Overview All releases

Version History

v1.16.0-pre.1 v1.16.0-pre.0 v1.15.4 v1.15.3 v1.15.2 v1.15.1 v1.15.0 v1.15.0-rc.1 v1.15.0-rc.0 v1.15.0-pre.3 v1.15.0-pre.2 v1.15.0-pre.1 v1.15.0-pre.0 v1.14.10 v1.14.9 v1.14.8 v1.14.7 v1.14.6 v1.14.5 v1.14.4 v1.14.3 v1.14.2 v1.14.1 v1.14.0 v1.14.0-snapshot.4 v1.14.0-snapshot.3

v1.14.0-snapshot.2

v1.14.0-snapshot.1

v1.14.0-snapshot.0

v1.14.0-rc.1

v1.14.0-rc.0

v1.13.15 v1.13.14 v1.13.13 v1.13.12 v1.13.11 v1.13.10 v1.13.9 v1.13.8 v1.13.7 v1.13.6 v1.13.5 v1.13.4 v1.13.3 v1.13.2 v1.13.1 v1.13.0

v1.13.0-rc5

v1.13.0-rc4

v1.13.0-rc3

v1.13.0-rc2

v1.13.0-rc1

v1.13.0-rc0

v1.12.19 v1.12.18 v1.12.17 v1.12.16 v1.12.15 v1.12.14 v1.12.13 v1.12.12 v1.12.11 v1.12.10 v1.12.9 v1.12.8 v1.12.7 v1.12.6 v1.12.5 v1.12.4 v1.12.3 v1.12.2 v1.12.1 v1.12.0

v1.12.0-rc3

v1.12.0-rc2

v1.12.0-rc1

v1.12.0-rc0

v1.11.20 v1.11.19 v1.11.18 v1.11.17 v1.11.16 v1.11.15 v1.11.14 v1.11.13 v1.11.12 v1.11.11 v1.11.10 v1.11.9 v1.11.8 v1.11.7 v1.11.6 v1.11.5 v1.11.4 v1.11.3 v1.11.2 v1.11.1

v1.11.0

v1.11.0-rc3

v1.11.0-rc2

v1.11.0-rc1

v1.11.0-rc0

v1.10.20 v1.10.19 v1.10.18 v1.10.17 v1.10.16 v1.10.15 v1.10.14 v1.10.13 v1.10.12 v1.10.11 v1.10.10 v1.10.9 v1.10.8 v1.10.7

