Release Notes

Version 0.9.3

Documentation for this release

Bugfixes:

  • Fix manifests to use container image version v0.9.3 instead of main. Users of v0.9.2 are encouraged to upgrade, as manifests included in that release use an incorrect container image version. Those two images happen to match now but, as development continues on main branch, they will differ.

  • Update installation procedure to create the namespace first (#557).

This release includes contributions from Henry-Kim-Youngwoo, Oleg Mayko and Rodrigo Campos. Thanks to all of them for making MetalLB better!

Version 0.9.2

Documentation for this release

New features:

  • Dramatically reduce dead node detection time when using Layer 2 mode (#527). This is improvement closes the long standing issue #298 that has been a common pain point for users using Layer 2 mode. This feature is enabled by default. You can disable it by simply changing the speaker Daemonset manifest and remove the METALLB_ML_BIND_ADDR environment variable. Also, you can verify the old method is being used by checking the speaker log on startup to contain: Not starting fast dead node detection (MemberList). If not shown, the new fast node detection method is being used.

  • Allow spaces in address pool IP ranges (#499).

Action required:

  • Layer 2 users by default will use a new algorithm to detect dead nodes (time is significantly reduced). If you want to continue with the old way, see the New features section to see how to opt-out. If you find any problems with the new algorithm, as usual, please open an issue.

Bug fixes:

  • Allow kustomize to change namespace MetalLB runs (#516).
  • Fix layer2 not sending ARP messages when IP changes (#520). Fixes #471.
  • Fix to properly expose address_total Prometheus metric (#518).
  • Add note in installation process about strictARP when using kube-proxy in IPVS mode (#507).
  • Support older devices that might not support RFC4893 (#491).

This release includes contributions from binoue, David Anderson, dulltz, Etienne Champetier, Gary Richards, Jean-Philippe Evrard, Johan Fleury, k2mahajan, Knic Knic, kvaps, Lars Ekman, masa213f, remche, Rickard von Essen, Rui Lopes, Serge Bazanski, Spence. Thanks to all of them for making MetalLB better!

Versions 0.9.0 and 0.9.1

0.9.0 and 0.9.1 were never released, due to a bug that prevented building Docker images. 0.9.2 is the first “real” release of the 0.9.x branch.

Version 0.8.3

Documentation for this release

New features:

  • The manifests directory now has a kustomize file, which allows using kustomize to install and configure MetalLB.

This release includes contributions from Rémi Cailletaud.

Version 0.8.2

Documentation for this release

Action required:

  • The MetalLB Helm chart in the official helm repository is no longer a supported installation method.

Bugfixes:

  • Fix layer2 node selection when healthy and unhealthy replicas are colocated on a single node. (#474)

This release includes contributions from David Anderson and Gary Richards.

Version 0.8.1

Documentation for this release

Bugfixes:

  • Fix the apiGroup for PodSecurityPolicy, for compatibility with Kubernetes 1.16. (#458).
  • Fix speaker posting events with an empty string as the announcing node name. (#456).
  • Fix RBAC permissions on speaker, to allow it to post events to all namespaces. (#455).

This release includes contributions from David Anderson.

Version 0.8.0

Documentation for this release

Action required if updating from 0.7.x:

  • The speaker DaemonSet now specifies a toleration to run on Kubernetes control plane nodes that have the standard, unfortunately named “master” taint. If you don’t want MetalLB to run on control plane nodes, you need to remove that toleration from the manifest.
  • The manifest and Helm chart both now specify a PodSecurityPolicy allowing the speaker DaemonSet to request the elevated privileges it needs. If your cluster enforces pod security policies, you should review the provided policy before deploying it.
  • The speaker defaults to only offering its Prometheus metrics on the node IP as registered in Kubernetes (i.e. the IP you see in kubectl get nodes -owide). To revert to the previous behavior of offering metrics on all interfaces, remove the METALLB_HOST environment variable from the manifest.

New features:

  • The manifest and Helm chart now define a PodSecurityPolicy for the MetalLB speaker, granting it the necessary privileges for it to function. This should make MetalLB work out of the box in clusters with pod security policies enforced.
  • On Windows/Linux hybrid Kubernetes clusters, MetalLB constrains itself to run only on linux nodes (via a nodeSelector).
  • The MetalLB speaker now tolerates running on Kubernetes control plane nodes. This means that services whose pods run only on control plane nodes (e.g. the Kubernetes dashboard, in some setups) are now reachable.
  • MetalLB withdraws BGP announcements entirely for services with no healthy pods. This enables anycast geo-redundancy by advertising the same IP from multiple Kubernetes clusters. (#312)
  • The speaker only exposes its Prometheus metrics port on the node IP registered with Kubernetes, rather than on all interfaces. This should reduce the risk of exposure for clusters where nodes have separate public and private interfaces.
  • The website has updated compatibility grids for both Kubernetes network addons and cloud providers, listing known issues and configuration tips.
  • MetalLB now publishes a Kubernetes event to a service, indicating which nodes are announcing that service. This makes it much easier to determine how traffic is flowing. (#430)
  • The manifest and Helm chart now use the apps/v1 version of Deployment and DaemonSet, rather than the obsolete extensions/v1beta1.

