VMware Container Networking with Antrea | 30 Nov 2020 | 17240593

Check for additions and updates to these release notes.

What's New

  • The AntreaProxy feature is graduated from Alpha to Beta and is therefore enabled by default.
  • The Traceflow feature is graduated from Alpha to Beta and is therefore enabled by default.
  • Support for Prometheus metrics is graduated from Alpha to Beta and Antrea metrics are therefore exposed by default.
  • Support for IPv6 and dual-stack clusters (alpha).
  • Support for audit logging for Antrea-native policy rules.
  • Add "baseline" tier for Antrea-native policies: policies in that tier are enforced after (i.e., with a lower precedence) than K8s network policies.
  • Add support for Antrea-native policies to the "antctl get netpol" command.
  • Add config option to disable SNAT for Pod-to-External traffic in noEncap mode.
  • Add NetworkPolicy information to the IPFIX flow records exported by the Agent when FlowExporter is enabled.
  • Support for the FlowExporter feature for Windows Nodes.
  • Add support for Pod Traffic Shaping by leveraging the upstream bandwidth plugin, maintained by the CNI project.
  • Add "antctl log-level" command to change log verbosity of a specific Antrea Agent or of the Controller at runtime.
  • Support for Antrea-native policies in Traceflow.
  • Add ability for users to define their own policy tiers using a Tier CRD.
  • Route exchange with NSX-T.
  • Add "name" field for individual rules in Antrea-native policy.
  • Add “status” field to Antrea-native NetworkPolicy.
  • Tier Mapping with RBAC Admission Controller -- advanced feature use with Antrea Policy (alpha).
  • Wavefront integration (advanced feature).


Compatibility Requirements

K8S Distribution K8S Versions OS Cloud NSXT Default Overlay
vSphere with Tanzu Guest Clusters
(Tanzu Kubernetes Grid Service)
1.16, 1.17, 1.18, 1.19 PhotonOS 3 vSphere 7.0 U1 3.x Geneve Encapsulation
Tanzu Kubernetes Grid 1.16, 1.17, 1.18, 1.19 PhotonOS 3
Ubuntu 18.04
Amazon Linux 2
vSphere 6.7, 7.0
3.x Geneve Encapsulation
AWS EKS v1.15.11 Amazon Linux 2 AWS N/A Policy-Only (chained CNI)
Azure AKS 1.17, 1.18           - Azure N/A Policy-Only (chained CNI)



Resolved Issues

  • Traceflow fails due to destination Node not receiving the trace packet #1357.

    Traceflow fails with timeout. The source Node reports the Trace results but the destination do not.

    Workaround: Use IP DSCP field instead of Geneve TLV metadata to encode the Traceflow data-plane tag #1466.


check-circle-line exclamation-circle-line close-line
Scroll to top icon