Cilium - v1.12.0
The Cilium core team are excited to announce the Cilium 1.12 release. :tada:
:sparkles: Release Highlights
- New Integrated Ingress Controller
- Cilium Service Mesh (Multi control plane, sidecar/sidecar-free, Envoy CRD)
- Multi-Cluster Service Affinity, Connecting clusters with Helm, Lightweight cluster support
- Stable Egress Gateway, NAT46 for Services, Quarantine service backends
- Dynamic Allocation of PodCIDRs, AWS ENI prefix delegation, IPv6 for BGP, BBR
- Automatic Helm Values, AKS BYOCNI, Improved Chaining, Hubble CLI Improvements
Summary of Changes
Major Changes:
* Add cilium ingress controller implementation (#18867, @sayboras)
* Add integration for external VXLAN Tunnel Endpoint devices (#17370, @vincentmli)
* Add K8s Service Topology Aware Hints (#17929, @brb)
* add support for AKS BYOCNI (#19379, @nbusseneau)
* Add support for CiliumEnvoyConfig CRD. (#18894, @michi-covalent)
* Add support for enabling BBR congestion control for Pods, and move bandwidth manager out of beta. (#19287, @borkmann)
* Add support for k8s 1.23.0 (#18008, @aanm)
* Add support for Kubernetes v1.24.0 (#19545, @aanm)
* Adding support for AWS ENI prefix delegation - IPv4 Only (#18463, @hemanthmalla)
* Cilium: initial NAT46/64 implementation (#18779, @borkmann)
* Delegated IPAM plugin (#19219, @wedaly)
* Enables ICMP network policy function by default (#20174, @chez-shanpu)
* Implementation of a GoBGP backed BGP control plane. (#18860, @ldelossa)
* Promote egress gateway to stable (#19320, @jibi)
* Support dynamic allocation of pod CIDRs in cluster pool v2 IPAM mode (#18887, @gandro)
* Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. (#18814, @aditighag)
Minor Changes:
* add an option to wait for kube-proxy (Backport PR #20563, Upstream PR #20517, @michi-covalent)
* Add concurrency limiting for DNS message processing (#19592, @nebril)
* Add config flag to add a prefix to AgentNotReadyNodeTaint value in order to enable the taint being ignored by cluster autoscaler. (#19247, @thejosephstevens)
* Add counter to track all datapath timeouts due to FQDN IP updates (#19809, @ungureanuvladvictor)
* Add emptyDir volume for frontend container of hubble-ui (#20027, @mkilchhofer)
* Add metric on datapath update latency due to FQDN IP updates (#19992, @rahulkjoshi)
* Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR #20534, Upstream PR #20491, @rahulkjoshi)
* Add Prometheus gRPC metrics for hubble and hubble-relay (Backport PR #20519, Upstream PR #20376, @chancez)
* Add source filter for the cilium fqdn cache list command (#19980, @ungureanuvladvictor)
* Add support for aws-cni chaining in IPv6 EKS clusters (#18522, @mKeRix)
* Add support for disabling ENI PD at node level (Backport PR #20401, Upstream PR #20308, @hemanthmalla)
* Add support for getting earliest events from Observer API (#19819, @chancez)
* Add support for L7 policies with VTEP integration (#19473, @vincentmli)
* Add support to opt-in for using ENI's primary IP for allocations (#20050, @hemanthmalla)
* Add type label to the identity metric (#19999, @ungureanuvladvictor)
* Add unreachable route for pod IP on deletion (#18505, @lbernail)
* Adds support to connect Clustermesh clusters through Helm Chart. (#17851, @samueltorres)
* Align values.yaml with templates (#17243, @dungdm93)
* Allow unloading DNS policy rules on graceful shutdown (#18701, @tklauser)
* Allow using install-no-conntrack-iptables-rules when all masquerading is disabled. (#18482, @pchaigno)
* api,cli: add identity range in status response & cli output (#18152, @ArthurChiao)
* api: Add cni chaining status in status API. (#18345, @sayboras)
* AWS EC2 Instance tag filter (#19181, @prune998)
* aws: Add ability to mark ENIs as unmanaged (#19096, @gandro)
* bgp: Check the Condition.Ready field when adding ready endpoints (#20176, @ysksuzuki)
* bpf, Hubble: Add is_reply information (when available) at the TO_OVERLAY observability point (#19185, @qmonnet)
* Bugtool: Add additional Linux traffic-control (tc) data to cilium-bugtool output. (#19856, @tommyp1ckles)
* CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key. (Backport PR #20534, Upstream PR #20458, @jrajahalme)
* Change default agent health check port to avoid conflicts (#19830, @tklauser)
* Change default prometheus ports to new reserved Cilium ports (#20156, @knfoo)
* Cilium images can now be built also on arm64. (#17980, @jrajahalme)
* Cilium Istio integration is updated to Istio release 1.10.6 (Backport PR #20519, Upstream PR #18384, @jrajahalme)
* cli/metrics: Sort label in metrics list command (#18455, @sayboras)
* clustermesh: Add support for service-affinity (#19521, @sayboras)
* clustermesh: added new command-line options k8s-kubeconfig-path and clustermesh-health-port (#18803, @abocim)
* daemon: add support for IPv6 native routing CIDR (#17332, @jibi)
* daemon: Allow to enable PCAP recorder in non-lb mode (#18592, @brb)
* daemon: Don't auto disable session affinity (Backport PR #20519, Upstream PR #16179, @brb)
* daemon: Rename host-reachable services to socket LB (Backport PR #20534, Upstream PR #20369, @brb)
* daemon: Split --bpf-lb-map-max into multiple options (#19326, @koncha99)
* daemon: Support the wildcard option for directRoutingDevice (#17930, @ysksuzuki)
* datapath: Allow egress GW with XDP (#19587, @brb)
* datapath: make tc filter priority configurable (#18896, @intel-dlanders)
* datapath: Remove !CONNTRACK (#18502, @brb)
* datapath: Remove !CONNTRACK (v2) (#18551, @brb)
* docs: Update alibabacloud RAM permission requirements (#19077, @jaffcheng)
* docs: update Azure Service Principal / IPAM documentation (#18891, @nbusseneau)
* Dynamic Per Resource Timeouts (#19991, @tommyp1ckles)
* egressgw: emit a warning rather than a fatal error when L7 proxy is enabled (#19608, @jibi)
* Enable VTEP integration dynamic ARP resolution for Cilium-managed pod (#18758, @vincentmli)
* Ensure priority scheduling of CNI agent. Repair a deprecated Kubernetes annotation. The annotation was used to schedule pods at high priority. This deprecation, which occurred in Kubernetes 1.16, results in unexpected behavior. (#18667, @sdake)
* Envoy upstream connections no longer use the original source address for any destination associated with a CIDR or toFQDNs policy. (#19255, @jrajahalme)
* envoy: Bump cilium envoy to latest version v1.21.3 (#20142, @sayboras)
* feat(helm): allow to set Hubble Relay and UI service type and nodePort (#19450, @raphink)
* Fix an issue where PodDisruptionBudgets were not created by the Helm chart (#18317, @lic17)
* Fixes L7 policies with Azure CNI chaining. (#19088, @nitishm)
* helm: Add bpf-root configuration value in helms (#18335, @sayboras)
* helm: add description for some Helm values (#19658, @my-git9)
* helm: Add values for custom service monitor annotations (#18681, @michi-covalent)
* helm: Create cilium IngressClass (#19524, @sayboras)
* helm: Move tls related helm option to 1.12 in upgrade docs (#19089, @sayboras)
* helm: Remove duplicated key hostAliases (Backport PR #20333, Upstream PR #20278, @sayboras)
* helm: Set Linux nodeSelector for nodeinit and preflight (Backport PR #20333, Upstream PR #20216, @gandro)
* helm: support lookup remote CA (#17434, @dungdm93)
* helm: Upgrade certgen to the latest version v0.1.8 (#18607, @sayboras)
* hubble/relay: Make the Hubble Peer service available by making it a Kubernetes service to eliminate the need to share a local Unix domain socket between a privileged pod (cilium daemon) and an unprivileged one (hubble-relay). (#18620, @nathanjsweet)
* hubble: Add "flows-to-world" metric to monitor policy decisions on traffic that reaches outside the cluster. (#17790, @michi-covalent)
* images: Bump Hubble CLI to v0.9.0 (#18077, @gandro)
* Improve policy import performance, particularly with CIDR policies (#18433, @joestringer)
* Improve verbosity of drop notification messages. (Backport PR #20519, Upstream PR #20387, @aspsk)
* In the case of recovering the services, cilium will not fail directly on the first service recovery error but will try to recover other services. (#18422, @chowmean)
* ingress: Add SocketOptions configuration (#19549, @sayboras)
* ingress: Avoid plain text TLS secret in CEC (#19410, @sayboras)
* ingress: Fix conformance tests for host-rules and path-rule (#19321, @sayboras)
* ingress: Set max stream duration as 0 (#19550, @sayboras)
* install/kubernetes: Add CAP_IPC_LOCK for mmap (#19812, @sayboras)
* install: add tolerations for the certgen cronjob (#18019, @wolffberg)
* Introduce a new CRD (CiliumEgressGatewayPolicy) for Egress Gateway configuration. Deprecate the previous CRD (CiliumEgressNATPolicy). (#19561, @julianwiedmann)
* IPSec key rotation without agent restart (#19814, @jibi)
* k8s/crds: Allow ingress entity in CNP (Backport PR #20563, Upstream PR #20536, @sayboras)
* k8s: keep CiliumNode labels synced with Node object (#18609, @jibi)
* k8s: keep KVStore CiliumNode labels synced with Node object (#19375, @jibi)
* Locally allocated identities are now restored during restart, helping avoid transient drops due to identity changes in policies. (#19360, @jrajahalme)
* Making operator aware of pending pod backlog on nodes for IP allocations (#19007, @hemanthmalla)
* metrics: Add extra clustermesh metrics (#18348, @sayboras)
* metrics: Add go_* metrics (#19153, @chancez)
* metrics: Expose xfrm stats in prometheus metrics (#18553, @sayboras)
* Move the BGP Control Plane to utilize CiliumNode objects. This enable support for IPAM driven PodCIDR announcements. (#19872, @ldelossa)
* Prefers k8s node IP when picking masquerading IPs (#16849, @liuyuan10)
* proxy: Add proxy common http options arguments to agent (#19138, @jmcshane)
* Remove privileged mode in Cilium's DaemonSet (#14446, @aanm)
* Rename bpf.hostRouting to bpf.hostLegacyRouting in ciliumconfig (#19064, @chenk008)
* Runtime device detection (#17460, @joamaki)
* service: Always allocate higher ID for svc/backend (#18113, @brb)
* Speed up identity lookup in Hubble and L7 proxy by no longer calculating SHA256 over labels. (#20104, @tklauser)
* ui: v0.9.0 images and drop envoy proxy container (#19565, @geakstr)
* Update cilium agent Grafana dashboard to filter by pod (Backport PR #20333, Upstream PR #20307, @ungureanuvladvictor)
* Update to CNI spec version 1.0.0 (#19719, @tklauser)
* Use DeleteOnMetadataMatch instead of Delete for endpointUpdated (#19996, @kvaster)
* Use direct routing device only when tunneling is disabled and BPF Host Routing or NodePort are enabled. (#18815, @YutaroHayakawa)
* vtep: VTEP map implementation to improve VTEP integration feature (#18824, @vincentmli)
Bugfixes:
* node-init now takes enableIPv4Masquerade into account on GKE. (Backport PR #20519, Upstream PR #19533, @bmcustodio)
* Add missing & fix wrong traces for IPSec + overlay receive path (#18731, @YutaroHayakawa)
* Add missing packet trace for some non-NodePort SNAT egress (#19158, @YutaroHayakawa)
* Add missing source identity to drop notifications during encryption with native routing mode (#18682, @YutaroHayakawa)
* Add/Fix traces for the packets received from the network in IPSec + native routing. (#18704, @YutaroHayakawa)
* Additional FQDN selector identity tracking fixes (Backport PR #17988, Upstream PR #17788, @joestringer)
* alibabacloud: Fix derived VPC CIDR block (#19056, @jaffcheng)
* allocator: fix out-of-valid-range identities being allocated (#18151, @ArthurChiao)