Bugfixes:

  • Fix address allocation in cases where no addresses were available at service creation, but the deletion of another service subsequently makes one available. (#413)
  • Fix allocation not updating when the address pool annotation changes. (#448).
  • Fix periodic crashes due to glog trying to write to disk despite explicit instructions to the contrary. (#427)
  • Fix spec.loadBalancerIP validation on IPv6 clusters. (#301)
  • Fix BGP Router ID selection on v6 BGP sessions.
  • Fix handling of IPv6 addresses in the BGP connection establishment logic.
  • Generate deterministically pseudorandom BGP router IDs in IPv6-only clusters.
  • Fix incorrect ARP/NDP responses on bonded interfaces. (#349)
  • Fix ARP/NDP responses sent on interfaces with the NOARP flag. (#351)
  • Update MetalLB logs on the website to the new structured format. (#275)

This release includes contributions from Alex Lovell-Troy, Antonio Ojea, aojeagarcia, Ashley Dumaine, Brian, Brian Topping, David Anderson, Eduardo Minguez Perez, Elan Hasson, Irit Goihman, Ivan Kurnosov, Jeff Kolb, johnl, Jordan Neufeld, kvaps, Lars Ekman, Matt Sharpe, Maxime Guyot, Miek Gieben, Niklas Voss, Oilbeater, remche, Rodrigo Campos, Sergey Anisimov, Stephan Fudeus, Steven Beverly, stokbaek and till. Thanks to all of them for making MetalLB better!

Version 0.7.3

Documentation for this release

Bugfixes:

  • Fix BGP announcement refcounting when using shared IPs. (#295)

Version 0.7.2

Documentation for this release

Bugfixes:

  • Fix gratuitous ARP and NDP announcements on IP failover. (#291)
  • Fix BGP dialing on Arm64, by using x/sys/unix instead of the syscall package. (#289)

Version 0.7.1

Documentation for this release

Bugfixes:

  • Actually allow layer2 mode to use the Local traffic policy. Oops. (#279)

Version 0.7.0

Documentation for this release

Action required if updating from 0.6.x:

  • MetalLB no longer does leader election. After upgrading to 0.7, you can delete a number of k8s resources associated with that. This is just a cleanup, nothing bad happens if you leave the resources orphaned in your cluster. Depending on your installation method, some of these may have already been cleaned up for you.
    • kubectl delete -nmetallb-system endpoints metallb-speaker
    • kubectl delete -nmetallb-system rolebinding leader-election
    • kubectl delete -nmetallb-system role leader-election

New features:

  • Layer2 mode now supports externalTrafficPolicy=Local, meaning layer2 services can see the true client source IP. (#257)
  • Layer2 mode now selects leader nodes on a per-service level, instead of using a single leader node for all services in the cluster. If you have many services, this change spreads the load of handling incoming traffic across more than one machine. (#195)
  • MetalLB’s maturity has upgraded from alpha to beta! Mostly this just reflects the increased confidence in the code from the larger userbase, and adds some guarantees around graceful upgrades from one version to the next.

Bugfixes:

  • Speaker no longer sends localpref over eBGP sessions (#266)

This release includes contributions from Baul, David Anderson, Ryan Roemmich, Sanjeev Rampal, and Steve Sloka. Thanks to all of them for making MetalLB better!

Version 0.6.2

Documentation for this release

Bugfixes:

  • Fix nil pointer deref crash on BGP peers that reject MetalLB’s OPEN message too promptly (#250)

Version 0.6.1

Documentation for this release

Bugfixes:

  • Speaker no longer goes into a tight CPU-burning loop when pods are deleted on the node. (#246)

Version 0.6.0

Documentation for this release

Action required if upgrading from 0.5.x:

  • As documented in the 0.5.0 release notes, several deprecated fields have been removed from the configuration. If you didn’t update your configurations for 0.5, you may need to make the following changes:
    • Rename the cidr field of address pools to addresses
    • Rename protocol: arp and protocol: ndp to protocol: layer2
    • Replace arp-network statements with a range-based IP allocation

New features:

  • You can now colocate multiple services on a single IP address, using annotations on the Service objects. See the IP sharing documentation for instructions and caveats. (#121)
  • Layer 2 mode now listens on all interfaces for ARP and NDP requests, not just the interface used for communication by Kubernetes components. (#165)
  • MetalLB now uses structured logging instead of Google’s glog package. Logging events are written to standard output as a series of JSON objects suitable for collection by centralized logging systems. (#189)
  • BGP connections can now specify a password for TCP MD5 secured BGP sessions. (#215)
  • MetalLB is now available as a Helm package in the “stable” Helm repository. Note that, due to code review delay, it may take several days after a release before the Helm package is updated. (#177)

Bugfixes:

  • Correctly use AS_SEQUENCE in eBGP session messages, rather than AS_SET (#225)

This release includes contributions from David Anderson, ghorofamike, Serguei Bezverkhi, and Zsombor Welker. Thanks to all of them for making MetalLB better!

Version 0.5.0

Documentation for this release

Action required if upgrading from 0.4.x:

  • The cidr field of address pools in the configuration file has been renamed to addresses. MetalLB 0.5 understands both cidr and addresses, but in 0.6 it will only understand addresses, so please update now.
  • The arp and ndp protocols have been replaced by a unified layer2 protocol. MetalLB 0.5 understands both the old and new names, but 0.6 will only understand layer2, so please update now.
  • Remove any arp-network entries from your configuration. If your address pool overlaps with the ethernet network or broadcast addresses for your LAN, use IP range notation (see new features) to exclude them from your address pool.
  • The router IDs used on BGP sessions may change in this version, in clusters where nodes have multiple IP addresses. If your BGP infrastructure monitors or enforces specific router IDs for peers, you may need to update those systems to match new router IDs.
  • The Prometheus metrics for ARP and NDP traffic have been merged. Instead of arp_* and ndp_* metrics, there is now single set of layer2_* metrics, in which the ip label can be IPv4 or IPv6.

New features:

  • ARP and NDP modes have been replaced by a single “layer 2” mode, indicated by protocol: layer2 in the configuration file. Layer 2 mode uses ARP and NDP under the hood, but having a single protocol name makes it easier to build protocol-agnostic configuration templates.
  • You can give addresses to MetalLB using a simple IP range notation, in addition to CIDR prefixes. For example, 192.168.0.0-192.168.0.255 is equivalent to 192.168.0.0/24. This makes it much easier to allocate IP ranges that don’t fall cleanly on CIDR prefix boundaries.
  • BGP mode supports nodes with multiple interfaces and IP addresses (#182). Previously, MetalLB could only establish working BGP sessions on the node’s “primary” interface, i.e. the one that owned the IP that Kubernetes uses to identify the node. Now, peerings may be established via any interface on the nodes, and traffic will flow in the expected manner.

Bugfixes:

Version 0.4.6

Documentation for this release

Bugfixes:

Version 0.4.5

Documentation for this release

Bugfixes:

Version 0.4.4

Documentation for this release

This was a broken attempt to fix the same bugs as 0.4.5. You should not use this version.

Version 0.4.3

Documentation for this release

Changes:

  • Make the configmap’s namespace and name configurable via flags, for Helm upstreaming.

Version 0.4.2

Documentation for this release

Bugfixes:

Version 0.4.1

Documentation for this release

Bugfixes:

Version 0.4.0

Documentation for this release

Action required if upgrading from 0.3.x:

  • MetalLB’s use of Kubernetes labels has changed slightly to conform to Kubernetes best practices. If you were using a label match on app: controller or app: speaker Kubernetes labels to find MetalLB objects, you should now match on a combination of app: metallb, component: controller or component: speaker, depending on what objects you want to select.
  • RBAC rules have changed, and now allow the MetalLB speaker to list and watch Node objects. If you are not installing MetalLB via the provided manifest, you will need to make this change by hand.
  • If you want to switch to using Helm to manage your MetalLB installation, you must first uninstall the manifest-based version, with kubectl delete -f metallb.yaml.

New features:

  • Initial IPv6 support! The ndp protocol allows v6 Kubernetes clusters to advertise their services using the Neighbor Discovery Protocol, IPv6’s analog to ARP. If you have an IPv6 Kubernetes cluster, please try it out and file bugs!
  • BGP peers now have a node selector. You can use this to integrate MetalLB into more complex cluster network topologies.
  • MetalLB now has a Helm chart. If you use Helm on your cluster, this should make it easier to track and manage your MetalLB installation. The chart will be submitted for inclusion in the main Helm stable repository shortly after the release is finalized. Use of Helm is optional, installing the manifest directly is still fully supported.

