MetalLB > Release Notes

Release Notes

Version 0.13.9

New Features:

IPPool service allocation: it’s now possible to allocate a given IPAddressPool to one or more namespaces and / or services (PR 1693)
Annotate the service with the pool used to provide the IP (PR 1637)
BGP via VRF support: in FRR mode is possible to establish a BGP session / announce via an interface that has a linux VRF as master (announcement only, the CNI must be vrf aware) PR 1717

Bug Fixes:

Controller: reprocess the services when a service is deleted (Issue 1586 PR 1645)
Controller: avoid having incompatible services sharing the same ip after restart (Issue 1591, PR 1647)
Restrict the RBACS only to the CRDs and webhooks managed by MetalLB (Issue 1641, PR 1658, PR 1786)
Skip unnecessary events when processing configuration instead of reprocessing them (Issue 1639 and Issue 1770, PR 1666 and PR 1791)
Helm: handle the addressPoolUsage.enabled flag (Issue 1687, PR 1688)
Consume the MemberList secret from a file instead of an env variable (PR 1692)
Publishing a new service may cause the bgp session to flake (FRR mode only) (Issue 1715, PR 1714)
Hide bgp passwords from logs PR 1721
L2: avoid one failure on one interface to disable l2 PR 1726, Issue 1727)
FRR mode: add a liveness probe to the frr container so it can be restarted upon failures PR 1732
Delete the loadbalancers assigned to a service if they are not valid, instead of ignoring the service (Issue 1431, PR 1778)
Use the official FRR images from quay instead of dockerhub (PR 1787)

This release includes contributions from Attila Fabian, cyclinder, David Young, Federico Paolinelli, Felix Yan, giuliano, Johanan Liebermann, liornoy, Łukasz Żułnowski, Mitch Ross, mlguerrero12, Periyasamy Palanisamy, tgfree, Tyler Auerbeck, xin.li, yanggang, Yuval Kashtan. Thank you!

Version 0.13.7

New Features:

CRDs: add additionalPrinterColumn configuration (PR 1632)

Bug Fixes:

Fix service monitor relabelings in Helm charts (PR 1650)
Controller readiness probe: restore to metrics endpoint but wait until the webhook is ready to accept requests, remove the “unable to process a request with an unknown content type” log (Issue 1644 PR 1648).

This release includes contributions from Attila Fabian, Tyler Auerbeck, Federico Paolinelli. Thank you!

Version 0.13.6

New Features:

Layer2: Announce LB IPs from specific interfaces (PR 1536)
Validate MetalLB supports mixed protocol services (Issue 1050 PR 1580)
ConfigMapToCRs tool: align docs to match how to use it within the cluster (PR 1595)
End to end tests: allow using external containers to execute the tests against a real cluster (PR 1604)
Helm: add an option to set resources for speaker sidecar containers (PR 1622)
Helm: add an option to set the validating webhooks failure policy (PR 1623)
Removed the “experimental” wording from FRR mode declaring it being stable but less battle tested (PR 1636)

Bug Fixes:

EndpointSlices detection: use discoveryv1 instead of v1beta1 (PR 1579)
Memory leak in FRR mode in cases where the service is getting it’s IP changed by an external entity (Issue 1581 PR 1583)
L2: if a service with multiple IPs has an IP that is used only by it, and another used by another service, the watch on the one used by it is not removed when deleting the service (PR 1600)
Skip unnecessary node events that don’t affect MetalLB (Issue 1562 PR 1607)
Readiness Probe: wait for the webhook to be ready so helm –wait can wait for the webhook to be ready. (Issue 1610 PR 1611)

This release includes contributions from Attila Fabian, chinthiti, Christoph Mewes, cyclinder, danieled-it, David Jeffers, dependabot[bot], Federico Paolinelli, karampok, liornoy, Periyasamy Palanisamy, Peter Pan, witjem, xin.li, Xuebinqi, zhoujiao. Thank you!

Version 0.13.5

New Features:

Added namespace validation for custom resources (PR 1523)
Helm: added updateStrategy for controller and speakers (PR 1340)
Expose the prometheus metrics securely via kube-rbac-proxy (PR 1545)
Don’t deploy pod security policy, not supported in k8s 1.25+ (PR 1569)

Bug Fixes:

Potential memory leak when receiving updates of the same service multiple times (PR 1570)

This release includes contributions from Federico Paolinelli, Jan Jansen, Magesh Dhasayyan. Thank you!

