to not check br_filter in case of windows
* Bumo golangci-lint to latest version
* Bump to go 1.23
* Added checks for br_netfilter module
* Try not to cleanup multiple peers behind same PublicIP
* fix trivy check
* check that the lease includes an IP address of the requested family before configuring the flannel interface
* Fixed IPv6 chosen in case of public-ipv6 configured
* add timeout to e2e test pipelines
* Update k8s version ine2e tests to v1.29.8
* Update netlink to v1.3.0
* Fixed values file on flannel chart
* Bump k8s.io/klog/v2 from 2.120.1 to 2.130.1
* Updated Flannel chart with Netpol containter and removed clustercidr
* Fix bug in hostgw-windows
* Fix bug in the logic polling the interface
* Added node-public-ip annotation
* Try several times to contact kube-api before failing
* Fixed IPv6 0 initialization
* wireguard backend: avoid error message if route already exists
* Bump github.com/avast/retry-go/v4 from 4.5.1 to 4.6.0
* use wait.PollUntilContextTimeout instead of deprecated wait.Poll
* troubleshooting.md: add `ethtool -K flannel.1 tx-checksum-ip-generic off` for NAT
* Added configuration for pulic-ip through node annotation
* extension/vxlan: remove arp commands from vxlan examples
* Refactor TrafficManager windows files to clarify logs
* Add persistent-mac option to v6 too
* fix comparison with previous networks in SetupAndEnsureMasqRules
* show content of stdout and stderr when running iptables-restore returns an error
* Add extra check before contacting kube-api
* remove unimplemented error in windows trafficmngr
* remove --dirty flags in git describe
* Added leaseAttr string method with logs on VxLan
* remove multiClusterCidr related-code.
* Implement nftables masquerading for flannel
* fix: ipv6 iptables rules were created even when IPv6 was disabled
* Add tolerations to the flannel chart
* Added additional check for n.spec.podCIDRs
* Remove net-tools since it's an old package that we are not using
* fix iptables_windows.go
* Clean-up Makefile and use docker buildx locally
* Use manual test to ensure iptables-* binaries are present
* Bump github.com/containerd/containerd from 1.6.23 to 1.6.26
* Bump github.com/joho/godotenv
* SubnetManager should use the main context
* Simplify TrafficManager interface
* refactor iptables package to prepare for nftables-based implementation
- flannel v0.26.4, includes `golang.org/x/net/http2` at v0.34.0, which fixes boo#1236522 (CVE-2023-45288)
- Update to version 0.24.2:
* Prepare for v0.24.2 release
* Increase the time out for interface checking in windows
* Prepare for v0.24.1 release
* Provide support to select the interface in Windows
* Improve the log from powershell
* Wait all the jobs to finish before deploy the github-page
* remove remaining references to mips64le
* add multi-arch dockerfile
* add missing riscv64 in docker manifest create step
* prepare for v0.24.0 release
* Bump golang.org/x/crypto from 0.15.0 to 0.17.0
* Add the VNI to the error message in Windows
* chart: add possibility for defining image pull secrets in daemonset
* Remove multiclustercidr logic from code
* Update opentelemetry dependencies
* Bump go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc
* Add riscv64 arch in GH actions
* vxlan vni should not be type uint16
* Quote wireguard psk in helm chart
* add riscv64 support
- Update to 0.14.0:
* Add tencent cloud VPC network support
* moving go modules to flannel-io/flannel and updating to go 1.16
* fix(windows): nil pointer panic
* Preserve environment for extension backend
* Fix flannel hang if lease expired
* Documentation for the Flannel upgrade/downgrade procedure
* Move from glog to klog
* fix(host-gw): failed to restart if gateway hnsep existed
* ipsec: use well known paths of charon daemon
* upgrade client-go to 1.19.4
* move from juju/errors to pkg/errors
* subnets: move forward the cursor to skip illegal subnet
* Fix Expired URL to Deploying Flannel with kubeadm
* Modify kube-flannel.yaml to use rbac.authorization.k8s.io/v1
* preserve AccessKey & AccessKeySecret environment on sudo fix some typo in doc.
* iptables: handle errors that prevent rule deletes
- Sync manifest with upstream (0.13.0 release). Includes the
following changes:
* Fix typo and invalid indent in kube-flannel.yml
* Use stable os and arch label for node
* set priorityClassName to system-node-critical
* Add NET_RAW capability to support cri-o
* Use multi-arch Docker images in the Kubernetes manifest
- Set GO111MODULE=auto to build with go1.16+
* Default changed to GO111MODULE=on in go1.16
* Set temporarily until using upstream version with go.mod
- update to 0.13.0:
* Use multi-arch Docker images in the Kubernetes manifest
* Accept existing XMRF policies and update them intead of raising errors
* Add --no-sanity-check to iptables-wrapper-installer.sh for architectures other than amd64
* Use "docker manifest" to publish multi-arch Docker images
* Add NET_RAW capability to support cri-o
* remove glide
* switch to go modules
* Add and implement iptables-wrapper-installer.sh from https://github.com/kubernetes-sigs/iptables-wrappers
* documentation: set priorityClassName to system-node-critical
* Added a hint for firewall rules
* Disabling ipv6 accept_ra explicitely on the created interface
* use alpine 3.12 everywhere
* windows: replace old netsh (rakelkar/gonetsh) with powershell commands
* fix CVE-2019-14697
* Bugfix: VtepMac would be empty when lease re-acquire for windows
* Use stable os and arch label for node
* doc(awsvpc): correct the required permissions
- update to 0.12.0:
* fix deleteLease
* Use publicIP lookup iface if --public-ip indicated
* kubernetes 1.16 cni error
* Add cniVersion to general CNI plugin configuration.
* Needs to clear NodeNetworkUnavailable flag on Kubernetes
* Replaces gorillalabs go-powershell with bhendo/go-powershell
* Make VXLAN device learning attribute configurable
* change nodeSelector to nodeAffinity and schedule the pod to linux node
* This PR adds the cni version to the cni-conf.yaml inside the kube-flannel-cfg configmap
* EnableNonPersistent flag for Windows Overlay networks
* snap package.
* Update lease with DR Mac
* main.go: add the "net-config-path" flag
* Deploy Flannel with unprivileged PSP
* Enable local host to local pod connectivity in Windows VXLAN
* Update hcsshim for HostRoute policy in Windows VXLAN