* Also take secondary CIDRs into account when checking for validity of IPv4NativeRoutingCIDR (#18653, @codablock)
* Avoid deleting in-use program arrays in bpf_load() and bpf_load_cgroups() in init.sh (#18985, @ti-mo)
* bgp,bugfix: parse ips when converting from slim_core to k8s service (#18358, @ldelossa)
* bgpv1: Use IP address used for peering as a nexthop (#19402, @YutaroHayakawa)
* bpf: Don't emit policy verdict post-L7 (Backport PR #20401, Upstream PR #20245, @joestringer)
* bpf: egressgw: sync logic to determine if destination is outside cluster (#18246, @jibi)
* bpf: Fix maglev hash with hostServices.hostNamespaceOnly (#18336, @ysksuzuki)
* bpf: Provision HostPort also for case of Maglev (Backport PR #20401, Upstream PR #20379, @borkmann)
* bpf: Use tunnel port flag instead of hardcoded value (#20115, @pchaigno)
* bug: Fixed a rare CiliumIdentity race deletion. (Backport PR #20333, Upstream PR #19936, @nathanjsweet)
* bugtool: fix IP route debug gathering commands (#18059, @tklauser)
* Cilium host proxy is updated to Envoy release 1.21.1 (#18899, @jrajahalme)
* Cilium monitor now correctly reports security identities for L7 flows. (#18783, @jrajahalme)
* cilium: fix conflicting iptables-legacy and iptables-nft rules (#20123, @jrfastab)
* cilium: Fix node mismatch endpoint restoration bug when the CiliumEndPoint CRD is disabled. (#19040, @zhanghe9702)
* cli: Update regex for key value validation (#19794, @sayboras)
* cli: Use custom named map instead of StringToStringVar (#19968, @sayboras)
* clustermesh-apiserver: fix cmd-line args processing (#18277, @abocim)
* clustermesh-apiserver: fixed nil pointer dereference (#18957, @abocim)
* clustermesh: Add ownerReferences for CiliumNodes (#19959, @sayboras)
* clustermesh: Correct shared service annotation behaviour (#19042, @sayboras)
* clustermesh: fix: identities allocation range (#19076, @abocim)
* clustermesh: Modify shared-service annotation after creation (#18766, @sayboras)
* cmd: Allow more complicated patterns in map string type. (#19955, @sayboras)
* cmd: Fix issue reading string map type via config map (#18478, @sayboras)
* cmd: Fix issue where a ConfigMap value of {} was parsed as map["{}":""]. (#19172, @gandro)
* Consider VPC's secondary CIDRs during cilium_host IP restoration (#19341, @hemanthmalla)
* contrib: Fix passing ipFamily to kind.sh (#19707, @brb)
* daemon, node: Remove old, discarded router IPs from cilium_host (#17762, @christarazi)
* daemon, option: Fix vlan bpf bypass ids loading (Backport PR #20401, Upstream PR #20282, @pippolo84)
* daemon: Fix issue where stale router IPs were not cleaned up (Backport PR #20519, Upstream PR #20389, @gandro)
* daemon: Fix KPR init finalisation (#18304, @brb)
* daemon: Fix missing errors in KPR init (#18499, @brb)
* daemon: Fix multi-dev XDP check (#18305, @brb)
* datapath/config: Fix L2 addr retrieval (#19081, @brb)
* datapath: Fix implicit-int-conversion err in common.h (#19832, @brb)
* datapath: Fix IPv6 DSR (#18713, @brb)
* datapath: Fix missing monitor events for NodePort BPF traffic when monitor-aggregation set to > none (#18454, @brb)
* datapath: Fix security ID propagation in tunnel header for NodePort BPF forwarded requests (#19061, @brb)
* datapath: Only unload obsolete XDP when attached (#18636, @jaffcheng)
* egressgateway: fix initial reconciliation (#18325, @jibi)
* egressgateway: fix manager logic (#17813, @jibi)
* endpoint: Fix packets to host dropped with the chaining mode and host firewall (#19734, @ysksuzuki)
* Envoy version checking is now disabled whenever L7 proxy is disabled too (Backport PR #20519, Upstream PR #20440, @bmcustodio)
* Fatal when IPv6 is enabled but corresponding kernel modules are missing (#18941, @vadorovsky)
* Fix 'node-init' in GKE's 'cos' images. (#19017, @bmcustodio)
* Fix bpf lb maglev list command when ipv4 or ipv6 Maglev lookup tables are empty (#18469, @ti-mo)
* Fix a bug where a backend pod can be selected by a local redirect policy deployed in a different namespace if the local redirect policy was deployed first. (#19193, @aditighag)
* Fix a bug where agent would log warnings such as "JoinEP: Failed to load program" in legitimate cases where endpoints are getting deleted. (#18216, @aditighag)
* Fix a bug where Cilium would constantly create network interfaces if IPAM limits are reached (#18975, @michi-covalent)
* Fix a bug with local redirect policies selecting host networked pods as local endpoints not taking effect. (#18563, @aditighag)
* Fix agent crash when IPv6 is partially disabled in the host kernel. (#18716, @pchaigno)
* Fix agent panic in some cases when service matcher local redirect policy was deployed prior to the selected service. (#19522, @aditighag)
* Fix an issue where the tunnel map sync controller causes errors even though tunneling is disabled. (#18247, @tklauser)
* Fix Azure IPAM 403 errors for Azure instances using Azure Compute Gallery images (#19697, @andrew-bulford-form3)
* Fix blackhole route error when cleanup (#20042, @soulseen)
* Fix BPF attachment when bandwidth manager is enabled without host firewall or kube-proxy-replacement. (#18717, @pchaigno)
* Fix bug that would cause some pod traffic to leave through the wrong interface if --aws-release-excess-ips is used and masquerading disabled. (#19162, @pchaigno)
* Fix bug where Cilium drops traffic from remote nodes in etcd mode, despite policy that allows the traffic (#18777, @joestringer)
* Fix bug where established host connections would be interrupted on agent restart if the host firewall was enabled. (#19998, @pchaigno)
* Fix bug where FQDN policy calculation could trigger a deadlock in cilium-agent (#19031, @joestringer)
* Fix bug where Hubble flows report that a packet is both forwarded and dropped by host firewall. It will now only report the drop. (#18484, @YutaroHayakawa)
* Fix bug where the 'ipcache-inject-labels' controller constantly fails in non-Kubernetes environments (#19165, @christarazi)
* Fix bug where the Cilium DNS proxy slows down significantly (and even OOMs) due to lock contention from spawning many goroutines when handling bursty DNS traffic (#19336, @nebril)
* Fix bug where unnecessary ipset was created and populated in tunneling mode with iptables masquerading. (#18788, @pchaigno)
* Fix Cilium bootstrapping regression with etcd without relying on DNS (#20106, @aanm)
* Fix Cilium initialization for clusters with etcd-operator (#20131, @aanm)
* Fix concurrency issue while waiting for node-init DaemonSet to be ready (#18897, @aanm)
* Fix config map options validation (Backport PR #20401, Upstream PR #20304, @pippolo84)
* Fix connectivity outage periods with ENI IPAM mode and IPsec enabled when nodes are deleted from the cluster (#18827, @christarazi)
* Fix crash on startup if proxy is disabled (#18198, @chaosbox)
* Fix deadlock with kube-apiserver policy matching feature (#18343, @codablock)
* Fix drop for packets sent via AF_PACKET + mmap ring buffer in pod (#19308, @liuyuan10)
* Fix drop of large packets redirected through an egress gateway node when running in native routing mode. (Backport PR #20401, Upstream PR #20269, @pchaigno)
* Fix error propagation in bpf_lxc (#20144, @DolceTriade)
* Fix for a bug where unused IPs on the node cannot be allocated when IP release handshake is enabled. Adds support for aborting IP release, if the node doesn't have excess anymore. (#18330, @hemanthmalla)
* Fix for data race in IP release features (#18217, @hemanthmalla)
* Fix for excess IP release race condition. New operator flag excess-ip-release-delay is introduced to control waiting period before marking an IP for release. (#17939, @hemanthmalla)
* fix identity gc to return correct max/min id (Backport PR #20401, Upstream PR #20361, @dkhachyan)
* Fix incorrect packet trace for encrypted packets received from the network (#18643, @YutaroHayakawa)
* Fix IPsec in Azure's IPAM mode (#18911, @pchaigno)
* Fix issue where StatefulSet pod restarts could trigger persistent connectivity issues for the pods due to overzealous CiliumEndpoint resource removal by cilium-agent instances (#18864, @timoreimann)
* Fix kube-apiserver policy matching feature with tunneling enabled (#18527, @christarazi)
* Fix log rotation of compressed logs (#19152, @chancez)
* Fix memory leak in the DNS cache when a long-lived endpoint makes many unique DNS lookups over time (#19925, @christarazi)
* Fix mtu setting for tunnel interface in init.sh (Backport PR #20563, Upstream PR #20552, @ChengyuanLiCY)
* Fix possible IP leak in case ENI's are not present in the CN yet (#18352, @codablock)
* Fix race condition leading to inconsistent CiliumNode that can cause the agent to fatal. (#19923, @pchaigno)
* Fix support of BPF-based HostPort on init containers. (#18725, @pchaigno)
* Fix TCP connectivity issues in the DSR mode when conntrack entries with missing DSR flag are reused. (#18041, @Inode1)
* Fix the bug that ipsec packets bypass the <- stack trace after encryption (#18608, @YutaroHayakawa)
* Fix the bugs when empty CiliumEndpointSlices were created and leaked. (Backport PR #20519, Upstream PR #20251, @alan-kut)
* Fixed a bug where deleted identities would remain in BPF policy maps. (#19005, @jrajahalme)
* Fixed Cilium agent regression causing a crash due to ipcache controller being scheduled too soon. (#19501, @jrajahalme)
* Fixed node init in RKE (#19286, @raphink)
* Fixed PodCIDR announcement being overwritten by SVC announcement (Backport PR #20519, Upstream PR #20413, @dylandreimerink)
* Fixed removal of stale bpf_netdev tc filters for interfaces with a dot in the name (#18344, @stek29)
* Fixed SystemD >=245 sysctl(rp_filter) config incompatibility (#20072, @dylandreimerink)
* Fixes a bug in the BGP control plane which causes the wrong BGP virtual servers to be selected for reconciliation or removal (#19659, @ldelossa)
* helm: Fix cluster-id arguments in clustermesh deployment (Backport PR #20333, Upstream PR #20312, @sayboras)
* helm: Fix Helm template for externalWorkloads (#18206, @gandro)
* helm: Fix Hubble Service when ServiceMonitor is being used (#19220, @juissi-t)
* helm: Fix invalid type for Certificate spec.ipAddresses (#19211, @superbrothers)
* helm: Fix operator cloud image digests (#18116, @joestringer)
* helm: Relax hubble ui image versions validation (#20039, @sayboras)
* helm: Removed unnecessary Kubernetes RBAC permissions for cilium-agent (#19053, @nathanjsweet)
* helm: Update Clustermesh-APIServer RBAC permissions for platforms (like Openshift) that have the OwnerReferencesPermissionEnforcement admission controller enabled. (#19071, @nathanjsweet)
* hubble/parser/threefour: check (Parser).linkGetter before accessing it (Backport PR #20519, Upstream PR #20446, @tklauser)
* hubble/recorder: Sanitize pcap filename (#18612, @gandro)
* hubble: Added nil check in filterByTCPFlags() to avoid segfault (#18877, @wazir-ahmed)
* hubble: Fix misclassification of to-network reply packets (#18196, @gandro)
* identity: fix incorrect maximum identity when ClusterID > 0 (#18148, @ArthurChiao)
* Improve endpoint and DNS proxy lock contention during bursty DNS traffic (#19347, @christarazi)
* Improve garbage collection for resources allocated by ToFQDNs policy for services which rotate IP addresses frequently such as Amazon S3 (#19452, @joestringer)
* Improve reliably of faulty connections for kube-apiservers behind a LB.
