VMware Container Networking with Antrea | 17 Sept 2020 | Build 16862191
Check for additions and updates to these release notes.
What's in the Release NotesThe release notes cover the following topics:
Project Antrea OSS Core
VMware Container Networking with Antrea depends on and packages components from the open source Project Antrea. The open source project has a more frequent release cadence and strives to quickly evolve and introduce new features, platforms and deployment scenarios. As some features are maturing, they may be exposed in an alpha or beta readiness state and will not be officially supported in VMware Container Networking with Antrea until sufficient function, scale, and stability testing have been completed.
Therefore, the officially supported feature set and deployment scenarios in VMware Container Networking with Antrea will consist of a subset of the open source Project Antrea features and additional VMware product integrations and commercial capabilities.
See Antrea Docs for additional feature documentation.
VMware Container Networking with Antrea provides many new features to support container network connectivity and network policy enforcement in Kubernetes in both on-premises and public cloud deployment scenarios.
Built into Tanzu
VMware Container Networking with Antrea is built into Tanzu and can be used as the default Kubernetes CNI network plugin in both vSphere 7.0 U1 Tanzu Kubernetes Guest Clusters and Tanzu Kubernetes Grid 1.2 and later deployments.
Container Networking Overlay
VMware Container Networking with Antrea will work in both on-premises and public cloud topologies including vSphere with Tanzu (TKGS), TKGm, managed Kubernetes-as-a-Service such as AWS EKS, Azure AKS, and Google GKE, and other DIY upstream Kubernetes deployments. The following container networking overlay modes are currently supported:
- Geneve encapsulation (TKGS and TKGm)
- Policy-only (AWS EKS and Azure AKS)
- No-encap (Google GKE)
VMware Container Networking with Antrea is a fully compliant Kubernetes Network Policy enforcement engine. The following network policy features are supported:
- Kubernetes Network Policy v1 enforcement
- Native Antrea policy features enabled with feature gates (feature preview):
Diagnostics and Observability
VMware Container Networking with Antrea
- antctl command line interface for querying information from the different Antrea components and generating support bundles that convey all of the Antrea configuration and present state to assist our support team in reproducing and diagnosing issues.
- Traceflow support which enables a user to inject user-defined network traffic between two Kubernetes pods and trace the resultant data path including network policy effects.
- Prometheus surfaces load and data flow metrics to assist operators (feature preview).
- Monitoring CRDs provide operators with current control plane status and health.
- Log Rotation Options
- Octant Plugin provides UI for traceflows, cluster inventory, and monitoring control plane health.
- IP source guard (spoof guard) to prevent pod IP address spoofing.
- Controller API TLS certificate management and rotation.
Service Load Balancing
- Antrea Proxy Antrea Proxy provides a native OvS service load balancer implementation, which translates service VIPs inline using match-action flows.
IP Address Management
- Support for Kubernetes static NodeIPAM, which assigns static CIDR block to each node.
|K8S Distribution||K8S Versions||OS||Cloud||NSXT||Default Overlay|
|Tanzu with Kubernetes (TKGS)||1.16, 1.17, 1.18||PhotonOS 3||vSphere 7.0 U1||3.0||Geneve Encapsulation|
|TKGm 1.2||1.16, 1.17, 1.18||PhotonOS 3
Amazon Linux 2
|vSphere 6.7, 7.0
|AWS EKS||v1.15.11||Amazon Linux 2||AWS||N/A||Policy-Only (chained CNI)|