search

unchama / kube-cluster-on-proxmox

Proxmox環境でサクッと作ってサクっと壊せる高可用性なkubernetesクラスタを作ってみる
MIT License
53 stars 4 forks source link

chore(deps): update helm release cilium to v1.12.2 #49

Closed renovate[bot] closed 2 years ago

renovate[bot] commented 2 years ago

Mend Renovate

This PR contains the following updates:

Package Update Change
cilium (source) minor 1.11.6 -> 1.12.2

Release Notes

cilium/cilium ### [`v1.12.2`](https://togithub.com/cilium/cilium/releases/tag/v1.12.2) [Compare Source](https://togithub.com/cilium/cilium/compare/v1.12.1...v1.12.2) We are pleased to release Cilium v1.12.2. This release has some improvements around load balancing, quality of life improvements and many fixes for bugs found by our community. ## Summary of Changes **Minor Changes:** - Added `hubble.ui.frontend.server.ipv6.enabled` helm flag to control nginx server ipv6 listener (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21127](https://togithub.com/cilium/cilium/issues/21127), [@​geakstr](https://togithub.com/geakstr)) - dnsproxy: stop serving DNS traffic before agent shutdown (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​20795](https://togithub.com/cilium/cilium/issues/20795), [@​nebril](https://togithub.com/nebril)) - ingress: Propagate required annotations from Ingress to LB Service (Backport PR [#​21227](https://togithub.com/cilium/cilium/issues/21227), Upstream PR [#​20860](https://togithub.com/cilium/cilium/issues/20860), [@​NikhilSharmaWe](https://togithub.com/NikhilSharmaWe)) - ingress: Rename LB annotation to annotation prefixes (Backport PR [#​21227](https://togithub.com/cilium/cilium/issues/21227), Upstream PR [#​21222](https://togithub.com/cilium/cilium/issues/21222), [@​sayboras](https://togithub.com/sayboras)) - install: add TerminationMessagePolicy to cilium pods (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21012](https://togithub.com/cilium/cilium/issues/21012), [@​squeed](https://togithub.com/squeed)) - put stderr of iptables command into error instead of merging into stdout (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20895](https://togithub.com/cilium/cilium/issues/20895), [@​liuyuan10](https://togithub.com/liuyuan10)) - Support configuring metricsRelabelings on ServiceMonitors (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21051](https://togithub.com/cilium/cilium/issues/21051), [@​chancez](https://togithub.com/chancez)) **Bugfixes:** - Cilium-envoy now sets option to allow (source) port reuse when binding to a source address of a pod for upstream connections. (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​20996](https://togithub.com/cilium/cilium/issues/20996), [@​jrajahalme](https://togithub.com/jrajahalme)) - clustermesh-apiserver: fix key name for delete during k8s->kvstore sync (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21078](https://togithub.com/cilium/cilium/issues/21078), [@​tklauser](https://togithub.com/tklauser)) - datapath: allow local NodePort traffic for `eni+` container interfaces with CNI chaining (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21126](https://togithub.com/cilium/cilium/issues/21126), [@​ti-mo](https://togithub.com/ti-mo)) - Do not enable health checks if only Terminating backends are present on a Node which is selected by a Service with `externalTrafficPolicy: Local` Service (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21062](https://togithub.com/cilium/cilium/issues/21062), [@​zuzzas](https://togithub.com/zuzzas)) - Ensure that the DNS proxy picks a new port if the previously-used port is unavailable. (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​20896](https://togithub.com/cilium/cilium/issues/20896), [@​NikhilSharmaWe](https://togithub.com/NikhilSharmaWe)) - Fix conflicting routes for multiple ENIs in IPAM mode (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​20112](https://togithub.com/cilium/cilium/issues/20112), [@​recollir](https://togithub.com/recollir)) - Fix identity garbage collection in clustermesh environments ([#​20932](https://togithub.com/cilium/cilium/issues/20932), [@​aanm](https://togithub.com/aanm)) - Fix node label synchronization in the KVStore when IPSec configuration changes (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21087](https://togithub.com/cilium/cilium/issues/21087), [@​aanm](https://togithub.com/aanm)) - Fix panic during Cilium initialization when a NetworkPolicy with a named-port selected an pod running on that node. (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20911](https://togithub.com/cilium/cilium/issues/20911), [@​aanm](https://togithub.com/aanm)) - Fix Wireguard connectivity issues when using kvstore mode (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21080](https://togithub.com/cilium/cilium/issues/21080), [@​aanm](https://togithub.com/aanm)) - Fixes typos in enabling fqdn_semaphore_rejected_total metric (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20893](https://togithub.com/cilium/cilium/issues/20893), [@​rahulkjoshi](https://togithub.com/rahulkjoshi)) - For configurations with Egress Gateway and Direct-Routing, avoid recreating the cilium_vxlan interface on every restart. (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​20780](https://togithub.com/cilium/cilium/issues/20780), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - helm: Add check for apparmor annotations (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21008](https://togithub.com/cilium/cilium/issues/21008), [@​sayboras](https://togithub.com/sayboras)) - ipsec: Fix incorrect parsing of SPI from mark (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20900](https://togithub.com/cilium/cilium/issues/20900), [@​pchaigno](https://togithub.com/pchaigno)) - k8s/watchers: fix panic in CiliumEndpoint labels update (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20865](https://togithub.com/cilium/cilium/issues/20865), [@​jaffcheng](https://togithub.com/jaffcheng)) - kvstore/allocator: fix panic on receiving invalid identity entries (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21213](https://togithub.com/cilium/cilium/issues/21213), [@​ArthurChiao](https://togithub.com/ArthurChiao)) - metrics: fix ts_events API timestamp only emitting zero and unbounded scope label cardinality