Changelog

v1.10.0-rc0

Note: The summary of changes below reflect the diff between the last stable
release (v1.9.5) and tag v1.10.0-rc0.

Summary of Changes

Major Changes:

Add --datapath-mode=lb which allows cilium-agent to run as a standalone loadbalancer (#13670, @brb)
Add NodePort BPF support to L2-less devices (wireguard, tun, etc) (#14858, @brb)
Add the ability to masquerade IPv6 traffic when using iptables masquerading mode. This behavior can be enabled/disabled by using enable-ipv6-masquerade agent option. (#14124, @fristonio)
Cilium now builds and installs on ARM64 machines. (#14207, @jrajahalme)
Update to Kubernetes 1.20 (#14248, @aanm)

Minor Changes:

Add digest flags to specify docker images digests in helm charts (#15185, @aanm)
Add labels to scrape cilium agent and operator metrics (#14747, @lyveng)
Add metrics for identity garbage collection in cilium-operator (#14254, @ArthurChiao)
Add new cilium_bpf_map_pressure metric measuring the fill-up ratio of selected BPF maps. (#14131, @jcaamano)
Add startupProbe for Cilium-agent for faster readiness in Kubernetes >= 1.20 (#14518, @youssefazrak)
Add support for agent events to Hubble API (#14168, @tklauser)
Added --bpf-lb-bypass-fib-lookup flag, which toggles the BPF nodeport reverse NAT FIB lookup optimization (#14978, @skuffe)
Adds capability to filter events based on IP version. (#14556, @nyrahul)
Agent: consistent 'containerID' field in the log of the requests EP-delete and EP-create (#14713, @romanspb80)
api/hubble: add AUDIT policy verdict (#14785, @jaffcheng)
arp: Add retries to arping (#14601, @brb)
bpf: add LB ipip health check datapath (#14610, @borkmann)
bpf: add option for RSS-friendly outer srcIP prefix w/ mixing for DSR (#14276, @borkmann)
bpf: bpf host routing for tunneling (#15148, @borkmann)
CI 3.0: A New Hope (#15144, @tgraf)
cilium/cmd: improve 'bpf metrics list' JSON output (#13731, @jibi)
cleanup/metrics: Cleanup deprecated metrics (#13659, @sayboras)
cni-(un)install: don't touch CNI dir if CILIUM_CUSTOM_CNI_CONF is set (#14910, @ti-mo)
Consolidate kernel options probing and provide brief descriptions for missing parameters, in logs or for "cilium kernel-check". (#12383, @brandshaide)
Create top level eni block for Helm values and add more options to it (#14470, @ungureanuvladvictor)
daemon: Allow to specify dev to inherit IP addr for LB devs (#14259, @brb)
doc: Document minimal version of AWS CNI in chaining mode (#15304, @tgraf)
docs: document --nodes and --since cilium-sysdump's options (#14058, @jibi)
Enable bandwidth-manager by default for new deployments (#13535, @qmonnet)
Envoy proxy is updated to release 1.16.2 (#14680, @jrajahalme)
Envoy use of original source address in upstream connetions is disabled when datapath is tunneling. (#14594, @jrajahalme)
Extend cilium-operator binary to be used as command line tool (#14484, @fristonio)
Helm: Using external serviceAccounts is now possible. (#14731, @youssefazrak)
Honor allocateLoadBalancerNodePorts in Kubernetes LoadBalancer service spec. (#14465, @fristonio)
Hubble-ui now supports imagePullSecrets being passed in (#15109, @domgoodwin)
hubble/metrics: Add support for fallback labels, ip addresses and dns names (#14848, @gandro)
Hubble: add GetNodes rpc endpoint (#13979, @rolinh)
hubble: Add node name filter (#13938, @twpayne)
hubble: Add support for Cilium debug events (#14602, @gandro)
hubble: allow filtering by agent event subtypes (#14305, @tklauser)
hubble: distinguish AUDIT policy verdict from FORWARDED (#14923, @jaffcheng)
hubble: Extend IP filter to support CIDR ranges (#14316, @michi-covalent)
hubble: Support for debug capture events (#14432, @gandro)
Istio integration is updated to Istio release 1.8.2. (#14704, @jrajahalme)
kubectl: print additional information for CiliumIdentities (#14496, @elfadel)
maglev: Parallelize calculation of permutations (#14597, @brb)
Make Cilium the only CNI configuration available in the host to avoid pods from being managed by other CNIs while performing Cilium upgrades. (#14192, @aanm)
Merge monitor API types EndpointDeleteNotification and EndpointCreateNotification into type EndpointNotification (#14126, @tklauser)
node-neigh: add metric to count arping requests (#14816, @jaffcheng)
operator: added --pprof flag/endpoint (#14903, @mvisonneau)
Remove deprecated v1.10 options (#14291, @jibi)
Remove the unused container runtime status and DNS poller names properties from Cilium API. (#14590, @tklauser)
Report events that are lost in Hubble's ring buffer. (#14307, @rolinh)
set cilium agent only run on linux nodes (#14495, @answer1991)
Tag ENIs at creation time (#14500, @ungureanuvladvictor)
TCP flags based filter for hubble. (#13826, @nyrahul)
tools: Add initial dev-doctor (#13772, @twpayne)

