Cilium - v1.2.0

Major Changes

  • Add periodic aggregation of datapath notifications (#4936, @joestringer)
  • Provide cached visibility + retries of BPF maps via API (#4854, @tgraf)
  • Add support for etcd-operator to ease Cilium deployment. (#4826, @aanm)
  • Agent aware user-defined reserved identities (#4775, @aanm)
  • Add toFQDNs rules that support DNS based egress policy (#4750, @raybejjani)
  • Inter cluster connectivity (ClusterMesh) (#4738, @tgraf)
  • Tunneling mode without kvstore dependency (#4732, @tgraf)
  • Push nightly container image to container registry (#4731, @nebril)
  • Automatically detect MTU of network (#4687, @tgraf)
  • Use local service ID allocation when DSR is disabled (#4664, @tgraf)
  • Allow running Cilium with kube-router for BGP routing (#4547, @tgraf)
  • Add kvstore based node discovery (#4270, @tgraf)

Bugfixes Changes

  • daemon: always re-add CNP when receiving an update from Kubernetes (#5024, @aanm)
  • pkg/endpoint: annotate pod with the numeric representation of an identity (#5019, @aanm)
  • kvstore: Wait for kvstore watcher to exit (#4945, @tgraf)
  • Count references to CIDR prefix lengths and generate bpf_netdev config based on it (#4910, @joestringer)
  • makefile: Run go tool vet on the api and pkg subdirs (#4909, @rlenglet)
  • Don't perform IPCache lookup when identity is health/init/fixed-identity (#4889, @joestringer)
  • pkg/kvstore: fix high-cpu usage when Cilium loses Consul connectivity (#4888, @aanm)
  • correctly convert CIDRs within a single CIDR policy rule which allow access to the world to reserved:world identity when rule contains multiple CIDRs (#4846, @ianvernon)
  • Fix deadlock for endpoint state when endpoint is in StateWaitingForIdentity when no labels were changed (#4840, @aanm)
  • Fix bug where traffic from a host to a service IP was classified as from the world, not from the host (#4830, @joestringer)
  • cni: Check if directories exist before creating them (#4799, @tgraf)
  • Prevent Cilium from deadlock when interacting with etcd (#4788, @aanm)
  • bpf: Fix ipcache lookup for kernels with HAVE_LPM_MAP_TYPE (#4773, @tgraf)
  • Watch for Kubernetes Namespace label changes (#4756, @aanm)
  • Change default "CRI-o" mounting path to "/var/run/crio/crio.sock" (#4753, @aanm)
  • Check endpoint status before modifying identity labels (#4739, @aanm)
  • cilium-docker: fix gatewayIPv4 assignment (#4709, @nirmoy)
  • Support updating controllers instead of requiring to re-create them (#4683, @rlenglet)
  • pkg/policy: take into account To / FromRequires when computing L4 policy (#4682, @ianvernon)
  • endpoint: Fix restored endpoints not showing up in ipcache (#4678, @tgraf)
  • stop logging conflicting errors as errors when modifying kubernetes objects (#4676, @aanm)
  • change the minimal number of BPF regeneration builders from 4 to 2 (#4670, @aanm)
  • Service backends may now be added without potentially disturbing existing TCP sessions. (#4667, @jrfastab)
  • Fix PolicyRevision of endpoint bumped prematurely (#4636, @aanm)
  • metricsmap: Fix index out of range error (#4623, @joestringer)
  • Fix bug where inserting the same CIDR in multiple rules, then removing one rule, would result in traffic not being allowed based on the rule that remains in the policy. (#4611, @joestringer)
  • Fix sidecar proxy deadlock during BPF generation (#4610, @rlenglet)
  • Fix regression that caused policies with ToServices rules to not allow traffic to services with external backends (#4587, @joestringer)
  • Fix endpoint restore log regarding health endpoint (#4561, @manalibhutiyani)

Other Changes

  • allocator: Support watching allocations in arbitrary kvstore connections (#4934, @tgraf)
  • Use UpdateStatus for Cilium Endpoint Status in k8s 1.11 (#4877, @aanm)
  • bpf: Shift ingress ipcache source lookup to netdev (#4874, @joestringer)
  • Split BPF ingress program into IPv4 and IPv6 handlers (#4867, @joestringer)
  • bpf: Allow to use 24 bits for security identities (#4858, @tgraf)
  • Implement datapath trace notification aggregation (#4828, @joestringer)
  • pkg/policy/api: allow ToPorts coupled with ToServices (#4805, @ianvernon)
  • Maintain ipcache entries for Cilium host IPs based on k8s node annotations (#4797, @aanm)
  • Speed up regeneration of endpoints with a large number of rules (#4790, @ianvernon)
  • Watch for Kubernetes Namespace label changes (#4756, @aanm)
  • Watch for kubernetes pod labels changes (#4730, @aanm)
  • kvstore: Support creation of multiple clients (#4725, @tgraf)
  • Changed the prometheus yaml to deploy in monitoring namespace (#4699, @ackerman80)
  • set Cilium DaemonSet priorityClass to "system-node-critical" (#4690, @aanm)
  • Expose endpoint and policy computation time metrics (#4684, @manalibhutiyani)
  • contrib: add sysconfig file headers (#4671, @nirmoy)
  • Add opensuse to Distribution Compatibility Matrix (#4665, @nirmoy)
  • agent: Require go 1.10 for safe namespace operations (#4599, @tgraf)
  • cilium-health: accept only positive interval (#4593, @nirmoy)
  • Refactor EndpointSelector usage into helper functions (#4548, @joestringer)
  • Don't remove old (pre-1.0) cilium-envoy.log on startup (#4518, @manalibhutiyani)
  • Add metric "cilium_datapath_errors_total" for tracking errors in the datapath. (#4507, @joestringer)
  • Add Kafka specific CI test checks to make sure kafka cluster is up correctly. (#4488, @manalibhutiyani)
  • Metrics to report count of current endpoints tagged by endpoint states (#4376, @manalibhutiyani)
  • Use UpdateStatus for Cilium Network Policy Status in k8s 1.11 (#2972, @aanm)

Release binaries


Aug. 21, 2018, 2:36 p.m.
Register or login to:
  • 🔍View and search all Cilium releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google