issue. (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20977](https://togithub.com/cilium/cilium/issues/20977), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - operator: do not GC kvstore nodes if CiliumNodes are not available (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21133](https://togithub.com/cilium/cilium/issues/21133), [@​aanm](https://togithub.com/aanm)) - operator: update CiliumNode in kvstore without lease (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21202](https://togithub.com/cilium/cilium/issues/21202), [@​tklauser](https://togithub.com/tklauser)) - pkg/k8s/watcher: fix deadlock crash that occurs when handling endpoint and service updates. (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21093](https://togithub.com/cilium/cilium/issues/21093), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - v1.12: operator: fix key name for delete during k8s->kvstore sync ([#​20984](https://togithub.com/cilium/cilium/issues/20984), [@​tklauser](https://togithub.com/tklauser)) - When systemd-sysctl sets the rp_filter sysctl, tolerate missing lxc_\* / cilium_\* interfaces. (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21146](https://togithub.com/cilium/cilium/issues/21146), [@​julianwiedmann](https://togithub.com/julianwiedmann)) **CI Changes:** - \[v1.12] vagrant: Bump 4.9 Vagrant box (Linux 4.9.326, to fix a kernel bug) ([#​21260](https://togithub.com/cilium/cilium/issues/21260), [@​tklauser](https://togithub.com/tklauser)) - backport v1.12: test: Switch Kind image ([#​20918](https://togithub.com/cilium/cilium/issues/20918), [@​brb](https://togithub.com/brb)) - gh/workflows: stop using ubuntu-18.04 runner (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​21015](https://togithub.com/cilium/cilium/issues/21015), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21220](https://togithub.com/cilium/cilium/issues/21220), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21220](https://togithub.com/cilium/cilium/issues/21220), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Update wrk2 repository ([#​21157](https://togithub.com/cilium/cilium/issues/21157), [@​michi-covalent](https://togithub.com/michi-covalent)) **Misc Changes:** - Add ArgoCD issues notes in the official documentation (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20313](https://togithub.com/cilium/cilium/issues/20313), [@​Kikiodazie](https://togithub.com/Kikiodazie)) - add kvstore TTL flag in cilium-operator (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21006](https://togithub.com/cilium/cilium/issues/21006), [@​NikhilSharmaWe](https://togithub.com/NikhilSharmaWe)) - build(deps): bump 8398a7/action-slack from 3.13.0 to 3.13.2 ([#​21035](https://togithub.com/cilium/cilium/issues/21035), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump actions/cache from 3.0.7 to 3.0.8 ([#​21029](https://togithub.com/cilium/cilium/issues/21029), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump actions/setup-go from 3.2.1 to 3.3.0 ([#​21048](https://togithub.com/cilium/cilium/issues/21048), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.18 to 2.1.19 ([#​20989](https://togithub.com/cilium/cilium/issues/20989), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.19 to 2.1.20 ([#​21030](https://togithub.com/cilium/cilium/issues/21030), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.20 to 2.1.21 ([#​21092](https://togithub.com/cilium/cilium/issues/21092), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.21 to 2.1.22 ([#​21173](https://togithub.com/cilium/cilium/issues/21173), [@​dependabot](https://togithub.com/dependabot)\[bot]) - Change message for the status of the policy enforcement in CEPs to be more accurate. (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21003](https://togithub.com/cilium/cilium/issues/21003), [@​aanm](https://togithub.com/aanm)) - Coalesce of health endpoint CIDRs (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​20848](https://togithub.com/cilium/cilium/issues/20848), [@​dezmodue](https://togithub.com/dezmodue)) - docs(bandwidth-manager): add note on per-pod limits (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20916](https://togithub.com/cilium/cilium/issues/20916), [@​raphink](https://togithub.com/raphink)) - docs: Add available options for Ingress Controller annotations (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20973](https://togithub.com/cilium/cilium/issues/20973), [@​NikhilSharmaWe](https://togithub.com/NikhilSharmaWe)) - docs: Added `Default` column in metrics details (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20255](https://togithub.com/cilium/cilium/issues/20255), [@​kanurag94](https://togithub.com/kanurag94)) - docs: fix check-crd-compat-table script (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21208](https://togithub.com/cilium/cilium/issues/21208), [@​aanm](https://togithub.com/aanm)) - docs: second set of video contents added (Backport PR [#​21053](https://togithub.com/cilium/cilium/issues/21053), Upstream PR [#​20623](https://togithub.com/cilium/cilium/issues/20623), [@​Kikiodazie](https://togithub.com/Kikiodazie)) - docs: Switch to our own fork of sphinxcontrib-openapi (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20868](https://togithub.com/cilium/cilium/issues/20868), [@​qmonnet](https://togithub.com/qmonnet)) - docs: Update ToServices docs section (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21052](https://togithub.com/cilium/cilium/issues/21052), [@​joestringer](https://togithub.com/joestringer)) - Document existing FQDN metrics (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20516](https://togithub.com/cilium/cilium/issues/20516), [@​christarazi](https://togithub.com/christarazi)) - Document per-endpoint route requirement in aws-cni Helm snippet (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21276](https://togithub.com/cilium/cilium/issues/21276), [@​ti-mo](https://togithub.com/ti-mo)) - EgressGW: make logging less verbose (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21115](https://togithub.com/cilium/cilium/issues/21115), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Expand documentation around CODEOWNERS and review expectations (Backport PR [#​21292](https://togithub.com/cilium/cilium/issues/21292), Upstream PR [#​21057](https://togithub.com/cilium/cilium/issues/21057), [@​joestringer](https://togithub.com/joestringer)) - filter