Bugfixes:

Add iamRole option to eni in Helm chart values to allow using serviceaccounts for iam roles on cilium-operator (#14970, @bluestealth)
Avoid exposing full Cilium API in LB-only mode (#14098, @christarazi)
daemon, config: regenerate endpoint datapath on agent config change (#13971, @jaffcheng)
Fix backwards compatibility of status API (#15143, @tgraf)
Fix bug where enable-endpoint-routes change required all pods to restart to take effect (#15228, @pchaigno)
Fix rounding behavior when specifying a capacity for Hubble's buffer. (#13894, @rolinh)
Helm: Respect serviceAccounts.*.create value (#14711, @youssefazrak)
hubble: Fix numeric identity lookup for FQDN identities (#14477, @gandro)
ipam/aws: fixed a bug causing the operator to hang indefinitely when the ENI limits for an instance type could not be determined (#14905, @mvisonneau)
ipam/aws: updated EC2 instances ENI limits and added an helper function to make it easier to do so in the future (#14906, @mvisonneau)
node: Fix CIDR comparison when updating routes (#15263, @brb)
operator: release leader lease lock on operator exit (#14554, @fristonio)
service: Restore Maglev table when M changes (#14469, @brb)
Use new metric names for cilium-operator dashboard (#14507, @ungureanuvladvictor)

CI Changes:

.github, bpf: Update reference to cilium-checkpatch image (#14700, @pchaigno)
.github/workflows: remove go version commands from golangci-lint job (#15238, @tklauser)
.travis: fail Travis if race detection builds also fail (#15199, @aanm)
Add 'nilness' to golangci (#14066, @joestringer)
Add CIIntegrationEKSENI CNI integration for ENI IPAM on EKS (#14423, @ungureanuvladvictor)
bpf: Fix compilation of bpf_ct_tests (#14862, @pchaigno)
ci: add CodeQL analysis (#14514, @twpayne)
ci: Add quarantine capabilities to k8s-all jenkinsfile (#14150, @nebril)
ci: Bump vagrant boxes (#14982, @gandro)
ci: change manifest path for perf test (#14183, @nebril)
ci: Check gke cluster state before selecting it (#14130, @nebril)
ci: fix checking for pr git sha in jenkinsfiles (#15007, @nebril)
ci: fix nightly image (#14170, @nebril)
ci: offload baremetal "K8s all" builds to sub-jobs (#14861, @Skymirrh)
ci: push cilium-test-dev image to quay, accept tags in the test script (#14169, @nebril)
ci: remove params from upstream k8s job (#15168, @nebril)
ci: skip gke clusters with ongoing operations (#14348, @nebril)
ci: use host images in master job (#14311, @nebril)
ci: use host kubectl in k8s-all (#14302, @nebril)
ci: Use images built on host in k8s-all job (#14292, @nebril)
ci: use images from quay.io (#14937, @nebril)
ci: use separate Jenkins jobs for daily master tests + CI documentation overhaul (#14997, @Skymirrh)
ci: wait for quay images and boot vms in parallel (#15300, @nebril)
contrib: Add integration testing shell helpers (#14404, @joestringer)
docs: Update trigger phrase for Cilium-PR-Ginkgo-Tests-Kernel-Focus (#14849, @pchaigno)
DualStack kubernetes based IPv6 testing for Cilium (#14461, @fristonio)
e2e: Make ginkgo default to verbose mode (#15184, @qmonnet)
Enable identity + cli + health e2e tests on EKS (#14519, @ungureanuvladvictor)
jenkinsfile: Increase timeout for k8s-all tests (#14583, @pchaigno)
jenkinsfiles: remove unused environment variables (#15125, @aanm)
labelsfilter: Fix test for default filters (#15024, @pchaigno)
Remove docker-compose leftovers (#14426, @tklauser)
Removed unnecessarily redundant static analysis in CI to streamline CI running times. (#14400, @nathanjsweet)
Revert "refactor: Remove time.After from any Loops" (#14371, @tklauser)
run bpf_ct_tests as part of CI (#14916, @kkourt)
test/helpers: fix GetBPFPacketsCount (#14663, @jibi)
test/helpers: remove unused functions and consts (#15241, @tklauser)
test/k8sT/manifests: use image hash with cilium-builder image (#13982, @tklauser)
test: add iptables masquerading without random-fully test (#14476, @jibi)
test: add nil check to CiliumReport to prevent segfaults (#14210, @nebril)
test: Always select nodes by label (#14867, @pchaigno)
test: change accees of go dir in test vm (#15265, @nebril)
test: Collect object file artifacts for K8sVerifier (#14129, @pchaigno)
test: disable fqdn connectivity test during restart (#13930, @tklauser)
test: Disable K8sVerifier on 4.19 and net-next CI pipelines (#14162, @pchaigno)
test: Disable unsupported features on 4.9 to reduce warnings (#15001, @pchaigno)
test: Extend coverage for host policies enforcement (#14822, @pchaigno)
test: Fix kube-proxy service tests when running with socket-level LB (#14699, @pchaigno)
test: Fix local tests (#15130, @pchaigno)
test: Mark GKE CI pipeline as running Linux 4.19 (#14639, @pchaigno)
test: Move RuntimeCLI to K8sCLI (#14017, @pchaigno)
test: Quarantine flakes from k8s-all CI pipeline (#14151, @pchaigno)
test: quarantine flaking datapathconfig tests on 1.17 (#14188, @nebril)
test: Quarantine K8sUpdates on GKE (#13899, @pchaigno)
test: quarantine K8sVerifier on k8s-all (#14409, @nebril)
test: Quarantine test with secondary NodePort device (#15003, @pchaigno)
test: Reduce build durations (#14223, @pchaigno)
test: Reenable debug mode for monitor tests (#15127, @pchaigno)
test: remove leftovers of running own registry in GKE tests (#15124, @tklauser)
test: Remove spammy "Cilium DaemonSet not ready yet" logs (#14544, @pchaigno)
test: Respect cilium.holdEnvironment on Cilium status check (#15219, @pchaigno)
test: Respect cilium.holdEnvironment on DNS check (#14695, @pchaigno)
test: Un-Quarantine K8sUpdates on GKE (#14464, @gandro)
test: Unquarantine K8sUpdates under GKE (#13793, @pchaigno)
test: Unquarantine the random-fully test (#15205, @pchaigno)
test: Unquarantine tunneling + endpoint routes test (#15152, @pchaigno)
test: Use stable tags instead of :latest (#14093, @pchaigno)
vagrant: bump all box versions (#14274, @jibi)
vagrant: Bump all Vagrant box versions (#14167, @pchaigno)