v1.10.6

v1.10.5

v1.10.4

v1.10.3

v1.10.2

v1.10.1

v1.10.0

v1.10.0-rc2

v1.10.0-rc1

v1.10.0-rc0

v1.9.18 v1.9.17 v1.9.16 v1.9.15 v1.9.14 v1.9.13 v1.9.12

v1.9.11

v1.9.10

v1.9.9

v1.9.8

v1.9.7

v1.9.6

v1.9.5

v1.9.4

v1.9.3

v1.9.2

v1.9.1

v1.9.0

v1.9.0-rc3

v1.9.0-rc2

v1.9.0-rc1

v1.8.13

v1.8.12

v1.8.11

v1.8.10

v1.8.9

v1.8.8

v1.8.7

v1.8.6

v1.8.5

v1.8.4

v1.8.3

v1.8.2

v1.8.1

v1.8.0

v1.8.0-rc4

v1.8.0-rc3

v1.8.0-rc2

v1.8.0-rc1

v1.7.16

v1.7.15

v1.7.14

v1.7.13

v1.7.12

v1.7.11

v1.7.10

v1.7.9

v1.7.8

v1.7.7

v1.7.6

v1.7.5

v1.7.4

v1.7.3

v1.7.2

v1.7.1

v1.7.0

v1.7.0-rc4

v1.7.0-rc3

v1.7.0-rc2

v1.7.0-rc1

v1.6.12

v1.6.11

v1.6.10

v1.6.9

v1.6.8

v1.6.7

v1.6.6

v1.6.5

v1.6.4

v1.6.3

v1.6.2

v1.6.1

v1.6.0

v1.5.13

v1.5.12

v1.5.11

v1.5.10

v1.5.9

v1.5.8

v1.5.7

v1.5.6

v1.5.5

v1.5.4

v1.5.3

v1.5.1

v1.5.0

v1.4.10

v1.4.9

v1.4.8

v1.4.7

v1.4.6

v1.4.5

1.4.4

1.4.3

v1.4.2

1.4.1

v1.4.0

v1.3.8

v1.3.7

1.3.6

1.3.5

v1.3.4

v1.3.3

1.3.2

v1.3.1

1.3.0

v1.2.8

v1.2.7

v1.2.6

v1.2.5

v1.2.4

v1.2.3

1.2.2

v1.2.1

v1.2.0

v1.2.0-rc3

v1.2.0-rc1

v1.1.6

1.1.5

v1.1.4

1.1.3

v1.1.2

v1.1.1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.7

1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v1.0.0-rc9

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc2

v1.0.0-rc14

v1.0.0-rc13

v1.0.0-rc11

v1.0.0-rc10

v1.0.0-rc1

v0.11

0.10.1

v0.10.0

v0.9.0

v0.9.0-rc1

v0.8.2

v0.8.1

v0.8.0

Cilium - v1.14.0-rc.0

Summary of Changes

Minor Changes:
* Add a new set of flags for CES work queue limit and burst rates, CESWriteQPSLimit to andCESWriteQPSBurst. (#24675, @dlapcevic) The processed work queue items always trigger a single CES create, update or write request to the kube-apiserver. The work queue rate limiting effectively limits the rate of writes to the kube-apiserver for CES api objects. * Set the defaultCESWriteQPSLimitto10andCESWriteQPSBurstto20. (#24675, @dlapcevic) * Set the maximums for qps50and burst100. These values cannot be exceeded regardless of any configuration. (#24675, @dlapcevic) * UnhideCESMaxCEPsInCESandCESSlicingModeflags from appearing in logs whenCES` is enabled. (#24675, @dlapcevic)
* agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead (#26036, @brb)
* Allow to use a Secret for the caBundle (#25728, @farcaller)
* BGPv1: Set N-bit in graceful restart capability negotiation. (#26325, @harsimran-pabla)
* Cilium now waits longer before returning a failure in the event of a pod creation burst. (#25805, @squeed)
* envoy: Use embedded proxylib from cilium-proxy image (#26101, @sayboras)
* metrics: Add k8s client rate limiter latency metric (#25555, @ysksuzuki)
* Retire Cilium-Integrated Istio documentation (#25722, @networkop)
* Revert "Revert agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead" (#26496, @brb)

Bugfixes:
* bpf: ct: fix CT-based packet tracing for IPv6 (#26476, @julianwiedmann)
* Bypassing policy check for IPv6 NDP to fix broken pod-to-pod connectivity when per-endpoint route is enabled with policy. (#24919, @jschwinger233)
* CIDRGroup reference metric will not count nonexistent CIDRGroups (#26133, @akstron)
* datapath: bigtcp: Fix the IPv4 BIG TCP may not work (#26336, @haiyuewa)
* Fix a bug where datapath option DisableSipVerification can no longer be used. (#25533, @oblazek)
* Fix bug in AlibabaCloud where instance type limits could not be determined (#25387, @haozhangami)
* Fix bug where CNI gets installed even if cni.install=false (#26278, @joestringer)
* Fix compilation error when enabling Wireguard and XDP (#25734, @ysksuzuki)
* Fix crash of cilium-agent happening when a remote node without node IP addresses is removed. (#25851, @cyclinder)
* Fix: Return "Content-Type" and "X-Content-Type-Options" headers from Health Check Node Port (#26458, @cezarygerard)
* Handles nodeIP changes when CEPs are checkpointed to tmpfs and the nodeIP changes across a reboot. (#26281, @bprashanth)
* ipsec: Split removeStaleXFRMOnce to fix deprioritization issue (#26113, @jschwinger233)
* iptables: Fix wrong use of podCIDR in cluster node NAT exclusion (#26397, @gandro)
* Keep sync on deployed proxy ports when retrying proxy redirect creation. (#26343, @jrajahalme)
* nat: fix usage in nat.h of csum.h module (#25576, @sahid)
* test/controlplane: Disable endpoint GC (#26383, @pippolo84)
* test: bigtcp: Update the BIG TCP checking message (#26377, @haiyuewa)
* Updates TransformXXX Functions in k8s pkg (#26244, @danehans)

