Cilium - v1.11.17

We are pleased to release Cilium v1.11.17. This release fixes bugs in ipsec and policy implementations and is recommended for all users.

Summary of Changes

Bugfixes:
* Filter ipv6 advertisements when using metallb as BGP speaker. (Backport PR #25139, Upstream PR #25043, @harsimran-pabla)
* Fix connectivity issue if nodes share the same name across the clustermesh and wireguard is enabled (Backport PR #25011, Upstream PR #24785, @giorio94)
* Fix incorrect network policy ebpf setup that may lead to incorrect packets denies when CEP is present in multiple CES (Backport PR #25382, Upstream PR #24838, @alan-kut)
* Fix spurious errors containing "Failed to map node IP address to allocated ID". (Backport PR #25382, Upstream PR #25222, @bimmlerd)
* helm chart: restore setting nodeSelector and tolerations on hubble-ui deployment via values.yaml (#25182, @BryanStenson-okta)
* ipsec: Fix packet mark for FWD XFRM policy (Backport PR #25382, Upstream PR #23254, @pchaigno)
* pkg/kvstore: Fix for deadlock in etcd status checker (Backport PR #25011, Upstream PR #24786, @hemanthmalla)

CI Changes:
* ci: remove STATUS commands from upstream tests' Jenkinsfile (Backport PR #25139, Upstream PR #25046, @nbusseneau)
* Delete "Cilium monitor verbose mode" test (Backport PR #25382, Upstream PR #25212, @michi-covalent)
* inctimer: fix test flake where timer does not fire within time. (Backport PR #25349, Upstream PR #25219, @tommyp1ckles)
* jenkins: bump timeout to 210 minutes (#24938, @aanm)
* vagrant: Bump 4.9 Vagrant box (Linux 4.9.326, to fix a kernel bug) (Backport PR #25247, Upstream PR #21106, @qmonnet)

Misc Changes:
* chore(deps): update hubble cli to v0.11.5 (v1.11) (patch) (#25127, @renovate[bot])
* daemon: Mark CES feature as beta in agent flag (Backport PR #25011, Upstream PR #24850, @pchaigno)
* docs: Add matrix version between envoy and cilium (Backport PR #25349, Upstream PR #25109, @sayboras)
* docs: Add platform support to docs (Backport PR #25349, Upstream PR #25174, @joestringer)
* helm: add clustermesh nodeport config warning about known bug #24692 (Backport PR #25349, Upstream PR #25033, @giorio94)
* ipsec: Install default-drop XFRM policy sooner (Backport PR #25382, Upstream PR #25257, @pchaigno)
* Makefile: use a specific template for mktemp files (Backport PR #25349, Upstream PR #25192, @kaworu)
* Misc Makefile improvements for quiet mode V=0 (Backport PR #25011, Upstream PR #20031, @joestringer)
* Update CNI to 1.3.0 (#25441, @jrajahalme)

Other Changes:
* [backport-v1.11] agent: dump stack on stale probes (#24977, @squeed)
* [v1.11] contrib/backporting: Fix main branch reference (#25093, @joestringer)
* Add helm-toolbox image for helm docs, lint (#25420, @jrajahalme)
* contrib/backporting: Fix main branch reference (#25141, @sayboras)
* envoy: Upgrade to v1.23.9 (#25210, @sayboras)
* install: Update image digests for v1.11.16 (#24954, @gentoo-root)
* v1.11: docs: Document upgrade impact for IPsec (#24974, @pchaigno)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.11.17@sha256:6c3132e34e66734752de798eb8519dafa77b9f0da1033e9bed7f7be30ce10358
quay.io/cilium/cilium:v1.11.17@sha256:6c3132e34e66734752de798eb8519dafa77b9f0da1033e9bed7f7be30ce10358

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.11.17@sha256:022f8b23f9e977a74b8da25ac98fbeed65bd9c132362797681264bd13abc0349
quay.io/cilium/clustermesh-apiserver:v1.11.17@sha256:022f8b23f9e977a74b8da25ac98fbeed65bd9c132362797681264bd13abc0349

docker-plugin

docker.io/cilium/docker-plugin:v1.11.17@sha256:ed49556f92b95ff339e99938bbd5649d5dc90e8378cb67a820df6bac1979ffa2
quay.io/cilium/docker-plugin:v1.11.17@sha256:ed49556f92b95ff339e99938bbd5649d5dc90e8378cb67a820df6bac1979ffa2

hubble-relay

docker.io/cilium/hubble-relay:v1.11.17@sha256:d880ee0184f1ca0fffbd73374424ae2c4d1c26af14005a58103ef695816a78ff
quay.io/cilium/hubble-relay:v1.11.17@sha256:d880ee0184f1ca0fffbd73374424ae2c4d1c26af14005a58103ef695816a78ff

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.11.17@sha256:36999e2fefb8f1ce3a791f60c61055b3bdde350dff5128ce3f4a5fbe31c6f341
quay.io/cilium/operator-alibabacloud:v1.11.17@sha256:36999e2fefb8f1ce3a791f60c61055b3bdde350dff5128ce3f4a5fbe31c6f341

operator-aws

docker.io/cilium/operator-aws:v1.11.17@sha256:e96a7d34ed9386a00b0c7d73946f92872280f84addcc951780c42a56dfaeae9c
quay.io/cilium/operator-aws:v1.11.17@sha256:e96a7d34ed9386a00b0c7d73946f92872280f84addcc951780c42a56dfaeae9c

operator-azure

docker.io/cilium/operator-azure:v1.11.17@sha256:20cf49d57fdccc599cfefc5a6ab0ed152dac52d45d8a2339fd3ad19415aaebba
quay.io/cilium/operator-azure:v1.11.17@sha256:20cf49d57fdccc599cfefc5a6ab0ed152dac52d45d8a2339fd3ad19415aaebba

operator-generic

docker.io/cilium/operator-generic:v1.11.17@sha256:f77cf55ebc47174fb64fd8ffd030015e55817ed9a6bfab46d0ee917a7ed198e5
quay.io/cilium/operator-generic:v1.11.17@sha256:f77cf55ebc47174fb64fd8ffd030015e55817ed9a6bfab46d0ee917a7ed198e5

operator

docker.io/cilium/operator:v1.11.17@sha256:c1cad3137dfa80c1d415dff43f064b91992158ce56899b093b0294382ae57289
quay.io/cilium/operator:v1.11.17@sha256:c1cad3137dfa80c1d415dff43f064b91992158ce56899b093b0294382ae57289

Details

date
May 17, 2023, 7:17 p.m.
name
1.11.17
type
Patch
official page
https://github.com/cilium/cilium/releases/tag/v1.11.17
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or