Version 0.13.4

New Features:

Use cosign to sign the images (PR 1437)

Bug Fixes:

Change the validating webhook configuration name to metallb-webhook-configuration instead of validating-webhook-configuration (PR 1497)
L2 mode error with ipv4 only interfaces with linklocal addresses (Issue 1507 , PR 1506)
L2 Mode: get back to announce on interfaces with no IP assigned. Vlans with no IPs should be able to advertise the service (Issue 1511 PR 1516)
Add the AvoidBuggyIPs flag to the IPAddressPool CRD. Converting a CIDR to a range comes with limitation related to setting the aggregation length and validating it. (Issue 1495, PR 1515)
Add a valid pem format to the CRDs webhooks instead of the empty placeholder. (Issue 1501, Issue 1521, PR 1522)

This release includes contributions from cyclinder, Federico Paolinelli, Periyasamy Palanisamy. Thank you!

Version 0.13.3

Bug Fixes:

Fix images on ARM broken in 0.13.2 (PR 1478)
Fail the helm release if the deprecated configinline is provided (PR 1485)
Helm charts give the permissions to watch communities. This will get rid of the Failed to watch *v1beta1.Community log error. (PR 1487)
Helm charts: add the labelselectors to the webhook service. This solves webhook issues when multiple (PR 1487)

This release includes contributions from Federico Paolinelli, Joshua Carnes, Lalit Maganti, Philipp Born. Thank you!

Version 0.13.2

New Features:

CRD support! A long awaited feature, MetalLB is now configurable via CRs. On top of that, validating webhooks will ensure the validity of the configuration upfront, without needing to check the logs. (PR #1237, PR #1245) Please note that the ConfigMap configuration is not supported anymore. Check the “Changes in behaviour” section for more details.
It’s now possible to choose to advertise addresses in L2 mode, BGP mode, both or just allocate the IP without advertising it.
Announcement node selector. It’s possible to choose which nodes to advertise from the IPs coming from a given pool (PR #1302)
BGPPeer selector. For any IP allocated from a given IPAddressPool, it is possible to choose the subset of BGPPeers we want to advertise that IP to (PR #1171).
Kustomize configuration overlays. We now provide various overlays that implement different configuration degrees (as opposed to having) one single manifest. (PR #1254)
It’s now possible to store BGP passwords as secrets (as an alternative to plain text passwords). (PR #1264).
LoadBalancerClass support: it’s possible to have MetalLB listen only to services with the provided load balancer class to comply with kubernetes loadbalancer class. (PR 1417).
Helm Charts: optional annotations for PodMonitors and PrometheusRules (PR 1407)
Multiprotocol BGP support: it’s possible to expose ipv4 addresses via a router connected via ipv6 and viceversa. It was already possible with FRR mode in the v0.12.x version, but now the feature is covered by tests too (PR 1444).

Changes in behavior:

the biggest change is the introduction of CRDs and removing support for the configuration via ConfigMap. In order to ease the transition to the new configuration, we provide a conversion tool from ConfigMap to resources (see the “Backward compatibility” section from the main page).
the internal architecture was radically changed in order to accommodate CRDs, so please do not hesitate to file an issue.
The AvoidBuggyIPs flag was removed in order to reduce the api surface a bit. The same result can be achieved using ranges of IPs instead of the CIDR annotation.
The metallb images from dockerhub are deprecated. From this release, only the images on quay.io will be supported and updated. The official images can be found under the quay.io metallb organization.

Bug Fixes:

When sharing IPs, fail instead of silently assign a new IP when a service is changed and becomes incompatible because of the sharing key (PR #1230)
Restore compatibility with versions prior to 1.19 (PR #1238)
Set BGP origin code in igp (Native mode) (PR #1242)
Remove the endpoint slices deprecation log (PR #1020)
L2: skip interfaces that do have an assigned IP (PR #1347)
Logging: Avoid printing microseconds, fix the calling site for each log (PR #1351)
IPV6 / FRR: fix single hop ebgp next hop tracking (PR #1367)
Restore FRR to be pulled from dockerhub to support ARM (PR #1258)
A race condition happening when the speaker container was slower than the frr one was fixed (PR 1463)

This release includes contributions from Andrea Panattoni, Carlos Goncalves, Federico Paolinelli, jay vyas, Joshua Carnes, liornoy, Mani Kanth, manu, Mateusz Gozdek, Mathieu Parent, Matt Layher, mkeppel@solvinity.com, Mohamed Mahmoud, Ori Braunshtein, Periyasamy Palanisamy, Rodrigo Campos, Sabina Aledort, Scott Laird, Stefan Coetzee, Tyler Auerbeck, zhoujiao. Thank you!

