Skip to content

Latest commit

 

History

History
26 lines (22 loc) · 3.14 KB

v3.28.1-release-notes.md

File metadata and controls

26 lines (22 loc) · 3.14 KB
Raw

30 Jul 2024

Bug fixes

  • Fix 'undefined symbol: xtables_strdup' error when running 'iptables-legacy-save' in the calico-node image. calico #9023 (@coutinhop)
  • Fixed continuous addition/deletion of service routes in eBPF mode. calico #8988 (@sridhartigera)
  • ebpf: fix - let the node handle packet when we are not sure about the destination calico #8925 (@tomastigera)
  • ebpf: If a bond master device is part of the bpfDataIfacePattern regexp, calico attaches to it and not to the slaves calico #8914 (@sridhartigera)
  • ebpf: fixed forwarding, NATing and checksuming of related ICMP traffic (icmp errors) calico #8902 (@tomastigera)
  • Fix errors when running on a kernel that doesn't support the XFRM netlink family. calico #8871 (@fasaxc)

Other changes

  • Add IPReservation and BGPFilter to etcd datastore migration calico #9056 (@caseydavenport)
  • Update k8s to v1.28.12 calico #9040 (@coutinhop)
  • Disable checksum offloading for VXLAN devices calico #9037
  • Update go version to v1.22.5, node-driver-registrar to v2.11.1 calico #9030 (@coutinhop)
  • ebpf: don't drop, but reject unknown midflow tcp packets with rst calico #8970 (@sridhartigera)
  • ebpf: set bpfin/out.cali MTU to the smallest of all host ifaces including overlay. That means if jumbo frames are used, this device also uses them. calico #8954 (@tomastigera)
  • Upgrade bpftool to v7.4 to fix the issue of loading XDP programs in iptables data plane that happens in few distributions. calico #8939 (@mazdakn)
  • ebpf: Forwarding services via vxlan tunnel uses different source ports for different flows to better utilize bonded devices and CPUs on the receiving side. calico #8898 (@tomastigera)
  • ebpf: support for service loop prevention calico #8892 (@sridhartigera)
  • ebpf: cleanup BPF special devices when BPF is turned off calico #8887 (@tomastigera)
  • Improve cni-plugin binary install verification. calico #8844 (@ialidzhikov)
  • ebpf: Update map definition in sockops program to let libbpf v1.0+ load them successfully. calico #8834 (@mazdakn)
  • The calico-node, calico-kube-controllers and calico-typha pods now run with securityContext.seccompProfile.type=RuntimeDefault. calico #6524 (@dimityrmirchev)