Cilium - v1.15.0-rc.0

Summary of Changes

Minor Changes:
* gateway-api: Update API version for Reference Grant (#29811, @sayboras)
* helm: Add missing SA automount configuration (#29511, @ayuspin)
* helm: Added support for existing Cilium SPIRE NS (#29032, @PhilipSchmid)
* helm: Allow setting resources for the agent init containers (#29610, @ayuspin)

Bugfixes:
* cilium-preflight: use the k8s node name instead of relying on hostname (#29809, @marseel)
* endpoint: fix panic in RunMetadataResolver due to send on closed channel (#29615, @mhofstetter)
* Fix bug where deleted nodes would reappear in the cilium_node_connectivity_* metrics (#29566, @christarazi)
* Fix cleanup of AWS-related leftover iptables chains (#29448, @giorio94)
* Fix missing NODE_ADD Hubble peer messages in some cases (#28226, @AwesomePatrol)
* Fix possible disruption of long running, cross-cluster, pod to node traffic on agent restart (#29613, @giorio94)
* Fix potential deadlock that results in stale authentication entries in Cilium (#29082, @meyskens)
* metrics: fix issue where logging err/warn metric is never updated. (#29201, @tommyp1ckles)
* The DNS proxy will now compute a UDP checksum over the IPv6 response packet and the pseudo-header. (#29493, @danehans)

CI Changes:
* ci datapath-verifier: add connectivity test (#29633, @mhofstetter)
* ci-ipsec-e2e: Misc refactor + more keys (#29592, @brb)
* ci-ipsec-upgrade: Add vxlan w/ no EP routes (#29653, @brb)
* ci-ipsec-{e2e,upgrade}: Use lvh-kind (#29514, @brb)
* ci/ipsec: Skip waiting for images when skipping upgrade/dowgrade (#29793, @qmonnet)
* ci: add documentation check to documentation workflow (#29684, @mhofstetter)
* ci: always use full matrix for scheduled cloud-provider workflows (#29694, @mhofstetter)
* ci: disable preemptible VM & GKE clusters on tests based on GKE (#29607, @mhofstetter)
* Define PUSH_TO_DOCKER_HUB environment variable (#29644, @michi-covalent)
* Fix collecting of verifier logs in ci-verifier (#29752, @lmb)
* Fix exporting results to gs bucket. (#29587, @marseel)
* gh/workflows: Bump CLI to v0.15.18 #29849 (@brb)
* gh/workflows: Drop rading /proc in case of failure (#29855, @brb)
* gh: e2e: test conformance & upgrade with 5.4 kernel and EgressGW (#29651, @julianwiedmann)
* gha: add step to ensure presence/absence of the AWS iptables chains (#29670, @giorio94)
* gha: enable IPv6 in clustermesh upgrade/downgrade workflow (#29675, @giorio94)
* gha: Migrate from MetalLB to L2LB (#28926, @sayboras)
* gha: sig-servicemesh owns Ingress or Gateway API related workflows (#29812, @sayboras)
* Make LB-IPAM tests less flaky (#29678, @dylandreimerink)
* Mock out time for BPF ratelimit test to make it more stable (#29740, @dylandreimerink)
* renovate: enable Cilium CLI patch updates for Cilium <v1.14 (#29794, @giorio94)
* Simplify CI image build workflow before v1.15 branch (#29834, @joestringer)
* test: Fail ginkgo tests on warnings (#29624, @pchaigno)
* workflows: Make the conn-disrupt test more sensitive (#29623, @pchaigno)