Misc Changes:

.dockerignore: add *.box files (#14045, @kkourt)
.github: add GitHub actions to build images (#14917, @aanm)
.github: Bump project for 1.9.0-rc4 (#13880, @joestringer)
.github: change step order (#14703, @aanm)
.github: checkout right SHA for base images (#15069, @aanm)
.github: Don't mark good-first-issues as stale (#14908, @pchaigno)
.github: Fix cilium project management for v1.9 (#14065, @joestringer)
.github: fix correct sha for images build (#15065, @aanm)
.github: publish tags from master branch in official repositories (#15078, @aanm)
.github: set :latest tag for merges into master branch (#14933, @aanm)
.github: set different workflow IDs (#14932, @aanm)
.github: update GH actions on stable branches (#15208, @aanm)
.github: update release process (#14672, @aanm)
.github: update v1.9 cilium-actions project number (#14683, @aanm)
.github: use quay.io images in smoke tests (#15005, @aanm)
.gitignore: add .vscode/ directory (#14664, @ti-mo)
Add ability to mock kernel feature prober and expand BPF map tests (#14876, @christarazi)
Add dev-docker-operator-image makefile directive (#14387, @ungureanuvladvictor)
Add ebpf map cilium_egress_v4 for egress gateway (#14712, @anfernee)
Add fuzzer with OSS-fuzz build script (#14202, @AdamKorcz)
add GH action to push hot fix images into -dev repositories (#15061, @aanm)
Add hubble relay docker images + fix k8s version for eks in contrib testing script (#14478, @ungureanuvladvictor)
Add multi-arch support to all images (#15023, @aanm)
Add TagSpecifications to ec2:CreateNetworkInterface only when len > 0 (#14571, @ungureanuvladvictor)
Add tunnel mode config and egress gateway config params (#14723, @MasterZ40)
add_vagrant_box.sh: Fix download issue and update help message (#14553, @qmonnet)
add_vagrant_box.sh: Fix incorrect vagrant box updates (#14527, @pchaigno)
add_vagrant_box.sh: remove downloaded files after installing a VM image (#14686, @qmonnet)
Added ArangoDB Oasis to USERS list (#14697, @ewoutp)
Added build comment to oss-fuzz build file (#14856, @AdamKorcz)
Added flag proxy.prometheus.enabled to helm chart for disabling service (#14688, @yuriydzobak)
Added Tailor Brands to users (#14605, @liorrozen)
Address #13894 nits (#13985, @jibi)
Address shellcheck warnings in cni-(un)install.sh. (#14467, @ti-mo)
Adds pod annotation to manage iptables NOTRACK rules. (#13805, @Weil0ng)
Agent: Include Cilium version in output of 'cilium status --verbose' (#14492, @romanspb80)
agent: Make intent of signaling channels clear and optimize memory (#14075, @aditighag)
alignchecker: git should not ignore bpf_foo.o (#14046, @kkourt)
all: bump Alpine base image to 3.13.1 and add meta image SHA256 sum (#14795, @rolinh)
all: use UUIDv4 instead of UUIDv1 (#14351, @tklauser)
allocator: Quieten local key allocation logging (#14804, @joestringer)
api/hubble: Explicitly mark unused fields as reserved (#13809, @gandro)
arp: Set deadline for each retry (#14651, @brb)
bpf/lb: Skip service handling for ICMP packets (#12552, @pchaigno)
bpf: allow prefix of /32 and /128 in RSS src CIDR (#14367, @borkmann)
bpf: datapath: Fix fetching configured base devices (#14456, @mrostecki)
bpf: datapath: Rewite base devices setup in Go (#13915, @mrostecki)
bpf: fix health cilium_ipip6 collect_md mode (#15281, @borkmann)
bpf: fixes for host routing (#15240, @borkmann)
bpf: lb pmtu discovery support (#14980, @borkmann)
bpf: use LB addr as srcIP for outer hdr in DSR/IPIP (#14260, @borkmann)
bpf: Use optimized memset in send_trace_notify (#14450, @pchaigno)
Bugtool: add taskset (#14568, @youssefazrak)
bugtool: Record attached BPF programs (#14895, @aditighag)
Bugtool: route tables are dynamically dumped (#14488, @youssefazrak)
build(deps): bump actions/cache from v2 to v2.1.4 (#14880, @dependabot[bot])
build(deps): bump actions/setup-go from v1 to v2.1.3 (#14715, @dependabot[bot])
build(deps): Bump aws-sdk-v2 to official releases (#14794, @sayboras)
build(deps): bump docker/build-push-action from 4a531fa5a603bab87dfa56578bd82b28508c9547 to 2.3.0 (#15049, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.0.0 to 1.1.0 (#14881, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds from 1.0.0 to 1.0.2 (#15139, @dependabot[bot])
build(deps): bump github.com/Azure/go-autorest/autorest/adal from 0.9.10 to 0.9.13 (#15050, @dependabot[bot])