Reduce the number of connections to kube-apiserver by 6 for each cilium-agent. (#19259, @aanm)
* Improvements to excess IP release handshake (#18296, @hemanthmalla)
* install/kubernetes: fix hubble-ui with TLS (#19338, @aanm)
* ipam/crd: Fix spurious "Unable to update CiliumNode custom resource" failures in cilium-agent (#17856, @gandro)
* ipsec: fix stale keys reclaim logic (Backport PR #20401, Upstream PR #19932, @jibi)
* ipsec: set interface ID different from 0 (#18789, @tormath1)
* iptables: ensure all rules are installed consistently (#19693, @jibi)
* iptables: fix typo in addProxyRule condition (#20109, @jibi)
* labelfilter: Refine default label regexps (#18693, @twpayne)
* makefile: fix unstripped docker images build (#18339, @zhanghe9702)
* metallb: fix SIGSEGV error when Service resource is deleted. (#19249, @Inode1)
* monitor: Output non-trace messages to stderr (#18479, @YutaroHayakawa)
* node: Don't skip masquerading for External node IPs (#18483, @pchaigno)
* nodediscovery: ensure we cache the nodeResource correctly to avoid null pointer dereferencing (#20158, @odinuge)
* nodediscovery: make LocalNode return a deep copy of localNode (Backport PR #20401, Upstream PR #20392, @jibi)
* nodemanager: Fix bug where Cilium tried to reach stale health endpoints on kubeapi-server nodes (#20210, @gandro)
* Only apply XDP acceleration for IPv6 Nodeport when enabled (with --bpf-lb-acceleration=native). (#19534, @julianwiedmann)
* operator: Add cilium node garbage collector (#19576, @sayboras)
* operator: fix identity GC collection (#19649, @aanm)
* pkg/k8s/version: Also set EndpointSlice when forcing version (Backport PR #20534, Upstream PR #20383, @joamaki)
* policy: Fix selector identity release for FQDN (#18166, @joestringer)
* Preserve tail call maps during resize to prevent drops during agent upgrade (#17744, @ti-mo)
* Prevent unmanaged pods in GKE's containerd flavors.
Important: Users should update their node taints from node.cilium.io/agent-not-ready=true:NoSchedule to node.cilium.io/agent-not-ready=true:NoExecute.
Important:* During the first node reboot after the fix is applied pods may still get IPs from the default CNI as cilium-node-init is only run later in the node startup process. The fix will then be in place for all subsequent reboots. (#18486, @bmcustodio)
* Prometheus lint errors in operator metrics (#17789, @krishgobinath)
* Restore patch in ciliumnetworkpolicies/status ClusterRole (Backport PR #20401, Upstream PR #20373, @pippolo84)
* Revert "pkg/endpoint: Pass endpoint alive context to regeneration tasks" (#18253, @aditighag)
* Revert Prometheus client to fix 'cilium metrics list' (#19496, @ti-mo)
* route: sort by priority to identify the default one (#18564, @jibi)
* Skip node ipset updates if iptables masquerading is disabled (#17871, @pchaigno)
* Update the 'refresh period' formatting in readme and doc (#19205, @dongwangdw)
* Use identity labels for selector matching for Egress NAT Gateway (#19194, @blzhao-0)
* vtep: fix pod src identity in send_trace_notify (Backport PR #20534, Upstream PR #19434, @vincentmli)
* wireguard: Reject duplicate public keys (#19344, @gandro)
CI Changes:
* .github/workflow: revert cilium-cli changes in stable workflows (#19582, @aanm)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.5 (#19897, @tklauser)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.6 (#19935, @tklauser)
* .github/workflows: do not use pre-defined image digests (#19575, @aanm)
* .github/workflows: fix hubble installation using cilium-cli (#19568, @aanm)
* .github/workflows: install the right helm chart version for stable branches (#19609, @aanm)
* .github: Change cilium-cleanup order in workflows (#19163, @jtaleric)
* .github: Disable EKS encryption tests (#18090, @joestringer)
* .github: Exclude Runtime CI job from flake tracker (#19095, @pchaigno)
* .travis: Disable race build on master (#19773, @pchaigno)
* Add basic kube-apiserver policy matching e2e test (#18333, @christarazi)
* Add missing VTEP complexity tests (#19539, @vincentmli)
* Add support for tparse in go test targets (#20032, @joestringer)
* aws: Disable flaky test (#18092, @joestringer)
* bpf/test: Fix incorrect macro definition (#18660, @pchaigno)
* bpf: Add WireGuard to complexity and compile tests (#18048, @pchaigno)
* bpf: Cover native routing CIDR check in compile tests (#18702, @pchaigno)
* bpf: Reenable features disabled because of complexity issues (#19938, @pchaigno)
* build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#19971, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.2 to 1.1.3 (#18930, @dependabot[bot])
* Change all IP address that are using Oranges IP range to RFC1918 address space (#17741, @duttaANI)
* checkpatch: Update image for "checkpatch" target, reuse target in CI (#19805, @qmonnet)
* checkpatch: update to lastest image to fix off-by-one index in commit list (#18270, @tklauser)
* ci, images: update all quay.io/cilium/* images (#18299, @tklauser)
* ci-l4lb: Check out stable branch (#19905, @michi-covalent)
* CI: add CIFuzz integration (#18034, @DavidKorczynski)
* ci: Bump cyclonus to v0.4.7 (#18747, @joamaki)
* ci: collect sysdump as a separate workflow in L4LB tests (#18380, @oblazek)
* ci: create a new subnetwork for each new GKE cluster (#18821, @nbusseneau)
* ci: disable failing test on net-next (#18520) (#18544, @nbusseneau)
* ci: disable WireGuard testing in multicluster workflow (#18700, @nbusseneau)
* CI: Enable IPv6 tests on KIND (#18845, @brb)
* ci: fix documentation workflow (#20025, @nbusseneau)
* ci: fix missing sysdump as separate workflow in L4LB tests for stable branches (#18428, @oblazek)
* ci: fix QEMU image build following Google Cloud SDK updates (#18720, @nbusseneau)
* ci: fix quotes in backport workflows (#18268, @nebril)
* ci: Increase retention for release image CI artifacts to 10 days (#20141, @michi-covalent)
* CI: merge NAT46x64 and L4LB GH actions (#19288, @brb)
* ci: pick up cilium-cli v0.11.10 for master, v1.11 and v1.12 workflows (Backport PR #20401, Upstream PR #20360, @tklauser)
* ci: pick up cilium-cli v0.11.11 for master, v1.11 and v1.12 workflows (Backport PR #20519, Upstream PR #20420, @tklauser)
* ci: pick up cilium-cli v0.11.9 for master/v1.11 workflows (#20234, @tklauser)
* ci: provide CI images with unstripped binaries (#20238, @tklauser)
* ci: remove box download timeout in upstream tests (#18707, @nbusseneau)
* ci: Require cluster-wide connectivity before running tests (#18153, @gandro)
* ci: Restart pods when toggling KPR switch (#18031, @brb)
* CI: run K8sServices on KIND (#18812, @brb)
* ci: set Cilium base version to v1.10.12 in v1.10 conformance tests (#19946, @tklauser)
* ci: set PR base for codeql workflow (#18283, @tklauser)
* ci: update cilium-cli to v0.10.0 (#18207, @tklauser)
* ci: update cilium-cli to v0.10.1 (#18575, @sayboras)
* ci: update cilium-cli to v0.10.3 (#18820, @tklauser)
* ci: update cilium-cli to v0.10.4 (#18933, @tklauser)
* ci: update master workflows to cilium-cli v0.11.4 (#19665, @tklauser)
* ci: Update Uninstall Command For Cilium CLI (#19679, @nathanjsweet)
* ci: use python3 instead of python (#18443, @nebril)
* cilium/cmd, test/runtime: convert test loading invalid policy JSON to unit test (Backport PR #20534, Upstream PR #20512, @tklauser)
* cocci: New test to find missing identity_is_{remote_,}node (#18385, @pchaigno)
* config: Fix unit tests for native routing CIDR (Backport PR #20519, Upstream PR #20473, @pchaigno)
* connectivity-check: Use ports outside ephemeral range (#19337, @christarazi)
* docs: Bump up Netlify Python version to 3.8 (Backport PR #20519, Upstream PR #20486, @michi-covalent)
* Enable CI for feature branches (#18554, @jibi)
* fix aws-cni conformance test (#20049, @aanm)
* Fix kubectl CI flakiness (#18087, @aanm)
* ipam/clusterpool_v2: Fix data race in unit test (#19024, @gandro)
* ipcache: Fix failing controller check from SupportsDelete (#19751, @joamaki)
* jenkins: switch to ad-hoc GKE cluster creation/deletion (#19918, @nbusseneau)
* jenkinsfiles: add IMAGE_REGISTRY env parameter (#19459, @nbusseneau)
* jenkinsfiles: bump runtime tests VM boot timeout (#18886, @nbusseneau)
* jenkinsfiles: fix docker manifest inspect commands in GKE pipeline (Backport PR #20333, Upstream PR #20325, @tklauser)
* jenkinsfiles: Increase VM boot timeout (#19458, @pchaigno)
* jenkinsfiles: Update calls to Quay API (#19229, @pchaigno)
* Load the dev operator image into kind/microk8s as well (#19995, @ungureanuvladvictor)
* master/v1.11 CI: Pick up the latest cilium-cli (#19873, @michi-covalent)
* mlh: swap net-next kernel from K8s 1.16 to 1.23 (#18178, @nbusseneau)
* mlh: update Jenkins jobs following 1.23 support (#18028, @nbusseneau)
* mlh: update Jenkins jobs following 1.24 support (#19904, @nbusseneau)
* mlh: update Jenkins jobs following net-next fix for K8s 1.24 (#20220, @nbusseneau)
* Partially revert ".github: enable cilium-cli helm based installation" (#19554, @aanm)
* prog_test: Fix build breakage (#18659, @joestringer)
* Provide only 2 VTEP endpoints in default node_config.h (#18778, @ti-mo)
* Quarantine frequent failures (#18051, @joestringer)
* Revert "ci: use CLI 0.11.8 for AKS workflow" (#20272, @tklauser)
* Revert "test/Services: Quarantine 'Tests with direct routing'" (#18312, @gandro)
* Revert "workflows: Reenable IPsec test in EKS workflow" (#19078, @pchaigno)
* runtime: Bump privileged test timeout (#19487, @joestringer)
* set base-version in 1.10 workflows (#18262, @nebril)
* Set debug.verbose to "flow" as a default for all CI runs (#18431, @christarazi)
* Support running K8sVerifier tests on kind (#18549, @joestringer)
* test/contrib: Bump CoreDNS version to 1.8.3 (#18018, @brb)
* test/helpers: fix kubectl version detection for RCs (#18133, @tklauser)
* test/helpers: Fix variadic expansion related panic (Backport PR #20519, Upstream PR #20332, @christarazi)
* test/k8s/manifests: bump test-verifier image to latest version (Backport PR #20519, Upstream PR #20461, @tklauser)
* test/K8sUpdates: Bump stable branch for v1.12 development (#18251, @pchaigno)
* test/nat46x64: Fix out-of-bounds index error (#19466, @pchaigno)
* test/runtime: fix flake on non-ready endpoints (#18627, @tklauser)
* test/runtime: remove disabled memcache test (Backport PR #20401, Upstream PR #20132, @tklauser)
* test/Runtime: Skip pre/post-checks during build (#18954, @pchaigno)
* test/RuntimePrivilegedUnitTests: Fix always-passing test (#19231, @pchaigno)
* test/RuntimePrivilegedUnitTests: Log timestamps (#19129, @pchaigno)
* test: Add Error Log Exceptions (#18117, @nathanjsweet)
* test: add git safe directory in test VMs (#19860, @tklauser)
* test: Add info which L4LB request fails (#19714, @brb)
* test: Add TS to each bash dbg output in L4LB (#20094, @brb)
* test: Also delete hubble-peer when cleaning up old tests. (#19979, @DolceTriade)
* test: Bump L4LB timeout from 30min to 45min (#20151, @brb)
* test: bump l4lb Vagrantfile kind to 0.11.1 (#18370, @jibi)
