Weave 2.1.1

Release 2.1.1

As 2.1.0, but fixing a couple of installation glitches - #3175,#3176

New Features

Improved Kubernetes Network Policy - Weave Net now supports the 'v1' policies introduced in Kubernetes 1.7 as well as the 'beta' policies supported previously. See Kubernetes 1.7 changelog for differences. To use old policies, --use-legacy-netpol argument should be passed to weave-npc. #3105,#3141,#3151,#3169

Weave Net now reclaims IP addresses owned by Kubernetes nodes which have been deleted from the cluster - this avoids running out of IP addresses when many nodes are added and deleted over a long period. #2797,#3149,#3170,#3172

Upgrading the Weave Net Kubernetes addon (weave-kube)

There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds an access to networkpolicies from the networking.k8s.io API group used by the 'v1' policies and a new role to create ConfigMaps:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net

To use old network policies:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net?use-legacy-netpol=true

Other improvements

• Export a Prometheus-style metric giving count of unreachable peers #3119
• Update 'gopacket' library to reduce memory use by approx 15MB #3160
• Replace bundling the 'docker' binary with our own code to avoid security vulnerability alerts and save space #2957,#3110

Bug fixes

• When weave expose is used, allow traffic into the Weave network - up till version 1.12 Docker would do this for us, but in 1.13 they stopped so now we do it. This change makes weave expose to require Weave Net to be running. #2758,#3122
• Arm64 build now works on non-kubernetes installs #2832,#3110
• TX offload was being disabled in 'awsvpc' mode, which slows down packet sending #3089
• Removed spurious 'nil' in logs from CNI DEL operation #3143

Build and test

• Images are now also built for the ppc64le platform #3129
• Tweak build scripts to run on OSX as well as Linux #3135

External Contributors

Thanks to the following contributors:
@caarlos0
@dtshepherd

Full list of changes.

Weave 2.1.0

Release 2.1.0

NOTE This release had an error in the installation; please do not use. Replaced by 2.1.1.

Weave Net 2.0.5

Bug fixes

• Fix /etc/hosts inside containers so the container's name resolves to its Weave Net address #3136,#3138
• New weave-kube config for Kubernetes 1.7 and 1.8 which resolves an intermittent conflict with kube-proxy that could break Weave Net until reboot #2998,#3134
• weave reset will now remove the persistence file created by the 'v2' Docker plugin #3103,#3114

Full list of changes.

Upgrading the Weave Net Kubernetes addon (weave-kube)

There is an updated DaemonSet manifest for Kubernetes 1.7 and 1.8 that adds a volume-mount for the iptables lock file, which avoids collisions between Weave Net components and kube-proxy that can sometimes result in a half-configured network.:

kubectl apply -f https://cloud.weave.works/k8s/v1.7/net

External Contributors

Thanks to the following who contributed changes in this release:
@dtshepherd

Weave Net 2.0.4

Release 2.0.4

Bug fixes

• weave-npc failed on Centos 7, due to older 'ipset' version in kernel #3098,#3100

Full list of changes.

Weave Net 2.0.3

NOTE: Weave Net 2.0.2 and 2.0.3 do not work on Centos 7, due to an incompatibility with the ipset support in the kernel

This release is to fix a bug which snuck into 2.0.2

• Weave-npc would crash on a policy with no 'from' part - regression introduced in 2.0.2 #3095,#3096,#3097

Weave Net 2.0.2

Bug fixes and minor improvements

• Fix race condition in weave-npc which would intermittently block all traffic for a namespace #3057,#3059
• When using Docker Plugin V2, ensure Fast Datapath works on machines that need to mount the kernel module dynamically #3080
• Regression: weave-npc would block everything if kubelet --hostname-override was used #3049,#3051
• Fix netfilter rules to block containers from accessing the Weave Net control endpoint #3093
• If DNS server is off then disable proxy DNS registration, to avoid spurious errors #3054,#3088
• Add comments to each iptables rule and ipset, to help when troubleshooting #3064
• Remove code that checked for an outdated fallback address for Kubernetes api-server #3071
• Add a label to the weavedb image so it can be filtered out by tools #3066
• Fix various build and continuous-integration failures #3061
• Print 'help' text faster in the weave script #3056
• Add an option to create continuous integration hosts in different ways #3060
• Remove remnants of the pre-2.0 proxy and plugin from build and test #3035,#3036

Full list of changes.

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes 1.6 and above supports rolling upgrades of DaemonSets. To upgrade, simply run:

kubectl apply -f https://cloud.weave.works/k8s/v1.6/net

Kubernetes will then delete the existing Weave Net pods one by one, and create new ones with the latest Weave Net version.

