Current Series Release Notes

1.1.0-98

New Features

  • Added support for Octavia VIP access control list. This new Octavia API allows users to limit incomming traffic to a set of allowed CIDRs. Kuryr uses this to enforce Network Policies on services, changing the security group associated to the Load Balancer through this new API instead of directly. Thanks to it, Kuryr no longer needs admin priviledges to restrict the access to the loadbalancers VIPs some details.

Upgrade Notes

  • Python 2.7 support has been dropped. Last release of Kuryr-Kubernetes to support py2.7 is OpenStack Train. The minimum version of Python now supported by Kuryr-Kubernetes is Python 3.6.

  • In order to prioritize running kuryr-kubernetes services as pods on the Kubernetes cluster they are supposed to serve, default values of [kubernetes]ssl_ca_crt_file and [kubernetes]token_file are now set to where Kubernetes pods are having those files mounted (/var/run/secrets/kubernetes.io/serviceaccount/ca.crt and /var/run/secrets/kubernetes.io/serviceaccount/token). This means that if you want to run Kuryr services standalone through unauthenticated K8s endpoint you need to set both of them to "" in kuryr.conf.