zishuo/netmaker
1
0
Fork 0
mirror of https://github.com/gravitl/netmaker.git synced 2026-04-22 16:07:11 +08:00
Code Issues Packages Projects Releases Wiki Activity

v1.5.1: release notes (#3950)

Browse Source 
* v1.5.1: release notes

* v1.5.1: release notes

* v1.5.1: release notes

* v1.5.1: release notes

* v1.5.1: release notes

* v1.5.1: update version tag

* v1.5.1: update version tag
This commit is contained in:
Abhishek Kondur
2026-03-31 20:01:57 +05:30
committed by GitHub
parent b97fbc69db
commit f8a0cfd744
10 changed files with 142 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.github/ISSUE_TEMPLATE/bug-report.yml
+1
View File
@@ -31,6 +31,7 @@ body:
label: Version
description: What version are you running?
options:
- v1.5.1
- v1.5.0
- v1.4.0
- v1.2.0
README.md
+1 -1
View File
@@ -16,7 +16,7 @@
<p align="center">
<a href="https://github.com/gravitl/netmaker/releases">
<img src="https://img.shields.io/badge/Version-1.5.0-informational?style=flat-square" />
<img src="https://img.shields.io/badge/Version-1.5.1-informational?style=flat-square" />
</a>
<a href="https://hub.docker.com/r/gravitl/netmaker/tags">
<img src="https://img.shields.io/docker/pulls/gravitl/netmaker?label=downloads" />
compose/docker-compose.netclient.yml
+1 -1
View File
@@ -3,7 +3,7 @@ version: "3.4"
services:
netclient:
container_name: netclient
image: 'gravitl/netclient:v1.5.0'
image: 'gravitl/netclient:v1.5.1'
hostname: netmaker-1
network_mode: host
restart: on-failure
k8s/client/netclient-daemonset.yaml
+1 -1
View File
@@ -16,7 +16,7 @@ spec:
hostNetwork: true
containers:
- name: netclient
image: gravitl/netclient:v1.5.0
image: gravitl/netclient:v1.5.1
env:
- name: TOKEN
value: "TOKEN_VALUE"
k8s/client/netclient.yaml
+1 -1
View File
@@ -28,7 +28,7 @@ spec:
# - "<node label value>"
containers:
- name: netclient
image: gravitl/netclient:v1.5.0
image: gravitl/netclient:v1.5.1
env:
- name: TOKEN
value: "TOKEN_VALUE"
k8s/server/netmaker-ui.yaml
+1 -1
View File
@@ -15,7 +15,7 @@ spec:
spec:
containers:
- name: netmaker-ui
image: gravitl/netmaker-ui:v1.5.0
image: gravitl/netmaker-ui:v1.5.1
ports:
- containerPort: 443
env:
main.go
+2 -2
View File
@@ -36,10 +36,10 @@ import (
"golang.org/x/exp/slog"
)
var version = "v1.5.0"
var version = "v1.5.1"
// @title NetMaker
// @version 1.5.0
// @version 1.5.1
// @description NetMaker API Docs
// @tag.name APIUsage
// @tag.description.markdown
release.md
+54 -26
View File
@@ -1,45 +1,73 @@
## Netmaker v1.5.0 Release Notes 🚀
# Netmaker v1.5.1 Release Notes 🚀
## 🚀 Whats New
### 🔓 Just-In-Time Access (beta)
### 🔁 Traffic Logs (Beta)
- Time-limited, on-demand network access: users request access, admins approve or deny, and grants expire automatically.
Traffic Logs have now moved into **Beta**.
- Request/approval workflow with configurable grant duration; admins retain full control over who accesses which networks and when.
- Traffic Logs are now enriched with relevant **domain tagging**, making network activity easier to audit and investigate.
### 🔁 Overlapping Egress Ranges (beta)
- Virtual NAT mode enables multiple egress routers to share overlapping IP ranges by assigning each egress a virtual range from a configurable pool.
- Configurable per-network IPv4 pool and site prefix length for virtual range allocation.
- Eliminates routing conflicts when multiple sites need to egress the same destination CIDRs (e.g., multiple offices routing to the same cloud VPC).
- Supports both direct NAT and virtual NAT modes for flexible egress configurations.
### 🌍 Gateway Monitoring
- Desktop App connections automatically fail over to healthy gateway hubs when the primary becomes unavailable.
- Gateway health is monitored via connectivity checks and last-seen metrics; only online gateways are used for new connections.
---
## 🧰 Improvements & Fixes
- **IP Detection Interval** User can now choose the Device Endpoint IP detection interval based on their requirements.
- **Scalability & Reliability Improvements**
Introduced a peer update debouncer that coalesces rapid-fire PublishPeerUpdate calls into a single broadcast — a 500ms resettable debounce window capped by a 3s max-wait deadline ensures back-to-back operations (bulk node updates, gateway changes, host deletions) produce one peer update instead of dozens, drastically reducing CPU and MQTT pressure on the control plane
- **User Migration:** Optimized user migration logic to reduce server startup time.
Pre-warms peer update caches after each debounced broadcast so pull requests from hosts are served instantly from cache instead of triggering expensive on-demand computation
- **DNS:** Use Global Nameservers only if no match-all nameservers are configured, added fallback nameserver configuration.
Batched metrics export to netmaker exporter via periodic ticker instead of publishing on every individual MQTT metrics message, reducing continuous CPU pressure from Prometheus scraping
- **Darwin:** Netclients on macOS can now use internet gateway.
- **Database Schema Migration**
