Cilium - v1.11.10


We are pleased to release Cilium v1.11.10. This release contains fixes related to the DNS proxy and to IPsec, as well as a range of other regular bugfixes.

See the notes below for a full description of the changes.

Summary of Changes

Bugfixes:
* bugtool: Fix pprof default ports (Backport PR #21633, Upstream PR #21497, @pippolo84)
* daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21468, Upstream PR #21449, @tklauser)
* daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21468, Upstream PR #21365, @joamaki)
* DNS proxy: forward the original security identity (#21476, @aspsk)
* Fix agent deadlock caused by frequent kube-apiserver IP recycling (Backport PR #21564, Upstream PR #21629, @joestringer)
* Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21642, Upstream PR #21595, @pchaigno)
* Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #21564, Upstream PR #20721, @joestringer)
* ipcache: Fix metadata access from CIDR allocation (Backport PR #21564, Upstream PR #21565, @joestringer)

CI Changes:
* Remove Slack notifications (Backport PR #21468, Upstream PR #21239, @michi-covalent)

Misc Changes:
* bugtool: Dump envoy config for troubleshooting (Backport PR #21468, Upstream PR #21348, @sayboras)
* build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21442, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21557, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21573, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21341, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21396, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21513, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21624, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21426, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.4 to 1.5.5 (#21408, @dependabot[bot])
* cmd/bpf: Log if no policy maps found (Backport PR #21468, Upstream PR #21429, @aditighag)
* contrib: avoid reviews from non-collaborators (Backport PR #21633, Upstream PR #21577, @bimmlerd)
* Fix a typo in the comment example (Backport PR #21468, Upstream PR #21402, @farcaller)
* helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21468, Upstream PR #20979, @dctrwatson)
* images: update cilium-{runtime,builder} (#21660, @qmonnet)
* ipcache: Fix lock leak (Backport PR #21564, Upstream PR #20833, @joestringer)
* ipcache: Release metadata mutex in loop error condition (Backport PR #21564, Upstream PR #21653, @joestringer)
* ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21642, Upstream PR #21621, @pchaigno)
* ipsec: Refactoring around UpsertIPsecEndpoint (Backport PR #21633, Upstream PR #21461, @pchaigno)
* ipsec: Simplify XFRM FWD policies (Backport PR #21642, Upstream PR #21602, @pchaigno)
* ipsec: Simplify XFRM IN policies (Backport PR #21468, Upstream PR #21370, @pchaigno)
* makefile: use versioned Go container when formatting after api generate. (Backport PR #21468, Upstream PR #21254, @tommyp1ckles)

Other Changes:
* install: Update image digests for v1.11.9 (#21309, @nebril)
* test: node: use Eventually() to check CiliumNode labels (#21399, @jibi)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.11.10@sha256:b804f33301dc57c38839c41a1ddac26e3c25bcc35d4cb50df38075b8348395b5
quay.io/cilium/cilium:v1.11.10@sha256:b804f33301dc57c38839c41a1ddac26e3c25bcc35d4cb50df38075b8348395b5

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.11.10@sha256:a6f4901e29876666e99deba16cefa326a5f14343671742f87270139171256190
quay.io/cilium/clustermesh-apiserver:v1.11.10@sha256:a6f4901e29876666e99deba16cefa326a5f14343671742f87270139171256190

docker-plugin

docker.io/cilium/docker-plugin:v1.11.10@sha256:fda9c537cdceb64a5b164bbbd458221de1789d032b96ff8de59f64334b9c1eab
quay.io/cilium/docker-plugin:v1.11.10@sha256:fda9c537cdceb64a5b164bbbd458221de1789d032b96ff8de59f64334b9c1eab

hubble-relay

docker.io/cilium/hubble-relay:v1.11.10@sha256:3186f65d6dcbc42f5ca32beca183b93470dc88ca2cee28c01ec89fb1a909d609
quay.io/cilium/hubble-relay:v1.11.10@sha256:3186f65d6dcbc42f5ca32beca183b93470dc88ca2cee28c01ec89fb1a909d609

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.11.10@sha256:8b1910d6e5ebfee50191a9c80f24ffdb737f4f908c1a287b205402ee9e109be4
quay.io/cilium/operator-alibabacloud:v1.11.10@sha256:8b1910d6e5ebfee50191a9c80f24ffdb737f4f908c1a287b205402ee9e109be4

operator-aws

docker.io/cilium/operator-aws:v1.11.10@sha256:f5bd0b9cac11667e63fb70ad9d33aab7c59c0f270c334af4ccfd8bb2d6b62210
quay.io/cilium/operator-aws:v1.11.10@sha256:f5bd0b9cac11667e63fb70ad9d33aab7c59c0f270c334af4ccfd8bb2d6b62210

operator-azure

docker.io/cilium/operator-azure:v1.11.10@sha256:ab2f74c1d478b53ac1ac4081dab261b4ecd2ea0beda4b73c75e0578e0f1238a9
quay.io/cilium/operator-azure:v1.11.10@sha256:ab2f74c1d478b53ac1ac4081dab261b4ecd2ea0beda4b73c75e0578e0f1238a9

operator-generic

docker.io/cilium/operator-generic:v1.11.10@sha256:6a947cc0655ad0383b929267fe21ab86dd72c05792a8f4056c513f39f87b53ac
quay.io/cilium/operator-generic:v1.11.10@sha256:6a947cc0655ad0383b929267fe21ab86dd72c05792a8f4056c513f39f87b53ac

operator

docker.io/cilium/operator:v1.11.10@sha256:69f5207388a3247b537946e344f7f9a6b4b6b3a26eaaa7e50fef801d986977c3
quay.io/cilium/operator:v1.11.10@sha256:69f5207388a3247b537946e344f7f9a6b4b6b3a26eaaa7e50fef801d986977c3


Details

date
Oct. 17, 2022, 5:31 p.m.
name
1.11.10
type
Patch
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or