New Features:
Bug Fixes:
This release includes contributions from Attila Fabian, cyclinder, David Young, Federico Paolinelli, Felix Yan, giuliano, Johanan Liebermann, liornoy, Łukasz Żułnowski, Mitch Ross, mlguerrero12, Periyasamy Palanisamy, tgfree, Tyler Auerbeck, xin.li, yanggang, Yuval Kashtan. Thank you!
New Features:
Bug Fixes:
This release includes contributions from Attila Fabian, Tyler Auerbeck, Federico Paolinelli. Thank you!
New Features:
Bug Fixes:
This release includes contributions from Attila Fabian, chinthiti, Christoph Mewes, cyclinder, danieled-it, David Jeffers, dependabot[bot], Federico Paolinelli, karampok, liornoy, Periyasamy Palanisamy, Peter Pan, witjem, xin.li, Xuebinqi, zhoujiao. Thank you!
New Features:
Bug Fixes:
This release includes contributions from Federico Paolinelli, Jan Jansen, Magesh Dhasayyan. Thank you!
New Features:
Bug Fixes:
This release includes contributions from cyclinder, Federico Paolinelli, Periyasamy Palanisamy. Thank you!
Bug Fixes:
Failed to watch *v1beta1.Community
log error. (PR 1487)This release includes contributions from Federico Paolinelli, Joshua Carnes, Lalit Maganti, Philipp Born. Thank you!
New Features:
CRD support! A long awaited feature, MetalLB is now configurable via CRs. On top of that, validating webhooks will ensure the validity of the configuration upfront, without needing to check the logs. (PR #1237, PR #1245) Please note that the ConfigMap configuration is not supported anymore. Check the “Changes in behaviour” section for more details.
It’s now possible to choose to advertise addresses in L2 mode, BGP mode, both or just allocate the IP without advertising it.
Announcement node selector. It’s possible to choose which nodes to advertise from the IPs coming from a given pool (PR #1302)
BGPPeer selector. For any IP allocated from a given IPAddressPool, it is possible to choose the subset of BGPPeers we want to advertise that IP to (PR #1171).
Kustomize configuration overlays. We now provide various overlays that implement different configuration degrees (as opposed to having) one single manifest. (PR #1254)
It’s now possible to store BGP passwords as secrets (as an alternative to plain text passwords). (PR #1264).
LoadBalancerClass support: it’s possible to have MetalLB listen only to services with the provided load balancer class to comply with kubernetes loadbalancer class. (PR 1417).
Helm Charts: optional annotations for PodMonitors and PrometheusRules (PR 1407)
Multiprotocol BGP support: it’s possible to expose ipv4 addresses via a router connected via ipv6 and viceversa. It was already possible with FRR mode in the v0.12.x version, but now the feature is covered by tests too (PR 1444).
Changes in behavior:
the biggest change is the introduction of CRDs and removing support for the configuration via ConfigMap. In order to ease the transition to the new configuration, we provide a conversion tool from ConfigMap to resources (see the “Backward compatibility” section from the main page).
the internal architecture was radically changed in order to accommodate CRDs, so please do not hesitate to file an issue.
The AvoidBuggyIPs
flag was removed in order to reduce the api surface a bit. The same result can be achieved using ranges of IPs instead of
the CIDR annotation.
The metallb images from dockerhub are deprecated. From this release, only the images on quay.io will be supported and updated. The official images can be found under the quay.io metallb organization.
Bug Fixes:
When sharing IPs, fail instead of silently assign a new IP when a service is changed and becomes incompatible because of the sharing key (PR #1230)
Restore compatibility with versions prior to 1.19 (PR #1238)
Set BGP origin code in igp (Native mode) (PR #1242)
Remove the endpoint slices deprecation log (PR #1020)
L2: skip interfaces that do have an assigned IP (PR #1347)
Logging: Avoid printing microseconds, fix the calling site for each log (PR #1351)
IPV6 / FRR: fix single hop ebgp next hop tracking (PR #1367)
Restore FRR to be pulled from dockerhub to support ARM (PR #1258)
A race condition happening when the speaker container was slower than the frr one was fixed (PR 1463)
This release includes contributions from Andrea Panattoni, Carlos Goncalves, Federico Paolinelli, jay vyas, Joshua Carnes, liornoy, Mani Kanth, manu, Mateusz Gozdek, Mathieu Parent, Matt Layher, mkeppel@solvinity.com, Mohamed Mahmoud, Ori Braunshtein, Periyasamy Palanisamy, Rodrigo Campos, Sabina Aledort, Scott Laird, Stefan Coetzee, Tyler Auerbeck, zhoujiao. Thank you!