The 1.6 link will work for Kubernetes 1.6 and 1.7

External Contributors

Thanks to the following who contributed changes in this release:
@dlespiau
@mikebryant

Weave Net 2.0.1

Bug fixes and minor improvements

• Fall back to slower data path (sleeve), rather than crashing, when the machine lacks VXLAN support (required for “fast data path”, fastdp) #3043
• Fix bug in processing of arguments when Docker has TLS enabled, rather than crashing with invalid peers list, e.g. lookup --tlsverify: no such host #3039
• Add kube-system namespace back to weave-kube's YAMLs, preventing omissions leading to errors like error contacting APIServer: the server does not allow access to the requested resource #3033,#3042
• Fix release script to prevent ARM64 binaries to end up in AMD64 net-plugin, leading to Error response from daemon: dial unix /run/docker/plugins/<id>/weave.sock: connect: no such file or directory when installing net-plugin #3045
• weave reset and weave rmpeer now only contact Weave Cloud when Weave Net is configured with a Weave Cloud token, preventing unnecessary requests and potentially confusing 401 Unauthorized errors in Weave Net’s logs #3044

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 2.0.1 is compatible with previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes from an earlier version to version 1.6

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://cloud.weave.works/k8s/v1.6/net

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes 1.6 now supports rolling upgrades of DaemonSets, and we have added this setting to the YAML. To upgrade, simply run:

kubectl apply -f https://cloud.weave.works/k8s/v1.6/net

Kubernetes will then delete the existing Weave Net pods one by one, and create new ones with the latest Weave Net version.

In case of issues during the rolling upgrade, please refer to Kubernetes’ troubleshooting page

For more details about the Weave Net Kubernetes addon, see: https://weave.works/docs/net/latest/kube-addon/

Weave 2.0.0

Release 2.0.0

New Features

Peer Discovery via Weave Cloud

You can now get all your Weave Net peers to find each other via the Weave Cloud service, instead of maintaining a list of peers at startup. #2799,#2827

See the docs page for more details

New Docker Plugin

Docker has a new plugin system which improves the installation UX and solves some issues around startup. This means Weave Net 2.0 can now run with Docker in "swarm mode" and supports the docker service command. #2396,#2397,#2651,#2727,#2805,#2816,#2905, #2906,#2929,#2932,#2945,#2950,#2956,#2963,#2964,#2966

The previous Docker Plugin is still available and can be installed as before.

All of Weave Net now runs in one container

Previously we had three separate containers for routing, Docker API
proxy and Docker plugin. Running everything in one simplifies start-up and removes the need to detect various error conditions. #1642,#2897,#2936,#2945,#2946,#2951,#2960

The individual commands ‘weave launch-router’, ‘weave launch-plugin’, etc., have been removed. You can turn off the plugin and proxy with new command-line options. In keeping with Semantic Versioning, we have changed the major version number for this release.

Other new features

• Kubernetes configuration now comes from our “Launch Generator” that allows different options to be selected via URL. #2754,#2903,#3000,#3001
• weave-kube now stores data about IP allocation in /var/lib/weave on the host instead of in a Kubernetes volume. This means that the data will persist across pod deletion and re-creation, e.g. during an upgrade of Weave Net, which makes restarts more reliable. #2610,#2967
• weave-kube turned on rolling updates, so careful manual handling of updates is no longer required. #3024

Bug fixes

• Kubernetes Network Policies which allowed a specific set of pods to connect would block all pods on other hosts. Revert the change in v1.9.6 which ignored pods on other hosts #3025,#3028

Features removed

• weave run has been removed. This was the original method provided to start containers with Weave Net, but it always required care over timing of start-up, and we now provide three alternative, better, ways. You can replicate the effect by calling docker run then weave attach. Similarly weave start and weave restart were removed. #2353,#2885
• Everything deprecated more than one release ago has been removed, so if you use it now you get an error rather than a warning. This includes the ‘create-bridge’ command and older command-line arguments, e.g. --iprange was replaced by --ipalloc-range #2901,#2909,#2913,#2942,#2989,#2991

Functions moved from shell-script to Go code.