out pod labels from synchronizing with cilium endpoint labels (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21135](https://togithub.com/cilium/cilium/issues/21135), [@​NikhilSharmaWe](https://togithub.com/NikhilSharmaWe)) - Highlight Non-Overlapping Functionality Between K8s and Cilium Network Policies (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21001](https://togithub.com/cilium/cilium/issues/21001), [@​nathanjsweet](https://togithub.com/nathanjsweet)) - Improve CRD schema update automation during release process (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20875](https://togithub.com/cilium/cilium/issues/20875), [@​joestringer](https://togithub.com/joestringer)) - kubectl get cep returns empty columns of policies statuses (Backport PR [#​20940](https://togithub.com/cilium/cilium/issues/20940), Upstream PR [#​20548](https://togithub.com/cilium/cilium/issues/20548), [@​romanspb80](https://togithub.com/romanspb80)) - metallb: bump to latest metallb version (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21131](https://togithub.com/cilium/cilium/issues/21131), [@​ldelossa](https://togithub.com/ldelossa)) - pkg/bgpv1/annotations: Optimize annotations Errors (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​20819](https://togithub.com/cilium/cilium/issues/20819), [@​MikeLing](https://togithub.com/MikeLing)) - pkg/nodediscovery: protect variable against concurrent access (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21086](https://togithub.com/cilium/cilium/issues/21086), [@​aanm](https://togithub.com/aanm)) - Spring cleaning for the contributor guide (Backport PR [#​21122](https://togithub.com/cilium/cilium/issues/21122), Upstream PR [#​21056](https://togithub.com/cilium/cilium/issues/21056), [@​joestringer](https://togithub.com/joestringer)) - test: update k8s versions to the latest patched releases ([#​21102](https://togithub.com/cilium/cilium/issues/21102), [@​aanm](https://togithub.com/aanm)) - Use pod Deployment name as workload name for flow workload field (Backport PR [#​21225](https://togithub.com/cilium/cilium/issues/21225), Upstream PR [#​21124](https://togithub.com/cilium/cilium/issues/21124), [@​chancez](https://togithub.com/chancez)) - v1.12: Update Go to 1.18.6 ([#​21228](https://togithub.com/cilium/cilium/issues/21228), [@​tklauser](https://togithub.com/tklauser)) **Other Changes:** - install: Update image digests for v1.12.1 ([#​20928](https://togithub.com/cilium/cilium/issues/20928), [@​joestringer](https://togithub.com/joestringer)) #### Docker Manifests ##### cilium `docker.io/cilium/cilium:v1.12.2@​sha256:986f8b04cfdb35cf714701e58e35da0ee63da2b8a048ab596ccb49de58d5ba36` `quay.io/cilium/cilium:v1.12.2@​sha256:986f8b04cfdb35cf714701e58e35da0ee63da2b8a048ab596ccb49de58d5ba36` `docker.io/cilium/cilium:stable@sha256:986f8b04cfdb35cf714701e58e35da0ee63da2b8a048ab596ccb49de58d5ba36` `quay.io/cilium/cilium:stable@sha256:986f8b04cfdb35cf714701e58e35da0ee63da2b8a048ab596ccb49de58d5ba36` ##### clustermesh-apiserver `docker.io/cilium/clustermesh-apiserver:v1.12.2@​sha256:9068b861e468a8d53421673aa9a6b576f91a5574a030b2af236c973d63c81747` `quay.io/cilium/clustermesh-apiserver:v1.12.2@​sha256:9068b861e468a8d53421673aa9a6b576f91a5574a030b2af236c973d63c81747` `docker.io/cilium/clustermesh-apiserver:stable@sha256:9068b861e468a8d53421673aa9a6b576f91a5574a030b2af236c973d63c81747` `quay.io/cilium/clustermesh-apiserver:stable@sha256:9068b861e468a8d53421673aa9a6b576f91a5574a030b2af236c973d63c81747` ##### docker-plugin `docker.io/cilium/docker-plugin:v1.12.2@​sha256:448fde6771bb98eb2d9bb6516d4ba1f12143c1eb4656e8a6ab129241281f9ed3` `quay.io/cilium/docker-plugin:v1.12.2@​sha256:448fde6771bb98eb2d9bb6516d4ba1f12143c1eb4656e8a6ab129241281f9ed3` `docker.io/cilium/docker-plugin:stable@sha256:448fde6771bb98eb2d9bb6516d4ba1f12143c1eb4656e8a6ab129241281f9ed3` `quay.io/cilium/docker-plugin:stable@sha256:448fde6771bb98eb2d9bb6516d4ba1f12143c1eb4656e8a6ab129241281f9ed3` ##### hubble-relay `docker.io/cilium/hubble-relay:v1.12.2@​sha256:6f3496c28f23542f2645d614c0a9e79e3b0ae2732080da794db41c33e4379e5c` `quay.io/cilium/hubble-relay:v1.12.2@​sha256:6f3496c28f23542f2645d614c0a9e79e3b0ae2732080da794db41c33e4379e5c` `docker.io/cilium/hubble-relay:stable@sha256:6f3496c28f23542f2645d614c0a9e79e3b0ae2732080da794db41c33e4379e5c` `quay.io/cilium/hubble-relay:stable@sha256:6f3496c28f23542f2645d614c0a9e79e3b0ae2732080da794db41c33e4379e5c` ##### operator-alibabacloud `docker.io/cilium/operator-alibabacloud:v1.12.2@​sha256:8c5d6fd3eb1e9a664ceb5e60af34e7b3f6c78a7c5655a1601437641ddf5729ea` `quay.io/cilium/operator-alibabacloud:v1.12.2@​sha256:8c5d6fd3eb1e9a664ceb5e60af34e7b3f6c78a7c5655a1601437641ddf5729ea` `docker.io/cilium/operator-alibabacloud:stable@sha256:8c5d6fd3eb1e9a664ceb5e60af34e7b3f6c78a7c5655a1601437641ddf5729ea` `quay.io/cilium/operator-alibabacloud:stable@sha256:8c5d6fd3eb1e9a664ceb5e60af34e7b3f6c78a7c5655a1601437641ddf5729ea` ##### operator-aws `docker.io/cilium/operator-aws:v1.12.2@​sha256:ad1f7599aa02e5a3917d8519ab20ca645af5aaf0f47dfabea81428838065d875` `quay.io/cilium/operator-aws:v1.12.2@​sha256:ad1f7599aa02e5a3917d8519ab20ca645af5aaf0f47dfabea81428838065d875` `docker.io/cilium/operator-aws:stable@sha256:ad1f7599aa02e5a3917d8519ab20ca645af5aaf0f47dfabea81428838065d875` `quay.io/cilium/operator-aws:stable@sha256:ad1f7599aa02e5a3917d8519ab20ca645af5aaf0f47dfabea81428838065d875` ##### operator-azure `docker.io/cilium/operator-azure:v1.12.2@​sha256:7c33597aa928aade697a7acb382eccd2af4147ddc9e29858c21356a1d4884d0a` `quay.io/cilium/operator-azure:v1.12.2@​sha256:7c33597aa928aade697a7acb382eccd2af4147ddc9e29858c21356a1d4884d0a` `docker.io/cilium/operator-azure:stable@sha256:7c33597aa928aade697a7acb382eccd2af4147ddc9e29858c21356a1d4884d0a` `quay.io/cilium/operator-azure:stable@sha256:7c33597aa928aade697a7acb382eccd2af4147ddc9e29858c21356a1d4884d0a` ##### operator-generic `docker.io/cilium/operator-generic:v1.12.2@​sha256:00508f78dae5412161fa40ee30069c2802aef20f7bdd20e91423103ba8c0df6e` `quay.io/cilium/operator-generic:v1.12.2@​sha256:00508f78dae5412161fa40ee30069c2802aef20f7bdd20e91423103ba8c0df6e` `docker.io/cilium/operator-generic:stable@sha256:00508f78dae5412161fa40ee30069c2802aef20f7bdd20e91423103ba8c0df6e` `quay.io/cilium/operator-generic:stable@sha256:00508f78dae5412161fa40ee30069c2802aef20f7bdd20e91423103ba8c0df6e` ##### operator `docker.io/cilium/operator:v1.12.2@​sha256:ca075c8fed919ac5f78e6859783ec60fdcf0e57e9a8739489f2c914c0a3dffd3` `quay.io/cilium/operator:v1.12.2@​sha256:ca075c8fed919ac5f78e6859783ec60fdcf0e57e9a8739489f2c914c0a3dffd3` `docker.io/cilium/operator:stable@sha256:ca075c8fed919ac5f78e6859783ec60fdcf0e57e9a8739489f2c914c0a3dffd3` `quay.io/cilium/operator:stable@sha256:ca075c8fed919ac5f78e6859783ec60fdcf0e57e9a8739489f2c914c0a3dffd3` ### [`v1.12.1`](https://togithub.com/cilium/cilium/releases/tag/v1.12.1) [Compare Source](https://togithub.com/cilium/cilium/compare/v1.12.0...v1.12.1) We are pleased to release Cilium v1.12.1. This release fixes a moderate severity security issue [GHSA-pfhr-pccp-hwmh](https://togithub.com/cilium/cilium/security/advisories/GHSA-pfhr-pccp-hwmh), adds websockets support for Ingress, and fixes a range of bugs that have been recently reported in the community. See the notes below for a full description of the changes. ## Summary of Changes **Minor Changes:** - envoy: Bump envoy version to 1.21.5 (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20771](https://togithub.com/cilium/cilium/issues/20771), [@​sayboras](https://togithub.com/sayboras)) - fqdn/metrics: Fix ProxyUpstreamTime error=timeout (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20752](https://togithub.com/cilium/cilium/issues/20752), [@​joestringer](https://togithub.com/joestringer)) - ingress: add websockets configuration (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20814](https://togithub.com/cilium/cilium/issues/20814), [@​nikhiljha](https://togithub.com/nikhiljha)) - Remove check on intSlice type from config map validation (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20638](https://togithub.com/cilium/cilium/issues/20638), [@​pippolo84](https://togithub.com/pippolo84)) - Remove IPVLAN support following the deprecation in v1.11. (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20453](https://togithub.com/cilium/cilium/issues/20453), [@​pchaigno](https://togithub.com/pchaigno)) **Bugfixes:** - Add EndpointSlice support for clustermesh-apiserver (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20697](https://togithub.com/cilium/cilium/issues/20697), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bpf: Add send_trace_notify hook for redirect_direct\_{v4,v6} (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20479](https://togithub.com/cilium/cilium/issues/20479), [@​qmonnet](https://togithub.com/qmonnet)) - Ensure that Cilium CNI in delegated-plugin IPAM mode avoids leaking IPs even when the network namespace has been deleted. (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20630](https://togithub.com/cilium/cilium/issues/20630), [@​wedaly](https://togithub.com/wedaly)) - Fix bug where Cilium would crash on startup with an error about being unable to delete iptables rules. (Backport PR [#​20890](https://togithub.com/cilium/cilium/issues/20890), Upstream PR [#​20885](https://togithub.com/cilium/cilium/issues/20885), [@​jibi](https://togithub.com/jibi)) - Fix bug where network policies that select namespace labels may incorrectly select identities ([Advisory](https://togithub.com/cilium/cilium/security/advisories/GHSA-pfhr-pccp-hwmh), commit [`2494ce4`](https://togithub.com/cilium/cilium/commit/2494ce4dca59)) - Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20721](https://togithub.com/cilium/cilium/issues/20721), [@​joestringer](https://togithub.com/joestringer)) - Fix ineffective post-start hook in ENI mode (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20741](https://togithub.com/cilium/cilium/issues/20741), [@​bmcustodio](https://togithub.com/bmcustodio)) - fix k8s latency metrics label cardinality (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20831](https://togithub.com/cilium/cilium/issues/20831), [@​aanm](https://togithub.com/aanm)) - Fix parsing of string map command line options when more than one separator is present. (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20673](https://togithub.com/cilium/cilium/issues/20673), [@​tklauser](https://togithub.com/tklauser)) - Fix regression with cilium-health-probe controller in IPv6-only clusters (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20849](https://togithub.com/cilium/cilium/issues/20849), [@​aanm](https://togithub.com/aanm)) - helm: Guard apply sysctl init container (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20643](https://togithub.com/cilium/cilium/issues/20643), [@​sayboras](https://togithub.com/sayboras)) - helm: Set KPR default to "disabled" for >= 1.12 (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20610](https://togithub.com/cilium/cilium/issues/20610), [@​brb](https://togithub.com/brb)) - Helm: Use the correct operator.dnsPolicy value for the operator deployment template (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20844](https://togithub.com/cilium/cilium/issues/20844), [@​michi-covalent](https://togithub.com/michi-covalent)) - ipcache/kvstore: fix panic when processing ip= entries (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20706](https://togithub.com/cilium/cilium/issues/20706), [@​ArthurChiao](https://togithub.com/ArthurChiao)) - iptables: handle case where kernel IPv6 support is disabled (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20680](https://togithub.com/cilium/cilium/issues/20680), [@​jibi](https://togithub.com/jibi)) - Optimize Eni update latency after new eni created (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20609](https://togithub.com/cilium/cilium/issues/20609), [@​wu0407](https://togithub.com/wu0407)) **CI Changes:** - CI: Enable IPv6 in the L4LB suite (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20821](https://togithub.com/cilium/cilium/issues/20821), [@​brb](https://togithub.com/brb)) - ci: fix code changes detection on `push` events (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20685](https://togithub.com/cilium/cilium/issues/20685), [@​nbusseneau](https://togithub.com/nbusseneau)) - ci: pick up cilium-cli v0.12.0 for master, v1.11 and v1.12 workflows (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20617](https://togithub.com/cilium/cilium/issues/20617), [@​tklauser](https://togithub.com/tklauser)) **Misc Changes:** - build(deps): bump actions/cache