What's New

• The AntreaProxy feature is graduated from Alpha to Beta and is therefore enabled by default.
• The Traceflow feature is graduated from Alpha to Beta and is therefore enabled by default.
• Support for Prometheus metrics is graduated from Alpha to Beta and Antrea metrics are therefore exposed by default.
• Support for IPv6 and dual-stack clusters (alpha).
• Support for audit logging for Antrea-native policy rules.
• Add "baseline" tier for Antrea-native policies: policies in that tier are enforced after (i.e., with a lower precedence) than K8s network policies.
• Add support for Antrea-native policies to the "antctl get netpol" command.
• Add config option to disable SNAT for Pod-to-External traffic in noEncap mode.
• Add NetworkPolicy information to the IPFIX flow records exported by the Agent when FlowExporter is enabled.
• Support for the FlowExporter feature for Windows Nodes.
• Add support for Pod Traffic Shaping by leveraging the upstream bandwidth plugin, maintained by the CNI project.
• Add "antctl log-level" command to change log verbosity of a specific Antrea Agent or of the Controller at runtime.
• Support for Antrea-native policies in Traceflow.
• Add ability for users to define their own policy tiers using a Tier CRD.
• Route exchange with NSX-T.
• Add "name" field for individual rules in Antrea-native policy.
• Add “status” field to Antrea-native NetworkPolicy.
• Tier Mapping with RBAC Admission Controller -- advanced feature use with Antrea Policy (alpha).
• Wavefront integration (advanced feature).

Compatibility Requirements

Resolved Issues

• Traceflow fails due to destination Node not receiving the trace packet #1357.

  Traceflow fails with timeout. The source Node reports the Trace results but the destination do not.

  Workaround: Use IP DSCP field instead of Geneve TLV metadata to encode the Traceflow data-plane tag #1466.