This enables more precise error-checking and runs a bit faster. It has also enabled us to shrink the size of images downloaded: weave-kube is 101MB compared to 163MB previously #2953,#2954,#2974

Specific items that moved from shell-script to Go:

• Setting up the weave bridge #1958,#2975,#2977,#2978
• Container attachment #2947
• Creation of the ’weave’ default plugin network #2920

Minor improvements

• You can now restart the Weave Net router without requiring the proxy to be enabled #2112
• Plugin (legacy version) now respects --ipalloc-default-subnet option #2919
• The weave script now detects and issues an error message if
  weave-kube is running and you attempt to launch again from the script. #2709/#2966
• It is now possible to choose the the MAC address of the weave bridge using --name, in case your hosts have identical unique IDs. #2900
• Relaxed Kubernetes tolerations for Weave Net's daemonset in order to match any node (previously, only taints directed at master). #3018
• Kubernetes' seLinuxOptions configuration is now empty by default, to reduce spurious failures on hosts not using seLinux. #3001
• Improved reliability of namespace changes via nsenter. #2992
• weave ps now fetches the list container IDs internally, rather than calling out to docker ps #2814,#2898
• at startup, actively remove dead containers’ Weave Net IP addresses from IPAM #3013
• at startup, only check live containers to see if they have an existing Weave Net IP address #2815,#2829
• Weave Net CNI plugin now logs but does not raise an error if anything goes wrong during network interface delete, to be more compatible with Kubernetes 1.6. #2928
• Stop running a shell in “privileged” mode when it’s only writing a file #2838
• New internal REST endpoint to return all IP address mappings. #1350
• Changed the wording where we do not log the password #2833
• Fixed typo in plugin error messages #2894

Build and test

• Weave Net is now built with Go version 1.8, which has better code generation and garbage collection #2914
• During smoke-tests, use a webserver instead of just ping so we get a more realistic test that the Weave network is working #2918
• When installing dependencies for the build container, use a keyserver port that's better for firewalls #2812
• Kubernetes test script now scales up to more hosts, and works with Kubernetes 1.6 #2837,#2853,#2923
• Other minor build improvements and refactoring #2760,#2910

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 2.0.0's CLI, persistence, and architecture has changed a lot, but the core of Weave Net is compatible with previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes from an earlier version to version 1.6

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://cloud.weave.works/k8s/v1.6/net

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Kubernetes 1.6 now supports rolling upgrades of DaemonSets, and we have added this setting to the YAML. To upgrade, simply run:

kubectl apply -f https://cloud.weave.works/k8s/v1.6/net

Kubernetes will then delete the existing Weave Net pods one by one, and create new ones with the latest Weave Net version.

In case of issues during the rolling upgrade, please refer to Kubernetes’ troubleshooting page

For more details about the Weave Net Kubernetes addon, see: https://weave.works/docs/net/latest/kube-addon/

External Contributors

Thanks to the following who contributed changes during this release:
@bjhaid
@dlmiddlecote
@mattjtodd
@mgalgs
@mikebryant
@Shimi
@stuart-warren
@unitymind

Weave 1.9.8

Release 1.9.8

Bug fixes and minor improvements

• Fix weave-npc blocking NodePort and any other non-local access #3011,#3014
• Fix bug where IPAM would duplicate a fixed IP address assigned via Docker plugin #3003,#3010

Full list of changes.

Installation and Upgrading of Weave Net

Follow the installation instructions to install this latest release of weave.

When upgrading from a version earlier than 1.9.0, if your host's network interface has a limit on packet size (the "MTU") smaller than 1496 bytes, you should reboot after upgrading to ensure encrypted fast datapath can work. For instance this applies to Google Cloud Platform, but is not necessary on AWS.

Weave Net 1.9.8 is fully compatible with all previous versions back to 1.1.0, so it is possible to upgrade clusters incrementally and run mixed versions.

Upgrading Kubernetes from an earlier version to version 1.6

In version 1.6, Kubernetes has increased security, so we need to create a special service account to run Weave Net. This is done in the file weave-daemonset-k8s-1.6.yaml attached to the release.

Also, the toleration required to let Weave Net run on master nodes has moved from an annotation to a field on the DaemonSet spec object.

The command to apply this new configuration via short URL is:

kubectl apply -f https://git.io/weave-kube-1.6

If you have edited the Weave Net DaemonSet from a previous release, you will need to re-make your changes against the new version.

Upgrading the Weave Net Kubernetes addon (weave-kube)

Although Kubernetes 1.6 now supports rolling upgrades of daemonsets, we have not tested this or changed the configuration for it, so we still recommend you perform the procedure manually - see https://weave.works/docs/net/latest/kube-addon/ for details.

Weave 1.9.7

This is identical to 1.9.6 with one additional bug-fix:

• weave-npc would block everything if kubelet --hostname-override was used #2995,#2996

Thanks to @Bregor for the fix!