from 3.0.5 to 3.0.6 ([#​20806](https://togithub.com/cilium/cilium/issues/20806), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump actions/cache from 3.0.6 to 3.0.7 ([#​20873](https://togithub.com/cilium/cilium/issues/20873), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 ([#​20590](https://togithub.com/cilium/cilium/issues/20590), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 ([#​20804](https://togithub.com/cilium/cilium/issues/20804), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 ([#​20710](https://togithub.com/cilium/cilium/issues/20710), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 ([#​20785](https://togithub.com/cilium/cilium/issues/20785), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump KyleMayes/install-llvm-action from 1.5.3 to 1.5.4 ([#​20578](https://togithub.com/cilium/cilium/issues/20578), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump library/alpine from 3.16.0 to 3.16.1 in /images/cache ([#​20588](https://togithub.com/cilium/cilium/issues/20588), [@​dependabot](https://togithub.com/dependabot)\[bot]) - build(deps): bump library/alpine from 3.16.1 to 3.16.2 in /images/cache ([#​20857](https://togithub.com/cilium/cilium/issues/20857), [@​dependabot](https://togithub.com/dependabot)\[bot]) - CHANGELOG: fix v1.12.0 changelog ([#​20696](https://togithub.com/cilium/cilium/issues/20696), [@​aanm](https://togithub.com/aanm)) - cilium-cni: don't set interface link up twice (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20674](https://togithub.com/cilium/cilium/issues/20674), [@​tklauser](https://togithub.com/tklauser)) - clean up IPVLAN leftover code in setupBaseDevice() (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20608](https://togithub.com/cilium/cilium/issues/20608), [@​vincentmli](https://togithub.com/vincentmli)) - Consider `$GO` environment variable `make precheck` checks (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20750](https://togithub.com/cilium/cilium/issues/20750), [@​tklauser](https://togithub.com/tklauser)) - contrib: Add CRD generation to release process (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20564](https://togithub.com/cilium/cilium/issues/20564), [@​joestringer](https://togithub.com/joestringer)) - daemon: Improve dnsproxy error when EP not found (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20649](https://togithub.com/cilium/cilium/issues/20649), [@​joestringer](https://togithub.com/joestringer)) - doc: clarify CentOS 7 third-part kernel upgrade and Cilium advance features kernel config requirements (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20605](https://togithub.com/cilium/cilium/issues/20605), [@​vincentmli](https://togithub.com/vincentmli)) - docs: Add required ec2:DescribeInstances when instance-tags-filter is used (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20703](https://togithub.com/cilium/cilium/issues/20703), [@​lht](https://togithub.com/lht)) - docs: Clarify identity table for reserved identities (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20832](https://togithub.com/cilium/cilium/issues/20832), [@​joestringer](https://togithub.com/joestringer)) - docs: correct IPAM mode name in BGP control plane installation docs (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20758](https://togithub.com/cilium/cilium/issues/20758), [@​tklauser](https://togithub.com/tklauser)) - docs: Update clustermesh troubleshooting with more details (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20260](https://togithub.com/cilium/cilium/issues/20260), [@​sayboras](https://togithub.com/sayboras)) - docs: update etcd kvstore migration instructions (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20624](https://togithub.com/cilium/cilium/issues/20624), [@​hhoover](https://togithub.com/hhoover)) - docs: Update Helm values (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20716](https://togithub.com/cilium/cilium/issues/20716), [@​qmonnet](https://togithub.com/qmonnet)) - docs: update the version specific notes table for v1.12 release (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20669](https://togithub.com/cilium/cilium/issues/20669), [@​tklauser](https://togithub.com/tklauser)) - Fix `subnet_id` label value being empty in IP allocation and interface creation in ENI IPAM metrics (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20449](https://togithub.com/cilium/cilium/issues/20449), [@​wu0407](https://togithub.com/wu0407)) - Fix complaint about nil IP address on restore of cilium_host (Backport PR [#​20867](https://togithub.com/cilium/cilium/issues/20867), Upstream PR [#​20734](https://togithub.com/cilium/cilium/issues/20734), [@​christarazi](https://togithub.com/christarazi)) - hubble-ui: release v0.9.1 (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20572](https://togithub.com/cilium/cilium/issues/20572), [@​geakstr](https://togithub.com/geakstr)) - ipcache: Fix lock leak (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20833](https://togithub.com/cilium/cilium/issues/20833), [@​joestringer](https://togithub.com/joestringer)) - maglev: Don't populate v4 inner table upon nat46 service (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20648](https://togithub.com/cilium/cilium/issues/20648), [@​borkmann](https://togithub.com/borkmann)) - pkg/k8s: set the right IP addresses in log messages (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20757](https://togithub.com/cilium/cilium/issues/20757), [@​aanm](https://togithub.com/aanm)) - Reduce the vtep route log noise and avoid cilium_vtep_map symbol substitution warning log (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20532](https://togithub.com/cilium/cilium/issues/20532), [@​vincentmli](https://togithub.com/vincentmli)) - Remove completed items from Service Mesh Roadmap (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20635](https://togithub.com/cilium/cilium/issues/20635), [@​margamanterola](https://togithub.com/margamanterola)) - Revert "Revert "doc: update the api spec for fqdn egress policies cod… (Backport PR [#​20851](https://togithub.com/cilium/cilium/issues/20851), Upstream PR [#​20744](https://togithub.com/cilium/cilium/issues/20744), [@​aanm](https://togithub.com/aanm)) - v1.12: Update Go to 1.18.5 ([#​20746](https://togithub.com/cilium/cilium/issues/20746), [@​tklauser](https://togithub.com/tklauser)) - vtep