CI Changes:
* .github/workflows: let renovate update kind in ingress workflow (#26390, @tklauser)
* Add BPF unit tests for IPsec (#25699, @jschwinger233)
* Add container image scanning to Cilium images. (#26489, @ferozsalam)
* bpf: egressgw: refactor unit tests (#26376, @jibi)
* bpf: tests: pktgen infra for tunneling + GENEVE-DSR test (#26301, @julianwiedmann)
* CI Workflow: Add all AWS supported k8s versions (#26361, @brlbil)
* CI Workflow: Add all Azure supported k8s versions (#26356, @brlbil)
* CI Workflow: Add all GKE supported k8s version (#26364, @brlbil)
* CI Workflows: Fix matrix generation (#26406, @brlbil)
* CI Workflows: Fix sysdump file creation (#26402, @brlbil)
* CI Workflows: Fix sysdump name typo (#26415, @brlbil)
* ci-aks, ci-external-workloads: Use cilium-cli Helm mode (#26382, @michi-covalent)
* ci-e2e: Bump CLI version to v0.14.8 (#26475, @brb)
* ci-verifier: run verifier tests directly on VM instead of containerized (#26509, @ti-mo)
* ci: Add workflow for testing multi-pool IPAM (#26175, @gandro)
* CI: run integration-tests on test changes in PRs (#26405, @marseel)
* docs: Run rstcheck on the README.rst (#26454, @qmonnet)
* gateway-api: Add tests for standard CRD (#26372, @sayboras)
* gateway-api: Enable HTTPRouteListenerHostnameMatching test (#26226, @sayboras)
* gha: enable debug logs in conformance-clustermesh workflows (#26186, @giorio94)
* gha: test kvstoremesh in conformance-clustermesh (#26223, @giorio94)
* gha: test the different auth modes in conformance-clustermesh (#26252, @giorio94)
* Make CI test resources unique for retries. (#25990, @viktor-kurchenko)
* renovate: ignore ginkgo updates (#26423, @tklauser)
* Set CILIUM_CLI_MODE env variable at the top level (#26387, @michi-covalent)
* Set CILIUM_CLI_MODE env variable at the top level (#26404, @michi-covalent)
* test: Fix the attempted fix for the hostfw flake (#26362, @pchaigno)

