Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

What's Changed

Learn about what changed in this release for CN2 23.3.

API Server Reload Support

  • Until Contrail Networking Release 23.2, you had to restart the contrail-api-server manually whenever its certificate is renewed for the new certificate to take effect.

    Note: The deployment of contrail-api-server depends on Kubernetes contrail-api-tls certificate. And the contrail-api-server controller tracks the Kubernetes secret where its certificate is stored. If you revoke this certificate, the corresponding secret is removed, and contrail-api-server controller goes into a failed state.

    The cert-manager (an internal component) issues contrail-api-server a certificate. By default, all certificates are valid for 10 years and they are renewed within 15 days.

    Starting with Contrail Networking Release 23.3, you are not required to restart the contrail-api-server manually. With API Server Reload support, the contrail-api-server restarts automatically whenever the contrail-api-server’s certificate is renewed.

Immutable IP Address

  • vhost0 is not assigned the IP address of the physical interface upon creation— The MAC address of the physical interface remains, however. As a result, the vRouter agent still establishes a connection with the CN2 controller, but existing routes are not affected because the IP address of the interface is unchanged. In other words, all of host's established routes point to the physical fabric interface instead of vhost0. CN2 release 23.3 doesn't utilize vhost0 for host communication.