Cilium - v1.10.12

We are pleased to announce Cilium v1.10.12. This release includes a range of bugfixes and updates Envoy to v1.21.3 to address several moderate, high and critical severity CVEs. This release also includes several improvements to FQDN policy resource usage under high load conditions. See below for additional bugfixes included in this release.

Summary of Changes

Minor Changes:
* Add concurrency limiting for DNS message processing (Backport PR #19859, Upstream PR #19592, @nebril)
* Add counter to track all datapath timeouts due to FQDN IP updates (Backport PR #20015, Upstream PR #19809, @ungureanuvladvictor)
* Add type label to the identity metric (Backport PR #20100, Upstream PR #19999, @ungureanuvladvictor)
* Bugtool: Add additional Linux traffic-control (tc) data to cilium-bugtool output. (Backport PR #20015, Upstream PR #19856, @tommyp1ckles)
* Change default agent health check port to avoid conflicts (Backport PR #19859, Upstream PR #19830, @tklauser)
* envoy: Bump cilium envoy to latest version v1.21.3 (Backport PR #20147, Upstream PR #20142, @sayboras)
* ui: v0.9.0 images and drop envoy proxy container (Backport PR #20110, Upstream PR #19565, @geakstr)

Bugfixes:
* Also take secondary CIDRs into account when checking for validity of IPv4NativeRoutingCIDR (Backport PR #20028, Upstream PR #18653, @codablock)
* cli: Update regex for key value validation (Backport PR #19859, Upstream PR #19794, @sayboras)
* clustermesh: Add ownerReferences for CiliumNodes (Backport PR #20100, Upstream PR #19959, @sayboras)
* cmd: Allow more complicated patterns in map string type. (Backport PR #20015, Upstream PR #19955, @sayboras)
* Fix memory leak in the DNS cache when a long-lived endpoint makes many unique DNS lookups over time (Backport PR #20100, Upstream PR #19925, @christarazi)
* Fix race condition leading to inconsistent CiliumNode that can cause the agent to fatal. (Backport PR #20110, Upstream PR #19923, @pchaigno)
* Improve endpoint and DNS proxy lock contention during bursty DNS traffic (Backport PR #20100, Upstream PR #19347, @christarazi)
* ipsec: Fix off-by-one error on max keyID (Backport PR #20015, Upstream PR #16647, @pchaigno)

CI Changes:
* .github/workflows: bump kind workflow to cilium-cli v0.10.5 (#19896, @tklauser)
* jenkins: switch to ad-hoc GKE cluster creation/deletion (Backport PR #19859, Upstream PR #19918, @nbusseneau)
* v1.10: .github/workflows: bump kind workflow to cilium-cli v0.10.6 (#19934, @tklauser)

Misc Changes:
* api: change "group not found" log to debug (Backport PR #20015, Upstream PR #19927, @tklauser)
* bug: Fix Hubble Peer Service Helm File Location (#19912, @nathanjsweet)
* bugtool: Add structured node and health output (Backport PR #20100, Upstream PR #20011, @gandro)
* build(deps): bump actions/cache from 3.0.2 to 3.0.3 (#20022, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.3 to 3.0.4 (#20101, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#19802, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#19973, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#19901, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#19781, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.2 to 1.5.3 (#19867, @dependabot[bot])
* daemon, fqdn: Add flag to control FQDN regex LRU size (Backport PR #20100, Upstream PR #19383, @christarazi)
* Do not disable peer service when hubble.listenAddress is empty (Backport PR #20015, Upstream PR #19886, @chancez)
* docs: Add docs-builder build as dependency to live preview (Backport PR #20015, Upstream PR #19885, @qmonnet)
* docs: Document operator.unmanagedPodWatcher (Backport PR #19845, Upstream PR #19820, @joestringer)
* docs: Fix incorrect command in IPsec GSG (Backport PR #19859, Upstream PR #19767, @pchaigno)
* docs: Fix incorrect FQDN flag (Backport PR #20015, Upstream PR #19930, @pchaigno)
* docs: Fix max SPI value for IPsec key rotations (Backport PR #20015, Upstream PR #19893, @pchaigno)
* docs: Remove '\r' chars from grep result to parse Alpine image name (Backport PR #20015, Upstream PR #19888, @qmonnet)
* Expose metrics for active FQDN connections per endpoint (Backport PR #20100, Upstream PR #19857, @christarazi)
* helm: don't generate the hubble-peer svc during preflight checks (Backport PR #19859, Upstream PR #19759, @kaworu)
* helm: use port 80/443 by default for the peer service (Backport PR #20100, Upstream PR #19933, @rolinh)
* Improve Cilium DNS Proxy-related error metrics (Backport PR #19859, Upstream PR #19702, @christarazi)
* k8s: Update libraries to v1.21.11 (#19246, @nathanjsweet)
* metrics: Fix NaN value for cilium metrics list CLI (Backport PR #20100, Upstream PR #19987, @sayboras)
* pkg/labels: Optimize SortedList() and FormatForKVStore() (Backport PR #20100, Upstream PR #19423, @christarazi)
* pkg/policy/api: Optimize FQDNSelector String() (Backport PR #20100, Upstream PR #19570, @christarazi)