Bug Fixes:
New Features:
Experimental FRR mode is now available. In this mode, the BGP stack is handled by a FRR container in place of the native BGP implementation. This offers additional capabilities such as IPv6 BGP announcement and BFD support. See the installation section on how to enable it. (PR #832, PR #935, PR #958, PR #1014 and others)
Dual stack services are now supported. L2 works out of the box, BGP requires the FRR mode because of missing IPv6 support in the native implementation. (PR #1065)
In FRR mode, it is possible to have a BGP session paired with a BFD session for quicker path failure detection. (PR #927) (PR #967)
A new manifest (manifests/metallb-frr.yaml
) is available to deploy metallb in FRR mode
(PR #1014)
(helm chart) Add support for deploying MetalLB in FRR mode. (PR #1073)
(helm chart) Allow specification of priorityClassName for speaker and controller. (PR #1099)
Changes in behavior:
The new FRR mode comes with limitations, compared to the native implementation. The most notable are:
When switching to FRR mode, the FRR image will required to be downloaded, which may require a longer rollout time than usual. Also, please note that the migration path from native BGP to FRR was not explicitly tested.
Bug Fixes:
If a configmap is marked as stale because removing an pool used by a service, metallb tries to reprocess it periodically until the service is deleted or changed. (PR #1028, PR #1166)
Controller panic when updating the address pool of a service and specifying spec.loadBalancerIP from the new address pool (PR #1168)
New Features:
Leveled logging is now supported. You can set --log-level
flag to one of
all
, debug
, info
, warn
, error
or none
to filter produced logs by level.
The default value is set to info
on both helm charts and k8s manifests.
(PR #895)
MetalLB previously required the speaker to run on the same node as a pod backing a LoadBalancer, even when the ExternalTrafficPolicy was set to cluster. You may now run the MetalLB speaker on a subset of nodes, and the LoadBalancer will work for the cluster policy, regardless of where the endpoints are located. (PR #976)
It is now possible to configure the source address used for BGP sessions. (PR #902)
A new config flag has been added to allow disabling the use of Kubernetes EndpointSlices. (PR #937)
A new manifest, prometheus-operator.yaml
is now included with MetalLB to
help set up the resources necessary to allow Prometheus to gather metrics
from the MetalLB services.
(PR #960)
(helm chart) Add support for specifying additional labels for PodMonitor
and PrometheusRule
resources. This is needed when using the Prometheus
operator and have it configured to use PodMonitors
and PrometheusRules
that are using a specific label.
(PR #886)
Changes in behavior:
With the newly introduced leveled logging support, the default value for the
--log-level
is set to info
on both helm charts and k8s manifests.
This will produce fewer logs compared to the previous releases,
since many debug
level logs will be filtered out. You can preserve the old verbosity by
editing the k8s manifests and setting the argument --log-level=all
for both the controller and
speaker when installing using manifests, or by overriding helm values controller.logLevel=all
and speaker.logLevel=all
when installing with Helm.
(PR #895)
The L2 node allocation logic is now using the LoadBalancer IP and not the service name. This means that the node associated to a given service may change across releases. This would affect established connections as a new GARP will sent out to announce the IP belonging to the new node. (PR #976)
Bug Fixes:
L2 mode now allows to announce from nodes where the speaker is not running from in case of ExternalTrafficPolicy = Cluster. The association of the node to the service is done via the LoadBalancerIP, avoiding scenarios where two services sharing the same IP are announced from different nodes. (Issue #968) (Issue #558) (Issue #315)
Multi-arch images have been fixed to ensure the included busybox is based on the target platform architecture instead of the build platform architecture. Previously this made debugging these running containers more difficult as the included tools were not usable. (Issue #618)
This release includes contributions from alphabet5, Andrea Panattoni, Brian_P, Carlos Goncalves, Federico Paolinelli, Graeme Lawes, HeroCC, Ian Roberts, Lior Noy, Marco Geri, Mark Gray, Matthias Linhuber, Mohamed S. Mahmoud, Ori Braunshtein, Periyasamy Palanisamy, Pumba98, rata, Russell Bryant, Sabina Aledort, Shivamani Patil, Tyler Auerbeck, Viktor Oreshkin. Thank you!
