Cilium - v1.13.15
We are pleased to announce the release of Cilium v1.13.15.
This release includes a fix to the retry logic in the cilium health controllers, a fix to a race condition when updating L7 LB Services, and a fix for Node ID assignment in BPF maps for very large clusters. In addition, there were a variety of testing enhancements and documentation updates.
Security Advisories
This release addresses a security vulnerability. For more information, see GHSA-j654-3ccm-vfmm
Summary of Changes
Minor Changes:
* [v1.13] Bump envoy to v1.27.x (#31498, @sayboras)
Bugfixes:
* cilium-health: Fix broken retry loop in cilium-health-ep controller (Backport PR #31722, Upstream PR #31622, @gandro)
* Fixed a race condition in service updates for L7 LB. (Backport PR #31862, Upstream PR #31744, @jrajahalme)
* Fixed issue with assigning 0 nodeID when corresponding bpf map run out of space.
Potentially it could have impacted connectivity in large clusters (>4k nodes) with IPSec or Mutual Auth enabled.
Otherwise, it was merely generating unnecessary error log messages. (Backport PR #31657, Upstream PR #31380, @marseel)
CI Changes:
* ci/ipsec: Print more info to debug credentials removal check failures (Backport PR #31722, Upstream PR #31652, @qmonnet)
* controlplane: fix mechanism for ensuring watchers (Backport PR #31587, Upstream PR #31030, @bimmlerd)
* deflake endpointmanager tests (Backport PR #31722, Upstream PR #31488, @bimmlerd)
* Reduce flakiness of controlplane tests (Backport PR #31587, Upstream PR #30906, @bimmlerd)
* workflows: Debug info for key rotations (Backport PR #31722, Upstream PR #31627, @pchaigno)
Misc Changes:
* chore(deps): update all github action dependencies (v1.13) (#31835, @renovate[bot])
* chore(deps): update cilium/little-vm-helper action to v0.0.17 (v1.13) (#31709, @renovate[bot])
* chore(deps): update go to v1.21.9 (v1.13) (#31766, @renovate[bot])
* chore(deps): update stable lvh-images (v1.13) (patch) (#31710, @renovate[bot])
* docs: Document No node ID found drops in case of remote node deletion (Backport PR #31722, Upstream PR #31635, @pchaigno)
* docs: ipsec: document native-routing + Egress proxy case (Backport PR #31722, Upstream PR #31478, @julianwiedmann)
* helm: update nodeinit image using renovate (Backport PR #31722, Upstream PR #31641, @tklauser)
* Restructure OpenShift installation instructions to point to Red Hat Ecosystem Catalog (Backport PR #31722, Upstream PR #29300, @learnitall)
* v1.13: update cilium/certgen to v0.1.11 (#31884, @rolinh)
Other Changes:
* [v1.13] envoy: Bump envoy image for golang 1.21.9 (#31772, @sayboras)
* [v1.13] fix aws region being used twice (#31740, @brlbil)
* [v1.13] workflows: ipsec-e2e: clean up escaping artifacts (#31630, @julianwiedmann)
* Bump google.golang.org/grpc to v1.63.2 (v1.13) (#31878, @ferozsalam)
* CI: Remove no longer supported k8s v1.24 (#31830, @brlbil)
* envoy: Bump envoy version to v1.27.4 (#31809, @sayboras)
* fqdn: Fix minor restore bug that causes false negative checks against a restored DNS IP map. (#31872, @nathanjsweet)
* fqdn: Fixed bug that caused DNS Proxy to be overly restrictive on allowed DNS selectors. (#31713, @nathanjsweet)
* Update image digests for v1.13.14 (#31631, @thorn3r)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.15@sha256:3d77d6e463ccc462c7574399fe22f6177a6e484bc5c149c76b7d597163253eed
quay.io/cilium/cilium:v1.13.15@sha256:3d77d6e463ccc462c7574399fe22f6177a6e484bc5c149c76b7d597163253eed
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.15@sha256:9cfdc40a689fc087d19aff4944657ca98df7795ba1836744400f6b77e59e1e5c
quay.io/cilium/clustermesh-apiserver:v1.13.15@sha256:9cfdc40a689fc087d19aff4944657ca98df7795ba1836744400f6b77e59e1e5c
docker-plugin
docker.io/cilium/docker-plugin:v1.13.15@sha256:485857b80cb4c726aba7e8c41536db97b0558f05f22dce6f97c8db2c1792cf75
quay.io/cilium/docker-plugin:v1.13.15@sha256:485857b80cb4c726aba7e8c41536db97b0558f05f22dce6f97c8db2c1792cf75
hubble-relay
docker.io/cilium/hubble-relay:v1.13.15@sha256:40135c6b0e2034c9f06abfe0c85f7f088ac6ba2c619d5354d4af6179d33b9a1e
quay.io/cilium/hubble-relay:v1.13.15@sha256:40135c6b0e2034c9f06abfe0c85f7f088ac6ba2c619d5354d4af6179d33b9a1e
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.15@sha256:99c124f199f3cb48c41d43a423144bd9638d68705f347ec2326b34af50291a05
quay.io/cilium/operator-alibabacloud:v1.13.15@sha256:99c124f199f3cb48c41d43a423144bd9638d68705f347ec2326b34af50291a05
operator-aws
docker.io/cilium/operator-aws:v1.13.15@sha256:e09044b516be9ce9936253469411618d6790791dbe501829e6062244a24e815a
quay.io/cilium/operator-aws:v1.13.15@sha256:e09044b516be9ce9936253469411618d6790791dbe501829e6062244a24e815a
operator-azure
docker.io/cilium/operator-azure:v1.13.15@sha256:ea05ba909b573b4a52731aec36b91a0a582781a48c2ade7719dfbae05c21d268
quay.io/cilium/operator-azure:v1.13.15@sha256:ea05ba909b573b4a52731aec36b91a0a582781a48c2ade7719dfbae05c21d268
operator-generic
docker.io/cilium/operator-generic:v1.13.15@sha256:21f6707e99722b41a24e9bf4e24b7e4d00597cc7dbaef6e7588dedbf3b270101
quay.io/cilium/operator-generic:v1.13.15@sha256:21f6707e99722b41a24e9bf4e24b7e4d00597cc7dbaef6e7588dedbf3b270101
operator
docker.io/cilium/operator:v1.13.15@sha256:971c9b6294216df668881917132a4a41fcc43fba64315e91ed632f62eab9eac9
quay.io/cilium/operator:v1.13.15@sha256:971c9b6294216df668881917132a4a41fcc43fba64315e91ed632f62eab9eac9
Security
Security wording was detected, but no CVEs were found.
Details
- 🔍View and search all Cilium releases.
- 🛠️Create and share lists to track your tools.
- 🚨Setup notifications for major, security, feature or patch updates.
- 🚀Much more coming soon!