Misc Changes:
* Address device <-> node addressing race (#29555, @bimmlerd)
* bpf/Makefile: remove gen_compile_commands make target (#29611, @ti-mo)
* bpf: clean up some IPv4 header validations (#29585, @julianwiedmann)
* bpf: l3: restore MARK_MAGIC_PROXY_INGRESS for from-proxy traffic (#29721, @julianwiedmann)
* chore(deps): update actions/setup-python action to v4.8.0 (main) (#29769, @renovate[bot])
* chore(deps): update actions/stale action to v9 (main) (#29772, @renovate[bot])
* chore(deps): update all github action dependencies to v5 (main) (major) (#29773, @renovate[bot])
* chore(deps): update all lvh-images main (main) (patch) (#29556, @renovate[bot])
* chore(deps): update all lvh-images main (main) (patch) (#29766, @renovate[bot])
* chore(deps): update dependency cilium/cilium-cli to v0.15.17 (main) (#29557, @renovate[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.19.0 (main) (#29770, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.21.5 docker digest to 2ff79bc (main) (#29765, @renovate[bot])
* chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.11 (main) (#29767, @renovate[bot])
* chore(deps): update github/codeql-action action to v2.22.9 (main) (#29768, @renovate[bot])
* chore(deps): update go to v1.21.5 (main) (patch) (#29659, @renovate[bot])
* chore(deps): update google-github-actions/setup-gcloud action to v2 (main) (#29780, @renovate[bot])
* chore(deps): update hubble cli to v0.12.3 (main) (patch) (#29749, @renovate[bot])
* chore(deps): update quay.io/lvh-images/kind docker tag to bpf-next-20231211.012942 (main) (#29777, @renovate[bot])
* chore: add SI Analytics as cilium user (#29744, @JhoLee)
* chore: rename CIDRGroups resource to CiliumCIDRGroups (#29515, @pippolo84)
* cilium-dbg: Add "statedb node-addresses" command (#29479, @joamaki)
* cilium: Do not warn on socket tracing if EnableSocketLBTracing was not set (#29730, @borkmann)
* cilium: iptables masquerade to route source fixes (#29591, @borkmann)
* Clean up deprecated and unused IPCache APIs after FQDN transition to asynchronous APIs (#29657, @tklauser)
* CODEOWNERS: assign pkg/ip to @cilium/sig-agent (#29669, @tklauser)
* CODEOWNERS: sig-clustermesh additionally owns clustermesh-related GHA workflows and helm templates (#29671, @giorio94)
* codeowners: use new teams cilium/envoy & cilium/fqdn (#29627, @mhofstetter)
* daemon: Fix incorrect node and ciliumnode resource type in annotations (#29522, @hargrovee)
* do not start bandwidth manager in dry mode (#29183, @dylandreimerink)
* docs: add documentation for policy-cidr-match-mode=nodes (#28421, @squeed)
* docs: add MaxConnectedClusters documentation (#29637, @thorn3r)
* Docs: Adds Webhook Limitation to EKS Install Doc (#29497, @danehans)
* docs: Modify BGP MD5 password with Helm default change (#29527, @YutaroHayakawa)
* docs: specify which further release for fqdn option removal. (#29531, @squeed)
* Don't log an error if the to be deleted ipset entry does not exist (#29561, @giorio94)
* Envoy silence expected internal listener warning (#29786, @jrajahalme)
* envoy: perform version check directly on envoy binary (not starter) (#29512, @mhofstetter)
* examples: update guestbook example with new image registry (#29603, @mhofstetter)
* fix(deps): update all go dependencies main (main) (minor) (#29771, @renovate[bot])
* fix(deps): update all go dependencies main (main) (patch) (#29593, @renovate[bot])
* fqdn: avoid converting from netip.Addr to net.IP and back (#29625, @tklauser)
* guestbook: update example with leader/follower naming (#29642, @mhofstetter)
* helm: Allow unsupported K8s versions for now (#29888, @gandro)
* hubble-relay: fix panic during server shutdown (#29705, @mhofstetter)
* images: bump cni plugins to v1.4.0 (#29622, @squeed)
* improve the correctness of the rate limiting implementation in certain edge cases. (#29397, @dylandreimerink)
* ingress: add unit tests to test default ingressclass (#29792, @mhofstetter)
* ipcache: use TriggerController, not UpdateController (#29548, @squeed)
* k8s/resource: Add support for releasable Resource[T] (#29414, @pippolo84)
* Makefile: Fix variable override not working in all cases (#29599, @gandro)
* Optimize IP/FQDN management in the DNSCache (#29691, @squeed)
* pkg/rand: remove random name generator (#29664, @aanm)
* pkg: proxy: only install from-proxy rules/routes for native routing (#29761, @julianwiedmann)
* plugins/cilium-cni: Introduce endpoint customization (#29707, @gandro)
* Prepare for release v1.15.0-pre.3 (#29596, @aanm)
* Prepare v1.15 stable branch (#29838, @joestringer)
* proxy: export ProxyConfig fields (#29827, @tklauser)
* README: Update releases (#29609, @aanm)
* release image: Allow arbitrary pre-release identifiers (#29173, @michi-covalent)
* Revert "cilium: Ensure xfrm state is initialized for route IP before … (#29801, @jrfastab)
* statedb: Fix revision indexing (#29840, @joamaki)
* test: remove probes-test.sh (#29612, @rgo3)
* Update SPIRE dependency to v1.8.5 (#29597, @meyskens)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.0-rc.0@sha256:dfd696fb4325e996098607224cf379ccdbbe969634750fa10082e7ac31d0819a

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.0-rc.0@sha256:7a6be505270347b8e4076941b282ecd3c89cbdce68f50a3ba6e0bd5a60553c47

docker-plugin

quay.io/cilium/docker-plugin:v1.15.0-rc.0@sha256:fe6325f2268adafa28b0a0a81f5f2254014fc1aa8981c47fce6c688e3879993a

hubble-relay

quay.io/cilium/hubble-relay:v1.15.0-rc.0@sha256:eb89a6c12bef00f62f393630958f58d769f0add5ba6fa914180ec21d845034ae

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.0-rc.0@sha256:9f34a4d32c87f7dfb7fff45c2660e58113a036dca06e75ea20b5bd46856c20fa

operator-aws

quay.io/cilium/operator-aws:v1.15.0-rc.0@sha256:d28d947653bff9ad9a010bdc4bb75d3f0ce5517b601d768075f11ea32242491c

operator-azure

quay.io/cilium/operator-azure:v1.15.0-rc.0@sha256:0f6828ab7688159e3b7bc259094af6c9643783a48b2fc0630885dcabe9249831

operator-generic

quay.io/cilium/operator-generic:v1.15.0-rc.0@sha256:cc0800697151d9a68c9547c66e9d5f4a67537efd369cb10caf19e79748b24b02

operator

quay.io/cilium/operator:v1.15.0-rc.0@sha256:5e14c97ee92c6eef799b3125ab4b557c3c7c6cfe55d78c8c655bdf7aae4212ab

Details

date
Jan. 3, 2024, 8:42 p.m.
name
1.15.0-rc.0
type
Pre-release
official page
https://github.com/cilium/cilium/releases/tag/v1.15.0-rc.0
👇
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or