Release Notes
Version 0.8.3
Documentation for this release
New features:
- The manifests directory now has a kustomize file, which allows using
kustomize to install and configure MetalLB.
This release includes contributions from remche.
Version 0.8.2
Documentation for this release
Action required:
- The MetalLB Helm chart in the official helm repository is no longer
a supported installation method.
Bugfixes:
- Fix layer2 node selection when healthy and unhealthy replicas are colocated on a single node. (#474)
This release includes contributions from David Anderson and Gary Richards.
Version 0.8.1
Documentation for this release
Bugfixes:
- Fix the apiGroup for PodSecurityPolicy, for compatibility with Kubernetes 1.16. (#458).
- Fix speaker posting events with an empty string as the announcing node name. (#456).
- Fix RBAC permissions on speaker, to allow it to post events to all
namespaces. (#455).
This release includes contributions from David Anderson.
Version 0.8.0
Documentation for this release
Action required if updating from 0.7.x:
- The
speaker
DaemonSet now specifies a toleration to run on
Kubernetes control plane nodes that have the standard, unfortunately
named “master” taint. If you don’t want MetalLB to run on control
plane nodes, you need to remove that toleration from the manifest.
- The manifest and Helm chart both now specify a
PodSecurityPolicy
allowing the speaker
DaemonSet to request the elevated privileges
it needs. If your cluster enforces pod security policies, you should
review the provided policy before deploying it.
- The speaker defaults to only offering its Prometheus metrics on the
node IP as registered in Kubernetes (i.e. the IP you see in
kubectl
get nodes -owide
). To revert to the previous behavior of offering
metrics on all interfaces, remove the METALLB_HOST environment
variable from the manifest.
New features:
- The manifest and Helm chart now define a
PodSecurityPolicy
for the
MetalLB speaker, granting it the necessary privileges for it to
function. This should make MetalLB work out of the box in clusters
with pod security policies enforced.
- On Windows/Linux hybrid Kubernetes clusters, MetalLB constrains
itself to run only on linux nodes (via a
nodeSelector
).
- The MetalLB speaker now tolerates running on Kubernetes control
plane nodes. This means that services whose pods run only on control
plane nodes (e.g. the Kubernetes dashboard, in some setups) are now
reachable.
- MetalLB withdraws BGP announcements entirely for services with no
healthy pods. This enables anycast geo-redundancy by advertising the
same IP from multiple Kubernetes
clusters. (#312)
- The speaker only exposes its Prometheus metrics port on the node IP
registered with Kubernetes, rather than on all interfaces. This
should reduce the risk of exposure for clusters where nodes have
separate public and private interfaces.
- The website has updated compatibility grids for both Kubernetes
network
addons
and cloud
providers, listing
known issues and configuration tips.
- MetalLB now publishes a Kubernetes event to a service, indicating
which nodes are announcing that service. This makes it much easier
to determine how traffic is
flowing. (#430)
- The manifest and Helm chart now use the
apps/v1
version of
Deployment
and DaemonSet
, rather than the obsolete
extensions/v1beta1
.
Bugfixes:
- Fix address allocation in cases where no addresses were available at
service creation, but the deletion of another service subsequently
makes one
available. (#413)
- Fix allocation not updating when the address pool annotation
changes. (#448).
- Fix periodic crashes due to
glog
trying to write to disk despite
explicit instructions to the
contrary. (#427)
- Fix
spec.loadBalancerIP
validation on IPv6 clusters.
(#301)
- Fix BGP Router ID selection on v6 BGP sessions.
- Fix handling of IPv6 addresses in the BGP connection establishment
logic.
- Generate deterministically pseudorandom BGP router IDs in IPv6-only
clusters.
- Fix incorrect ARP/NDP responses on bonded interfaces.
(#349)
- Fix ARP/NDP responses sent on interfaces with the NOARP flag.
(#351)
- Update MetalLB logs on the website to the new structured
format. (#275)
This release includes contributions from Alex Lovell-Troy, Antonio
Ojea, aojeagarcia, Ashley Dumaine, Brian, Brian Topping, David
Anderson, Eduardo Minguez Perez, Elan Hasson, Irit Goihman, Ivan
Kurnosov, Jeff Kolb, johnl, Jordan Neufeld, kvaps, Lars Ekman, Matt
Sharpe, Maxime Guyot, Miek Gieben, Niklas Voss, Oilbeater, remche,
Rodrigo Campos, Sergey Anisimov, Stephan Fudeus, Steven Beverly,
stokbaek and till. Thanks to all of them for making MetalLB better!
