Antrea Roadmap

    The following features are considered for the near future:

    • Windows support improvements Antrea since version 0.7.0. However, a few features including: Egress, NodePortLocal, IPsec encryption are not supported for Windows Node yet. We will continue to add more features for Windows, and improve Antrea Agent and OVS installation on Windows Nodes.

    • Antrea NetworkPolicy enhancements Antrea added support for Antrea-native policies in addition to K8s NetworkPolicy since version 0.8.0, and already supports Antrea (Namespace scoped) NetworkPolicy, ClusterNetworkPolicy, ClusterGroup, Tier, and features including traffic statistics, traffic logging, policy realization status, and actions, policy priority, at rule level, Namespace isolation, FQDN and Service as egress rule destination. We will continue to add more advanced NetworkPolicy features.

    • NFV and Telco use cases We plan to explore and provide support for NFV and Telco use cases. We will add native Pod multi-interface support in Antrea, and support Pod interfaces on SRIOV devices, OVS DPDK bridge, overlay network, and Network Service Chaining.

    • L7 security policy and visibility Enhance Antrea to provide application level security and visibility to K8s workloads. This includes extending Antrea-native NetworkPolicies to support L7 / application protocols (HTTP, DNS, etc.), and extending Antrea diagnostics and observability features to get into application level visibility.

    • Multi-cluster networking We would extend Antrea from CNI of a single Kubernetes cluster to multi-cluster networking, and implement multi-cluster features like multi-cluster Services, cross-cluster connectivity, multi-cluster NetworkPolicies. Antrea multi-cluster functionalities are under active development. Check the to learn what features are already supported.

    • K8s Node security So far Antrea focuses on K8s Pod networking and security, but we would like to extend Antrea-native NetworkPolicies to cover protection of K8s Nodes too.

    • NetworkPolicy scale and performance tests Evaluate and benchmark the NetworkPolicy implementation performance at a large scale, including the policy computation performance of Antrea Controller and the OVS datapath performance.

    • OVS with DPDK or AF_XDP Leverage OVS with DPDK or AF_XDP for high performance.