* test: Clarify performance test names (#18142, @joestringer)
* test: cleanup Services test suite (#18655, @brb)
* test: Collect logs from init containers (#18254, @pchaigno)
* test: Do not completely quarantine E/W svc suite (#19960, @brb)
* test: Do not redeploy Cilium in Egress GW suite (#18181, @brb)
* test: Do not run DualStack tests on k8s < 1.20 (#18831, @brb)
* test: Do not start cilium monitor in K8sServicesTest (Backport PR #20534, Upstream PR #20499, @brb)
* test: Don't redeploy in AfterAll of K8sServices test case (#18869, @brb)
* test: Extend coredns clusterrole with additional resource permissions (#18104, @aditighag)
* test: Fix bpffs mount on kind (#18695, @joestringer)
* test: Fix directory name for source archive (#19635, @michi-covalent)
* test: Fix failing net-next tests after changing to k8s 1.23 (#18184, @brb)
* test: Fix graceful termination test flake (#18050, @aditighag)
* test: Fix incorrect selector for netperf-service (#18006, @christarazi)
* test: Fix make target for e2e tests (#18356, @pchaigno)
* test: Fix pod cleanup after various tests (#18448, @joestringer)
* test: Flush CT tables after L7 proxy tests in K8sServices (#18857, @brb)
* test: Get rid of external_ips.go (#18765, @brb)
* test: Move service-proxy-name to unit test (#18679, @brb)
* test: Move some Services test cases to separate suites (#18684, @brb)
* test: Pin eksctl version (#19631, @michi-covalent)
* test: Quarantine Secondary nodeport device tests (#18091, @joestringer)
* test: remove nightly test leftovers (Backport PR #20534, Upstream PR #20526, @tklauser)
* test: Remove sockops test cases (Backport PR #20534, Upstream PR #20500, @brb)
* test: Remove unused Nightly suites (#20128, @brb)
* test: Remove workaround for old issue #12141 (#18722, @pchaigno)
* test: Restructure k8sT/Services.go (#18696, @brb)
* test: Run ip r l if ip r a fails (#18171, @brb)
* test: Runtime check that container create succeeds (#19184, @jrajahalme)
* test: temporary increase Hubble buffer size to 64k (#18058, @jibi)
* test: Use more explicit key for k8s3's taint (#19951, @pchaigno)
* test: Use stable image tag for Graceful termination test (#18208, @aditighag)
* test: use stable zookeeper image (#18186, @tklauser)
* test: Wait for pod termination in K8sServicesTest (#19750, @brb)
* test: Wait until host EP is ready (=regenerated) (#18859, @brb)
* tests-l4lb: Use Helm chart from local branch (#19953, @michi-covalent)
* Update 5.4 VM image (#19842, @pchaigno)
* update bpf_ct_tests.c to use node_config.h (#20177, @sahid)
* Update cilium-iproute2 (Backport PR #20534, Upstream PR #20549, @pchaigno)
* Update netlink library to not set XFRMA_IF_ID = 0 by default (#18506, @tklauser)
* Use docker manifest inspect to wait for images instead of using quay API (#19307, @YutaroHayakawa)
* vagrant, test: Enable IPv6 connectivity to the outside world (#18714, @pchaigno)
* vagrant: Bump 4.19 VM image (#20185, @pchaigno)
* vagrant: Bump all Vagrant box versions (#19168, @pchaigno)
* vagrant: Bump all Vagrant box versions except net-next (#19507, @pchaigno)
* vagrant: Bump net-next Vagrant box version (#19915, @pchaigno)
* vagrant: Don't recreate natnetworks (#19523, @pchaigno)
* vagrant: Fix IPv6 NAT setup (#19997, @pchaigno)
* vagrant: update 4.19 and net-next VM images (#18496, @nbusseneau)
* vagrant: Update 4.9 and 5.4 VM images (#18473, @pchaigno)
* vagrant: Update all VM images (#17761, @pchaigno)
* vagrant: Update all VM images (#18774, @pchaigno)
* vagrant: Update the net-next VM image (#19607, @pchaigno)
* workflow CI image bug (#19327, @weizhoublue)
* workflow: aws-cni-v1.10: use helm chart from PR (#19952, @jibi)
* workflow: checkout correct ref in v1.10 and v1.11 l4lb workflows (#19898, @jibi)
* workflow: l4lb: pass correct path for PR checkout (#20007, @jibi)
* workflow: Reenable IPsec testing on AKS (#18974, @pchaigno)
* workflow: Reenable IPsec testing on EKS (#19030, @pchaigno)
* workflow: use correct bwm helm option for v1.11 AWS CNI test (#19895, @jibi)
* workflow: Wait for AKS nodes to be ready (#19025, @pchaigno)
* workflows: conformance v1.10: fix native-routing-cidr flag (#18656, @jibi)
* workflows: disable rollback on CLI install (#18140, @nbusseneau)
* workflows: Downgrade to helm v3.8.2 to fix AWS CNI runs for v1.10 (#20073, @joamaki)
* workflows: Fix concurrency groups (#18193, @pchaigno)
* workflows: Fix the fix to concurrency groups (#18201, @nbusseneau)
* workflows: Increase timeout for AKS workflow (#19020, @pchaigno)
* workflows: pin Cyclonus image to its SHA (#19026, @nbusseneau)
* workflows: Pin the kubectl version used with EKS workflows (#19716, @joamaki)
* workflows: Remove unnecessary code in AWS-CNI workflow (#18156, @pchaigno)
* workflows: Run CodeQL workflow is the workflow is edited (#17982, @pchaigno)
* workflows: Update call to Quay API (#19228, @pchaigno)
* workflows: Update call to Quay API in external workloads (#19230, @jibi)
* workflows: update v1.10 workflows to v0.10.7 cilium CLI (#20020, @jibi)
* workflows: Wait for first AKS systempool to be deleted (#19097, @pchaigno)
Misc Changes:
* .github/workflows: fix hubble-relay cilium-cli installation (#19579, @aanm)
* .github: add dependabot for docker images (#19390, @aanm)
* .github: add failing_test_jenkins_template form for filing CI bugs (#18223, @qmonnet)
* .github: add parameter to allow for image suffix (#18200, @aanm)
* .github: add workflow to build beta images (#18052, @aanm)
* .github: Fix 1.11.1 project link for MLH (#18395, @joestringer)
* .github: fix conditions for running CODEOWNERS checks (#18981, @qmonnet)
* .github: Fix external workloads workflow for master (#19483, @jrajahalme)
* .github: Remove release template (#19166, @joestringer)
* [docs] Add training and support information to Getting Help (Backport PR #20333, Upstream PR #20194, @lizrice)
* [users] Add Mux Inc entry. (#19419, @dilyevsky)
* add 'refreshPeriod' to spelling wordlist (#19394, @aanm)
* Add a 'Limitations' section to 'External Workloads'. (#19366, @bmcustodio)
* Add a note about conflicting node CIDRs #20204 (#20208, @wokalski)
* Add APPUiO by VSHN to Cilium Users (#18880, @tobru)
* Add cilium cli to aws cni conformance tests (#19555, @aanm)
* Add Civo (#18745, @saiyam1814)
* Add consistency checks for the CODEOWNERS file (#18260, @qmonnet)
* add context when return errors during datapath initialization (#18011, @kerthcet)
* Add Deckhouse to users (#19804, @konstantin-axenov)
* Add Elastic Path to USERS.md (#19622, @sealneaward)
* Add ENI limits for i4i and x2i instance types (#19627, @hemanthmalla)
* Add ESP to firewall requirements in documentation for IPSec enabled C… (Backport PR #20333, Upstream PR #20314, @Kikiodazie)
* add gsod application form to docs (#19512, @xmulligan)
* Add Infomaniak to Cilium users (#19354, @reneluria)
* Add JUMO to active Cilium users (#18626, @thehunt33r)
* Add kOps as cilium user (#18848, @olemarkus)
* Add Kube-OVN to USERS (#19605, @oilbeater)
* Add Kubermatic to USERS (#18611, @rastislavs)
* add KubeSphere/KubeKey to the USERS list (#18937, @FeynmanZhou)
* Add link to CFP template doc (#19380, @lizrice)
* Add Meltwater to users file (#18192, @recollir)
* Add metric to track terminating endpoint events (Backport PR #20519, Upstream PR #20404, @aditighag)
* Add missing error reporting in replaceNetworkDatapath (#18715, @YutaroHayakawa)
* Add MyFitnessPal to Users list (#19345, @audip)
* Add Peer Service to Cilium DS Port List (Backport PR #20519, Upstream PR #20296, @nathanjsweet)
* Add Rancher Labs to Cilium users (#19292, @divya-mohan0209)
* add roadmap section and fix governance link (#19615, @xmulligan)
* add robots.txt to Cilium documentation (#19578, @aanm)
* Add Scaleway to the list of users (#18807, @remyleone)
* Add support for Amazon EC2 c7g instances (#18708, @otterley)
* Add T-Systems International to Cilium users list (#18984, @ManuStoessel)
* Add Typhoon (Poseidon Labs) to Cilium users (#18822, @dghubble)
* add website contributing link (#18940, @xmulligan)
* added a CLOMonitor exception file for Slack (#19235, @xmulligan)
* added a link to the DCO page to show people how to amend a commit (#19294, @xmulligan)
* Added ByteDance to users.md (#19823, @Jiang1155)
* added Google Season of Docs Project proposal page (#19215, @xmulligan)
* added NYT to the Cilium Users list (#19382, @prune998)
* Adding IKEA IT AB to the USERS.md (#20099, @knfoo)
* Adding Liquid Reply to Users (#19342, @mkorbi)
* Adding Overstock to the USERS.md (#19762, @ntaylor1781)
* Adds a locked function to do ipcache delete on metadata match (#17909, @Weil0ng)
* Adds missing lock for cesTracker operation (#18055, @Weil0ng)
* Alibabacloud fixes (#18762, @jaffcheng)
* alibabacloud: Fix missing instance due to incomplete subnet list (#19155, @jaffcheng)
* alignchecker: fix LLVM 15 build by removing an unused variable (#19368, @aspsk)
* Allocate Ingress IPs for new reserved:ingress identity (#19764, @jrajahalme)
* api/v1: regenerate to update copyright year (#18403, @tklauser)
* api: change "group not found" log to debug (#19927, @tklauser)
* api: generate markdown documentation for gRPC APIs (#18799, @rolinh)
* api: re-sync bpf drop reasons (Backport PR #20401, Upstream PR #20149, @julianwiedmann)
* avoid calling OnFlowDelivery with nil (#18605, @kaworu)
* azure/api: remove TestRateLimit (#18481, @tklauser)
* Badges for CLOMonitor and Artifacthub were added to the README (#19105, @xmulligan)
* BGP Control Plane Followups: Conditionally load CRDs, tune back relist interval for shared informers, server side filter nodes. (#19417, @ldelossa)
* bgp,testing: fix race condition in checking fencer map (#18884, @ldelossa)
* bgp: Add support for ClusterPool pod CIDRs (#17899, @gandro)
* bgp: Fixed broken bgp speaker unit tests (Backport PR #20519, Upstream PR #20521, @dylandreimerink)
* Bpf fix conditional compilation (#19104, @jrajahalme)
* bpf, hubble: explicitly mark trace reason as "unknown" when relevant (#19226, @qmonnet)
* bpf/sock: Use renamed field (#19532, @jrajahalme)
* bpf: Add trace reason for TRACE_TO_PROXY (#19189, @borkmann)
* bpf: Clean up license and copyright notices for Linux UAPI headers (#18870, @qmonnet)
* bpf: do not pass 0 as a trace reason for send_trace_notify() (#19424, @qmonnet)
* bpf: Don't hardcode cb CB_ENCRYPT_DST index (#20105, @pchaigno)
* bpf: Dual-license code as GPL 2.0 and 2-Clause BSD (#18858, @qmonnet)
* bpf: egressgw: don't redirect to tunnel dev if EP is running on gateway node (#19629, @jibi)
* bpf: Fix implicit cast for BPF TPROXY debug message (#18429, @pchaigno)
* bpf: fix native local build (#19218, @aanm)
* bpf: Fix stale map removal in agent logs (#17973, @borkmann)
* bpf: Forbid implicit int conversions (#18501, @pchaigno)
* bpf: Handle tuple collisions for inactive backends (Backport PR #20519, Upstream PR #20407, @borkmann)
* bpf: Quieten mock targets (#17992, @joestringer)
* bpf: Remove DNS quirk for monitor aggregation (#19108, @borkmann)
* bpf: Remove duplicate conntrack code (#18631, @pchaigno)