Version 0.12.1

Bug Fixes:

(helm chart) FRR mode disabled by default as the FRR mode is still experimental (can be optionally enabled). (PR #1222)

Version 0.12.0

New Features:

Experimental FRR mode is now available. In this mode, the BGP stack is handled by a FRR container in place of the native BGP implementation. This offers additional capabilities such as IPv6 BGP announcement and BFD support. See the installation section on how to enable it. (PR #832, PR #935, PR #958, PR #1014 and others)
Dual stack services are now supported. L2 works out of the box, BGP requires the FRR mode because of missing IPv6 support in the native implementation. (PR #1065)
In FRR mode, it is possible to have a BGP session paired with a BFD session for quicker path failure detection. (PR #927) (PR #967)
A new manifest (manifests/metallb-frr.yaml) is available to deploy metallb in FRR mode (PR #1014)
(helm chart) Add support for deploying MetalLB in FRR mode. (PR #1073)
(helm chart) Allow specification of priorityClassName for speaker and controller. (PR #1099)

Changes in behavior:

The new FRR mode comes with limitations, compared to the native implementation. The most notable are:
- It is not allowed to have different peers sharing the same ip address but different ports
- It is not allowed to have different routerID or different myAsn for different peers. It is allowed to override the routerID and/or myAsn, but the value must be the same for all the peers.
- In case the BGP peer is multiple hops away from the nodes, the new ebgp-multihop flag must be set.
When switching to FRR mode, the FRR image will required to be downloaded, which may require a longer rollout time than usual. Also, please note that the migration path from native BGP to FRR was not explicitly tested.

Bug Fixes:

If a configmap is marked as stale because removing an pool used by a service, metallb tries to reprocess it periodically until the service is deleted or changed. (PR #1028, PR #1166)
Controller panic when updating the address pool of a service and specifying spec.loadBalancerIP from the new address pool (PR #1168)

Version 0.11.0

New Features:

Leveled logging is now supported. You can set --log-level flag to one of all, debug, info, warn, error or none to filter produced logs by level. The default value is set to info on both helm charts and k8s manifests. (PR #895)
MetalLB previously required the speaker to run on the same node as a pod backing a LoadBalancer, even when the ExternalTrafficPolicy was set to cluster. You may now run the MetalLB speaker on a subset of nodes, and the LoadBalancer will work for the cluster policy, regardless of where the endpoints are located. (PR #976)
It is now possible to configure the source address used for BGP sessions. (PR #902)
A new config flag has been added to allow disabling the use of Kubernetes EndpointSlices. (PR #937)
A new manifest, prometheus-operator.yaml is now included with MetalLB to help set up the resources necessary to allow Prometheus to gather metrics from the MetalLB services. (PR #960)
(helm chart) Add support for specifying additional labels for PodMonitor and PrometheusRule resources. This is needed when using the Prometheus operator and have it configured to use PodMonitors and PrometheusRules that are using a specific label. (PR #886)

Changes in behavior:

With the newly introduced leveled logging support, the default value for the --log-level is set to info on both helm charts and k8s manifests. This will produce fewer logs compared to the previous releases, since many debug level logs will be filtered out. You can preserve the old verbosity by editing the k8s manifests and setting the argument --log-level=all for both the controller and speaker when installing using manifests, or by overriding helm values controller.logLevel=all and speaker.logLevel=all when installing with Helm. (PR #895)
The L2 node allocation logic is now using the LoadBalancer IP and not the service name. This means that the node associated to a given service may change across releases. This would affect established connections as a new GARP will sent out to announce the IP belonging to the new node. (PR #976)

Bug Fixes:

L2 mode now allows to announce from nodes where the speaker is not running from in case of ExternalTrafficPolicy = Cluster. The association of the node to the service is done via the LoadBalancerIP, avoiding scenarios where two services sharing the same IP are announced from different nodes. (Issue #968) (Issue #558) (Issue #315)
Multi-arch images have been fixed to ensure the included busybox is based on the target platform architecture instead of the build platform architecture. Previously this made debugging these running containers more difficult as the included tools were not usable. (Issue #618)

This release includes contributions from alphabet5, Andrea Panattoni, Brian_P, Carlos Goncalves, Federico Paolinelli, Graeme Lawes, HeroCC, Ian Roberts, Lior Noy, Marco Geri, Mark Gray, Matthias Linhuber, Mohamed S. Mahmoud, Ori Braunshtein, Periyasamy Palanisamy, Pumba98, rata, Russell Bryant, Sabina Aledort, Shivamani Patil, Tyler Auerbeck, Viktor Oreshkin. Thank you!