Added schema migrations for the **Users, Groups, Roles, Networks, and Hosts** tables.
- **GeoLocation:** Consolidate IP location API usage with fallbacks
- **Deprecated Legacy ACLs**
Legacy ACLs have been **fully removed** as part of the platforms transition to the updated access control model.
- **Paginated APIs**
Introduced pagination support for **Users** and **Hosts** APIs.
## Known Issues 🐞
- **DNS**
Added **native Active Directory support**.
- netclients cannot auto-upgrade on ipv6-only machines.
- **Posture Checks**
Nodes can now **skip the auto-update check during join**, improving join reliability in controlled environments.
- Need to optimize multi-network netclient join with enrollment key
- **IDP Sync**
Improved identity provider sync behavior:
- Synced IDP groups are now **denied access by default** until explicitly granted.
- **Okta-specific settings** are now reset when an IDP integration is removed.
- On systems using systemd-resolved in uplink mode, the first 3 entries in resolv.conf are used and rest are ignored. So it might cause DNS issues. Stub mode is preferred.
- **HA Setup**
Streamlined **high availability (HA)** setup and operational workflows.
- When a Windows desktop app is connected to a Full Tunnel Gateway, and a Split Tunnel Gateway at the same time,
the gateway monitoring component would disconnect from the split tunnel gateway.
- **Install Script**
Added **on-demand Monitoring Stack installation** support via:
`./nm-quick.sh -m`
- **Monitoring Stack**
Updated the monitoring stack to use the **official Prometheus and Grafana images**.
- **HA Gateways**
Reset Auto Assigned gw when it is disconnected from the network.
---
## 🐞 Known Issues
- **IPv6-only machines**
Netclients cannot currently **auto-upgrade** on IPv6-only systems.
- **Multi-network join performance**
Multi-network netclient joins using an **enrollment key** still require optimization.
- **systemd-resolved DNS limitation**
On systems using **systemd-resolved in uplink mode**, only the **first 3 entries** in `resolv.conf` are honored; additional entries are ignored. This may cause DNS resolution issues. **Stub mode is recommended**.
- **Windows Desktop App + mixed gateway modes**
When the Windows Desktop App is connected to both:
- a **Full Tunnel Gateway**, and
- a **Split Tunnel Gateway**
the gateway monitoring component may disconnect from the **Split Tunnel Gateway**.
scripts/nm-quick.sh
+1 -1
View File
@@ -12,7 +12,7 @@ fi
CONFIG_PATH="$INSTALL_DIR/$CONFIG_FILE"
NM_QUICK_VERSION="1.0.0"
#LATEST=$(curl -s https://api.github.com/repos/gravitl/netmaker/releases/latest | grep "tag_name" | cut -d : -f 2,3 | tr -d [:space:],\")
LATEST=v1.5.0
LATEST=v1.5.1
BRANCH=master
if [ $(id -u) -ne 0 ]; then
echo "This script must be run as root"
swagger.yaml
+79 -1
View File
@@ -158,6 +158,8 @@ definitions:
properties:
id:
$ref: '#/definitions/models.AclGroupType'
name:
type: string
value:
type: string
type: object
@@ -2440,6 +2442,8 @@ definitions:
type: boolean
country_code:
type: string
created_at:
type: string
daemoninstalled:
type: boolean
debug:
@@ -2520,6 +2524,8 @@ definitions:
type: array
turn_endpoint:
$ref: '#/definitions/schema.AddrPort'
updated_at:
type: string
verbosity:
type: integer
version:
@@ -2892,7 +2898,7 @@ info:
contact: {}
description: NetMaker API Docs
title: NetMaker
version: 1.5.0
version: 1.5.1
paths:
/api/dns:
get:
@@ -5911,6 +5917,10 @@ paths:
type: string
name: os
type: array
- description: Search across fields
in: query
name: q
type: string
- description: Page number
in: query
name: page
@@ -7535,6 +7545,36 @@ paths:
summary: List all user groups
tags:
- Users
/api/v1/users/groups/network:
get:
parameters:
- description: Network ID
in: query
name: network
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
items:
$ref: '#/definitions/schema.UserGroup'
type: array
"400":
description: Bad Request
schema:
$ref: '#/definitions/models.ErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth: []
summary: List user groups with access to a network
tags:
- Users
/api/v1/users/invite:
delete:
parameters:
@@ -7707,6 +7747,36 @@ paths:
summary: Log out a user
tags:
- Users
/api/v1/users/network:
get:
parameters:
- description: Network ID
in: query
name: network
required: true
type: string
produces:
- application/json
responses:
"200":
description: OK
schema:
items:
$ref: '#/definitions/models.ReturnUser'
type: array
"400":
description: Bad Request
schema:
$ref: '#/definitions/models.ErrorResponse'
"500":
description: Internal Server Error
schema:
$ref: '#/definitions/models.ErrorResponse'
security:
- oauth: []
summary: List users with access to a network
tags:
- Users
/api/v1/users/network_ip:
get:
produces:
@@ -7957,6 +8027,10 @@ paths:
in: query
name: auth_type
type: string
- description: Search across fields
in: query
name: q
type: string
- description: Page number
in: query
name: page
@@ -7993,6 +8067,10 @@ paths:
in: query
name: default
type: string
- description: Search across fields
in: query
name: q
type: string
- description: Page number
in: query
name: page