Cilium - v1.12.10

We are pleased to release Cilium v1.12.10. This release fixes bugs in ipsec and policy implementations and is recommended for all users.

Summary of Changes

Minor Changes:
* sysdump: Added Kubernetes CNI logs to sysdump. (Backport PR #25348, Upstream PR #23937, @marseel)
* Update CNI (loopback) to 1.3.0 (Backport PR #25433, Upstream PR #25400, @anfernee)

Bugfixes:
* Address cilium-agent startup performance regression. (Backport PR #25190, Upstream PR #25007, @bimmlerd)
* datapath: Fix double SNAT (Backport PR #25248, Upstream PR #25189, @brb)
* DNS proxy now always updates the proxy policy to avoid intermittent policy drops. (Backport PR #25348, Upstream PR #25147, @jrajahalme)
* Filter ipv6 advertisements when using metallb as BGP speaker. (Backport PR #25138, Upstream PR #25043, @harsimran-pabla)
* Fix bug where Cilium configurations running with tunneling disabled, BPF-masq disabled, but with masquerading enabled, do not clean up ipset configuration when a node IP changes. This can lead to a lack of masquerading on those node IPs. (Backport PR #25012, Upstream PR #24825, @christarazi)
* Fix connectivity issue if nodes share the same name across the clustermesh and wireguard is enabled (Backport PR #25012, Upstream PR #24785, @giorio94)
* Fix data race affecting the preferred mark in backends, e.g. backends selected by service with affinity set to local. In very rare cases a backend might be missing its preferred status and a non-local backend might be selected. (Backport PR #25348, Upstream PR #25087, @joamaki)
* Fix incorrect network policy ebpf setup that may lead to incorrect packets denies when CEP is present in multiple CES (Backport PR #25188, Upstream PR #24838, @alan-kut)
* Fix spurious errors containing "Failed to map node IP address to allocated ID". (Backport PR #25348, Upstream PR #25222, @bimmlerd)
* ipsec: Fix packet mark for FWD XFRM policy (Backport PR #25348, Upstream PR #23254, @pchaigno)
* pkg/kvstore: Fix for deadlock in etcd status checker (Backport PR #25012, Upstream PR #24786, @hemanthmalla)

CI Changes:
* ci: remove STATUS commands from upstream tests' Jenkinsfile (Backport PR #25138, Upstream PR #25046, @nbusseneau)
* ci: remove STATUS commands from upstream tests' Jenkinsfile (Backport PR #25248, Upstream PR #25046, @nbusseneau)
* Delete "Cilium monitor verbose mode" test (Backport PR #25348, Upstream PR #25212, @michi-covalent)
* inctimer: fix test flake where timer does not fire within time. (Backport PR #25248, Upstream PR #25219, @tommyp1ckles)

Misc Changes:
* chore(deps): update hubble cli to v0.11.5 (v1.12) (patch) (#25126, @renovate[bot])
* daemon: Mark CES feature as beta in agent flag (Backport PR #25012, Upstream PR #24850, @pchaigno)
* docs: Add matrix version between envoy and cilium (Backport PR #25248, Upstream PR #25109, @sayboras)
* docs: Add platform support to docs (Backport PR #25248, Upstream PR #25174, @joestringer)
* docs: small fixes for k8s upgrade guide (Backport PR #25012, Upstream PR #24869, @tklauser)
* envoy: Debug log remote IDs for Envoy policies (Backport PR #25012, Upstream PR #24939, @jrajahalme)
* helm: add clustermesh nodeport config warning about known bug #24692 (Backport PR #25248, Upstream PR #25033, @giorio94)
* ipsec: Install default-drop XFRM policy sooner (Backport PR #25348, Upstream PR #25257, @pchaigno)
* Makefile: use a specific template for mktemp files (Backport PR #25248, Upstream PR #25192, @kaworu)
* node/manager: Only remove old IPs if they weren't already added (Backport PR #25012, Upstream PR #25067, @christarazi)
* pkg/service: Backends leak follow ups with revised fixes, debugging improvements and unit tests (Backport PR #25248, Upstream PR #24770, @aditighag)