* bpf: Rename tail call targets (#19807, @pchaigno)
* bpf: Reset Pod's queue mapping in host veth to fix phys dev mq selection (#18388, @borkmann)
* bpf: Simplify ipv6_hdrlen's prototype (#18703, @pchaigno)
* bpf: specify handle_lxc_traffic return type to fix -Wimplicit-int error (#19891, @tklauser)
* bpf: Split bpf_lxc CT lookups to their own tail calls (#19818, @pchaigno)
* bpf: switch egress gateway logic to identity_is_cluster() (Backport PR #20519, Upstream PR #20209, @jibi)
* bugtool: Add structured node and health output (#20011, @gandro)
* build(deps): bump 8398a7/action-slack from 3.11.0 to 3.12.0 (#17965, @dependabot[bot])
* build(deps): bump 8398a7/action-slack from 3.12.0 to 3.13.0 (#18423, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.6 to 2.1.7 (#17972, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.7 to 3 (#19208, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19271, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19391, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.2 to 3.0.3 (#20029, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.3 to 3.0.4 (#20093, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.4 to 3.0.5 (#20494, @dependabot[bot])
* build(deps): bump actions/checkout from 2.4.0 to 3 (#18990, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19448, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#19535, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#18163, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (#19013, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#18322, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18752, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.2.0 to 3 (#18960, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#19801, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#20466, @dependabot[bot])
* build(deps): bump actions/stale from 4.1.0 to 5 (#18991, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#18165, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#18263, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (#19027, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#19899, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.5.11 to 1.6.0 (#17998, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 (#18528, @dependabot[bot])
* build(deps): bump azure/login from 1.4.1 to 1.4.2 (#18154, @dependabot[bot])
* build(deps): bump azure/login from 1.4.2 to 1.4.3 (#18550, @dependabot[bot])
* build(deps): bump azure/login from 1.4.3 to 1.4.4 (#19670, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.10.0 to 3 (#19725, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#18516, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18687, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.9.0 to 2.10.0 (#19144, @dependabot[bot])
* build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#18307, @dependabot[bot])
* build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18842, @dependabot[bot])
* build(deps): bump docker/login-action from 1.13.0 to 1.14.0 (#18962, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.0 to 1.14.1 (#18992, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.1 to 2 (#19727, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19612, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#19728, @dependabot[bot])
* build(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#19722, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1334 to 1.61.1340 (#17979, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1340 to 1.61.1357 (#18039, @dependabot[bot])
* build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.10.0 to 1.10.3 (#18065, @dependabot[bot])
* build(deps): bump github.com/Azure/azure-sdk-for-go from 59.3.0+incompatible to 59.4.0+incompatible (#18020, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0 (#18578, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.8.1 to 0.9.0 (#19972, @dependabot[bot])
* build(deps): bump github.com/cilium/workerpool from 1.1.1 to 1.1.2 (#19300, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 (#19620, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 (#20058, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0 (#19043, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1 (#19293, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible (#18288, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.14+incompatible (#19285, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.16+incompatible (#19811, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible (#20136, @dependabot[bot])
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 (#19596, @dependabot[bot])
* build(deps): bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#18599, @dependabot[bot])
* build(deps): bump github.com/go-openapi/loads from 0.21.0 to 0.21.1 (#18771, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.21.0 to 0.23.1 (#18908, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.1 to 0.23.3 (#19302, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#19636, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#19736, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#19397, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#19668, @dependabot[bot])
* build(deps): bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#18001, @dependabot[bot])
* build(deps): bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 (#20119, @dependabot[bot])
* build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#19595, @dependabot[bot])
* build(deps): bump github.com/google/gops from 0.3.22 to 0.3.23 (#19737, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.11.0 to 1.12.0 (#18291, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.12.0 to 1.13.0 (#20121, @dependabot[bot])
* build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.19.0 (#19234, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.1.0 to 3.2.0 (#19667, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.2.0 to 3.3.0 (#20071, @dependabot[bot])
* build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#18674, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 (#18354, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.2 (#19001, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 (#19328, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 (#19669, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#20044, @dependabot[bot])
* build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0 (#19780, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#18290, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#19329, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#19430, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#19988, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.1 (#18289, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#19156, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#20120, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3 (#20253, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.23 to 1.0.24 (#17977, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.24 to 1.0.25 (#18145, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.25 to 1.0.26 (#18245, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.26 to 1.0.27 (#18451, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.27 to 1.0.28 (#18532, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.28 to 1.0.29 (#18577, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.29 to 1.0.30 (#18598, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.30 to 1.0.31 (#18686, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.31 to 1.0.32 (#18735, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.32 to 1.1.0 (#18785, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.0 to 1.1.1 (#18840, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.1 to 1.1.2 (#18854, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 (#19084, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 (#19160, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 (#19269, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#20057, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#20274, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#20294, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#20345, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#20506, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.6 to 2.1.7 (#19335, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.7 to 2.1.8 (#19371, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#19599, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.9 to 2.1.11 (#19853, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.2 to 3.5.3 (#19442, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.3 to 3.5.4 (#19559, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.2 to 3.5.3 (#19443, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.3 to 3.5.4 (#19557, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.1 to 3.5.2 (#19054, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.3 (#19444, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.3 to 3.5.4 (#19558, @dependabot[bot])
* build(deps): bump go.uber.org/multierr from 1.7.0 to 1.8.0 (#19114, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.10 to 0.1.11 (#20159, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.7 to 0.1.8 (#18134, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.8 to 0.1.10 (#19157, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 2.5.2 to 3 (#18943, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 (#18965, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#19779, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.2.1 to 0.3 (#18144, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.3.0 to 0.4.0 (#18594, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.4.0 to 0.5.1 (#18841, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 (#19094, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#18292, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.43.0 to 1.45.0 (#19301, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#19560, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#19835, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#20045, @dependabot[bot])
* build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#19284, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#18064, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#18103, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.2 to 1.66.4 (#18767, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.4 to 1.66.6 (#20021, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#20198, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.0 to 1.5.1 (#18944, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19322, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.2 to 1.5.3 (#19865, @dependabot[bot])
* build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19413, @dependabot[bot])
