Weave 1.9.6

Bug fixes and minor improvements

• Ensure that Kubernetes pods can contact a service implemented within the same pod, by turning on "hairpin mode". This is required because of a quiet change between Kubernetes 1.5 and 1.6. #2993
• Network Policy Controller (weave-npc) now checks local addresses only, so it doesn't interfere with cross-cluster traffic. It should be more efficient too #2622,#2973,#2979
• Stop reporting back to Kubernetes any issues encountered when deleting a pod's network interface. This is required because of a quiet change between Kubernetes 1.5 and 1.6. #2921,#2928
• Fixed an issue whereby weave-npc couldn't start because one ipset was referring to another one and could not be destroyed #2915,#2949
• Improved the code which checks whether the kernel supports ipset #2934,#2935
• weave-npc now creates ipsets with only valid xml characters in the name #2958,#2959

Build and Testing

• In build container use cross-compilers from debian package repository, so they match other components #2940
• Pin the version of the linting tool shfmt so the set of things it checks is stable #2987
• Fix lint error in script that runs smoke-tests #2962
• Moved website publishing from Wordpress to Netlify #2986

Full list of changes.

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.6 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes to version 1.6

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://git.io/weave-kube-1.6

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

External Contributors

Thanks to the following who contributed changes during this release:
@deitch
@mikebryant
@stuart-warren

Weave 1.9.5

Bug fixes and minor improvements

• Improve log messages generated if "hairpin" conditions are detected, to make clear which kind is likely to cause problems #2808/#2926
• Filter out IPv6 peer addresses from Kubernetes; Weave Net currently only supports IPv4 #2904/#2912
• Fix rare crash during initialization of weave-kube #2893/#2892
• Include overlay and encryption modes in checkpoint reports, in case this is relevant to a version upgrade #2771/#2907

Build and Testing

• Ensure CI build can run gcloud tools #2887
• Prevent kubeadm from upgrading Kubernetes if we are trying to test an older version #2886
• Upgrade build scripts to support Kubernetes 1.6 #2880

Full list of changes.

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.5 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes to version 1.6

Note a bug in Kubernetes 1.6.0 and 1.6.1 (#44041) means that Weave Net will not pick up existing pod IP addresses on a restart. We recommend you upgrade to Kubernetes 1.6.2, but if you are unable to do so then please reboot instead of individually deleting the Weave Net pods.

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://git.io/weave-kube-1.6

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

External Contributors

Thanks to the following who contributed changes during this release:
keontang
mikebryant
nhlfr
roberth
tobowers

Weave Net 1.9.4

Bug fixes and minor improvements

• Support Kubernetes 1.6 - a new DaemonSet is required (see below for upgrading) #2777,#2801
• Support Kubernetes 1.6 by allowing CNI callers to send a network-delete request for a container that is not running or has never been attached to the network #2850
• Leave non-weave ipsets alone in Network Policy Controller (e.g. when running Weave Net alonside keepalived-vip) #2751,#2846
• Fix various small issues revealed by 'staticcheck' tool #2843,#2857
• Avoid leaving 'defunct' processes when weave-kube container restarts #2836,#2845
• When using the CNI plugin with a non-standard network configuration file, the weave bridge could get the same IP as a container, if 'weave expose' hadn't run at that point #2839,#2856

Build and Testing

• Check that no defunct processes remain after each test #2852
• Update build and test scripts to work with Kubernetes 1.6 beta #2851

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.4 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes to version 1.6

Note a bug in Kubernetes 1.6 (#44041) means that Weave Net will not pick up existing pod IP addresses on a restart. Until this is fixed we recommend you reboot instead of individually deleting the Weave Net pod.

