Prepare for release v1.10.6

.github/maintainers-little-helper.yaml

@@ -1,4 +1,4 @@
-project: "https://github.com/cilium/cilium/projects/169"
+project: "https://github.com/cilium/cilium/projects/175"
 column: "In progress"
 auto-label:
   - "kind/backports"

AUTHORS

@@ -4,6 +4,7 @@ off on commits in the Cilium repository:
 Àbéjídé Àyodélé                         abejideayodele@gmail.com
 AdamKorcz                               adam@adalogics.com
 Adam Wolfe Gordon                       awg@digitalocean.com
+adamzhoul                               adamzhoul186@gmail.com
 Aditi Ghag                              aditi@cilium.io
 Adrien Trouillaud                       adrienjt@users.noreply.github.com
 Akshat Agarwal                          humancalico@disroot.org
@@ -34,6 +35,7 @@ Arvind Soni                             arvind@covalent.io
 Ashray Jain                             ashrayj@palantir.com
 Ashwin Paranjpe                         ashwin@covalent.io
 Assiya Khuzyakhmetova                   assiya.khuzyakhmetova@nu.edu.kz
+Austin Cawley-Edwards                   austin.cawley@gmail.com
 Beatriz Martínez                        beatriz@isovalent.com
 Benjamin Pineau                         benjamin.pineau@datadoghq.com
 Bingshen Wang                           bingshen.wbs@alibaba-inc.com
@@ -44,12 +46,15 @@ Bokang Li                               libokang.dev@gmail.com
 Bolun Zhao                              blzhao@google.com
 Boran Car                               boran.car@gmail.com
 Brian Topping                           brian@coglative.com
+Bruno M. Custódio                       brunomcustodio@gmail.com
 Bruno Miguel Custódio                   brunomcustodio@gmail.com
 Calum MacRae                            hi@cmacr.ae
 Camilo Schoeningh                       camilo.schoeningh@dunnhumby.com
+Canh Ngo                                canhnt@gmail.com
 Carlos Castro                           carlos.castro@jumo.world
 Changyu Wang                            changyuwang@tencent.com
 Charles-Henri Guérin                    charles-henri.guerin@zenika.com
+chenyaqi01                              chenyaqi01@baidu.com
 Chris Tarazi                            chris@isovalent.com
 Christian Hörtnagl                      christian2@univie.ac.at
 Christian Hüning                        christian.huening@finleap.com
@@ -292,6 +297,7 @@ Valas Valancius                         valas@google.com
 Vance Li                                vanceli@tencent.com
 Vigneshwaren Sunder                     vickymailed@gmail.com
 Ville Ojamo                             bluikko@users.noreply.github.com
+Vincent Li                              vincent.mc.li@gmail.com
 Vishnu Soman K                          vishnusomank05@gmail.com
 Vlad Artamonov                          742047+vladdy@users.noreply.github.com
 Vlad Gorodetsky                         v@gor.io

