VMware Container Networking with Antrea | 17 Sept 2020 | Build 16862191
Check for additions and updates to these release notes.
VMware Container Networking with Antrea provides many new features to support container network connectivity and network policy enforcement in Kubernetes in both on-premises and public cloud deployment scenarios.
Built into Tanzu
VMware Container Networking with Antrea is built into Tanzu and can be used as the default Kubernetes CNI network plugin in both vSphere 7.0 U1 Tanzu Kubernetes Guest Clusters and Tanzu Kubernetes Grid 1.2 and later deployments.
Container Networking Overlay
VMware Container Networking with Antrea will work in both on-premises and public cloud topologies including vSphere with Tanzu, Tanzu Kubernetes Grid, managed Kubernetes-as-a-Service such as AWS EKS, Azure AKS, and Google GKE, and other DIY upstream Kubernetes deployments. The following container networking overlay modes are currently supported:
- Geneve encapsulation (TKGS and Tanzu Kubernetes Grid)
- Policy-only (AWS EKS and Azure AKS)
- No-encap (Google GKE)
VMware Container Networking with Antrea is a fully compliant Kubernetes Network Policy enforcement engine. The following network policy features are supported:
- Kubernetes Network Policy v1 enforcement
- Native Antrea policy features enabled with feature gates (feature preview):
Diagnostics and Observability
VMware Container Networking with Antrea
- antctl command line interface for querying information from the different Antrea components and generating support bundles that convey all of the Antrea configuration and present state to assist our support team in reproducing and diagnosing issues.
- Traceflow support which enables a user to inject user-defined network traffic between two Kubernetes pods and trace the resultant data path including network policy effects.
- Prometheus surfaces load and data flow metrics to assist operators (feature preview).
- Monitoring CRDs provide operators with current control plane status and health.
- Log Rotation Options
- Octant Plugin provides UI for traceflows, cluster inventory, and monitoring control plane health.
- IP source guard (spoof guard) to prevent pod IP address spoofing.
- Controller API TLS certificate management and rotation.
Service Load Balancing
- Antrea Proxy Antrea Proxy provides a native OvS service load balancer implementation, which translates service VIPs inline using match-action flows.
IP Address Management
- Support for Kubernetes static NodeIPAM, which assigns static CIDR block to each node.
|K8S Distribution||K8S Versions||OS||Cloud||NSXT||Default Overlay|
|vSphere with Tanzu Guest Clusters
(Tanzu Kubernetes Grid Service)
|1.16, 1.17, 1.18||PhotonOS 3||vSphere 7.0 U1||3.0||Geneve Encapsulation|
|Tanzu Kubernetes Grid 1.2||1.16, 1.17, 1.18||PhotonOS 3
Amazon Linux 2
|vSphere 6.7, 7.0
|AWS EKS||v1.15.11||Amazon Linux 2||AWS||N/A||Policy-Only (chained CNI)|