Version 0.10.3

Bug Fixes:

Add fsGroup to the MetalLB controller deployment to address compatibility with Kubernetes 1.21 and later. See Kubernetes issue #70679. This ensures the MetalLB controller can read the service account token volume. (Issue #890)
helm: fix validation of imagePullSecrets (Issue #897)
Resolve issue in EndpointSlice support that caused excessive log spam. (Issue #899) (Issue #901) (Issue #978)
layer2: Fix a race condition when sending gratuitous ARP or NDP messages where an error on a removed interface would cause MetalLB to skip sending the same message out on the rest of the list of interfaces. (Issue #681)

Version 0.10.2

Bug Fixes:

Fix a missing RBAC update in the manifests used by the helm chart. (Issue #878)

Version 0.10.1

Bug Fixes:

Fix the images in manifests/metallb.yaml to refer to the images for the release tag instead of the main branch. (Issue #874)

Version 0.10.0

New Features:

Helm Charts are now provided. You should be able to migrate from Bitnami Charts to MetalLB Charts by just changing the repo and upgrading. For more details, see the installation documentation.
Version 0.9.x required the creation of a Secret called memberlist. This Secret is now automatically created by the MetalLB controller if it does not already exist. To use this feature you must set the new ml-secret-name and deployment options or METALLB_ML_SECRET_NAME and METALLB_DEPLOYMENT environment variables. This is already done in the manifests provided with this release.
Endpoint Slices support. Endpoint slices are the proposed and more scalable way introduced in k8s to find services endpoints. From this version, MetalLB checks for EndpointSlices availability and uses them, otherwise it backs up to endpoints.

Changes in behavior:

The port option to the speaker, which is the prometheus metrics port, now defaults to port 7472. This was already the default in the manifests included with MetalLB, but the binary itself previously defaulted to port 80.
The config-ns option of both the controller and the speaker and the ml-namespace option and METALLB_ML_NAMESPACE environment variable of the speaker are replaced by the namespace option or the METALLB_NAMESPACE environment variable. If not set the namespace is read from /var/run/secrets/kubernetes.io/serviceaccount/namespace.

This release includes contributions from Adit Sachde, Adrian Goins, Andrew Grosser, Brian Topping, Chance Carey, Chris Tarazi, Damien TOURDE, David Anderson, Dax McDonald, dougbtv, Etienne Champetier, Federico Paolinelli, Graeme Lawes, Henry-Kim-Youngwoo, Igal Serban, Jan Krcmar, JinLin Fu, Johannes Liebermann, Jumpy Squirrel, Lars Ekman, Leroy Shirto, Mark Gray, NorthFuture, Oleg Mayko, Reinier Schoof, Rodrigo Campos, Russell Bryant, Sebastien Dionne, Stefan Lasiewski, Steven Follis, sumarsono, Thorsten Schifferdecker, toby cabot, Tomofumi Hayashi, Tony Perez, and Yuan Liu. Thank you!

Release Notes

Version 0.13.9

Version 0.13.7

Version 0.13.6

Version 0.13.5

Version 0.13.4

Version 0.13.3

Version 0.13.2

Version 0.12.1

Version 0.12.0

Version 0.11.0

Version 0.10.3

Version 0.10.2

Version 0.10.1

Version 0.10.0

Version 0.9.6

Version 0.9.5

Version 0.9.4

Version 0.9.3

Version 0.9.2

Versions 0.9.0 and 0.9.1

Version 0.8.3

Version 0.8.2

Version 0.8.1

Version 0.8.0

Version 0.7.3

Version 0.7.2

Version 0.7.1

Version 0.7.0

Version 0.6.2

Version 0.6.1

Version 0.6.0

Version 0.5.0

Version 0.4.6

Version 0.4.5

Version 0.4.4

Version 0.4.3

Version 0.4.2

Version 0.4.1

Version 0.4.0

Version 0.3.1

Version 0.3.0

Version 0.2.1

Version 0.2.0

Version 0.1.0