CHANGELOG.md

@@ -1,5 +1,93 @@
 # Changelog
 
+## v1.10.6
+
+Summary of Changes
+------------------
+
+**Minor Changes:**
+* datapath,daemon: Enable multi-dev XDP (Backport PR #18066, Upstream PR #17655, @brb)
+* helm: Disable BPF masquerading in v1.10+ (Backport PR #17985, Upstream PR #17824, @pchaigno)
+* Reduce bugtool memory usage (Backport PR #17861, Upstream PR #17546, @tklauser)
+* service: Always allocate higher ID for svc/backend (Backport PR #18146, Upstream PR #18113, @brb)
+
+**Bugfixes:**
+* Adds an `ACCEPT` rule for untracked pkts in `filter:CILIUM_OUTPUT` (Backport PR #17861, Upstream PR #17585, @Weil0ng)
+* bpf: exclude pod's reply traffic from egress gateway logic (Backport PR #17985, Upstream PR #17869, @jibi)
+* bug/pkg/health: Fix Nil Address Issue in Node Update Mechanism (Backport PR #17861, Upstream PR #17667, @nathanjsweet)
+* bugtool: fix data race occurring when running commands (Backport PR #17985, Upstream PR #17916, @rolinh)
+* bugtool: fix IP route debug gathering commands (Backport PR #18066, Upstream PR #18059, @tklauser)
+* daemon, node: Remove old, discarded router IPs from `cilium_host` (Backport PR #18088, Upstream PR #17762, @christarazi)
+* Define operator feature flags to allow the operator to register related CRDs. (Backport PR #17861, Upstream PR #17772, @pchaigno)
+* egressgateway: Allow several CENPs with same egress IP (Backport PR #17861, Upstream PR #17773, @pchaigno)
+* egressgateway: fix manager logic (Backport PR #18082, Upstream PR #17813, @jibi)
+* Fix bug where the agents would silently skip all IPv6 masquerading due to an incorrect configuration. (Backport PR #17985, Upstream PR #17906, @pchaigno)
+* Fix identity leak via FQDN selectors (Backport PR #17861, #17987, #18189, Upstream PRs #17699, #17788, #18166, @joestringer)
+* Fix incorrect application of egress gateway policy to internal cluster traffic. Require  a 5.2 kernel or later for the egress gateway policy feature. (Backport PR #17861, Upstream PR #17639, @kkourt)
+* Fix issue where local host IPs may be briefly associated with the remote-node identity, causing policy drops when policy should allow traffic from the host. (Backport PR #17861, Upstream PR #17836, @joestringer)
+* Fix several complexity and program size issues when only one of IPv4/IPv6 is enabled. (Backport PR #17652, Upstream PR #17573, @pchaigno)
+* Fixes an issue which can cause traffic to be dropped when running Cilium in ENI mode due to the presence of iptables rules left over by the AWS VPC CNI plugin. Notable features that could be impacted include the egress gateway functionality. (Backport PR #17985, Upstream PR #17845, @bmcustodio)
+* Fixes for IPsec and endpoint routes (Backport PR #17985, Upstream PR #17865, @kkourt)
+* node-init: cleanup snat iptables rules when running in eni mode with masquerading disabled (Backport PR #17861, Upstream PR #16840, @bmcustodio)
+* node: Skip ipcache for remote node IPs if IPsec is enabled (Backport PR #17652, Upstream PR #17511, @pchaigno)
+
+**CI Changes:**
+* .github: Fix codeQL workflow skip logic (Backport PR #17625, Upstream PR #17587, @joestringer)
+* aks: fix AKS cluster creation following new taint limitations (Backport PR #17625, Upstream PR #17529, @nbusseneau)
+* bpf/Makefile: Enable setting complexity options (Backport PR #17625, Upstream PR #17364, @pchaigno)
+* bpf: Add WireGuard to complexity and compile tests (Backport PR #18146, Upstream PR #18048, @pchaigno)
+* ci: Restart pods when toggling KPR switch (Backport PR #18146, Upstream PR #18031, @brb)
+* k8sT/Egress: fixes (Backport PR #17625, Upstream PR #17581, @kkourt)
+* mlh: switch runtime from kernel 4.9 to net-next (#18096, @nbusseneau)
+* test/contrib: Bump CoreDNS version to 1.8.3 (Backport PR #18146, Upstream PR #18018, @brb)
+* test/K8sVerifier: Cover several datapath configurations (Backport PR #17652, Upstream PR #17470, @pchaigno)
+* test: Do not require netpols in 'waitNextPolicyRevisions()' (Backport PR #17861, Upstream PR #17769, @jrajahalme)
+* test: Extend coredns clusterrole with additional resource permissions (Backport PR #18146, Upstream PR #18104, @aditighag)