build(deps): bump github.com/Azure/go-autorest/autorest/azure/auth from 0.5.5 to 0.5.6 (#14771, @dependabot[bot])
build(deps): bump github.com/containernetworking/cni from 0.8.0 to 0.8.1 (#14976, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.19.24 to 0.19.26 (#14836, @dependabot[bot])
build(deps): bump github.com/go-openapi/spec from 0.20.0 to 0.20.2 (#14832, @dependabot[bot])
build(deps): bump github.com/go-openapi/strfmt from 0.19.11 to 0.20.0 (#14768, @dependabot[bot])
build(deps): bump github.com/go-openapi/validate from 0.20.0 to 0.20.1 (#14823, @dependabot[bot])
build(deps): bump github.com/google/uuid from 1.1.4 to 1.2.0 (#14855, @dependabot[bot])
build(deps): bump github.com/onsi/gomega from 1.10.3 to 1.10.5 (#14833, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil from 2.20.4+incompatible to 2.20.9+incompatible (#14809, @dependabot[bot])
build(deps): bump github.com/stretchr/testify from 1.6.1 to 1.7.0 (#14772, @dependabot[bot])
build(deps): bump golangci/golangci-lint-action from v2 to v2.4.0 (#14975, @dependabot[bot])
build(deps): bump golangci/golangci-lint-action from v2.5.0 to v2.5.1 (#15248, @dependabot[bot])
build(deps): bump helm/kind-action from v1.0.0 to v1.1.0 (#14716, @dependabot[bot])
build(deps): bump k8s.io/apiextensions-apiserver from 0.20.1 to 0.20.2 (#14786, @dependabot[bot])
build(deps): bump k8s.io/apimachinery from 0.20.1 to 0.20.2 (#14811, @dependabot[bot])
build(deps): bump k8s.io/client-go from 0.20.1 to 0.20.2 (#14810, @dependabot[bot])
build(deps): bump k8s.io/code-generator from 0.20.1 to 0.20.2 (#14769, @dependabot[bot])
build(deps): bump k8s.io/klog/v2 from 2.4.0 to 2.5.0 (#14824, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from v1 to v1.1.1 (#15247, @dependabot[bot])
build(deps): update docker/build-push-action requirement to 9379083e426e2e84abb80c8c091f5cdeb7d3fd7a (#15138, @dependabot[bot])
build(deps): update helm/kind-action requirement to v1.1.0 (#15279, @dependabot[bot])
build: Minor fixes to .gitignore and docs (#13626, @twpayne)
Bump alpine base image to 3.13.0 (#14718, @tklauser)
Bump aws-go-sdk-v2 to v0.30.0 (#14460, @ungureanuvladvictor)
Bump aws-go-sdk-v2 to v0.31.0 (#14490, @ungureanuvladvictor)
Bump gops to 0.3.16 (#15213, @tklauser)
Bump vendored dependencies (#14572, @tklauser)
Bump vendored dependencies (part 2) (#14606, @tklauser)
Centralize building of the aws.Config object (#14048, @ungureanuvladvictor)
Check whether to setup proxy rules when init bpf (#14542, @ChangyuWang)
ci/dependabot: fix labels (#14773, @rolinh)
ci/docker: Add operator dir into Dockerfile.dockerignore (#14069, @sayboras)
ci: Add initial dependabot configuration (#14694, @twpayne)
ci: build race-detection images in GH actions (#14979, @nebril)
CI: fix cron values for CodeQL analysis (#14575, @twpayne)
ci: only run CodeQL analysis on cilium/cilium (#14633, @twpayne)
ci: only run Nightly workflows on cilium/cilium (#14612, @kaworu)
cilium/cmd, vendor: use github.com/russross/blackfriday/v2 (#14261, @tklauser)
cilium/cmd: Fix skipping of .git directories (#13760, @twpayne)
cilium/cmd: mark tests as unprivileged (#13933, @tklauser)
cilium/cmd: remove unnecessary parseLabels func (#13988, @tklauser)
cilium/cmd: Replace exit code -1 with exit code 1 (#13761, @twpayne)
cilium: Drop encryption with tunnel support beta tag (#13801, @jrfastab)
cilium: error out in svc upsert on frontend/backend ports mismatch on IPIP (#14372, @borkmann)
cilium: Use strings, not byte slices, for JSON dumps (#14041, @twpayne)
Clarify description of IPSec configuration format and encryption options (#14760, @Andrey9kin)
cleanup/unused: Remove un-used code in codebase (#14113, @sayboras)
cli: Add LB IP to cilium status (#14445, @brb)
cli: Rename kpr Protocols status field (#14977, @brb)
cocinelle: update to python3 (#14522, @kaworu)
CODEOWNERS: add daemon/cmd/kube_proxy_* and pkg/bandwidth (#13818, @tklauser)
CODEOWNERS: Add pkg/maglev to @cilium/loadbalancer (#14603, @brb)
CODEOWNERS: Assign tools/ to cilium/contributing (#14433, @pchaigno)
CODEOWNERS: Assign Travis files to ci-structure team (#15173, @pchaigno)
CODEOWNERS: Remove docs-structure review from helm (#14965, @joestringer)
CODEOWNERS: Split codeowners for the documentation (#14076, @pchaigno)
CODEOWNERS: Split test/ code owners (#14244, @pchaigno)
CODEOWNERS: Update required reviews (#15009, @pchaigno)
