From 3a016d2dcbf68216c17871ab31dc5a738e17e640 Mon Sep 17 00:00:00 2001 From: emanic Date: Fri, 10 Nov 2017 16:35:24 -0800 Subject: [PATCH] v3.0.0 beta release notes --- _data/versions.yml | 96 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/_data/versions.yml b/_data/versions.yml index aa4f288ed94..54d466afc52 100644 --- a/_data/versions.yml +++ b/_data/versions.yml @@ -1346,6 +1346,102 @@ v2.1: version: 1.4.1 url: http://git.openstack.org/cgit/openstack/networking-calico/commit/?h=1.4.1 +v3.0: +- title: v3.0.0-beta1 + note: | + 17 November 2017 + + This is a pre-release of v3.0.0. This release is intended for testing purposes only and is NOT to be used on production systems. + + #### What's new + + - Support for the [etcd version 3 datastore](https://coreos.com/blog/etcd3-a-new-etcd.html). + + - Two new `calicoctl` resources: [BGP Configuration](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/bgpconfig) and [Felix Configuration](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/felixconfig). + + - Those using the Kubernetes API datastore can now use `calicoctl` to create, read, update, and delete {{site.prodname}} policies. + + - The `calicoctl` policy resource has been split into new [network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/networkpolicy) and [global network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/globalnetworkpolicy) resources. + + - [Network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/networkpolicy) resources can include a `namespace` value, allowing you to create policies that only apply to [workload endpoint resources](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/workloadendpoint) in the same namespace. + + - You can now create `namespaceSelector` expressions in [network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/networkpolicy) and [global network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/globalnetworkpolicy) resources to apply a policy to an entire namespace. + + - The `get`, `apply`, `create`, `delete`, and `replace` commands of `calicoctl` now include an optional `--namespace=` flag. Refer to the `calicoctl` [Command reference](https://docs.projectcalico.org/v3.0/reference/calicoctl/commands/) section for more details. + + - The `get` command of `calicoctl` now includes optional `--all-namespaces` and `--export` flags. Refer to the [calicoctl get](https://docs.projectcalico.org/v3.0/reference/calicoctl/commands/get) section for more information. + + - `calicoctl` no longer accepts the following flags in `get` commands: `--node=`, `--orchestrator=`, `--workload=`, and `--scope=`. These options are now a part of the individual resources. + + - `calicoctl` no longer includes a `config` command. To achieve the equivalent functionality, refer to [Modifying low-level component configurations](https://docs.projectcalico.org/v3.0/reference/calicoctl/commands/#modifying-low-level-component-configurations). + + - You can now name [host](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/hostendpoint#endpointport) and [workload](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/workloadendpoint#endpointport) endpoint ports and reference them by name in your [policy rules](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/networkpolicy#ports). + + - The new `ApplyOnForward` flag allows you to specify if a host endpoint policy should apply to forwarded traffic or not. Forwarded traffic includes traffic forwarded between host endpoints and traffic forwarded between a host endpoint and a workload endpoint on the same host. Refer to [Using {{site.prodname}} to secure host interfaces](https://docs.projectcalico.org/v3.0/getting-started/bare-metal/bare-metal) for more details. + + - {{site.prodname}} now works with Kubernetes network services proxy with IPVS/LVS. {{site.prodname}} enforces network policies with kube-proxy running in IPVS mode for Kubernetes clusters. Currently only workload ingress policy is supported. + + - After a period of deprecation, this release removes support for the `ETCD_AUTHORITY` and `ETCD_SCHEME` environment variables. {{site.prodname}} no longer reads these values. If you have not transitioned to `ETCD_ENDPOINTS`, you must do so as of v3.0. Refer to [Configuring `calicoctl` - etcdv3 datastore](https://docs.projectcalico.org/v3.0/reference/calicoctl/setup/etcdv3) for more information. + + - A new node controller for Kubernetes deployments clears data associated with deleted nodes from the {{site.prodname}} datastore, preventing conflicts that can lead to crash loops. Refer to [Configuring the Calico Kubernetes controllers](https://docs.projectcalico.org/v3.0/reference/kube-controllers/configuration) for more information. + + - `calicoctl` now allows a `0` value for ICMP entries in policy resources, enabling `ping` responses. In addition, it now rejects `255` values in the `type` field due to lack of kernel support. Refer to the reference documentation of the [network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/networkpolicy#icmp) and [global network policy](https://docs.projectcalico.org/v3.0/reference/calicoctl/resources/globalnetworkpolicy#icmp) resources for more information. + + + #### Limitations + + - **No upgrades**: this version of {{site.prodname}} ends support for etcd version 2. Existing customers must migrate their data to etcd version 3. The alpha and beta releases do not provide migration capabilities, nor do they support upgrades. We plan to add migration and upgrade support in the GA release. + + - **Integrates only with Kubernetes, OpenShift, and host endpoints**: the OpenStack, Mesos, DC/OS, rkt, and Docker orchestrators have not been tested and are not supported. ({{site.prodname}} still supports Docker and rkt containers.) We plan to resume support for the OpenStack, Mesos, DC/OS, and Docker orchestrators in a future release. + + - **BGP route reflector not supported**: large deployments that require the [BGP route reflector](https://docs.projectcalico.org/v3.0/usage/routereflector/bird-rr-config) are not supported. We plan to resume support for the BGP route reflector in a future release. + + - **GoBGP not supported**: Setting the `CALICO_NETWORKING_BACKEND` environment variable to `gobgp` is not supported. See [Configuring calico/node](https://docs.projectcalico.org/v3.0/reference/node/configuration) for more information. We plan to resume support for GoBPG in a future release. + + + + + components: + felix: + version: 3.0.0-beta1 + url: https://github.com/projectcalico/felix/releases/tag/3.0.0-beta1 + typha: + version: v0.6.0-beta1 + url: https://github.com/projectcalico/typha/releases/tag/v0.6.0-beta1 + calicoctl: + version: v2.0.0-beta1 + url: https://github.com/projectcalico/calicoctl/releases/tag/v2.0.0-beta1 + download_url: https://github.com/projectcalico/calicoctl/releases/download/v2.0.0-beta1/calicoctl + calico/node: + version: v3.0.0-beta1 + url: https://github.com/projectcalico/calico/releases/tag/v3.0.0-beta1 + calico/cni: + version: v2.0.0-beta1 + url: https://github.com/projectcalico/cni-plugin/releases/tag/v2.0.0-beta1 + download_calico_url: https://github.com/projectcalico/cni-plugin/releases/download/v2.0.0-beta1/calico + download_calico_ipam_url: https://github.com/projectcalico/cni-plugin/releases/download/v2.0.0-beta1/calico-ipam + calico/kube-controllers: + version: v2.0.0-beta1 + url: https://github.com/projectcalico/k8s-policy/releases/tag/v2.0.0-beta1 + confd: + version: v1.0.0-beta1 + url: https://github.com/projectcalico/confd/releases/tag/v1.0.0-beta1 + calico-bird: + version: v0.3.1 + url: https://github.com/projectcalico/calico-bird/releases/tag/v0.3.1 + calico-bgp-daemon: + version: v0.2.1 + url: https://github.com/projectcalico/calico-bgp-daemon/releases/tag/v0.2.1 + libnetwork-plugin: + version: v1.1.0 + url: https://github.com/projectcalico/libnetwork-plugin/releases/tag/v1.1.0 + networking-calico: + version: 1.4.3 + url: http://git.openstack.org/cgit/openstack/networking-calico/commit/?h=1.4.3 + calico/routereflector: + version: v0.4.0 + url: "" + v3.0: - title: v3.0.0-alpha1 note: |