Other Changes:
* install: Update image digests for v1.10.11 (#19839, @joestringer)
* v1.10: tests-l4lb: Use Helm chart from local branch (#20004, @jibi)
* workflow: l4lb: pass correct path for PR checkout (#20008, @jibi)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.12@sha256:6a119c4f249d42df0d5654295ac9466da117f9b838ff48b4bc64234f7ab20b80
quay.io/cilium/cilium:v1.10.12@sha256:6a119c4f249d42df0d5654295ac9466da117f9b838ff48b4bc64234f7ab20b80

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.12@sha256:0dd9df6e4b20f7120f10ddee560e0c285875657f0db0e2a18bc0cd748f86a84c
quay.io/cilium/clustermesh-apiserver:v1.10.12@sha256:0dd9df6e4b20f7120f10ddee560e0c285875657f0db0e2a18bc0cd748f86a84c

docker-plugin

docker.io/cilium/docker-plugin:v1.10.12@sha256:f913939f14bd6f1dff769af0de116d79f454f0091da933f6fb1d8485c07b1566
quay.io/cilium/docker-plugin:v1.10.12@sha256:f913939f14bd6f1dff769af0de116d79f454f0091da933f6fb1d8485c07b1566

hubble-relay

docker.io/cilium/hubble-relay:v1.10.12@sha256:fd3829bf67f2f3d3471da6ded9c636b22feb9a31feaac4509a295043e93af169
quay.io/cilium/hubble-relay:v1.10.12@sha256:fd3829bf67f2f3d3471da6ded9c636b22feb9a31feaac4509a295043e93af169

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.10.12@sha256:72de09e0e7a17de8e61e03f251d698c68e2e8e1f1fa1ada67200920a6cad6d0a
quay.io/cilium/operator-alibabacloud:v1.10.12@sha256:72de09e0e7a17de8e61e03f251d698c68e2e8e1f1fa1ada67200920a6cad6d0a

operator-aws

docker.io/cilium/operator-aws:v1.10.12@sha256:06b31f3d9baa2be911b90ab933bb8dc08a1bd5e3104f5e90b9cb51a9dd9142f6
quay.io/cilium/operator-aws:v1.10.12@sha256:06b31f3d9baa2be911b90ab933bb8dc08a1bd5e3104f5e90b9cb51a9dd9142f6

operator-azure

docker.io/cilium/operator-azure:v1.10.12@sha256:7c920352c82cd10b402d14902f119d75e45f6faa103f2ea89f760cf5de5301f3
quay.io/cilium/operator-azure:v1.10.12@sha256:7c920352c82cd10b402d14902f119d75e45f6faa103f2ea89f760cf5de5301f3

operator-generic

docker.io/cilium/operator-generic:v1.10.12@sha256:35288de36cd1b6fe65e55a9b878100c2ab92ac88ed6a3ab04326e00326cff3f7
quay.io/cilium/operator-generic:v1.10.12@sha256:35288de36cd1b6fe65e55a9b878100c2ab92ac88ed6a3ab04326e00326cff3f7

operator

docker.io/cilium/operator:v1.10.12@sha256:e466554afdfcefae92d2757c4acd364afb803be54fd529404677c83039b86163
quay.io/cilium/operator:v1.10.12@sha256:e466554afdfcefae92d2757c4acd364afb803be54fd529404677c83039b86163

Details

date
June 15, 2022, 9:38 p.m.
name
1.10.12
type
Patch
official page
https://github.com/cilium/cilium/releases/tag/v1.10.12
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or