skip symbol substituation cilium_vtep_map (Backport PR [#​20656](https://togithub.com/cilium/cilium/issues/20656), Upstream PR [#​20589](https://togithub.com/cilium/cilium/issues/20589), [@​vincentmli](https://togithub.com/vincentmli)) **Other Changes:** - install: Update image digests for v1.12.0 ([#​20581](https://togithub.com/cilium/cilium/issues/20581), [@​aanm](https://togithub.com/aanm)) #### Docker Manifests ##### cilium `docker.io/cilium/cilium:v1.12.1@​sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b` `quay.io/cilium/cilium:v1.12.1@​sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b` `docker.io/cilium/cilium:stable@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b` `quay.io/cilium/cilium:stable@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b` ##### clustermesh-apiserver `docker.io/cilium/clustermesh-apiserver:v1.12.1@​sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f` `quay.io/cilium/clustermesh-apiserver:v1.12.1@​sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f` `docker.io/cilium/clustermesh-apiserver:stable@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f` `quay.io/cilium/clustermesh-apiserver:stable@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f` ##### docker-plugin `docker.io/cilium/docker-plugin:v1.12.1@​sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a` `quay.io/cilium/docker-plugin:v1.12.1@​sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a` `docker.io/cilium/docker-plugin:stable@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a` `quay.io/cilium/docker-plugin:stable@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a` ##### hubble-relay `docker.io/cilium/hubble-relay:v1.12.1@​sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1` `quay.io/cilium/hubble-relay:v1.12.1@​sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1` `docker.io/cilium/hubble-relay:stable@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1` `quay.io/cilium/hubble-relay:stable@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1` ##### operator-alibabacloud `docker.io/cilium/operator-alibabacloud:v1.12.1@​sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58` `quay.io/cilium/operator-alibabacloud:v1.12.1@​sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58` `docker.io/cilium/operator-alibabacloud:stable@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58` `quay.io/cilium/operator-alibabacloud:stable@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58` ##### operator-aws `docker.io/cilium/operator-aws:v1.12.1@​sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3` `quay.io/cilium/operator-aws:v1.12.1@​sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3` `docker.io/cilium/operator-aws:stable@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3` `quay.io/cilium/operator-aws:stable@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3` ##### operator-azure `docker.io/cilium/operator-azure:v1.12.1@​sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac` `quay.io/cilium/operator-azure:v1.12.1@​sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac` `docker.io/cilium/operator-azure:stable@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac` `quay.io/cilium/operator-azure:stable@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac` ##### operator-generic `docker.io/cilium/operator-generic:v1.12.1@​sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1` `quay.io/cilium/operator-generic:v1.12.1@​sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1` `docker.io/cilium/operator-generic:stable@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1` `quay.io/cilium/operator-generic:stable@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1` ##### operator `docker.io/cilium/operator:v1.12.1@​sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82` `quay.io/cilium/operator:v1.12.1@​sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82` `docker.io/cilium/operator:stable@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82` `quay.io/cilium/operator:stable@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82` ### [`v1.12.0`](https://togithub.com/cilium/cilium/releases/tag/v1.12.0) [Compare Source](https://togithub.com/cilium/cilium/compare/v1.11.9...v1.12.0) The Cilium core team are excited to announce the Cilium 1.12 release. :tada: :sparkles: **Release Highlights** - New Integrated Ingress Controller - Cilium Service Mesh (Multi control plane, sidecar/sidecar-free, Envoy CRD) - Multi-Cluster Service Affinity, Connecting clusters with Helm, Lightweight cluster support - Stable Egress Gateway, NAT46 for Services, Quarantine service backends - Dynamic Allocation of PodCIDRs, AWS ENI prefix delegation, IPv6 for BGP, BBR - Automatic Helm Values, AKS BYOCNI, Improved Chaining, Hubble CLI Improvements ## Summary of Changes **Major Changes:** - Add cilium ingress controller implementation ([#​18867](https://togithub.com/cilium/cilium/issues/18867), [@​sayboras](https://togithub.com/sayboras)) - Add integration for external VXLAN Tunnel Endpoint devices ([#​17370](https://togithub.com/cilium/cilium/issues/17370), [@​vincentmli](https://togithub.com/vincentmli)) - Add support for CiliumEnvoyConfig CRD. ([#​18894](https://togithub.com/cilium/cilium/issues/18894), [@​michi-covalent](https://togithub.com/michi-covalent)) - Add support for enabling BBR congestion control for Pods, and move bandwidth manager out of beta. ([#​19287](https://togithub.com/cilium/cilium/issues/19287), [@​borkmann](https://togithub.com/borkmann)) - Add support for Kubernetes v1.24.0 ([#​19545](https://togithub.com/cilium/cilium/issues/19545), [@​aanm](https://togithub.com/aanm)) - Adding support for AWS ENI prefix delegation - IPv4 Only ([#​18463](https://togithub.com/cilium/cilium/issues/18463), [@​hemanthmalla](https://togithub.com/hemanthmalla)) - Cilium: initial NAT46/64 implementation ([#​18779](https://togithub.com/cilium/cilium/issues/18779), [@​borkmann](https://togithub.com/borkmann)) - Delegated IPAM plugin ([#​19219](https://togithub.com/cilium/cilium/issues/19219), [@​wedaly](https://togithub.com/wedaly)) - Enables ICMP network policy function by default ([#​20174](https://togithub.com/cilium/cilium/issues/20174), [@​chez-shanpu](https://togithub.com/chez-shanpu)) - Implementation of a GoBGP backed BGP control