Bug Fixes:
Add fsGroup
to the MetalLB controller deployment to address compatibility with Kubernetes 1.21
and later. See Kubernetes issue #70679.
This ensures the MetalLB controller can read the service account token volume.
(Issue #890)
helm: fix validation of imagePullSecrets (Issue #897)
Resolve issue in EndpointSlice support that caused excessive log spam. (Issue #899) (Issue #901) (Issue #978)
layer2: Fix a race condition when sending gratuitous ARP or NDP messages where an error on a removed interface would cause MetalLB to skip sending the same message out on the rest of the list of interfaces. (Issue #681)
Bug Fixes:
Bug Fixes:
manifests/metallb.yaml
to refer to the images for the
release tag instead of the main
branch.
(Issue #874)New Features:
Helm Charts are now provided. You should be able to migrate from Bitnami Charts to MetalLB Charts by just changing the repo and upgrading. For more details, see the installation documentation.
Version 0.9.x required the creation of a Secret called memberlist
. This
Secret is now automatically created by the MetalLB controller if it does not
already exist. To use this feature you must set the new ml-secret-name
and deployment
options or METALLB_ML_SECRET_NAME
and METALLB_DEPLOYMENT
environment variables.
This is already done in the manifests provided with this release.
Endpoint Slices support. Endpoint slices are the proposed and more scalable way introduced in k8s to find services endpoints. From this version, MetalLB checks for EndpointSlices availability and uses them, otherwise it backs up to endpoints.
Changes in behavior:
The port
option to the speaker
, which is the prometheus metrics port, now
defaults to port 7472
. This was already the default in the manifests
included with MetalLB, but the binary itself previously defaulted to port
80
.
The config-ns
option of both the controller
and the speaker
and the ml-namespace
option and METALLB_ML_NAMESPACE
environment variable of the speaker
are
replaced by the namespace
option or the METALLB_NAMESPACE
environment
variable. If not set the namespace is read from /var/run/secrets/kubernetes.io/serviceaccount/namespace
.
This release includes contributions from Adit Sachde, Adrian Goins, Andrew Grosser, Brian Topping, Chance Carey, Chris Tarazi, Damien TOURDE, David Anderson, Dax McDonald, dougbtv, Etienne Champetier, Federico Paolinelli, Graeme Lawes, Henry-Kim-Youngwoo, Igal Serban, Jan Krcmar, JinLin Fu, Johannes Liebermann, Jumpy Squirrel, Lars Ekman, Leroy Shirto, Mark Gray, NorthFuture, Oleg Mayko, Reinier Schoof, Rodrigo Campos, Russell Bryant, Sebastien Dionne, Stefan Lasiewski, Steven Follis, sumarsono, Thorsten Schifferdecker, toby cabot, Tomofumi Hayashi, Tony Perez, and Yuan Liu. Thank you!
Documentation for this release
Bugfixes:
This release includes contributions from Lars Ekman, Rodrigo Campos, Russell Bryant and Stefan Lasiewski. Thanks for making MetalLB better!
Documentation for this release
New features:
Bugfixes:
This release includes contributions from Adit Sachde and Jan Krcmar. Thanks for making MetalLB better!
Documentation for this release
New features:
Bugfixes:
This release includes contributions from Andrew Grosser, Chance Carey, Damien TOURDE, Etienne Champetier, Johannes Liebermann, Jumpy Squirrel, Lars Ekman, Rodrigo Campos, Russell Bryant, Sebastien Dionne, Steven Follis, sumarsono Thorsten Schifferdecker, toby cabot and Yuan Liu. Thanks to all of them for making MetalLB better!
Documentation for this release
Bugfixes:
Fix manifests to use container image version v0.9.3
instead of main
. Users
of v0.9.2
are encouraged to upgrade, as manifests included in that
release
use an incorrect container image version. Those two images happen to match
now but, as development continues on main
branch, they will differ.
Update installation procedure to create the namespace first (#557).