Complete kube-router documentation by mentioning that "ipam: kubernetes" should be used (#14161, @manuelbuil)
Consistently use structured logging for errors (#13814, @tklauser)
Consolidate ec2 client create call (#14121, @ungureanuvladvictor)
contrib/k8s: Add 'nsexec' script to run commands in the network namespace of a POD (#14361, @jrajahalme)
contrib: Convert consolidate_go_stacktrace.py to python3 (#15140, @brb)
Convert AWS API calls to use paginators (#14491, @ungureanuvladvictor)
crypto/certloader: fix tests comparing crypto/x509.CertPool for Go 1.16 (#14789, @tklauser)
daemon: Avoid blocking datapath on node discovery (#14670, @pchaigno)
daemon: don't install cilium-node-monitor symlink (#15054, @tklauser)
daemon: Turn on policy debug logging if Cilium is started with --debug (#14352, @jrajahalme)
daemon_main: fix comments error (#14194, @lrouter)
datapath/iptables: de-duplicate program argument construction (#14007, @tklauser)
datapath/linux: Fix clang version regex check (#14742, @christarazi)
datapath/loader: fix privileged test build (#14335, @tklauser)
datapath: always generate BTF debug information (#14166, @jibi)
datapath: migrate off j-keck/arping (#13112, @vladdy)
datapath: Remove IPV{4,6}_NODEPORT (#14431, @brb)
datapath: Use SHA256 instead of SHA1 for datapath hash (#14279, @twpayne)
dependabot: disable automatic rebasing of PRs (#14826, @tklauser)
dependabot: Fix labels (#14717, @pchaigno)
dependabot: ignore ginkgo updates (#14821, @tklauser)
dependabot: ignore grpc and miekg/dns updates (#14790, @tklauser)
dependabot: limit number of open PRs to 1 (#14837, @tklauser)
dev-doctor: Add --backporting flag for backporters (#14016, @twpayne)
dev-doctor: Add Helm check (#14001, @twpayne)
dev-doctor: Add more checks (#14229, @twpayne)
distinguish between FIN and RST on datapath (#14097, @kkourt)
doc: Add K8S flag to the example to add worker nodes (#14682, @aditighag)
Doc: Add note to open tcp:4244 for Hubble Relay (#14758, @youssefazrak)
doc: Update AUTHORS file (#14719, @kaworu)
docker: bump cilium-iproute2 image (#14258, @jibi)
Docker: Multi-arch & cross-compile build with docker buildx (#14208, @jrajahalme)
docker: Pre-pull images correctly (#14759, @jrajahalme)
Dockerfile image build process follow-ups (#15110, @aanm)
Dockerfiles: quote FROM images if they contain 'sha256' (#14887, @aanm)
docs/release: add step to update dashboards to grafana.com (#14312, @aanm)
docs/vagrant: Remove reference of libvirt to avoid confusion (#13745, @sayboras)
docs: Add az login command to AKS getting started guide (#13926, @twpayne)
docs: Add info about Envoy smoke test (#14359, @jrajahalme)
docs: Add link from EKS mode to ec2 privileges (#14515, @joestringer)
docs: Add missing Jobs to the Jenkins Trigger Phrases table (#14199, @kaworu)
docs: Advise running ginkgo in verbose for e2e tests (#15060, @pchaigno)
docs: clarify janitor duties (#14127, @jibi)
docs: Clarify that empty endpoint selectors implictly limit to namespace (#14580, @twpayne)
docs: Document update-cmdref make target usage (#14925, @nebril)
docs: Expand triage description (#14235, @joestringer)
docs: Fix commands to build dev. docker images (#15231, @pchaigno)
docs: Fix ginkgo commands for e2e tests in GKE/EKS (#15223, @pchaigno)
docs: Fix hint for updating cmdref (#13795, @brb)
docs: Fix link formatting to builder/runtime images (#14421, @joestringer)
docs: fix llvm git repo and clang folder (#14812, @fnzv)
docs: Improve DNS port documentation (#14144, @joestringer)
docs: Recommend use of backport scripts (#14011, @pchaigno)
docs: Remove -noColor from ginkgo flags (#15224, @pchaigno)
docs: Remove incorrect configuration advice for native routing (#15016, @cmacrae)
docs: Rename priority/release-blocker to release-blocker/1.X (#14735, @pchaigno)
docs: update dependency table to add links and download command (#15055, @kaitoii11)
docs: Update our community docs page (#14968, @pchaigno)
docs: Update testing docs with instructions to run specific tests (#14108, @aditighag)
docs: Updates steps when using submit-backport (#14799, @pchaigno)
Documentation: update iproute2 git URL in bpf.rst (#15207, @dmitris)
Documentation: Update list of Jenkins jobs (#14592, @twpayne)
Drop GODEBUG='madvdontneed=1' setting with Go 1.16 (#15076, @tklauser)
endpoint: Enhance policy map sync (#14370, @jrajahalme)