+* test: Fix incorrect selector for netperf-service (Backport PR #18146, Upstream PR #18006, @christarazi)
+* test: use stable zookeeper image (Backport PR #18210, Upstream PR #18186, @tklauser)
+* workflows: Fix use of paths-filter on master pushes (Backport PR #17652, Upstream PR #16507, @pchaigno)
+* workflows: Run CodeQL workflow is the workflow is edited (Backport PR #18189, Upstream PR #17982, @pchaigno)
+
+**Misc Changes:**
+* .github: Increase reporting threshold for new flakes (Backport PR #17861, Upstream PR #17812, @pchaigno)
+* .github: Rename `project/ci-force` to `ci/flake` (Backport PR #17861, Upstream PR #17344, @pchaigno)
+* Adds a warning in the upgrade doc about split cluster (Backport PR #17861, Upstream PR #17755, @Weil0ng)
+* Allow to add custom labels to ServiceMonitors cilium-agent, cilium-operator, hubble in the Cilium Helm chart. (Backport PR #17746, Upstream PR #17509, @canhnt)
+* bpf: Refactoring egress gateway datapath (Backport PR #17985, Upstream PR #17868, @pchaigno)
+* build(deps): bump 8398a7/action-slack from 3.10.0 to 3.11.0 (#17888, @dependabot[bot])
+* build(deps): bump 8398a7/action-slack from 3.11.0 to 3.12.0 (#17964, @dependabot[bot])
+* build(deps): bump actions/cache from 2.1.6 to 2.1.7 (#17970, @dependabot[bot])
+* build(deps): bump actions/checkout from 2.3.4 to 2.3.5 (#17634, @dependabot[bot])
+* build(deps): bump actions/checkout from 2.3.5 to 2.4.0 (#17784, @dependabot[bot])
+* build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#18160, @dependabot[bot])
+* build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#18162, @dependabot[bot])
+* build(deps): bump KyleMayes/install-llvm-action from 1.4.1 to 1.5.0 (#17749, @dependabot[bot])
+* contrib/backporting: Dockerize backporting scripts (Backport PR #17652, Upstream PR #17157, @aditighag)
+* daemon: add K8sCacheIsSynced() method (Backport PR #17861, Upstream PR #17651, @jibi)
+* daemons: name init functions and have one `init` (Backport PR #17727, Upstream PR #17616, @nebril)
+* docs: add registry (quay.io/) for pre-loading images for kind (Backport PR #18066, Upstream PR #18017, @adamzhoul)
+* docs: fix a block directive in OpenShift GSG (Backport PR #17861, Upstream PR #17760, @qmonnet)
+* docs: fix eksctl ClusterConfig to allow copy (Backport PR #18146, Upstream PR #18110, @aanm)
+* docs: Fix helm value when deploying pure ipvlan l3 mode (Backport PR #17727, Upstream PR #17708, @chendotjs)
+* docs: fix link to signoff / certificate of origin section (Backport PR #18146, Upstream PR #18123, @timoreimann)
+* docs: KUBECONFIG for cilium-cli with k3s (Backport PR #18146, Upstream PR #18068, @kkourt)
+* docs: Mention about KubeVirt in KPR docs (Backport PR #17861, Upstream PR #17847, @brb)
+* docs: Reword sentence on WireGuard limitation (Backport PR #17861, Upstream PR #17822, @pchaigno)
+* docs: Update the minimum required Minikube version (Backport PR #18189, Upstream PR #18155, @pchaigno)
+* docs: Use cilium sysdump instead of python sysdump (Backport PR #17727, Upstream PR #17402, @michi-covalent)
+* docs: Use git+https in requirements.txt (Backport PR #17861, Upstream PR #17756, @michi-covalent)
+* Fix documented EC2 IAM action (Backport PR #18066, Upstream PR #17958, @austince)
+* install/kubernetes/cilium: reference stable docs for eBPF maps (Backport PR #17861, Upstream PR #17757, @tklauser)
+* install: Update image digests for v1.10.5 (#17608, @joestringer)
+* Minor egress gateway fixups (Backport PR #17861, Upstream PR #17663, @pchaigno)
+* monitor: Initialize agent in deamon early (Backport PR #17727, Upstream PR #17407, @gandro)
+* pkg: rename egresspolicy package to egressgateway (Backport PR #17727, Upstream PR #17630, @jibi)
+* test: Disable unreliable K8sBookInfoDemoTest test (Backport PR #17985, Upstream PR #17550, @twpayne)
+* ui: v0.8.5 (Backport PR #18210, Upstream PR #18203, @geakstr)
+* v1.10: Update Go to 1.16.10 (#17793, @tklauser)
+* v1.10: Update Go to 1.16.11 (#18130, @tklauser)
+* verifier-test.sh: allow for empty FOO_PROGS (Backport PR #17625, Upstream PR #17408, @kkourt)
+
 ## v1.10.5
 