This release includes contributions from Henry-Kim-Youngwoo, Oleg Mayko and Rodrigo Campos. Thanks to all of them for making MetalLB better!
Documentation for this release
New features:
Dramatically reduce dead node detection time when using Layer 2 mode (#527).
This is improvement closes the long standing issue
#298 that has been a common
pain point for users using Layer 2 mode. This feature is enabled by default. You
can disable it by simply changing the speaker
Daemonset
manifest and
remove the METALLB_ML_BIND_ADDR
environment variable. Also, you can verify
the old method is being used by checking the speaker
log on startup to
contain: Not starting fast dead node detection (MemberList)
. If not shown,
the new fast node detection method is being used.
Allow spaces in address pool IP ranges (#499).
Action required:
Bug fixes:
address_total
Prometheus metric (#518).strictARP
when using kube-proxy
in IPVS mode (#507).This release includes contributions from binoue, David Anderson, dulltz, Etienne Champetier, Gary Richards, Jean-Philippe Evrard, Johan Fleury, k2mahajan, Knic Knic, kvaps, Lars Ekman, masa213f, remche, Rickard von Essen, Rui Lopes, Serge Bazanski, Spence. Thanks to all of them for making MetalLB better!
0.9.0 and 0.9.1 were never released, due to a bug that prevented building Docker images. 0.9.2 is the first “real” release of the 0.9.x branch.
Documentation for this release
New features:
This release includes contributions from Rémi Cailletaud.
Documentation for this release
Action required:
Bugfixes:
This release includes contributions from David Anderson and Gary Richards.
Documentation for this release
Bugfixes:
This release includes contributions from David Anderson.
Documentation for this release
Action required if updating from 0.7.x:
speaker
DaemonSet now specifies a toleration to run on
Kubernetes control plane nodes that have the standard, unfortunately
named “master” taint. If you don’t want MetalLB to run on control
plane nodes, you need to remove that toleration from the manifest.PodSecurityPolicy
allowing the speaker
DaemonSet to request the elevated privileges
it needs. If your cluster enforces pod security policies, you should
review the provided policy before deploying it.kubectl
get nodes -owide
). To revert to the previous behavior of offering
metrics on all interfaces, remove the METALLB_HOST environment
variable from the manifest.New features:
PodSecurityPolicy
for the
MetalLB speaker, granting it the necessary privileges for it to
function. This should make MetalLB work out of the box in clusters
with pod security policies enforced.nodeSelector
).apps/v1
version of
Deployment
and DaemonSet
, rather than the obsolete
extensions/v1beta1
.Bugfixes:
glog
trying to write to disk despite
explicit instructions to the
contrary. (#427)spec.loadBalancerIP
validation on IPv6 clusters.
(#301)This release includes contributions from Alex Lovell-Troy, Antonio Ojea, aojeagarcia, Ashley Dumaine, Brian, Brian Topping, David Anderson, Eduardo Minguez Perez, Elan Hasson, Irit Goihman, Ivan Kurnosov, Jeff Kolb, johnl, Jordan Neufeld, kvaps, Lars Ekman, Matt Sharpe, Maxime Guyot, Miek Gieben, Niklas Voss, Oilbeater, remche, Rodrigo Campos, Sergey Anisimov, Stephan Fudeus, Steven Beverly, stokbaek and till. Thanks to all of them for making MetalLB better!
Documentation for this release
Bugfixes:
Documentation for this release
Bugfixes:
x/sys/unix
instead of the
syscall
package. (#289)Documentation for this release
Bugfixes:
Documentation for this release
Action required if updating from 0.6.x:
kubectl delete -nmetallb-system endpoints metallb-speaker
kubectl delete -nmetallb-system rolebinding leader-election
kubectl delete -nmetallb-system role leader-election
New features:
externalTrafficPolicy=Local
, meaning layer2
services can see the true client source
IP. (#257)Bugfixes:
This release includes contributions from Baul, David Anderson, Ryan Roemmich, Sanjeev Rampal, and Steve Sloka. Thanks to all of them for making MetalLB better!
Documentation for this release
Bugfixes:
Documentation for this release
Bugfixes:
Documentation for this release
Action required if upgrading from 0.5.x:
cidr
field of address pools to addresses
protocol: arp
and protocol: ndp
to protocol: layer2
arp-network
statements with a range-based IP allocationNew features:
Bugfixes:
This release includes contributions from David Anderson, ghorofamike, Serguei Bezverkhi, and Zsombor Welker. Thanks to all of them for making MetalLB better!