Version 0.7.3
Documentation for this release
Bugfixes:
- Fix BGP announcement refcounting when using shared
IPs. (#295)
Version 0.7.2
Documentation for this release
Bugfixes:
- Fix gratuitous ARP and NDP announcements on IP
failover. (#291)
- Fix BGP dialing on Arm64, by using
x/sys/unix
instead of the
syscall
package. (#289)
Version 0.7.1
Documentation for this release
Bugfixes:
- Actually allow layer2 mode to use the Local traffic
policy. Oops. (#279)
Version 0.7.0
Documentation for this release
Action required if updating from 0.6.x:
- MetalLB no longer does leader election. After upgrading to 0.7, you
can delete a number of k8s resources associated with that. This is
just a cleanup, nothing bad happens if you leave the resources
orphaned in your cluster. Depending on your installation method,
some of these may have already been cleaned up for you.
kubectl delete -nmetallb-system endpoints metallb-speaker
kubectl delete -nmetallb-system rolebinding leader-election
kubectl delete -nmetallb-system role leader-election
New features:
- Layer2 mode now supports
externalTrafficPolicy=Local
, meaning layer2
services can see the true client source
IP. (#257)
- Layer2 mode now selects leader nodes on a per-service level, instead of using
a single leader node for all services in the cluster. If you have many
services, this change spreads the load of handling incoming traffic across
more than one machine. (#195)
- MetalLB’s maturity has upgraded from alpha to beta! Mostly this
just reflects the increased confidence in the code from the larger
userbase, and adds some guarantees around graceful upgrades from one
version to the next.
Bugfixes:
- Speaker no longer sends localpref over eBGP sessions
(#266)
This release includes contributions from Baul, David Anderson, Ryan
Roemmich, Sanjeev Rampal, and Steve Sloka. Thanks to all of them for
making MetalLB better!
Version 0.6.2
Documentation for this release
Bugfixes:
- Fix nil pointer deref crash on BGP peers that reject MetalLB’s OPEN message too promptly (#250)
Version 0.6.1
Documentation for this release
Bugfixes:
- Speaker no longer goes into a tight CPU-burning loop when pods are
deleted on the
node. (#246)
Version 0.6.0
Documentation for this release
Action required if upgrading from 0.5.x:
- As documented in the 0.5.0 release notes, several deprecated fields
have been removed from the configuration. If you didn’t update your
configurations for 0.5, you may need to make the following changes:
- Rename the
cidr
field of address pools to addresses
- Rename
protocol: arp
and protocol: ndp
to protocol: layer2
- Replace
arp-network
statements with a range-based IP allocation
New features:
- You can now colocate multiple services on a single IP address, using
annotations on the Service objects. See
the
IP sharing documentation for
instructions and caveats. (#121)
- Layer 2 mode now listens on all interfaces for ARP and NDP requests,
not just the interface used for communication by Kubernetes
components. (#165)
- MetalLB now uses structured logging instead of Google’s glog
package. Logging events are written to standard output as a series
of JSON objects suitable for collection by centralized logging
systems. (#189)
- BGP connections can now specify a password for TCP MD5 secured BGP
sessions. (#215)
- MetalLB is now available as a Helm package in the “stable” Helm
repository. Note that, due to code review delay, it may take several
days after a release before the Helm package is
updated. (#177)
Bugfixes:
- Correctly use AS_SEQUENCE in eBGP session messages, rather than
AS_SET (#225)
This release includes contributions from David Anderson, ghorofamike,
Serguei Bezverkhi, and Zsombor Welker. Thanks to all of them for making
MetalLB better!
Version 0.5.0
Documentation for this release
Action required if upgrading from 0.4.x:
- The
cidr
field of address pools in the configuration file has been
renamed to addresses
. MetalLB 0.5 understands both cidr
and
addresses
, but in 0.6 it will only understand addresses
, so
please update now.
