Cilium - v1.10.13
We are pleased to release Cilium v1.10.13. This release adds support for AKS BYOCNI, improves systemd support, and includes a range of other regular bugfixes. See the notes below for a full description.
Summary of Changes
Major Changes:
* add support for AKS BYOCNI (Backport PR #20509, Upstream PR #19379, @nbusseneau)
Minor Changes:
* Add metric on datapath update latency due to FQDN IP updates (Backport PR #20330, Upstream PR #19992, @rahulkjoshi)
* IPSec key rotation without agent restart (Backport PR #20127, Upstream PR #19814, @jibi)
* v1.10: helm: disable the peer service by default (#20290, @rolinh)
Bugfixes:
* node-init now takes enableIPv4Masquerade into account on GKE. (Backport PR #20509, Upstream PR #19533, @bmcustodio)
* bpf: Fix typo in host firewall tail call (Commit https://github.com/cilium/cilium/commit/a8d84ac032c570c53c86150a54ecd5b3e96cefd7, @pchaigno)
* bug: Fixed a rare CiliumIdentity race deletion. (Backport PR #20330, Upstream PR #19936, @nathanjsweet)
* cilium: fix conflicting iptables-legacy and iptables-nft rules (Backport PR #20139, Upstream PR #20123, @jrfastab)
* Consider VPC's secondary CIDRs during cilium_host IP restoration (Backport PR #20395, Upstream PR #19341, @hemanthmalla)
* daemon: Fix issue where stale router IPs were not cleaned up (Backport PR #20509, Upstream PR #20389, @gandro)
* datapath: Fix security ID propagation in tunnel header for NodePort BPF forwarded requests (Backport PR #20327, Upstream PR #19061, @brb)
* Fix agent panic in some cases when service matcher local redirect policy was deployed prior to the selected service. (Backport PR #20179, Upstream PR #19522, @aditighag)
* Fix Azure IPAM 403 errors for Azure instances using Azure Compute Gallery images (Backport PR #20330, Upstream PR #19697, @andrew-bulford-form3)
* Fixed SystemD >=245 sysctl(rp_filter) config incompatibility (Backport PR #20232, Upstream PR #20072, @dylandreimerink)
* helm: Fix cluster-id arguments in clustermesh deployment (Backport PR #20330, Upstream PR #20312, @sayboras)
* ipsec: fix stale keys reclaim logic (Backport PR #20127, Upstream PR #19932, @jibi)
* iptables: ensure all rules are installed consistently (Backport PR #19914, Upstream PR #19693, @jibi)
* iptables: fix typo in addProxyRule condition (Backport PR #19914, Upstream PR #20109, @jibi)
* nodediscovery: ensure we cache the nodeResource correctly to avoid null pointer dereferencing (Backport PR #20330, Upstream PR #20158, @odinuge)
* nodediscovery: make LocalNode return a deep copy of localNode (Backport PR #20127, Upstream PR #20392, @jibi)
CI Changes:
* ci: provide CI images with unstripped binaries (Backport PR #20330, Upstream PR #20238, @tklauser)
* docs: Bump up Netlify Python version to 3.8 (Backport PR #20509, Upstream PR #20486, @michi-covalent)
* jenkinsfiles: fix docker manifest inspect commands in GKE pipeline (Backport PR #20330, Upstream PR #20325, @tklauser)
Misc Changes:
* [docs] Add training and support information to Getting Help (Backport PR #20330, Upstream PR #20194, @lizrice)
* Add a note about conflicting node CIDRs #20204 (Backport PR #20330, Upstream PR #20208, @wokalski)
* Add ESP to firewall requirements in documentation for IPSec enabled Cā¦ (Backport PR #20330, Upstream PR #20314, @Kikiodazie)
* Add Peer Service to Cilium DS Port List (Backport PR #20509, Upstream PR #20296, @nathanjsweet)