endpoint: Fix typo in CT clean logic (#14137, @joestringer)
endpoint: remove unused (*Endpoint).FinishIPVLANInit and depended on symbols (#14056, @tklauser)
envoy: Update proxylib interface (#14560, @jrajahalme)
envoy: use errors.Is(..., net.ErrClosed) instead of string matching (#15080, @tklauser)
Export and use agent event sub-types for Hubble (#14415, @tklauser)
Extend endpoint related interfaces (#14743, @aditighag)
Fix a bug that was causing Azure IPAM with multiple pod subnets to not work. (#15182, @AnishShah)
Fix a typo in terminology documentation (#14181, @didier-durand)
fix broken link on readme (#13981, @kaitoii11)
Fix cilium typos (#14180, @twpayne)
Fix error propagation in (*K8sWatcher).addK8sPodV1 (#14864, @tklauser)
Fix integer conversions (#14561, @twpayne)
Fix rawgit links in README.rst (#14092, @vignesh-codes)
Fix typo in grpc example (#14874, @teyuchang)
Fqdn: log misbehaving applications that do not respect DNS TTL (#14878, @youssefazrak)
fqdn: Optimize KeepUniqueNames (#13920, @jrajahalme)
fqdn: pass CIDR matcher to (*DNSZombieMappings).DumpAlive (#13990, @tklauser)
gettingstarted: Corrected typos in memcached.rst (#15277, @unixdaddy)
health: Disable routing in BPF when per-endpoint routes are enabled (#14741, @pchaigno)
Helm: Allow enable-k8s-event-handover to be configured via Helm to control CNP Node status updates (#14555, @youssefazrak)
hubble/parser/threefour: decode layers only if there is a packet (#14448, @tklauser)
hubble/parser/threefour: ignore gopacket errors on unsupported layers (#14418, @tklauser)
hubble: allow to filter agent events (#14242, @tklauser)
hubble: Removal of legacy interfaces and minor cleanup of metrics (#14442, @gandro)
hubble: Support --{last,since,until} on agent and debug events (#14739, @gandro)
hubble: switch to google.golang.org/protobuf (#14635, @tklauser)
images, vendor: update gops to 0.3.17 (#15299, @tklauser)
images/cilium: set IMAGE_CROSS_TARGET_PLATFORM for right arch (#15074, @aanm)
images: make update-golang-image.sh update hubble-proto Dockerfile (#14036, @kaworu)
images: re-write README.md (#15108, @aanm)
Improve pod deletion resiliency (#14898, @joestringer)
install/kubernetes: remove quick-install from master branches (#15250, @aanm)
install/kubernetes: set k8s min version manually (#14778, @aanm)
install: Remove 1.9 RC workaround (#13863, @joestringer)
ipvlan: use github.com/cilium/ebpf to create map and load program (#14043, @tklauser)
jenkinsfile: Remove stale symlinks (#14365, @pchaigno)
k8s: update k8s libraries to 1.19.4 (#14032, @aanm)
k8s: update k8s libraries to 1.20.3 (#15030, @aanm)
k8s: update k8s libraries to 1.20.4 (#15092, @aanm)
k8s: Update libraries to v1.20.1 (#14481, @christarazi)
kvstore: Fix event watcher serialization (#14101, @joestringer)
lbmap: Add compile-time tests for interface satisfiability (#13868, @brb)
maglev: Allocate permutations slice ahead of time (#14622, @christarazi)
make: Use buildkit for docker targets by default (#14714, @jrajahalme)
make: Use consistent Docker tag for dev-docker-image (#14062, @pchaigno)
Makefile: do not depend on TARGET for install-bash-completion (#15147, @aanm)
Makefile: Fix missing BASE_IMAGE in docker builds (#14967, @christarazi)
Makefile: Remove microk8s prepull script (#14148, @joestringer)
Makefile: Remove microk8s.registry dependency (#15157, @joestringer)
Makefile: Simplify to run faster (#13939, @jrajahalme)
Metrics: Add cilium_datapath_dump_resets for dump_interrupts count (#14888, @youssefazrak)
Minor backporting script tweaks (#14027, @twpayne)
Misc. cleanups in hubble and monitor packages (#14103, @tklauser)
Modified path of fuzzer (#14813, @AdamKorcz)
monitor, vendor: bump github.com/cilium/ebpf to v0.3.0 (#14200, @tklauser)
monitor: Display human-readable identities (#13601, @pchaigno)
node/manager: remove unused *Manager methods (#15106, @tklauser)
Observer to ignore unhandled debug event types (#14589, @anfernee)
operator: use logfields in cilium operator logging (#14548, @fristonio)
Optimize Label.String() (#15089, @michi-covalent)
pkg/k8s/watchers follow-up for #14864 (#15004, @tklauser)
pkg/k8s: add DeepEqual code generation for Service (#15077, @aanm)
pkg/k8s: remove unused code (#14376, @aanm)
pkg/loadbalancer: Optimize L3n4Addr.Hash for performance (#14617, @gandro)
