Cannot install or upgrade to new versions of Cilium with ipsec enabled #27119
Labels
affects/v1.11
This issue affects v1.11 branch
affects/v1.12
This issue affects v1.12 branch
affects/v1.13
This issue affects v1.13 branch
affects/v1.14
This issue affects v1.14 branch
area/encryption
Impacts encryption support such as IPSec, WireGuard, or kTLS.
feature/ipsec
Relates to Cilium's IPsec feature
kind/meta
Meta-task for co-ordination.
kind/regression
This functionality worked fine before, but was broken in a newer release of Cilium.
pinned
These issues are not marked stale by our issue bot.
sig/datapath
Impacts bpf/ or low-level forwarding details, including map management and monitor messages.
Recent releases of Cilium have included a warning message at the top of the release notes to recommend not to upgrade if users are using ipsec:
Example from v1.13.4 release notes:
Example v1.13.4 Upgrade documentation:
https://docs.cilium.io/en/v1.13/operations/upgrade/#id2
These recommendations are made due to known bugs in the ipsec implementation which can cause connection disruption with the combination of particular Cilium versions and ipsec feature enablement.
We can use this meta issue to track known issues and dev/testing efforts to resolve.
The text was updated successfully, but these errors were encountered: