CN-Series CNI

Table of Contents

Refer to the following table to see what has changed with each CN-Series CNI release.

PAN-CNI 3.0.x

PAN-CNI 3.0.x should be used with the CN-Series running any currently supported PAN-OS version.

Version	What’s New
3.0.4	Enables support for OVN-Kubernetes CNI on RedHat OpenShift version 4.13 and above, in the K8s Service deployment mode and Dameonset mode. CN-200: Enhancing K8s-service mode to handle certain environments where default route has specified MTU.
3.0.3	Enables support for GKE Dataplane V2. CN-156: Fixes an issue on the CN-Series for GKE that prevents two application pods on the same node from communicating with one another when one of those pods is secured.
3.0.2	Adds support for the CN-Series deployed as a Kubernetes service on OpenShift. This requires YAML 3.0.1 or greater.
3.0.1	Rotates pan-cni.log when its size reaches 10MB. Updated the traffic steering crd client to use the API spec v1 (for k8s 1.21)

PAN-CNI 1.0.x should be used with the CN-Series running any currently supported PAN-OS version.

Version	What’s New
1.0.7	CN-88: During app pod deletion, original app pod networking is restored for other CNIs. This is recommended for use with PAN-OS 10.0.10 if the CN-Series is frequently securing the maximum of 30 pods.
1.0.6	CN-88 (partial fix): Fixed the cleanup logic for app pod deletion and PAN-CNI security insertion failure. However, the restoration of the app pod’s original networking during app pod deletion for cases where the maximum of 30 pods to be secured on a node.
1.0.5	CN-83: Fixed an issue that caused the CN-Series to remain in the state “Readiness: Not ready. Panorama config not pushed. pan_task is not running.” CN-82: Ensures that the CN-NGFW pods are ready to handle traffic when secured app pods come up.