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://git.io/weave-kube-1.6

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

External Contributors

Thanks to the following who contributed changes during this release:
stephan2012

Weave Net 1.9.3

Bug fixes and minor improvements

• Fixed a race condition in Fast Datapath encrypted connections which could lead Weave Net to crash #2824, #2825

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.3 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

Weave 1.9.2

Bug fixes and minor improvements

• Fix a weave-kube bug when br_netfilter or xt_set module is compiled into kernel #2820/#2821
• Detect the absence of the required xt_set kernel module #2821

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.2 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

Weave 1.9.1

Bug fixes and minor improvements

• Fix a race condition when the Weave Net container is restarted
  which could allow a new container to be allocated the same IP
  address as an existing one #2784,#2787
• Handle the message type received when a pod has been deleted during
  Kubernetes api-server fail-over #2772,#2773
• Make weave-kube work with dockerd --iptables=false #2726
• Ensure we have the right kernel modules loaded for Network Policy in weave-kube #2819
• Reference-count addresses in Network Policy Controller, to avoid
  errors when updates come in an unexpected order #2792,#2795
• Allow the soft connection limit to be raised in weave-kube, so
  larger clusters can be created #2781
• WeaveDNS was incorrectly case-sensitive for reverse DNS lookups #2817,#2818

Build and Testing

• Scripts to create VMs to run automated tests were rewritten to use
  Terraform and Ansible, to make it much easier to test with different
  versions of components such as Docker and Kubernetes #2647,#2694,#2775,#2796
• Upgrade to latest Weaveworks common build-tools #2780
• Improve encryption tests #2793
• Update vishvananda/netlink library to bring in changes we had previously forked #2790
• Slight change to the build container to avoid permission errors and slow builds #2761,#2802

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

If your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.1 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

NOTE: The mount points for host directories moved in version 1.9.0, and were extended in 1.9.1. If you are running a modified version of the DaemonSet specification, please update it to match the new release.

Weave Net Release 1.9.0

New Features

Fast Datapath Encryption

• Encryption is now available for Fast Datapath connections, which
  greatly improves the performance. Previously turning on encryption
  would make the connection use the slower 'Sleeve' transport. #1644,#2687

Multi-architecture

• We now build images for Intel/AMD 64-bit, ARM and ARM 64-bit. #2713

NOTE: The move to multi-architecture required that we update the embedded Docker client, and this has the effect that this release of Weave Net will not work with Docker installations older than 1.10. We apologise for any inconvenience.

Other new features

• Weave Net Docker images are now labelled with description, vendor,
  etc., according to the Label Schema Convention;
  we have removed the deprecated MAINTAINER field in Dockerfiles #2712
• weave status connections now shows the MTU, the largest packet
  size allowed on the network, which can be useful when
  troubleshooting #2389,#2663
• CNI plugin is now a stand-alone binary that does not depend on Docker #2594,#2662
• Embedded docker client updated to version 1.10.3 #2395

Installation and Upgrading

Follow the installation instructions to install this latest release of weave.

If your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.0 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

NOTE: The mount points for host directories have moved. If you are running a modified version of the DaemonSet specification, please update it to match the new release.

Bug fixes

• Ensure peer-name is unique on some cloud providers such as Online.net, Scaleway #2427,#2711,#2743
• Allow network traffic from the weave network to other networks, when enabled via weave expose or weave-kube. Docker versions prior to 1.13 will set a policy that allows this, but as of 1.13 we have to. #2758,#2762
• Allow multicast traffic when the Network Policy Controller weave-npc is in use #2689,#2747
• Stop a gossip loop forming when dns and no-dns peers are connected together #2738,#2740
• Improve log messages from the Network Policy Controller weave-npc #2633,#2666,#2692,#2695
• Weave daemon would get unexpected peerName if run outside of the 'weave' script #2480,#2685
• Fix a rare race condition where the daemon could crash if two instances tried to create the 'datapath' device at the same time #2638,#2706
• Fix typo in weave-npc updating network policy (currently it is impossible to hit this bug, because Kubernetes prohibits such updates) #2716

Minor improvements

• Weave Net is now built with Go version 1.7.4, which improves performance #2529,2522
• Fix weave-npc failing to start if a previous instance was in zombie state #2653,#2728
• Don't fail if bridge netfilter setting is already on but read-only #2581,#2659
• Don't fail if docker bridge happens to have more than one IP address #2580,#2686
• Mount /etc under a different path for weave-kube, to avoid accidents #2708
• Exec weave daemon from weave-kube launch, to remove an idle waiting shell process #2684,#2688
• Cleaned up duplicated CNI plugin code #2593,#2678