* build(deps): bump library/alpine from 3.15.4 to 3.16.0 in /images/cache (#19943, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.5.1 to 2.6.0 (#18226, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0 (#19577, @dependabot[bot])
* build: Fix compilation issue for non-linux platform (#19662, @sayboras)
* build: Fix cross compiling for amd64 on arm64 (#19175, @jrajahalme)
* byteorder: use native instructions in host/network order conversion (#18606, @tklauser)
* Capital One added to Users doc (#20084, @bradwhitfield)
* Changed the documentation for Kubespray installation to recommend using -e flag for cilium_version variable instead of editing the role variables. (#18342, @necatican)
* ci: Pin down image for the documentation workflow (#19356, @qmonnet)
* ci: Replace prbot-stale with actions/stale (#18503, @twpayne)
* ci: Update Cilium CLI to v0.11.3 (#19602, @nathanjsweet)
* Cilium host proxy is updated to Envoy release 1.21.0 (#18748, @jrajahalme)
* cilium, lbmap: Use silent delete in deleteBackendLocked for now (#19352, @borkmann)
* cilium: Add knob for local address to be considered host id in ipcache (#19513, @borkmann)
* cilium: make tcp rebalance grace period configurable (#19800, @borkmann)
* cilium: nat46/64 ci codeowner & monitor drop reason (#19298, @borkmann)
* Clarify identity generated from CIDR-based policies and add security identity internal docs (#16716, @christarazi)
* Clarify taint effects in the documentation. (#19186, @bmcustodio)
* Clean up UpdateIPCacheVTEPMapping() (#19510, @vincentmli)
* cni: Add log file for CNI executions (#18353, @sayboras)
* Code of conduct email updated to conduct@cilium.io (#19511, @xmulligan)
* CODEOWNERS: Add clustermesh entries (#19316, @pchaigno)
* CODEOWNERS: Assign clustermesh-apiserver code to @cilium/sig-clustermesh (#18972, @kaworu)
* CODEOWNERS: clean-up entries for deleted files (#18000, @qmonnet)
* CODEOWNERS: Do not assign reviewers for Documentation/helm-values.rst (#18651, @qmonnet)
* CODEOWNERS: Extend proxy group to pkg/fqdn (#19874, @christarazi)
* CODEOWNERS: janitors renamed to tophat (#18360, @pchaigno)
* contrib/backporting: Include golang in the image (#18664, @glibsm)
* contrib/scripts: Support env vars for kind script (#20035, @christarazi)
* contrib: Fix release script helm value generation (#18538, @joestringer)
* contrib: Improve version matching in readme bump (#18548, @joestringer)
* contrib: Make KIND cluster ipFamily configurable (#19068, @brb)
* contrib: Support contrib/scripts/kind.sh on macOS (#20096, @sayboras)
* Crane joins Cilium as a user (#19065, @slzcc)
* ctmap: Do not use nil locks (Backport PR #20401, Upstream PR #20388, @jrajahalme)
* daemon, fqdn: Add flag to control FQDN regex LRU size (#19383, @christarazi)
* daemon, install/kubernetes: fix typo in DNS policy rule unload flag/value doc (#18982, @tklauser)
* daemon, option: consistently hard-code host device (#18467, @tklauser)
* daemon, option: remove deprecated native-routing-cidr option (#19677, @tklauser)
* daemon, option: remove deprecated prefilter- options (#19913, @julianwiedmann)
* daemon/cmd: Extend Cilium status with graceful termination config (#17969, @aditighag)
* daemon: deprecate --endpoint-interface-name-prefix option (#18558, @tklauser)
* daemon: Deprecate --host-reachable-services-protos (#19083, @brb)
* daemon: Deprecate KPR=probe (Backport PR #20401, Upstream PR #20328, @brb)
* daemon: Don't ignore sockops failures (#19080, @pchaigno)
* daemon: don't mark deprecated flags as hidden twice (#19086, @tklauser)
* daemon: Fix build after VTEP routes conflict (#20077, @joestringer)
* daemon: Init k8s watchers after setting agent flags (#18770, @pchaigno)
* daemon: Initialize k8sCachesSynced channel before calling Initk8sSubsystem() (#19626, @jrajahalme)
* daemon: Removed unused method (#18729, @aditighag)
* datapath/link: Initialize link monitor explicitly (#18565, @joestringer)
* datapath: Change FIB lookups to enable NodePort multihoming (#18585, @brb)
* datapath: Improve sysctl warning for bpf_jit_enable (#20018, @joamaki)
* datapath: Improved BPF testing framework (#20017, @dylandreimerink)
* datapath: Use FROM_NETDEV instead of FROM_LXC in nodeport.h (#19986, @brb)
* dependabot: disable all AWS package updates (#18102, @tklauser)
* dependabot: disable cloud provider SDK updates (#18067, @tklauser)
* dependabot: Unignore prometheus/client_golang (#20075, @ti-mo)
* dev-tool: Add cfssl and cfssljson tool check (#18337, @sayboras)
* development: add kind cluster shell helpers (#19069, @ldelossa)
* dnsproxy: update dnsproxy benchmark memory calculation (Backport PR #20519, Upstream PR #20305, @odinuge)
* Do not disable peer service when hubble.listenAddress is empty (#19886, @chancez)
* doc: add note about checkpatch during dev workflow (#19879, @sahid)
* doc: add upgrade note about nativeRoutingCIDR deprecation (#18095, @kaworu)
* doc: getting started minor fixes (#18024, @kaworu)
* doc: update doc to inform about SERVER_BOX/VERSION (#19749, @sahid)
* doc: use ipv4NativeRoutingCIDR instead of nativeRoutingCIDR (#18026, @kaworu)
* doc: VTEP redirection and L7 policy partially incompatible (#19700, @vincentmli)
* docs(bpf): fix minor grammar errors in struct padding section (Backport PR #20534, Upstream PR #20249, @maxbrunet)
* docs(MAINTAINERS): fix link to commit_access.rst (#20081, @raphink)
* docs(masquerading): add missing "address" (Backport PR #20563, Upstream PR #20538, @raphink)
* docs(policy): add notes on DNS/L7 policies & Cilium agent availability (Backport PR #20333, Upstream PR #20289, @raphink)
* docs(README): add logo option for dark theme (#19920, @raphink)
* docs, ci, test/l4lb: use latest cilium-cli release according to stable.txt (#20203, @tklauser)
* docs,ci: updates to ci docs (#19174, @ldelossa)
* docs: Add CLI installation for ServiceMesh (Backport PR #20519, Upstream PR #20406, @sayboras)
* docs: Add cluster install/prep guide for AKS-to-AKS clustermesh (Backport PR #20534, Upstream PR #20439, @dylandreimerink)
* docs: Add default conntrack gc interval (#19977, @aditighag)
* docs: Add developers guide page about BPF testing framework (#20165, @dylandreimerink)
* docs: Add docs-builder build as dependency to live preview (#19885, @qmonnet)
* docs: Add example how to config ipmasq via ConfigMap (Backport PR #20519, Upstream PR #20239, @brb)
* docs: Add Getting Started docs for clustermesh service affinity (Backport PR #20333, Upstream PR #20228, @sayboras)
* docs: Add getting started docs for Ingress (#19760, @sayboras)
* docs: add Hands-on tutorial (#18583, @vannyle)
* docs: Add interactive help for make targets (Documentation/Makefile) (#20012, @qmonnet)
* docs: add kube-apiserver to the special identity list (#20047, @kaworu)
* docs: Add limitation document for bandwidth-manager + nested network namespace (#18400, @YutaroHayakawa)
* docs: add missing ingress special identity (#20060, @kaworu)
* docs: Add more envoy supported extensions (Backport PR #20401, Upstream PR #20241, @sayboras)
* Docs: add project roadmap (#19540, @lizrice)
* docs: Add read:user scope for github token (#19063, @sayboras)
* docs: add registry (quay.io/) for pre-loading images for kind (#18017, @adamzhoul)
* docs: Add requirement for ginkgo version (#19248, @sayboras)
* docs: add robots.txt in a static directory (#19564, @aanm)
* docs: add Talos to adopters list (#18879, @frezbo)
* docs: Add troubleshooting docs for Ingress (Backport PR #20519, Upstream PR #20428, @sayboras)
* docs: Add upgrade note regarding custom ports (#17975, @errordeveloper)
* docs: added GSoD technical writers (#19799, @xmulligan)
* docs: adding Accuknox to USERS (#19103, @nyrahul)
* docs: adding Nexxiot to USERS (#19332, @alex-berger)
* docs: adding Snapp to USERS (#19128, @m-yosefpor)
* docs: builder,runtime images (#18576, @kkourt)
* docs: Clarify deprecated "prefilter-devices" (#18112, @brb)
* docs: clarify upgrade impact for clients using an egress gateway (#18097, @jibi)
* docs: Clarify use of the eni.subnetTagsFilter option (#19276, @gandro)
* docs: cleanup and tidy up the 1.11 upgrade guide (#18093, @aanm)
* docs: disable k3s network policy enforcement (#18671, @tklauser)
* docs: Document clustermesh datapath configuration for non-tunneled modes (Backport PR #20519, Upstream PR #16499, @jrajahalme)
* docs: Document monitor aggregation levels (#19349, @michi-covalent)
* docs: Document operator.unmanagedPodWatcher (#19820, @joestringer)
* docs: Document required kernel configuration options (#18546, @pchaigno)
* docs: Document the kube-apiserver entity (#18396, @christarazi)
* docs: Document unsupported focused tests for runtime suite (#19173, @aditighag)
* docs: Don't mark pre-upgrade step as "recommended" (#18468, @pchaigno)
* docs: Don't rely on assignee filter for reviews (#18676, @pchaigno)
* docs: export KUBECONFIG for cilium-cli with k3s (#18697, @tklauser)
* docs: Fix first-interface-index documentation (#18327, @gandro)
* docs: fix a Links documentation style guide error (Backport PR #20534, Upstream PR #20460, @Kikiodazie)
* docs: Fix and clean-up the build framework for the documentation (#19969, @qmonnet)
* docs: Fix build after etcd v3.5.4 version bump (#20171, @joestringer)
* docs: Fix display of misspelled words (#19542, @qmonnet)
* docs: fix eksctl ClusterConfig to allow copy (#18110, @aanm)
* docs: fix flags for 1.12 branch (Backport PR #20519, Upstream PR #20408, @aanm)
* docs: Fix incorrect command in IPsec GSG (#19767, @pchaigno)
* docs: Fix incorrect FQDN flag (#19930, @pchaigno)
* docs: Fix incorrect mention of bpf.masquerade's default value (#18420, @pchaigno)
* docs: Fix incorrect values for hubble-ui standalone install (#18661, @ysksuzuki)
* docs: fix link to signoff / certificate of origin section (#18123, @timoreimann)
* docs: Fix max SPI value for IPsec key rotations (#19893, @pchaigno)
* docs: Fix reference to upgrade guide (#20184, @joestringer)
* docs: fix small spelling mistakes in masquerading pages (#18338, @yanhongchang)
* docs: fix tip about opening the Hubble server port on all nodes (#19036, @rolinh)
* docs: Fix up mailmap a bit and update authors (#17983, @borkmann)
* docs: Fix update-spelling_wordlist.sh to run command on spelling errors (Backport PR #20519, Upstream PR #20481, @qmonnet)
* docs: fix version warning banner (#19611, @aanm)
* docs: fix version warning URL to point to docs.cilium.io (#19563, @aanm)
* docs: Fixed service list command in clustermesh affinity guide (Backport PR #20519, Upstream PR #20442, @dylandreimerink)
* docs: improve description for session affinity with KPR (#19478, @julianwiedmann)
* docs: improve guide to setup Cilium overlay on EKS (#19207, @oliwave)
* docs: Improve kubeproxy replacement and OKD GSG guide. (Backport PR #20534, Upstream PR #20447, @tommyp1ckles)
* docs: Improve policy troubleshooting guide (Backport PR #20401, Upstream PR #20399, @joestringer)
* docs: ipsec: remove node-to-node encryption (Backport PR #20519, Upstream PR #20422, @NikAleksandrov)
* docs: KUBECONFIG for cilium-cli with k3s (#18068, @kkourt)