Documentation for this release
Action required if upgrading from 0.4.x:
cidr
field of address pools in the configuration file has been
renamed to addresses
. MetalLB 0.5 understands both cidr
and
addresses
, but in 0.6 it will only understand addresses
, so
please update now.arp
and ndp
protocols have been replaced by a unified
layer2
protocol. MetalLB 0.5 understands both the old and new
names, but 0.6 will only understand layer2
, so please update now.arp-network
entries from your configuration. If your
address pool overlaps with the ethernet network or broadcast
addresses for your LAN, use IP range notation (see new features) to
exclude them from your address pool.arp_*
and ndp_*
metrics, there is now single
set of layer2_*
metrics, in which the ip
label can be IPv4 or
IPv6.New features:
protocol: layer2
in the configuration file. Layer 2
mode uses ARP and NDP under the hood, but having a single protocol
name makes it easier to build protocol-agnostic configuration
templates.192.168.0.0-192.168.0.255
is equivalent to 192.168.0.0/24
. This
makes it much easier to allocate IP ranges that don’t fall cleanly
on CIDR prefix boundaries.Bugfixes:
Documentation for this release
Bugfixes:
Documentation for this release
Bugfixes:
Documentation for this release
This was a broken attempt to fix the same bugs as 0.4.5. You should not use this version.
Documentation for this release
Changes:
Documentation for this release
Bugfixes:
Documentation for this release
Bugfixes:
Documentation for this release
Action required if upgrading from 0.3.x:
app: controller
or app: speaker
Kubernetes labels to find
MetalLB objects, you should now match on a combination of app:
metallb
, app.kubernetes.io/component: controller
or app.kubernetes.io/component: speaker
, depending
on what objects you want to select.kubectl delete -f metallb.yaml
.New features:
ndp
protocol allows v6 Kubernetes
clusters to advertise their services using
the
Neighbor Discovery Protocol,
IPv6’s analog to ARP. If you have an IPv6 Kubernetes cluster, please
try it out
and file bugs!Other improvements:
This release includes contributions from Oga Ajima, David Anderson, Matt Layher, John Marcou, Paweł Prażak, and Hugo Slabbert. Thanks to all of them for making MetalLB better!
Documentation for this release
Fixes a couple of embarrassing bugs that sneaked into 0.3.
Bugfixes:
apps/v1beta2
instead of apps/v1
for MetalLB’s
Deployment and Daemonset, to remain compatible with Kubernetes 1.8.metallb-system
namespace when installing
test-bgp-router
.test-bgp-router
. Bird got updated to 2.0, and the
integration with test-bgp-router
needs some reworking.Documentation for this release
Action required if upgrading from 0.2.x:
bgp-speaker
DaemonSet has been renamed to just
speaker
. Before applying the manifest for 0.3.0, delete the old
daemonset with kubectl delete -n metallb-system
ds/bgp-speaker
. This will take down your load balancers until you
deploy the new DaemonSet.address-pool
must now have a protocol
field, to select
between ARP and BGP mode. For your existing configurations, add
protocol: bgp
to each address pool definition.advertisements
field of address-pool
has been renamed to
bgp-advertisements
, and is now optional. If you don’t need any
special advertisement settings, you can remove the section
entirely, and MetalLB will use a reasonable default.communities
section has been renamed to bgp-communities
.New features:
protocol: arp
on an address pool. ARP mode does not require any
special network equipment, and minimal configuration. You can follow
the ARP mode tutorial to get started. There is also a page about ARP
mode’s behavior and tradeoffs, and documentation on configuring ARP mode.This release includes contributions from David Anderson, Charles Eckman, Miek Gieben, Matt Layher, Xavier Naveira, Marcus Söderberg, Kouhei Ueno. Thanks to all of them for making MetalLB better!
Documentation for this release
Notable fixes:
Documentation for this release
Major themes for this version are: improved BGP interoperability, vastly increased test coverage, and improved documentation structure and accessibility.
Notable features:
Notable fixes:
Documentation for this release
This was the first tagged version of MetalLB. Its changelog is effectively “MetalLB now exists, where previously it did not.”