plane. ([#​18860](https://togithub.com/cilium/cilium/issues/18860), [@​ldelossa](https://togithub.com/ldelossa)) - Promote egress gateway to stable ([#​19320](https://togithub.com/cilium/cilium/issues/19320), [@​jibi](https://togithub.com/jibi)) - Support dynamic allocation of pod CIDRs in cluster pool v2 IPAM mode ([#​18887](https://togithub.com/cilium/cilium/issues/18887), [@​gandro](https://togithub.com/gandro)) - Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. ([#​18814](https://togithub.com/cilium/cilium/issues/18814), [@​aditighag](https://togithub.com/aditighag)) **Minor Changes:** - add an option to wait for kube-proxy (Backport PR [#​20563](https://togithub.com/cilium/cilium/issues/20563), Upstream PR [#​20517](https://togithub.com/cilium/cilium/issues/20517), [@​michi-covalent](https://togithub.com/michi-covalent)) - Add emptyDir volume for frontend container of hubble-ui ([#​20027](https://togithub.com/cilium/cilium/issues/20027), [@​mkilchhofer](https://togithub.com/mkilchhofer)) - Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR [#​20534](https://togithub.com/cilium/cilium/issues/20534), Upstream PR [#​20491](https://togithub.com/cilium/cilium/issues/20491), [@​rahulkjoshi](https://togithub.com/rahulkjoshi)) - Add Prometheus gRPC metrics for hubble and hubble-relay (Backport PR [#​20519](https://togithub.com/cilium/cilium/issues/20519), Upstream PR [#​20376](https://togithub.com/cilium/cilium/issues/20376), [@​chancez](https://togithub.com/chancez)) - Add source filter for the cilium fqdn cache list command ([#​19980](https://togithub.com/cilium/cilium/issues/19980), [@​ungureanuvladvictor](https://togithub.com/ungureanuvladvictor)) - Add support for aws-cni chaining in IPv6 EKS clusters ([#​18522](https://togithub.com/cilium/cilium/issues/18522), [@​mKeRix](https://togithub.com/mKeRix)) - Add support for disabling ENI PD at node level (Backport PR [#​20401](https://togithub.com/cilium/cilium/issues/20401), Upstream PR [#​20308](https://togithub.com/cilium/cilium/issues/20308), [@​hemanthmalla](https://togithub.com/hemanthmalla)) - Add support for getting earliest events from Observer API ([#​19819](https://togithub.com/cilium/cilium/issues/19819), [@​chancez](https://togithub.com/chancez)) - Add support for L7 policies with VTEP integration ([#​19473](https://togithub.com/cilium/cilium/issues/19473), [@​vincentmli](https://togithub.com/vincentmli)) - Add support to opt-in for using ENI's primary IP for allocations ([#​20050](https://togithub.com/cilium/cilium/issues/20050), [@​hemanthmalla](https://togithub.com/hemanthmalla)) - Add unreachable route for pod IP on deletion ([#​18505](https://togithub.com/cilium/cilium/issues/18505), [@​lbernail](https://togithub.com/lbernail)) - Align values.yaml with templates ([#​17243](https://togithub.com/cilium/cilium/issues/17243), [@​dungdm93](https://togithub.com/dungdm93)) - Allow unloading DNS policy rules on graceful shutdown ([#​18701](https://togithub.com/cilium/cilium/issues/18701), [@​tklauser](https://togithub.com/tklauser)) - api,cli: add identity range in status response & cli output ([#​18152](https://togithub.com/cilium/cilium/issues/18152), [@​ArthurChiao](https://togithub.com/ArthurChiao)) - api: Add cni chaining status in status API. ([#​18345](https://togithub.com/cilium/cilium/issues/18345), [@​sayboras](https://togithub.com/sayboras)) - AWS EC2 Instance tag filter ([#​19181](https://togithub.com/cilium/cilium/issues/19181), [@​prune998](https://togithub.com/prune998)) - aws: Add ability to mark ENIs as unmanaged ([#​19096](https://togithub.com/cilium/cilium/issues/19096), [@​gandro](https://togithub.com/gandro)) - bgp: Check the Condition.Ready field when adding ready endpoints ([#​20176](https://togithub.com/cilium/cilium/issues/20176), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - bpf, Hubble: Add `is_reply` information (when available) at the `TO_OVERLAY` observability point ([#​19185](https://togithub.com/cilium/cilium/issues/19185), [@​qmonnet](https://togithub.com/qmonnet)) - CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key. (Backport PR [#​20534](https://togithub.com/cilium/cilium/issues/20534), Upstream PR [#​20458](https://togithub.com/cilium/cilium/issues/20458), [@​jrajahalme](https://togithub.com/jrajahalme)) - Change default prometheus ports to new reserved Cilium ports ([#​20156](https://togithub.com/cilium/cilium/issues/20156), [@​knfoo](https://togithub.com/knfoo)) - Cilium Istio integration is updated to Istio release 1.10.6 (Backport PR [#​20519](https://togithub.com/cilium/cilium/issues/20519), Upstream PR [#​18384](https://togithub.com/cilium/cilium/issues/18384), [@​jrajahalme](https://togithub.com/jrajahalme)) - cli/metrics: Sort label in metrics list command ([#​18455](https://togithub.com/cilium/cilium/issues/18455), [@​sayboras](https://togithub.com/sayboras)) - clustermesh: Add support for service-affinity ([#​19521](https://togithub.com/cilium/cilium/issues/19521), [@​sayboras](https://togithub.com/sayboras)) - clustermesh: added new command-line options k8s-kubeconfig-path and clustermesh-health-port ([#​18803](https://togithub.com/cilium/cilium/issues/18803), [@​abocim](https://togithub.com/abocim)) - daemon: add support for IPv6 native routing CIDR ([#​17332](https://togithub.com/cilium/cilium/issues/17332), [@​jibi](https://togithub.com/jibi)) - daemon: Don't auto disable session affinity (Backport PR [#​20519](https://togithub.com/cilium/cilium/issues/20519), Upstream PR [#​16179](https://togithub.com/cilium/cilium/issues/16179), [@​brb](https://togithub.com/brb)) - daemon: Rename host-reachable services to socket LB (Backport PR [#​20534](https://togithub.com/cilium/cilium/issues/20534), Upstream PR [#​20369](https://togithub.com/cilium/cilium/issues/20369), [@​brb](https://togithub.com/brb)) - daemon: Split --bpf-lb-map-max into multiple options ([#​19326](https://togithub.com/cilium/cilium/issues/19326), [@​koncha99](https://togithub.com/koncha99)) - daemon: Support the wildcard option for directRoutingDevice ([#​17930](https://togithub.com/cilium/cilium/issues/17930), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - datapath: make tc filter priority configurable ([#​18896](https://togithub.com/cilium/cilium/issues/18896), [@​intel-dlanders](https://togithub.com/intel-dlanders)) - datapath: Remove !CONNTRACK ([#​18502](https://togithub.com/cilium/cilium/issues/18502), [@​brb](https://togithub.com/brb)) - datapath: Remove !CONNTRACK (v2) ([#​18551](https://togithub.com/cilium/cilium/issues/18551), [@​brb](https://togithub.com/brb)) - docs: Update alibabacloud RAM permission requirements ([#​19077](https://togithub.com/cilium/cilium/issues/19077), [@​jaffcheng](https://togithub.com/jaffcheng)) - Dynamic Per Resource Timeouts ([#​19991](https://togithub.com/cilium/cilium/issues/19991), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - egressgw: emit a warning rather than a fatal error when L7 proxy is enabled ([#​19608](https://togithub.com/cilium/cilium/issues/19608), [@​jibi](https://togithub.com/jibi)) - Enable VTEP integration dynamic ARP resolution for Cilium-managed pod ([#​18758](https://togithub.com/cilium/cilium/issues/18758), [@​vincentmli](https://togithub.com/vincentmli)) - Envoy upstream connections no longer use the original source address for any destination associated with a CIDR or toFQDNs policy. ([#​19255](https://togithub.com/cilium/cilium/issues/19255), [@​jrajahalme](https://togithub.com/jrajahalme)) - feat(helm): allow to set Hubble Relay and UI service type and nodePort ([#​19450](https://togithub.com/cilium/cilium/issues/19450), [@​raphink](https://togithub.com/raphink)) - Fix an issue where PodDisruptionBudgets were not created by the Helm chart ([#​18317](https://togithub.com/cilium/cilium/issues/18317), [@​lic17](https://togithub.com/lic17)) - helm: Add bpf-root configuration value in helms ([#​18335](https://togithub.com/cilium/cilium/issues/18335), [@​sayboras](https://togithub.com/sayboras)) - helm: add description for some Helm values ([#​19658](https://togithub.com/cilium/cilium/issues/19658), [@​my-git9](https://togithub.com/my-git9)) - helm: Create cilium IngressClass ([#​19524](https://togithub.com/cilium/cilium/issues/19524), [@​sayboras](https://togithub.com/sayboras)) - helm: Move tls related helm option to 1.12 in upgrade docs ([#​19089](https://togithub.com/cilium/cilium/issues/19089), [@​sayboras](https://togithub.com/sayboras)) - helm: Remove duplicated key hostAliases (Backport PR [#​20333](https://togithub.com/cilium/cilium/issues/20333), Upstream PR [#​20278](https://togithub.com/cilium/cilium/issues/20278), [@​sayboras](https://togithub.com/sayboras)) - helm: Set Linux nodeSelector for nodeinit and preflight (Backport PR [#​20333](https://togithub.com/cilium/cilium/issues/20333), Upstream PR [#​20216](https://togithub.com/cilium/cilium/issues/20216), [@​gandro](https://togithub.com/gandro)) - helm: support lookup remote CA ([#​17434](https://togithub.com/cilium/cilium/issues/17434), [@​dungdm93](https://togithub.com/dungdm93)) - helm: Upgrade certgen to the latest version v0.1.8 ([#​18607](https://togithub.com/cilium/cilium/issues/18607), [@​sayboras](https://togithub.com/sayboras)) - hubble: Add "flows-to-world" metric to monitor policy decisions on traffic that reaches outside the cluster. ([#​17790](https://togithub.com/cilium/cilium/issues/17790), [@​michi-covalent](https://togithub.com/michi-covalent)) - Improve policy import performance, particularly with CIDR policies ([#​18433](https://togithub.com/cilium/cilium/issues/18433), [@​joestringer](https://togithub.com/joestringer)) - Improve verbosity of drop notification messages. (Backport PR [#​20519](https://togithub.com/cilium/cilium/issues/20519), Upstream PR [#​20387](https://togithub.com/cilium/cilium/issues/20387), [@​aspsk](https://togithub.com/aspsk)) - In the case of recovering the services, cilium will not fail directly on the first service recovery error but will try to recover other services. ([#​18422](https://togithub.com/cilium/cilium/issues/18422), [@​chowmean](https://togithub.com/chowmean)) - ingress: Add SocketOptions configuration ([#​19549](https://togithub.com/cilium/cilium/issues/19549), [@​sayboras](https://togithub.com/sayboras)) - ingress: Avoid plain text TLS secret in CEC ([#​19410](https://togithub.com/cilium/cilium/issues/19410), [@​sayboras](https://togithub.com/sayboras)) - ingress: Fix conformance tests for host-rules and path-rule ([#​19321](https://togithub.com/cilium/cilium/issues/19321), [@​sayboras](https://togithub.com/sayboras)) - ingress: Set max stream duration as 0 ([#​19550](https://togithub.com/cilium/cilium/issues/19550), [@​sayboras](https://togithub.com/sayboras)) - install/kubernetes: Add CAP_IPC_LOCK for mmap ([#​19812](https://togithub.com/cilium/cilium/issues/19812), [@​sayboras](https://togithub.com/sayboras)) - install: add tolerations for the certgen cronjob ([#​18019](https://togithub.com/cilium/cilium/issues/18019), [@​wolffberg](https://togithub.com/wolffberg)) - Introduce a new CRD (CiliumEgressGatewayPolicy) for Egress Gateway configuration. Deprecate the previous CRD (CiliumEgressNATPolicy). ([#​19561](https://togithub.com/cilium/cilium/issues/19561), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - k8s/crds: Allow ingress entity in CNP (Backport PR [#​20563](https://togithub.com/cilium/cilium/issues/20563), Upstream PR [#​20536](https://togithub.com/cilium/cilium/issues/20536), [@​sayboras](https://togithub.com/sayboras)) - Making operator aware of pending pod backlog on nodes for IP allocations ([#​19007](https://togithub.com/cilium/cilium/issues/19007), [@​hemanthmalla](https://togithub.com/hemanthmalla)) - Move the BGP Control Plane to utilize CiliumNode objects. This enable support for IPAM driven PodCIDR announcements. ([#​19872](https://togithub.com/cilium/cilium/issues/19872), [@​ldelossa](https://togithub.com/ldelossa)) - Prefers k8s node IP when picking masquerading IPs ([#​16849](https://togithub.com/cilium/cilium/issues/16849), [@​liuyuan10](https://togithub.com/liuyuan10)) - proxy: Add proxy common http options arguments to agent ([#​19138](https://togithub.com/cilium/cilium/issues/19138), [@​jmcshane](https://togithub.com/jmcshane)) - Remove privileged mode in Cilium's DaemonSet ([#​14446](https://togithub.com/cilium/cilium/issues/14446), [@​aanm](https://togithub.com/aanm)) - Rename bpf.hostRouting to bpf.hostLegacyRouting in ciliumconfig ([#​19064](https://togithub.com/cilium/cilium/issues/19064), [@​chenk008](https://togithub.com/chenk008)) -

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Mend Renovate. View repository job log here.