Documentation changes

• Warn not to delete all Weave Net pods in Kubernetes #2722
• Fix instructions to view NetworkPolicy logs in Kubernetes #2697
• Minor fixes to links, wording, etc #2703

Build and test

• Pin alpine container version to 3.4, because newer version breaks weave-npc #2732,#2735,#2759
• Parallelise CI tasks, to speed up builds. #2704, #2699
• Many other build and test improvements #2696,#2698,#2707,#2720,#2724,#2725,#2742,#2749,#2752,#2753,#2757

Weave Cloud provides monitoring and visualisation of Weave Net application and containers.
Sign-up for a free trial at https://cloud.weave.works

Weave 1.8.2

Bug fixes and minor improvements

• Fixed a bug where looping flows were installed which caused high CPU usage #2650, #2674
• Fixed a bug where Kubernetes master could not contact pods #2673, #2683
• Fixed a bug where weave-kube was crashing in a loop due to invalid Weave bridge state #2657
• Fixed a bug where iptables NAT rules were not appended due to "temporary unavailable" iptables error #2679
• Added a detection of enabling the hairpin mode on the Weave bridge port which caused installation of looping flows #2674
• Added a detection of overlaps between Weave and the host IP address ranges when launching weave-kube #2669, #2672
• Added logging of connections blocked by weave-npc #2546, #2573

Testing

• Limited network access to CI VMs #2667, #2670
• Fixed the race in one of the test cases #2661

Documentation

• Improved weave-kube documentation, documented its environment variables #2668, #2671, #2675
• Documented logging of connections blocked by weave-npc #2546, #2573

Upgrading weave-kube

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

Weave 1.8.1

Bug fixes and minor improvements

• Fixed weave-npc crash from Succeeded/Failed pods #2632,#2658
• Fixed occasional failure to create Weave bridge on node reboot #2617,#2637
• Fixed a bug where weave-kube would fail to install when run with unreleased snapshot builds #2642
• Improved conformance to CNI spec by not releasing IP addresses when a container dies #2643
• Improved troubleshooting of install failure by creating CNI config after Weave Net is up #2570
• "up to date" shown even when the version check was blocked by firewall #2537,#2565,#2645
• "Unable to claim" message on re-launching Weave after using CNI #2548,#2577
• Eliminated spurious IP reclaim operations when IPAM was disabled #2567,#2644
• Include jq tool in our build VM configuration #2656

Upgrading weave-kube

Kubernetes does not currently support rolling upgrades of daemon sets, so you will need to perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

Weave 1.8.0

Features

• Exposed network policy controller Prometheus metrics weaveworks-experiments/weave-npc#23, #2595, #2549
• Exposed router Prometheus metrics #2535, #2547, #2523, #2579, #2578, #2568, #2560, #2561

Documentation

• Documented Kubernetes, Prometheus & Weave Cloud integration weaveworks-experiments/weave-npc#17, weaveworks-experiments/weave-kube#30, weaveworks-experiments/weave-kube#43, #2588

Bug fixes

• Fixed a bug where CNI plugin binaries were not upgraded #2586, #2590, #2598
• Fixed a bug where weave reset did not clean up policy controller DROP rule #2591
• Fixed a bug where failed connections remained in status output #2472, #2555

Internal

• Merged weave-npc into weave repo weaveworks-experiments/weave-npc#16, weaveworks-experiments/weave-npc#24, weaveworks-experiments/weave-npc#28, #2585
• Merged weave-kube into weave repo weaveworks-experiments/weave-kube#28, weaveworks-experiments/weave-kube#46, #2551
• Added basic weave-kube integration tests weaveworks-experiments/weave-kube#29, #2569
• Improved safety of netns manipulation #2419, #2475, #2587, #2589
• Updated CI VMs to Ubuntu 16.04 and Docker 1.11 #2563
• Fixed a build bug where DOCKERHUB_USER was not honoured #2552, #2564
• Vendored tools dependencies & improved Vagrantfiles #2562