pkg/loadbalancer: Optimize L3n4Addr.Hash for performance (2) (#15091, @rolinh)
pkg/logging: do not repeat klog messages on all levels (#14503, @aanm)
pkg/rate: Make parsing of positive values more strict (#14536, @twpayne)
pkg: Use strings.Builder instead of bytes.Buffer where possible (#13759, @twpayne)
policy: Fix typo in issue link (#15251, @joestringer)
policy: Suppress any policy map updates when updating redirects if keeping the current policy (#14356, @jrajahalme)
Prepare for 1.10.0 development (#13617, @aanm)
README: update security releases (#13977, @aanm)
Refactor endpoint management (#14745, @joestringer)
refactor: Remove time.After from any Loops (#14265, @nathanjsweet)
refactor: Remove time.After from any Loops (#14380, @nathanjsweet)
Remove references for old k8s version from tests (#14471, @fristonio)
remove xtables.lock and privileged=true from node-local-dns example (#14319, @ghouscht)
Replace remaining exit codes -1 with exit code 1 (#13798, @twpayne)
Revert "azure, policy: Add JSON tags to CRD fields" (#15093, @aanm)
Revert "Dockerfiles: quote FROM images if they contain 'sha256'" (#14897, @aanm)
Revert accidentally introduced port change (#14328, @brandshaide)
stale-bot: stale PRs with assignees (#14364, @aanm)
Switch metrics map to cilium/ebpf (#14582, @jibi)
test/helpers: Allow ssh.InsecureIgnoreHostKey in test code (#14535, @twpayne)
test/Makefile: fix registryCredentials typo (#14051, @kkourt)
test/packet: Default download to /tmp (#14055, @pchaigno)
test: Allow test VMs have swap (#14506, @jrajahalme)
test: Disable the host firewall in incompatible tests (#14037, @pchaigno)
test: get cilium pods inside background closure (#14057, @kkourt)
test: Only wait for one operator instance to be ready (#14360, @jrajahalme)
test: update k8s to 1.20 (#14315, @aanm)
treewide: bump copyright year to 2021 in generated files (#14573, @tklauser)
Update authors file (#13866, @joestringer)
Update CNI network plugin to 0.9.0 (#14620, @tklauser)
Update EKS e2e testing docs (#14482, @ungureanuvladvictor)
Update Go to 1.15.5 (#14013, @tklauser)
Update Go to 1.15.6 (#14298, @tklauser)
Update Go to 1.15.7 (#14662, @tklauser)
Update Go to 1.15.8 (#14983, @tklauser)
Update Go to 1.16 (#15068, @tklauser)
Update Go to 1.16.1 (#15314, @tklauser)
Update release process (#15034, @aanm)
Update stable releases (#13804, @christarazi)
Update stable releases (#14282, @aanm)
Update stable releases (#14671, @aanm)
Update stable releases (#14706, @aanm)
Update stable releases (#14763, @joestringer)
Update stable releases (#14896, @christarazi)
Update stable releases (#15018, @joestringer)
Update stable releases (#15122, @joestringer)
Update stable releases (#15313, @joestringer)
Update USERS.md (#14831, @imathu)
Use logging pkg to setup cilium-cni logging (#14253, @ungureanuvladvictor)
Use time.Truncate of more recent Go (#14493, @youssefazrak)
Use toRawJson + quote for storing eniTags into Cilium configmap (#14499, @ungureanuvladvictor)
Use vishvananda/netlink instead of net.Interface* (#15296, @anfernee)
Vagrant Script: Detect colliding active virtualbox VMs and warn users (#14584, @vsk-coding)
Vagrant: Add support for .devvmrc (#14272, @jrajahalme)
vagrant: bump all box versions (#14632, @tklauser)
vagrant: Bump all Vagrant box versions (#14024, @pchaigno)
vagrant: bump box versions (#14736, @tklauser)
vagrant: bump box versions (#15090, @tklauser)
vagrant: bump box versions, again (#15129, @tklauser)
vagrant: bump bpf-next vagrant box version (#14600, @borkmann)
vagrant: make restart.sh executable (#13625, @twpayne)
Vagrantfile: Add support for SHARE_PARENT=2 (#14559, @jrajahalme)
Various documentation / comments fixes and improvements (#14439, @kaworu)
vendor: bump github.com/google/gopacket to v1.1.19 (#14472, @tklauser)
vendor: Bump gopkg.in/yaml.v2 to v2.4.0 (#14230, @twpayne)
vendor: Pin github.com/optiopay/kafka to commit before fork (#15159, @christarazi)
vendor: switch github.com/shirou/gopsutil to v3 (#15161, @tklauser)
vendor: Update sigs.k8s.io/structured-merge-diff/v4 (#14752, @christarazi)
vendor: use github.com/blang/semver/v4 (#14327, @tklauser)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.0-rc0@sha256:cf60770a22d49f8a0c2d945dcc4d612ef234a05a0fa68f68d01c5f54698bbd06
quay.io/cilium/cilium:v1.10.0-rc0@sha256:cf60770a22d49f8a0c2d945dcc4d612ef234a05a0fa68f68d01c5f54698bbd06