Other improvements:

  • MetalLB now backs off on failing BGP connections, to avoid flooding logs with failures
  • ARP mode should be a little more interoperable with clients, and failover should be a little faster, thanks to tweaks to its advertisement logic.
  • ARP and NDP modes export Prometheus metrics for requests received, responses sent, and failover-related transmissions. This brings them up to “monitoring parity” with BGP mode.
  • Binary internals were refactored to share more common code. This should reduce the amount of visual noise in the logs.

This release includes contributions from Oga Ajima, David Anderson, Matt Layher, John Marcou, Paweł Prażak, and Hugo Slabbert. Thanks to all of them for making MetalLB better!

Version 0.3.1

Documentation for this release

Fixes a couple of embarrassing bugs that sneaked into 0.3.

Bugfixes:

  • Revert to using apps/v1beta2 instead of apps/v1 for MetalLB’s Deployment and Daemonset, to remain compatible with Kubernetes 1.8.
  • Create the metallb-system namespace when installing test-bgp-router.
  • Disable BIRD in test-bgp-router. Bird got updated to 2.0, and the integration with test-bgp-router needs some reworking.

Version 0.3.0

Documentation for this release

Action required if upgrading from 0.2.x:

  • The bgp-speaker DaemonSet has been renamed to just speaker. Before applying the manifest for 0.3.0, delete the old daemonset with kubectl delete -n metallb-system ds/bgp-speaker. This will take down your load-balancers until you deploy the new DaemonSet.
  • The configuration file format has changed in a few backwards-incompatible ways. You need to update your ConfigMap by hand:
    • Each address-pool must now have a protocol field, to select between ARP and BGP mode. For your existing configurations, add protocol: bgp to each address pool definition.
    • The advertisements field of address-pool has been renamed to bgp-advertisements, and is now optional. If you don’t need any special advertisement settings, you can remove the section entirely, and MetalLB will use a reasonable default.
    • The communities section has been renamed to bgp-communities.

New features:

  • MetalLB now supports ARP advertisement, enabled by setting protocol: arp on an address pool. ARP mode does not require any special network equipment, and minimal configuration. You can follow the ARP mode tutorial to get started. There is also a page about ARP mode’s behavior and tradeoffs, and documentation on configuring ARP mode.
  • The container images are now multi-architecture images. MetalLB now supports running on all supported Kubernetes architectures: amd64, arm, arm64, ppc64le, and s390x.
  • You can now disable automatic address allocation on address pools, if you want to have manual control over the use of some addresses.
  • MetalLB pods now come with Prometheus scrape annotations. If you’ve configured your Prometheus-on-Kubernetes to automatically discover monitorable pods, MetalLB will be discovered and scraped automatically. For more advanced monitoring needs, the Prometheus Operator supports more flexible monitoring configurations in a Kubernetes-native way.
  • We’ve documented how to Integrate with the Romana networking system, so that you can use MetalLB alongside Romana’s BGP route publishing.
  • The website got a makeover, to accommodate the growing amount of documentation in a discoverable way.

This release includes contributions from David Anderson, Charles Eckman, Miek Gieben, Matt Layher, Xavier Naveira, Marcus Söderberg, Kouhei Ueno. Thanks to all of them for making MetalLB better!

Version 0.2.1

Documentation for this release

Notable fixes:

  • MetalLB unable to start because Kubernetes cannot verify that “nobody” is a non-root user (#85)

Version 0.2.0

Documentation for this release

Major themes for this version are: improved BGP interoperability, vastly increased test coverage, and improved documentation structure and accessibility.

Notable features:

  • This website! It replaces a loose set of markdown files, and hopefully makes MetalLB more accessible.
  • The BGP speaker now speaks Multiprotocol BGP (RFC 4760). While we still only support IPv4 service addresses, speaking Multiprotocol BGP is a requirement to successfully interoperate with several popular BGP stacks. In particular, this makes MetalLB compatible with Quagga and Ubiquiti’s EdgeRouter and Unifi product lines.
  • The development workflow with Minikube now works with Docker for Mac, allowing mac users to hack on MetalLB. See the hacking documentation for the required additional setup.

Notable fixes:

  • Handle multiple BGP peers properly. Previously, bgp-speaker mistakenly made all its connections to the last defined peer, ignoring the others.
  • Fix a startup race condition where MetalLB might never allocate an IP for some services.
  • Test coverage is above 90% for almost all packages, up from ~0% previously.
  • Fix yaml indentation in the MetalLB manifests.

Version 0.1.0

Documentation for this release

This was the first tagged version of MetalLB. Its changelog is effectively “MetalLB now exists, where previously it did not.”