* docs: L7 traffic management getting started guide (Backport PR #20519, Upstream PR #20421, @sayboras)
* docs: Mark Git repo as safe in Docker build-docs container (#19861, @qmonnet)
* docs: Mention how to build images for local CI testing (#17984, @brb)
* docs: Mention KPR in DR mode sec ID limitation (#19113, @brb)
* docs: minor fixes (#20218, @julianwiedmann)
* docs: Minor updates to IPsec limitations (#18647, @pchaigno)
* docs: move sitemap-index.xml to static directory (#19681, @aanm)
* docs: Nit changes to steps for image building (#20153, @pchaigno)
* docs: prevent search engines from indexing old branches (#18111, @aanm)
* docs: Regenerate doc for Helm values (#18953, @pchaigno)
* docs: Remove '\r' chars from grep result to parse Alpine image name (#19888, @qmonnet)
* docs: remove gobpf, mention cilium/ebpf (#18657, @ti-mo)
* docs: Remove incorrect beta note for host policies (#18470, @pchaigno)
* docs: Remove manual installation instruction for kind clustermesh (#18075, @aditighag)
* docs: remove mention of 250 nodes for kvstore (#17995, @aanm)
* docs: remove stale EgressGW limitation with CES (#20195, @julianwiedmann)
* docs: Remove trailing step in AWS helm install (#18893, @joestringer)
* docs: Replace 'micro version' with 'patch version' (#18279, @pchaigno)
* docs: Replace janitors team with tophat team (#18430, @pchaigno)
* docs: set right path for robots.txt (#19638, @aanm)
* docs: set robots.txt in the right directory (#18243, @aanm)
* docs: set the right url for API version check (#19610, @aanm)
* docs: Update clustermesh example verification steps (#18764, @sayboras)
* docs: update CODEOWNERS feature release instructions (#18252, @nbusseneau)
* docs: Update company name in MAINTAINERS.md (#19431, @sayboras)
* docs: Update contributing guide pages (#18346, @sayboras)
* docs: update copybutton.css following the docutils update (#19498, @qmonnet)
* docs: Update docs with minimum helm version (Backport PR #20519, Upstream PR #20403, @aditighag)
* docs: update egress gateway documentation and mark the feature stable (#19862, @jibi)
* docs: update k8s instructions on how to update k8s libraries (#18040, @aanm)
* docs: Update max MTU value for Nodeport XDP on AWS (#19593, @qmonnet)
* docs: Update shared service annotation docs (#19313, @sayboras)
* docs: Update Sphinx to v4.5.0 (#19348, @qmonnet)
* docs: Update stable release versions (#18222, @borkmann)
* docs: Update the kind documentation with cgroup requirements (#18269, @aditighag)
* docs: Update the minimum required Minikube version (#18155, @pchaigno)
* docs: Use kubectl exec daemonset/cilium where possible (#18723, @pchaigno)
* docs: Warn against Helm's --reuse-values in Cilium upgrades (#18259, @gandro)
* Document installing Cilium on Rancher Desktop (#19049, @chancez)
* Document that clustermesh cluster-id range is 1-255 (#19683, @stonith)
* Document v1.11 feature deprecations (#17993, @joestringer)
* Documentation for adding CRDs into Cilium (#19275, @ldelossa)
* Documentation/gettingstarted: disable curl progress meter (#18698, @tklauser)
* Documentation: Improve cilium-cli and hubble cli installation instructions (Backport PR #20534, Upstream PR #20415, @chancez)
* Documentation: Only install 1 replica of operator on k3s (Backport PR #20519, Upstream PR #20416, @chancez)
* Documentation: Restart cilium-operator and cilium after enabling Service Mesh (Backport PR #20519, Upstream PR #20417, @chancez)
* Drop years and copyright symbol from copyright notices (#18813, @qmonnet)
* Dynamic Cluster Pool follow-ups (#19777, @gandro)
* elf: Don't assume data symbols are 4-bytes long (#18518, @pchaigno)
* elf: Move functions only used in tests (#18383, @twpayne)
* elf: skip TestWrite if ELF file wasn't built (#18046, @gandro)
* Enable cilium-cli helm based installation (#18898, @aanm)
* endpoint: Print error for regeneration timeout (#19333, @pchaigno)
* endpointmanager: Add extra check for out-of-range endpoint IDs (Backport PR #20519, Upstream PR #20363, @twpayne)
* eni: Fix broken build due to unit test (#19278, @gandro)
* Envoy update for service mesh (#19101, @jrajahalme)
* envoy: Limit accesslog socket permissions (#19190, @jrajahalme)
* Exclude interface's primary address from IP pool by default in Azure (Backport PR #20333, Upstream PR #19743, @hemanthmalla)
* Expose hubble-ui security context in helm chart hubble.ui.securityContext (#19441, @hemslo)
* Expose metrics for active FQDN connections per endpoint (#19857, @christarazi)
* feat(command): allow to dump as YAML (#19480, @raphink)
* Feat: add ingressClassName to hubble ingress spec (#18044, @cyril-corbon)
* Fix a function comment typo (#18231, @hangyan)
* Fix a typo in the documentation (#18411, @gjkim42)
* fix CODEOWNERS (#18980, @kaworu)
* Fix comment for EndpointCreated function (#19465, @Jiang1155)
* Fix documented EC2 IAM action (#17958, @austince)
* Fix helm chart annotations for CRDs installed by Cilium (#18141, @joestringer)
* Fix Makefile.docker not to specify --load and --push flags at once (#18316, @YutaroHayakawa)
* Fix missing capabilities when not running Cilium on containerd-based Kubernetes (#19903, @AtkinsChang)
* Fix running documentation make targets on MacOS (#19900, @chancez)
* Fix smoke tests by filtering out go_ metrics from metrics linting (#19399, @chancez)
* Fix the typo in Fatalf message of printConfigurations (#18413, @21kyu)
* Fixed warnings generated by "make -C test/bpf/ nat-test" due to improper castings (#18015, @cdelzotti)
* Fixes:Added the declaration of license (#19834, @yulng)
* fqdn/dnsproxy: fix test build (Backport PR #20534, Upstream PR #20537, @tklauser)
* fqdn: Use read-write mutex inside NameManager (#19486, @christarazi)
* gha: Add ingress conformance test (#19742, @sayboras)
* gha: Add retry options for ingress sanity check (#19825, @sayboras)
* gha: Bump cilum cli version to v0.11.6 (#19828, @sayboras)
* git: Ignore local emacs config (#18939, @jrajahalme)
* github: Backport DNS fix for external workloads 1.10 and 1.11 tests (#19516, @jrajahalme)
* go.mod, vendor: update cloud provider SDK Go modules (#18983, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19409, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19664, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for July 2022 (Backport PR #20401, Upstream PR #20371, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for June 2022 (#20126, @tklauser)
* go.mod, vendor: update cloud SDK modules (#18355, @tklauser)
* go.mod: update kevinburke/ssh_config dependency (#19289, @kevinburke)
* health: Fix cluster-health-port for health endpoint (#18061, @gandro)
* Helm Chart loop monitor sidecar (#19363, @yuriydzobak)
* helm: Bump cilium/startup-script image tag (#19263, @gandro)
* helm: don't generate the hubble-peer svc during preflight checks (#19759, @kaworu)
* helm: Enable ingress controller in smoke tests (ipv4 + ipv6) (#19644, @sayboras)
* helm: Enable offline deployments for OpenShift clusters (#18849, @nathanjsweet)
* helm: Expose agent DNS proxy parameters as chart values (#19967, @joaoubaldo)
* helm: Fix syntax error in Hubble UI className (#20056, @gandro)
* helm: Make DNS policy for cilium-agent and cilium-operator pods configurable (Backport PR #20519, Upstream PR #20082, @michi-covalent)
* helm: Templatize preflight and clustermesh-apiserver repos (#20206, @michi-covalent)
* helm: Update links in values.yaml (#18471, @sayboras)
* helm: use port 80/443 by default for the peer service (#19933, @rolinh)
* highlight values.yaml.tmpl as yaml (#20250, @kaworu)
* hubble/filters: add a unit test for TCP flows without flags (#18971, @kaworu)
* hubble/filters: strict number check for full HTTP status code (#19429, @kaworu)
* hubble: Improve performance of identity getter (#20005, @gandro)
* hubble: read proxy port from trace event (#18510, @zhanghe9702)
* hubble: remove unused local observer field (#19962, @kaworu)
* identity: Initialize local identity allocator early (#19556, @jrajahalme)
* images, contrib/coccinelle: update alpine image to 3.16.0 (Backport PR #20519, Upstream PR #20378, @tklauser)
* images,test: Remove noop SKIP_DOCS (#18955, @pchaigno)
* images/cilium: remove cilium group from Dockerfile (#19711, @aanm)
* images/runtime: update CNI plugins to 1.1.1 (#19690, @tklauser)
* images: Bump Hubble CLI to v0.10.0 (Backport PR #20401, Upstream PR #20286, @gandro)
* images: Fix build on arm64 (#18795, @jrajahalme)
* images: Remove copyright years from copyright notices (#19359, @qmonnet)
* images: Update bpftool (#19046, @pchaigno)
* images: Update cilium-bpftool (#20197, @NikAleksandrov)
* images: Update cilium-iproute2 (#18784, @pchaigno)
* images: update gops binary in images to v0.3.22 (#18175, @tklauser)
* Improve Cilium DNS Proxy-related error metrics (#19702, @christarazi)
* Improve dev-doctor hints (#18562, @jtaleric)
* Improve Egress Gateway Getting Started Guide (Backport PR #20519, Upstream PR #20471, @pippolo84)
* Improve Egress Gateway Getting Started Guide (Backport PR #20563, Upstream PR #20531, @pippolo84)
* Improve the efficiency of the k8s-unmanaged.sh script (#19471, @gavinmcnair)
* ingress: Couple of cleanup and TODOs (#19647, @sayboras)
* install/cilium-operator: fix clusterrole rules (#19686, @aanm)
* install/kubernetes: Avoid quoting version twice (#20188, @joestringer)
* install/kubernetes: bump etcd to v3.5.4 (#20134, @aanm)
* install/kubernetes: do not initialize variable twice (Backport PR #20519, Upstream PR #20430, @aanm)
* install/kubernetes: expose DNS policy rule unload agent flag as helm value (#18809, @tklauser)
* install/kubernetes: fix helm generation for operator image digest (#17968, @aanm)
* install/kubernetes: Remove deprecated cluster roles (#18168, @christarazi)
* install: Fix hubble-ui image references (#18209, @joestringer)
* install: Fix typos of cilium (#20113, @twpayne)
* ipam: Shutdown retry trigger on node deletion (#20140, @christarazi)
* ipcache: Add test asserting out-of-order Kubernetes events (#19258, @christarazi)
* ipcache: Error out from InjectLabels if Checker is nil (#19887, @jrajahalme)
* ipcache: Make SupportsDelete() more robust by using a separate map (#19641, @joamaki)
* ipcache: Use incremental policy updates (#18996, @joestringer)
* ipsec: Rewrite parser for IPsec secret (#19824, @pchaigno)
* iptables: Fix race condition on ipset removal (#18790, @pchaigno)
* k8s-conformance: Improve skipped tests format/links (#19628, @joestringer)
* k8s: Fix CRD schema version for v2alpha1 (#18215, @joestringer)
* k8s: Move CiliumEnvoyConfig to v2 (#19688, @jrajahalme)
* k8s: Update libraries to 1.23.3 (#18633, @christarazi)
* k8s: update libraries to v1.23.0 (#18190, @aanm)
* k8s: Use kubelet's logic to close all idle connections (#19290, @christarazi)
* labels/cidr: use netip types to improve GetCIDRLabels and IPStringToLabel performace (Backport PR #20401, Upstream PR #20316, @tklauser)
* List Simple Life as Cilium user (#19377, @sergeyshevch)
* loader: Use new eBPF ISA feature probes (#19170, @pchaigno)
* localdev: fix kind helm install shell function (#19149, @ldelossa)
* logo: fix position of central polygon (#19216, @sisp)
* LRP minor improvements (#19489, @aditighag)
* maglev: fix TestPermutations backend generation (#19663, @kaworu)
* maglev: use github.com/cilium/workerpool (#19940, @kaworu)
* MAINTAINERS: adding myself to committers list (#18781, @lizrice)
* MAINTAINERS: update committers (#20014, @tklauser)
* Make API ratelimit logs less noisy by default (#18934, @panchm)
* Make k8s-cilium-exec.sh friendlier to read (#17997, @weizhoublue)
* make: check that Go major/minor version matches required version (#19528, @tklauser)
* make: fix Makefile docker pull command to cause an error when using podman (#19748, @koba1t)
* make: grep for new go:build tags in PRIV_TEST_PKGS_EVAL (#19415, @tklauser)
* make: remove deprecated test targets (#19436, @tklauser)
* Makefile: Add 'make kind-image' to 'make help' (#19963, @joestringer)
* Makefile: Add kind-image target (#17990, @joestringer)
* Makefile: Fix TESTPKGS commandline (#19100, @joestringer)
* Makefile: Measure unit test coverage by package (#20038, @joestringer)
* Makefile: Push image in 'kind-image' target (#18167, @joestringer)
* maps/lbmap: fix maglev test suite build (#19435, @tklauser)
* metrics: Fix NaN value for cilium metrics list CLI (#19987, @sayboras)
* Misc Makefile improvements for quiet mode V=0 (#20031, @joestringer)
* Misc. testing cleanups (#18238, @christarazi)
* Move Equinix to the correct place in the alphabet (#19527, @xmulligan)
* Moved Azure secrets to secret resource (#18010, @wolffberg)
* neigh: minor improvements for neigh tests to be less flaky (#18057, @borkmann)
* neigh: Support multi device neighbor discovery (Backport PR #20333, Upstream PR #20092, @ysksuzuki)
* New config hubble.relay.securityContext in Helm values. (#18242, @ooraini)
* node: don't set write-only NodeAddressingElement.AddressType property (#19044, @tklauser)
* node: Fix bug where node ipsets are never cleaned (#18582, @pchaigno)
* None (#19280, @pacoxu)
* operator: start the event queue in a dedicated go routine (Backport PR #20519, Upstream PR #20353, @aanm)
* Optimize CIDR label functions (#19843, @christarazi)
* pkg/bpf: add map name in error message for OpenParallel (#19491, @aanm)
* pkg/bpf: Include BPF map names during map creation (#20091, @christarazi)
* pkg/daemon: Log error when node port init fails (#18475, @aditighag)
* pkg/datapath/linux: Simplify logical conditions for IPsec node encryption (#18915, @christarazi)
* pkg/datapath: Remove transitive dependency on netlink (#18619, @aditighag)
* pkg/elf: Mark tests as integration tests (#18326, @twpayne)
* pkg/endpoint: fix data race in endpoint logger (#18769, @aanm)
* pkg/fqdn: Replace remaining usages of regex compile with LRU (#19875, @christarazi)
* pkg/k8s: do not wait for endpointslice cache sync in k8s >= 1.17 (Backport PR #20570, Upstream PR #20569, @aanm)
* pkg/k8s: use subresource "nodes/status" to update node annotations (#19590, @aanm)
* pkg/labels: Optimize SortedList() and FormatForKVStore() (#19423, @christarazi)
* pkg/mac refactor for common code use (#18793, @vincentmli)
* pkg/maps: Fix data races around accessing nat maps (#18952, @aditighag)
* pkg/metrics: Remove source node label (Backport PR #20519, Upstream PR #20433, @aditighag)
* pkg/policy/api: Optimize Decision MarshalJSON() (#19704, @MikeLing)
* pkg/policy/api: Optimize FQDNSelector String() (#19570, @christarazi)
* pkg/policy/policy: Optimize SearchContext String() (#19661, @MikeLing)
* pkg/policy/rule: Optimize rule String() (#19822, @MikeLing)
* policy: Reduce allocations during FQDN processing (#17959, @joestringer)
* preallocate memory before looping over it (#19566, @florianl)
* Prepare for 1.12.0 development (#17961, @aanm)
* Prepare for release v1.12.0-rc0 (#19032, @aanm)
* Prepare for release v1.12.0-rc1 (#19393, @aanm)
* Prepare for release v1.12.0-rc2 (#19694, @aanm)
* Prepare v1.12 stable branch (#20276, @aanm)
* README.rst: Add subsections on Governance and Adopters to make the info more discoverable, and to satisfy CLOMonitor (#19037, @xmulligan)
* README.rst: fix stable release table (#19517, @tklauser)
* Reduce datapath from_lxc complexity (#17758, @jrajahalme)
* reduce GC load (#18757, @florianl)
* Refactor IPCache to remove static package-level globals (#19073, @joestringer)
* release: Generate helm values docs (#18137, @joestringer)
* Remove unused functionality in pkg/bpf (#18378, @tklauser)
* Removes any log swallowing that was occuring on daemon/cmd init (#19188, @ldelossa)
* replace hardcode "docker" command with $(CONTAINER_ENGINE) (#18009, @ArthurChiao)
* Revert "allocator: fix out-of-valid-range identities being allocated" (#18808, @pchaigno)
* Revert "build(deps): bump github.com/prometheus/client_golang" (#19398, @aanm)
* Revert "build(deps): bump google.golang.org/protobuf from 1.27.1 to 1… (#19395, @aanm)
* Revert "datapath: Remove !CONNTRACK" (#18545, @nbusseneau)
* Revert "ipsec: set interface ID different from 0" (#19019, @pchaigno)
* Revert "iptables: Don't use ip{,6}tables if unavailable" (#18768, @pchaigno)
* Revert "test/Services: Quarantine 'Checks service on same node'" (#18170, @borkmann)
* Scripts: Update k8s-unmanaged script to only return pods where host networking is false (#18349, @thejosephstevens)
* Select new backend if old connection from src port to cluster IP was closed (#19451, @amol-go)
* Spell out the full term of the CRD acronym (#19381, @Kikiodazie)
* Stablize kube-apiserver policy matching feature, namely by fixing unncessary identity churn when kube-apiserver is running outside of the cluster (#18150, @christarazi)
* Standardize testing directory filepath naming (#18621, @joestringer)
* Support builder image on arm64 (#19768, @chancez)
* Support for Cilium in Exoscale SKS (#20076, @retrack)
* Templatize helm template image references (#20066, @joestringer)
* Tencent Cloud added as a user (#19183, @xmulligan)
* Test runtime cilium in container (take two) (#19310, @jrajahalme)
* test/bpf: Fix format of check-complexity.sh script (#19836, @pchaigno)
* test/bpf: Fix mock dependencies (#19099, @joestringer)
* test/upgrade: use the unreleased helm chart of stable branches (#19710, @aanm)
* test: Fix make target for k8s tests (Backport PR #20401, Upstream PR #20264, @ysksuzuki)
* test: fix typo in log output (#19134, @julianwiedmann)
* test: Fix whitespace in docker-run-cilium (#19358, @jrajahalme)
* test: Revert sys-fs-bpf.mount rename (#19385, @jrajahalme)
* test: Skip flaky K8sServices NodePort test (#18402, @twpayne)
* test: Support multiple nodes without Cilium (#17954, @pchaigno)
* testutils/mockmaps: Bring duplicate backend calls check back (#19544, @aditighag)
* tooling: add kind-down script (#18721, @ldelossa)
* treewide: bump copyright year to 2022 in generated files (#18392, @tklauser)
* treewide: Fix typos of Kubernetes (#20114, @twpayne)
* treewide: Sort imports according to Go conventions (#18357, @twpayne)
* treewide: Tidy up more imports (#18389, @twpayne)
* Trimmed down Cilium's Cluster Roles to only the necessary rules (#19074, @aanm)
* trivial: Fix test step stutter 'to to' (#18188, @joestringer)
* ui: v0.8.3 (#18033, @geakstr)
* ui: v0.8.5 (#18203, @geakstr)
* Unify the term points "Fast Redirect" on host to the "BPF Host Routing". (#18862, @chenk008)
* Update AUTHORS and mailmap (#19488, @joestringer)
* Update aws-sdk-go-v2 to support m6a c6i im4gn is4gen g5g g5 EC2 instances types (#18220, @ese)
* Update bpftool to get latest feature probes (#19422, @borkmann)
* Update cli-download.rst (#20181, @nvibert)
* Update CLOMonitor badge url (#19365, @cynthia-sg)
* Update cloud provider modules (#18683, @tklauser)
* Update Copyright header in identity_range.go (#19115, @ti-mo)
* Update external docker images (#19384, @aanm)
* Update Go to 1.17.4 (#18128, @tklauser)
* Update Go to 1.17.5 (#18224, @tklauser)
* Update Go to 1.17.6 (#18441, @tklauser)
* Update Go to 1.17.7 (#18796, @tklauser)
* Update Go to 1.17.8 (#19058, @tklauser)
* Update Go to 1.18 (#19169, @tklauser)
* Update Go to 1.18.1 (#19432, @tklauser)
* Update Go to 1.18.2 (#19775, @tklauser)
* Update Go to 1.18.3, golangci-lint to 1.46.2 (#20061, @tklauser)
* Update Go to 1.18.4 (Backport PR #20534, Upstream PR #20501, @tklauser)
* Update gops to v0.3.25 (Backport PR #20534, Upstream PR #20438, @tklauser)
* update k8s library versions (#18590, @aanm)
* update k8s versions to the latest releases (Backport PR #20519, Upstream PR #20507, @aanm)
* Update native routing CIDR flags description (#18367, @jibi)
* Update SAP adoption info in USERS.md (#18936, @ghost)
* Update stable releases (#18236, @joestringer)
* Update stable releases (#18547, @joestringer)
* Update stable releases (#18929, @joestringer)
* Update stable releases (#19242, @aanm)
* Update stable releases (#19503, @tklauser)
* Update stable releases (#19841, @joestringer)
* Update stable releases (#20224, @joestringer)
* Update USERS.md (#19837, @edude03)
* Update USERS.md (#20002, @FaKod)
* update USERS.md with Equinix info (#19504, @matoszz)
* UPDATE users.md: Add CONNY (#19815, @ant31)
* Update values.yaml.tmpl (Backport PR #20401, Upstream PR #20357, @michi-covalent)
* update-docs : add details for how to enable/disable Policy Audit Mode by endpoint (#19876, @BryanStenson-okta)
* Upgrade cilium/ebpf to version 0.8.1 (#18903, @ti-mo)
* Upgrade to cilium/lumberjack v2.2.2 to Flush() gzip writer before Sync()ing (#19361, @chancez)
* Use cilium/ebpf/rlimit for bumping memlock rlimits (#18640, @ti-mo)
* Use FQDN regex LRU everywhere (#19632, @christarazi)
* Users page now includes platforms, products, and services (#19357, @xmulligan)
* Vagrant cleanups (#19253, @julianwiedmann)
* vagrant: add git exception in dev VMs for cilium repo for root user (#19855, @jibi)
* vagrant: fix overlap of IPv6 Node/Pod CIDRs on dev-VM (#19303, @julianwiedmann)
* vagrant: Generate kubeconfig correctly for netnext (#18498, @YutaroHayakawa)
* Various cleanups around pkg/datapath (#20041, @tklauser)
* vendor: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 (#18255, @rolinh)
* vendor: Promote controller-tools fork to cilium repo (#18185, @christarazi)
* vendor: pull in the latest changes from github.com/vishvananda/netlink (#18618, @aditighag)
* wireguard: Fix invalid bits when agent init (#19118, @junnplus)
* WithDialer is deprecated and use WithContextDialer instead (#19281, @luckymrwang)
Other Changes:
* .github: add unstripped image builds (#20315, @aanm)
* [v1.12] gha: Add ingress conformance test (#20362, @sayboras)
* Add Ayedo as users (#18863, @hrittikhere)
* codeowners: update for v1.12 backports (#20342, @aanm)
* Fix unstripped id for gh action (#20319, @jtaleric)
* install: Update image digests for v1.12.0-rc3 (#20281, @aanm)
* Prepare for release v1.12.0-rc3 (#20279, @aanm)
Security
Security wording was detected, but no CVEs were found.
Details
- 🔍View and search all Cilium releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!