* build(deps): bump actions/cache from 3.0.4 to 3.0.5 (#20496, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#20464, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#20200, @dependabot[bot])
* ctmap: Do not use nil locks (Backport PR #20509, Upstream PR #20388, @jrajahalme)
* datapath: Always use of wait argument on iptables commands. (Backport PR #19914, Upstream PR #17593, @jrajahalme)
* docs(policy): add notes on DNS/L7 policies & Cilium agent availability (Backport PR #20330, Upstream PR #20289, @raphink)
* docs: Document clustermesh datapath configuration for non-tunneled modes (Backport PR #20509, Upstream PR #16499, @jrajahalme)
* docs: Improve policy troubleshooting guide (Backport PR #20509, Upstream PR #20399, @joestringer)
Other Changes:
* install: Update image digests for v1.10.12 (#20222, @joestringer)
* update k8s versions to the latest releases (#20514, @aanm)
* v1.10: update cilium-{runtime,builder} (#20541, @joestringer)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.13@sha256:6b9b2688d39841c862bb3ca8a45af18a1f9305054e9add833d91a1b187f7f16e
quay.io/cilium/cilium:v1.10.13@sha256:6b9b2688d39841c862bb3ca8a45af18a1f9305054e9add833d91a1b187f7f16e
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.13@sha256:fe1f583b096563aa6106119bfafda771a2e4e2edd29db0055e28f18c71d81d97
quay.io/cilium/clustermesh-apiserver:v1.10.13@sha256:fe1f583b096563aa6106119bfafda771a2e4e2edd29db0055e28f18c71d81d97
docker-plugin
docker.io/cilium/docker-plugin:v1.10.13@sha256:253e25ea9789448ccf5274e90452b42371bf171c9d8d2ca0c0fee38c7d7532c5
quay.io/cilium/docker-plugin:v1.10.13@sha256:253e25ea9789448ccf5274e90452b42371bf171c9d8d2ca0c0fee38c7d7532c5
hubble-relay
docker.io/cilium/hubble-relay:v1.10.13@sha256:9110780d4220816500f8a1e6cb82434c6051d7d444069b2f065d7d5d89fa7010
quay.io/cilium/hubble-relay:v1.10.13@sha256:9110780d4220816500f8a1e6cb82434c6051d7d444069b2f065d7d5d89fa7010
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.13@sha256:e9b01ed28a9539e52dced97ae5f4a8fddfde394339a52e15ee7d9a9b428a92e3
quay.io/cilium/operator-alibabacloud:v1.10.13@sha256:e9b01ed28a9539e52dced97ae5f4a8fddfde394339a52e15ee7d9a9b428a92e3
operator-aws
docker.io/cilium/operator-aws:v1.10.13@sha256:cb925217da2d06faabac4ac8d1a778f51db9ad7e3f62f951c34814dab686995e
quay.io/cilium/operator-aws:v1.10.13@sha256:cb925217da2d06faabac4ac8d1a778f51db9ad7e3f62f951c34814dab686995e
operator-azure
docker.io/cilium/operator-azure:v1.10.13@sha256:cb28936c07b746e4dbafad2ed98ca5c07556350a05330d3b44e05545021e4d26
quay.io/cilium/operator-azure:v1.10.13@sha256:cb28936c07b746e4dbafad2ed98ca5c07556350a05330d3b44e05545021e4d26
operator-generic
docker.io/cilium/operator-generic:v1.10.13@sha256:4b65009815b835e79b4a9bce97d8da4ff81c59da7a514f60244e6dab9ac8548e
quay.io/cilium/operator-generic:v1.10.13@sha256:4b65009815b835e79b4a9bce97d8da4ff81c59da7a514f60244e6dab9ac8548e
operator
docker.io/cilium/operator:v1.10.13@sha256:436c3915cad520db8bc38558f86ba1c116f3cbcd6b085f76bc1bca7b0c3d1a5a
quay.io/cilium/operator:v1.10.13@sha256:436c3915cad520db8bc38558f86ba1c116f3cbcd6b085f76bc1bca7b0c3d1a5a
Security
Security wording was detected, but no CVEs were found.
Details
- šView and search all Cilium releases.
- š ļøCreate and share lists to track your tools.
- šØSetup notifications for major, security, feature or patch updates.
- šMuch more coming soon!