- The
arp
and ndp
protocols have been replaced by a unified
layer2
protocol. MetalLB 0.5 understands both the old and new
names, but 0.6 will only understand layer2
, so please update now.
- Remove any
arp-network
entries from your configuration. If your
address pool overlaps with the ethernet network or broadcast
addresses for your LAN, use IP range notation (see new features) to
exclude them from your address pool.
- The router IDs used on BGP sessions may change in this version, in
clusters where nodes have multiple IP addresses. If your BGP
infrastructure monitors or enforces specific router IDs for peers,
you may need to update those systems to match new router IDs.
- The Prometheus metrics for ARP and NDP traffic have been
merged. Instead of
arp_*
and ndp_*
metrics, there is now single
set of layer2_*
metrics, in which the ip
label can be IPv4 or
IPv6.
New features:
- ARP and NDP modes have been replaced by a single “layer 2” mode,
indicated by
protocol: layer2
in the configuration file. Layer 2
mode uses ARP and NDP under the hood, but having a single protocol
name makes it easier to build protocol-agnostic configuration
templates.
- You can give addresses to MetalLB using a simple IP range notation,
in addition to CIDR prefixes. For example,
192.168.0.0-192.168.0.255
is equivalent to 192.168.0.0/24
. This
makes it much easier to allocate IP ranges that don’t fall cleanly
on CIDR prefix boundaries.
- BGP mode supports nodes with multiple interfaces and IP addresses
(#182). Previously,
MetalLB could only establish working BGP sessions on the node’s
“primary” interface, i.e. the one that owned the IP that Kubernetes
uses to identify the node. Now, peerings may be established via any
interface on the nodes, and traffic will flow in the expected
manner.
Bugfixes:
Version 0.4.6
Documentation for this release
Bugfixes:
Version 0.4.5
Documentation for this release
Bugfixes:
Version 0.4.4
Documentation for this release
This was a broken attempt to fix the same bugs as 0.4.5. You should
not use this version.
Version 0.4.3
Documentation for this release
Changes:
- Make the configmap’s namespace and name configurable via flags, for
Helm upstreaming.
Version 0.4.2
Documentation for this release
Bugfixes:
Version 0.4.1
Documentation for this release
Bugfixes:
Version 0.4.0
Documentation for this release
Action required if upgrading from 0.3.x:
- MetalLB’s use of Kubernetes labels has changed slightly to conform
to Kubernetes best practices. If you were using a label match on
app: controller
or app: speaker
Kubernetes labels to find
MetalLB objects, you should now match on a combination of app:
metallb
, component: controller
or component: speaker
, depending
on what objects you want to select.
- RBAC rules have changed, and now allow the MetalLB speaker to list
and watch Node objects. If you are not installing MetalLB via the
provided manifest, you will need to make this change by hand.
- If you want to switch to using Helm to manage your MetalLB
installation, you must first uninstall the manifest-based version,
with
kubectl delete -f metallb.yaml
.
New features:
- Initial IPv6 support! The
ndp
protocol allows v6 Kubernetes
clusters to advertise their services using
the
Neighbor Discovery Protocol,
IPv6’s analog to ARP. If you have an IPv6 Kubernetes cluster, please
try it out
and file bugs!
- BGP peers now have
a
node selector. You
can use this to integrate MetalLB into more complex cluster network
topologies.
- MetalLB now has
a
Helm chart. If
you use Helm on your cluster, this should make it
easier to track and manage your MetalLB installation. The chart will
be submitted for inclusion in the main Helm stable repository
shortly after the release is finalized. Use of Helm is optional,
installing the manifest directly is still fully supported.
Other improvements:
- MetalLB
now
backs off on failing BGP connections,
to avoid flooding logs with failures
- ARP mode should be a little
more
interoperable with clients,
and failover should be a little faster, thanks to tweaks to its
advertisement logic.
- ARP and NDP modes export Prometheus metrics
for requests received, responses sent, and failover-related
transmissions. This brings them up to “monitoring parity” with BGP
mode.
- Binary internals were refactored to share more common code. This
should reduce the amount of visual noise in the logs.
This release includes contributions from Oga Ajima, David Anderson,
Matt Layher, John Marcou, Paweł Prażak, and Hugo Slabbert. Thanks to
all of them for making MetalLB better!