Misc Changes:
* Add Back Market in the USERS list (#26413, @NitriKx)
* Add cilium bpf nodeid list to bugtool and print nodeid in hex in ipcache dump (#26130, @brb)
* Add documentation about kvstoremesh (#26348, @giorio94)
* Adding an AWS architecture diagram for AWS FTR review (#26016, @amitmavgupta)
* auth: delete cache-entry on ErrKeyNotExist (#26342, @mhofstetter)
* auth: display textual representation of auth type in authKey.String() (#26525, @mhofstetter)
* backporting: Fix pattern to handle commit subjects that begin with a space (#25653, @gentoo-root)
* BGP CP: Adds Intro to Docs (#26195, @danehans)
* bgpv1: pass router state to gobgp (#26194, @harsimran-pabla)
* bgpv1: skip invalid node selector config in policy selection (#26365, @harsimran-pabla)
* bpf: add new macro __section_entry (#26123, @Jack-R-lantern)
* bpf: nat: fix build error in snat_v6_prepare_state() (#26510, @julianwiedmann)
* bpf: remove unused type ProgType and ProgType* consts (#26360, @tklauser)
* bpf: Update IPv6 BPF masquerading code to bring it closer to IPv4's, fix SNAT for packets from local endpoints, for overlay (#26236, @qmonnet)
* Calling out support for Single-Region, Multi-Region, Multi-AZ for EKS (#26015, @amitmavgupta)
* Change wording on toServices limitations (see #20067) (#25796, @atykhyy)
* chore(deps): update actions/setup-go action to v4.0.1 (main) (#26313, @renovate[bot])
* chore(deps): update all github action dependencies (main) (minor) (#26306, @renovate[bot])
* chore(deps): update all github action dependencies (main) (patch) (#26425, @renovate[bot])
* chore(deps): update dependency cilium/cilium-cli to v0.14.8 (main) (#26482, @renovate[bot])
* chore(deps): update dependency kubernetes-sigs/kind to v0.20.0 (main) (#26428, @renovate[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.18.2 (main) (#26297, @renovate[bot])
* chore(deps): update docker.io/library/golang docker tag to v1.20.5 (main) (#26304, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.20.5 docker digest to 8f958bf (main) (#26283, @renovate[bot])
* chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 9ecc53c (main) (#26285, @renovate[bot])
* cilium statedb dump command & bugtool (#26256, @joamaki)
* cilium, bigtcp: Add max gso/gro rates to sysdump (#26392, @borkmann)
* cilium, bigtcp: Make probing for GRO/GSO max size more graceful (#26385, @borkmann)
* cilium: enable bpf host routing with per endpoint routes for IPv6 as well (#26205, @borkmann)
* cilium: Repoint netlink lib back to upstream. (#26359, @borkmann)
* clustermesh: fix broken test due to merge race (#26389, @giorio94)
* clustermesh: improve reliability of TestClusterMesh (#26370, @giorio94)
* cni-plugin: Clean up code (#26505, @gandro)
* daemon: fix spelling in ipam-multi-pool-pre-allocation flag usage (#26529, @tklauser)
* datapath: Introduce helpers for __ctx_is checks (#23820, @spacewander)
* docs: clarify that L3 DNS policies require L7 proxy enabled (#26180, @wedaly)
* docs: Fix the cilium-cli default branch name (#26461, @michi-covalent)
* docs: Fix the cilium/proxy default branch name (#26464, @learnitall)
* docs: Mark IPv6 BPF masquerading as beta (#26499, @qmonnet)
* docs: reword incorrect L7 policy description (#26092, @peterj)
* docs: Update kvstore documentation with potential circular dependency. (#26353, @marseel)
* docu: add section about envoy daemonset deployment (#26033, @mhofstetter)
* Document multi-pool IPAM mode (#26308, @tklauser)
* Documentation: Add graceful restart section in BGP documentation (#26354, @harsimran-pabla)
* endpoint: don't hold the endpoint lock while generating policy (#26242, @squeed)
* envoy: Re-organize supported envoy resource import (#26469, @sayboras)
* etcd: start the status checker only after establishing the initial session (#26363, @giorio94)
* Fix some map handling logic as well as some issues with CLI commands related to ip-masq-agent, introduced with IPv6 support (#26435, @qmonnet)
* fix(deps): update all go dependencies main (main) (minor) (#26429, @renovate[bot])
* fix(deps): update all go dependencies main (main) (patch) (#26056, @renovate[bot])
* fix(deps): update all go dependencies main (main) (patch) (#26427, @renovate[bot])
* fix(deps): update module github.com/prometheus/procfs to v0.11.0 (main) (#26319, @renovate[bot])
* helm: add .extraEnv to cilium-agents config init container (#26408, @nberlee)
* identity: Make identity allocations observable (#26373, @mhofstetter)
* Improve reliability of kvstore-related tests (#26347, @giorio94)
* kafka: remove unused package (#26523, @tklauser)
* kvstore: share etcd client logger to reduce memory usage (#26485, @giorio94)
* kvstoremesh: mark the cilium-kvstoremesh secret as optional in the clustermesh-apiserver volume definition (#26318, @giorio94)
* Log error message on unhealthy /healthz check (#24683, @sjdot)
* plugins/cilium-cni: clean up code in cmdAdd (#26533, @tklauser)
* policy: Optimize getNets() (#26345, @jrajahalme)
* Prepare for release v1.14.0-snapshot.4 (#26324, @joestringer)
* Publish the 2022 Cilium security audits (#26213, @zacharysarah)
* README: Bump latest snapshot release version (#26326, @joestringer)
* Remove 'ip' shellout from setUpRoutingTable() (#26486, @ti-mo)
* Require binary.Size and unsafe.Sizeof of all types to match (#26340, @ti-mo)
* Revert "agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead" (#26493, @joestringer)
* This moves from the autogenerated badge from the deprecated slackin system hosted on heroku, to just a simple generated badge. (#26416, @thebsdbox)
* This moves from the larger default code spaces logo, to a smaller logo in keeping with all existing links in the README. (#26417, @thebsdbox)
* treewide: fix some shebangs (#26293, @markpash)
* vendor: Update vishvananda/netlink/ and x/sys (#26410, @borkmann)

Details

date

June 29, 2023, 12:04 a.m.

name

1.14.0-rc.0

type

Pre-release

official page

https://github.com/cilium/cilium/releases/tag/v1.14.0-rc.0

👇

🔍View and search all Cilium releases.
🛠️Create and share lists to track your tools.
🚨Setup notifications for major, security, feature or patch updates.
🚀Much more coming soon!

Continue with GitHub

Continue with Google

Username

Password

Password (again)

leave this field blank to prove your humanity