Cilium - v1.10.10


We are pleased to release Cilium v1.10.10. See below for full notes on changes in this release.

Summary of Changes

Minor Changes:
* Locally allocated identities are now restored during restart, helping avoid transient drops due to identity changes in policies. (Backport PR #19404, Upstream PR #19360, @jrajahalme)

Bugfixes:
* cmd: Fix issue where a ConfigMap value of {} was parsed as map["{}":""]. (Backport PR #19254, Upstream PR #19172, @gandro)
* Fix a bug where a backend pod can be selected by a local redirect policy deployed in a different namespace if the local redirect policy was deployed first. (Backport PR #19254, Upstream PR #19193, @aditighag)
* Fix bug that would cause some pod traffic to leave through the wrong interface if --aws-release-excess-ips is used and masquerading disabled. (Backport PR #19296, Upstream PR #19162, @pchaigno)
* Fix bug where FQDN policy calculation could trigger a deadlock in cilium-agent (Backport PR #19254, Upstream PR #19031, @joestringer)
* Fix bug where the Cilium DNS proxy slows down significantly (and even OOMs) due to lock contention from spawning many goroutines when handling bursty DNS traffic (Backport PR #19416, Upstream PR #19336, @nebril)
* Fixed node init in RKE (Backport PR #19416, Upstream PR #19286, @raphink)
* helm: Removed unnecessary Kubernetes RBAC permissions for cilium-agent (Backport PR #19254, Upstream PR #19053, @nathanjsweet)
* helm: Update Clustermesh-APIServer RBAC permissions for platforms (like Openshift) that have the OwnerReferencesPermissionEnforcement admission controller enabled. (Backport PR #19254, Upstream PR #19071, @nathanjsweet)
* hubble/recorder: Sanitize pcap filename (Backport PR #19254, Upstream PR #18612, @gandro)
* wireguard: Reject duplicate public keys (Backport PR #19416, Upstream PR #19344, @gandro)

CI Changes:
* jenkinsfiles: Update calls to Quay API (Backport PR #19254, Upstream PR #19229, @pchaigno)
* test: Wait until host EP is ready (=regenerated) (Backport PR #19331, Upstream PR #18859, @brb)
* Use docker manifest inspect to wait for images instead of using quay API (Backport PR #19331, Upstream PR #19307, @YutaroHayakawa)
* workflows: Update call to Quay API (Backport PR #19254, Upstream PR #19228, @pchaigno)

Misc Changes:
* Add a 'Limitations' section to 'External Workloads'. (Backport PR #19416, Upstream PR #19366, @bmcustodio)
* add context when return errors during datapath initialization (Backport PR #19254, Upstream PR #18011, @kerthcet)
* build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19272, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19392, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19446, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19324, @dependabot[bot])
* ci: Pin down image for the documentation workflow (Backport PR #19416, Upstream PR #19356, @qmonnet)
* docs: Clarify use of the eni.subnetTagsFilter option (Backport PR #19331, Upstream PR #19276, @gandro)
* envoy: Limit accesslog socket permissions (Backport PR #19416, Upstream PR #19190, @jrajahalme)
* ipcache: Add test asserting out-of-order Kubernetes events (Backport PR #19331, Upstream PR #19258, @christarazi)
* Test runtime cilium in container (take two) (Backport PR #19404, Upstream PR #19310, @jrajahalme)
* test: Fix whitespace in docker-run-cilium (Backport PR #19404, Upstream PR #19358, @jrajahalme)
* vendor: pull in the latest changes from github.com/vishvananda/netlink (Backport PR #19404, Upstream PR #18618, @aditighag)
* wireguard: Fix invalid bits when agent init (Backport PR #19254, Upstream PR #19118, @Junnplus)

Other Changes:
* install: Update image digests for v1.10.9 (#19239, @aanm)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.10@sha256:83bfc1052543e8b1e31f06fa2b5bbd2bd41cc79f264010241fc1994e35281616
quay.io/cilium/cilium:v1.10.10@sha256:83bfc1052543e8b1e31f06fa2b5bbd2bd41cc79f264010241fc1994e35281616

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.10@sha256:e13d41db3f5ee93d8b3abcaa10cc4005522bc797be3d69fc96ac5e03b60c7b11
quay.io/cilium/clustermesh-apiserver:v1.10.10@sha256:e13d41db3f5ee93d8b3abcaa10cc4005522bc797be3d69fc96ac5e03b60c7b11

docker-plugin

docker.io/cilium/docker-plugin:v1.10.10@sha256:cd45b531e97b588d4e8c825cb588611949044db4351dcffeacf92ba2f4208054
quay.io/cilium/docker-plugin:v1.10.10@sha256:cd45b531e97b588d4e8c825cb588611949044db4351dcffeacf92ba2f4208054

hubble-relay

docker.io/cilium/hubble-relay:v1.10.10@sha256:a0769e44299bba301dee08d489f4e2d3b3924916bed985346dcf9fcf10861c8a
quay.io/cilium/hubble-relay:v1.10.10@sha256:a0769e44299bba301dee08d489f4e2d3b3924916bed985346dcf9fcf10861c8a

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.10.10@sha256:6154fcc069700cca6754cff0ee7bf6990bbf4a2865076b5358cb0c70c0043d52
quay.io/cilium/operator-alibabacloud:v1.10.10@sha256:6154fcc069700cca6754cff0ee7bf6990bbf4a2865076b5358cb0c70c0043d52

operator-aws

docker.io/cilium/operator-aws:v1.10.10@sha256:9bc04377606cb57c16f699a5b34dcdd6b6ffc1c4f43f5e6da81015fc16c10edc
quay.io/cilium/operator-aws:v1.10.10@sha256:9bc04377606cb57c16f699a5b34dcdd6b6ffc1c4f43f5e6da81015fc16c10edc

operator-azure

docker.io/cilium/operator-azure:v1.10.10@sha256:6973d45f7255c1791c0502339675a42105b8cbeca1a98634362623433674efe1
quay.io/cilium/operator-azure:v1.10.10@sha256:6973d45f7255c1791c0502339675a42105b8cbeca1a98634362623433674efe1

operator-generic

docker.io/cilium/operator-generic:v1.10.10@sha256:8a317287b6ac8fe0ba4999342c9627dc913e0c1591552164f96d0aadf5d1a740
quay.io/cilium/operator-generic:v1.10.10@sha256:8a317287b6ac8fe0ba4999342c9627dc913e0c1591552164f96d0aadf5d1a740

operator

docker.io/cilium/operator:v1.10.10@sha256:8462f34a9c081126c9281bc637d76b3c7f81668bbb77a4a66a3dda16554915e9
quay.io/cilium/operator:v1.10.10@sha256:8462f34a9c081126c9281bc637d76b3c7f81668bbb77a4a66a3dda16554915e9


Details

date
April 19, 2022, 5:55 a.m.
name
1.10.10
type
Patch
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or