 Summary of Changes

Documentation/concepts/kubernetes/compatibility-table.rst

@@ -36,6 +36,8 @@
 +-----------------+----------------+
 | v1.8.12         | 1.21.2         |
 +-----------------+----------------+
+| v1.8.13         | 1.21.2         |
++-----------------+----------------+
 | v1.8            | 1.21.2         |
 +-----------------+----------------+
 | v1.9.0-rc0      | 1.22.1         |
@@ -68,6 +70,8 @@
 +-----------------+----------------+
 | v1.9.10         | 1.22.6         |
 +-----------------+----------------+
+| v1.9.11         | 1.22.6         |
++-----------------+----------------+
 | v1.9            | 1.22.6         |
 +-----------------+----------------+
 | v1.10.0-rc0     | 1.23.1         |
@@ -86,7 +90,9 @@
 +-----------------+----------------+
 | v1.10.4         | 1.23.3         |
 +-----------------+----------------+
+| v1.10.5         | 1.23.3         |
++-----------------+----------------+
 | v1.10           | 1.23.3         |
 +-----------------+----------------+
-| latest / master | 1.24.1         |
+| latest / master | 1.24.2         |
 +-----------------+----------------+

VERSION

@@ -1 +1 @@
-1.10.5
+1.10.6

install/kubernetes/Makefile.digests

@@ -2,12 +2,12 @@
 # Copyright 2021 Authors of Cilium
 # SPDX-License-Identifier: Apache-2.0
 
-CILIUM_DIGEST := "sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb"
-CLUSTERMESH_APISERVER_DIGEST := "sha256:6c6d57195de2595a3c58f688e26bf5c5f4715011a07fdf22e48917d47418b410"
-DOCKER_PLUGIN_DIGEST := "sha256:6584c2444290948b1e21cfc2ccfafef889ded621b48b14b363e1c68bbf7e5ae2"
-HUBBLE_RELAY_DIGEST := "sha256:5d83c9d674e01c449f7fa65f176f2bde6568498acb726f5fe25cc12149c216c5"
-OPERATOR_ALIBABACLOUD_DIGEST := "sha256:2445cf7af5700f0409b9e852ded9dcd5cd6d0b9cd03fa28f3093c59aeb1d416d"
-OPERATOR_AWS_DIGEST := "sha256:8c43aebef64a024a4d0406e61dafe3f875227826f551d377825d3d4bf14a965e"
-OPERATOR_AZURE_DIGEST := "sha256:11f82e09123f79e336583cfe32b250e025738f6a8ed8d5e18e1177b566f77a00"
-OPERATOR_GENERIC_DIGEST := "sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972"
-OPERATOR_DIGEST := "sha256:099c835fa387c567823ef5cf4fc670cb95f8fb201d6144adf375c89c9283e279"
+CILIUM_DIGEST := ""
+CLUSTERMESH_APISERVER_DIGEST := ""
+DOCKER_PLUGIN_DIGEST := ""
+HUBBLE_RELAY_DIGEST := ""
+OPERATOR_ALIBABACLOUD_DIGEST := ""
+OPERATOR_AWS_DIGEST := ""
+OPERATOR_AZURE_DIGEST := ""
+OPERATOR_GENERIC_DIGEST := ""
+OPERATOR_DIGEST := ""

install/kubernetes/cilium/Chart.yaml

@@ -2,10 +2,10 @@ apiVersion: v2
 name: cilium
 displayName: Cilium
 home: https://cilium.io/
-version: 1.10.5
-appVersion: 1.10.5
+version: 1.10.6
+appVersion: 1.10.6
 kubeVersion: ">= 1.16.0-0"
-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.10.5/Documentation/images/logo-solo.svg
+icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.10.6/Documentation/images/logo-solo.svg
 description: eBPF-based Networking, Security, and Observability
 keywords:
   - BPF