Other Changes:
* [v1.12] contrib/backporting: Fix main branch reference (#25092, @joestringer)
* contrib/backporting: Fix main branch reference (#25140, @sayboras)
* envoy: Upgrade to v1.23.9 (#25209, @sayboras)
* install: Update image digests for v1.12.9 (#24953, @gentoo-root)
* v1.12: docs: Document upgrade impact for IPsec (#24972, @pchaigno)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.12.10@sha256:2cbfdf737b349c2733643f1943c7a263df63fbb86852f267f64c49cb5dfbb230
quay.io/cilium/cilium:v1.12.10@sha256:2cbfdf737b349c2733643f1943c7a263df63fbb86852f267f64c49cb5dfbb230

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.12.10@sha256:fe4cd08942a2f1abf8e2cbdb204099a9fcc60f6b764203277c1b674489899ef1
quay.io/cilium/clustermesh-apiserver:v1.12.10@sha256:fe4cd08942a2f1abf8e2cbdb204099a9fcc60f6b764203277c1b674489899ef1

docker-plugin

docker.io/cilium/docker-plugin:v1.12.10@sha256:9ebb46b9d56f2cdcb9db76a54ab2c13c06cd689239bd86eabc50564bc8a4d581
quay.io/cilium/docker-plugin:v1.12.10@sha256:9ebb46b9d56f2cdcb9db76a54ab2c13c06cd689239bd86eabc50564bc8a4d581

hubble-relay

docker.io/cilium/hubble-relay:v1.12.10@sha256:d2556aed3cc2d9b8fb5803f589fcc549f6471bbf42943a2c2f6d277ad69c59b3
quay.io/cilium/hubble-relay:v1.12.10@sha256:d2556aed3cc2d9b8fb5803f589fcc549f6471bbf42943a2c2f6d277ad69c59b3

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.12.10@sha256:fdc9f961e8d21706dc1b7d8e9606a21f63d20c8c88b06664de7c5ba2f2e2dca9
quay.io/cilium/operator-alibabacloud:v1.12.10@sha256:fdc9f961e8d21706dc1b7d8e9606a21f63d20c8c88b06664de7c5ba2f2e2dca9

operator-aws

docker.io/cilium/operator-aws:v1.12.10@sha256:d3fa57eddb0fd7fde35175d0d8977d5921307a7072f750de98c9a73f6a114dda
quay.io/cilium/operator-aws:v1.12.10@sha256:d3fa57eddb0fd7fde35175d0d8977d5921307a7072f750de98c9a73f6a114dda

operator-azure

docker.io/cilium/operator-azure:v1.12.10@sha256:26898987d01134a060810e51b1b6f41adcf226e175489bffebd7b3ebd1703b8a
quay.io/cilium/operator-azure:v1.12.10@sha256:26898987d01134a060810e51b1b6f41adcf226e175489bffebd7b3ebd1703b8a

operator-generic

docker.io/cilium/operator-generic:v1.12.10@sha256:1d78da0fcbf7ccfb32eb31f8b3b361628e91ab5f42d17ff437a82969c773fa1e
quay.io/cilium/operator-generic:v1.12.10@sha256:1d78da0fcbf7ccfb32eb31f8b3b361628e91ab5f42d17ff437a82969c773fa1e

operator

docker.io/cilium/operator:v1.12.10@sha256:a3a09a76a0bce021eea01ffc0ae587dce7c1a0c64d5612ba418505f82bab0955
quay.io/cilium/operator:v1.12.10@sha256:a3a09a76a0bce021eea01ffc0ae587dce7c1a0c64d5612ba418505f82bab0955

Details

date
May 22, 2023, 4:14 p.m.
name
1.12.10
type
Patch
official page
https://github.com/cilium/cilium/releases/tag/v1.12.10
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or