Version 0.3.1
Documentation for this release
Fixes a couple
of embarrassing bugs
that sneaked into 0.3.
Bugfixes:
- Revert to using
apps/v1beta2
instead of apps/v1
for MetalLB’s
Deployment and Daemonset, to remain compatible with Kubernetes 1.8.
- Create the
metallb-system
namespace when installing
test-bgp-router
.
- Disable BIRD in
test-bgp-router
. Bird got updated to 2.0, and the
integration with test-bgp-router
needs some reworking.
Version 0.3.0
Documentation for this release
Action required if upgrading from 0.2.x:
- The
bgp-speaker
DaemonSet has been renamed to just
speaker
. Before applying the manifest for 0.3.0, delete the old
daemonset with kubectl delete -n metallb-system
ds/bgp-speaker
. This will take down your load-balancers until you
deploy the new DaemonSet.
- The
configuration file format has
changed in a few backwards-incompatible ways. You need to update
your ConfigMap by hand:
- Each
address-pool
must now have a protocol
field, to select
between ARP and BGP mode. For your existing configurations, add
protocol: bgp
to each address pool definition.
- The
advertisements
field of address-pool
has been renamed to
bgp-advertisements
, and is now optional. If you don’t need any
special advertisement settings, you can remove the section
entirely, and MetalLB will use a reasonable default.
- The
communities
section has been renamed to bgp-communities
.
New features:
- MetalLB now supports ARP advertisement, enabled by setting
protocol: arp
on an address pool. ARP mode does not require any
special network equipment, and minimal configuration. You can follow
the ARP mode tutorial to get started. There is also a page about ARP
mode’s behavior and tradeoffs, and documentation on configuring ARP mode.
- The container images are
now
multi-architecture images. MetalLB
now supports running on all supported Kubernetes architectures:
amd64, arm, arm64, ppc64le, and s390x.
- You can
now
disable automatic address allocation on
address pools, if you want to have manual control over the use of
some addresses.
- MetalLB pods now come
with
Prometheus scrape annotations. If
you’ve configured your Prometheus-on-Kubernetes to automatically
discover monitorable pods, MetalLB will be discovered and scraped
automatically. For more advanced monitoring needs,
the
Prometheus Operator supports
more flexible monitoring configurations in a Kubernetes-native way.
- We’ve documented how
to
Integrate with the Romana networking system,
so that you can use MetalLB alongside Romana’s BGP route publishing.
- The website got a makeover, to accommodate the growing amount of
documentation in a discoverable way.
This release includes contributions from David Anderson, Charles
Eckman, Miek Gieben, Matt Layher, Xavier Naveira, Marcus Söderberg,
Kouhei Ueno. Thanks to all of them for making MetalLB better!
Version 0.2.1
Documentation for this release
Notable fixes:
- MetalLB unable to start because Kubernetes cannot verify that
“nobody” is a non-root
user (#85)
Version 0.2.0
Documentation for this release
Major themes for this version are: improved BGP interoperability,
vastly increased test coverage, and improved documentation structure
and accessibility.
Notable features:
- This website! It replaces a loose set of markdown files, and
hopefully makes MetalLB more accessible.
- The BGP speaker now speaks Multiprotocol BGP
(RFC 4760). While we still
only support IPv4 service addresses, speaking Multiprotocol BGP is a
requirement to successfully interoperate with several popular BGP
stacks. In particular, this makes MetalLB compatible
with Quagga and Ubiquiti’s
EdgeRouter and Unifi product lines.
- The development workflow with Minikube now works with Docker for
Mac, allowing mac users to hack on MetalLB. See
the hacking documentation
for the required additional setup.
Notable fixes:
- Handle multiple BGP peers properly. Previously, bgp-speaker
mistakenly made all its connections to the last defined peer,
ignoring the others.
- Fix a startup race condition where MetalLB might never allocate an
IP for some services.
- Test coverage is above 90% for almost all packages, up from ~0%
previously.
- Fix yaml indentation in the MetalLB manifests.
Version 0.1.0
Documentation for this release
This was the first tagged version of MetalLB. Its changelog is
effectively “MetalLB now exists, where previously it did not.”