check-circle-line exclamation-circle-line close-line

VMware Container Networking with Antrea | 17 Sept 2020 | Build 16862191

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

About VMware Container Networking with Antrea

Project Antrea OSS Core

VMware Container Networking with Antrea depends on and packages components from the open source Project Antrea. The open source project has a more frequent release cadence and strives to quickly evolve and introduce new features, platforms and deployment scenarios. As some features are maturing, they may be exposed in an alpha or beta readiness state and will not be officially supported in VMware Container Networking with Antrea until sufficient function, scale, and stability testing have been completed.

Therefore, the officially supported feature set and deployment scenarios in VMware Container Networking with Antrea will consist of a subset of the open source Project Antrea features and additional VMware product integrations and commercial capabilities.

See Antrea Docs for additional feature documentation.

What's New

VMware Container Networking with Antrea provides many new features to support container network connectivity and network policy enforcement in Kubernetes in both on-premises and public cloud deployment scenarios.

Built into Tanzu

VMware Container Networking with Antrea is built into Tanzu and can be used as the default Kubernetes CNI network plugin in both vSphere 7.0 U1 Tanzu Kubernetes Guest Clusters and Tanzu Kubernetes Grid 1.2 and later deployments.

Container Networking Overlay

VMware Container Networking with Antrea will work in both on-premises and public cloud topologies including vSphere with Tanzu (TKGS), TKGm, managed Kubernetes-as-a-Service such as AWS EKS, Azure AKS, and Google GKE, and other DIY upstream Kubernetes deployments. The following container networking overlay modes are currently supported:

  • Geneve encapsulation (TKGS and TKGm)
  • Policy-only (AWS EKS and Azure AKS)
  • No-encap (Google GKE)

Network Policy

VMware Container Networking with Antrea is a fully compliant Kubernetes Network Policy enforcement engine. The following network policy features are supported:

  • Kubernetes Network Policy v1 enforcement
  • Native Antrea policy features enabled with feature gates (feature preview):
    • Cluster Network Policy – provides cluster scoped network policies across multiple Kubernetes namespaces (not available in TKGS)
    • Tiering – provides policy grouping and precedence mapping (not available in TKGS)

Diagnostics and Observability

VMware Container Networking with Antrea

  • antctl command line interface for querying information from the different Antrea components and generating support bundles that convey all of the Antrea configuration and present state to assist our support team in reproducing and diagnosing issues.
  • Traceflow support which enables a user to inject user-defined network traffic between two Kubernetes pods and trace the resultant data path including network policy effects.
  • Prometheus surfaces load and data flow metrics to assist operators (feature preview).
  • Monitoring CRDs provide operators with current control plane status and health.
  • Log Rotation Options

Integrations

  • Octant Plugin provides UI for traceflows, cluster inventory, and monitoring control plane health.

Security

  • IP source guard (spoof guard) to prevent pod IP address spoofing.
  • Controller API TLS certificate management and rotation.

Service Load Balancing

  • Antrea Proxy Antrea Proxy provides a native OvS service load balancer implementation, which translates service VIPs inline using match-action flows.

IP Address Management

  • Support for Kubernetes static NodeIPAM, which assigns static CIDR block to each node.

Compatibility Requirements

K8S Distribution K8S Versions OS Cloud NSXT Default Overlay
Tanzu with Kubernetes (TKGS) 1.16, 1.17, 1.18 PhotonOS 3 vSphere 7.0 U1 3.0 Geneve Encapsulation
TKGm 1.2 1.16, 1.17, 1.18 PhotonOS 3
Ubuntu 18.04
Amazon Linux 2
vSphere 6.7, 7.0
AWS
3.0.2 Geneve Encapsulation
AWS EKS v1.15.11 Amazon Linux 2 AWS N/A Policy-Only (chained CNI)