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.0-rc0@sha256:8b682338061db5e033b9828bc0a7a7a0800fff40027a3ae462b29df5505952d3
quay.io/cilium/clustermesh-apiserver:v1.10.0-rc0@sha256:8b682338061db5e033b9828bc0a7a7a0800fff40027a3ae462b29df5505952d3

docker-plugin

docker.io/cilium/docker-plugin:v1.10.0-rc0@sha256:6cf8e2f09fc83b1c341a9d3b6597adf44c64d5987585475cb57e0b1d0bfef51b
quay.io/cilium/docker-plugin:v1.10.0-rc0@sha256:6cf8e2f09fc83b1c341a9d3b6597adf44c64d5987585475cb57e0b1d0bfef51b

hubble-relay

docker.io/cilium/hubble-relay:v1.10.0-rc0@sha256:94fbf275c2ffc326c9da4449d34098830ce4a6dacfa510a9eff7ce1b1074a6d0
quay.io/cilium/hubble-relay:v1.10.0-rc0@sha256:94fbf275c2ffc326c9da4449d34098830ce4a6dacfa510a9eff7ce1b1074a6d0

operator-aws

docker.io/cilium/operator-aws:v1.10.0-rc0@sha256:edf9bc5b652005e9d61d8c55c53e1b7a2de6dda5198bda746469cff0f2d3bbc4
quay.io/cilium/operator-aws:v1.10.0-rc0@sha256:edf9bc5b652005e9d61d8c55c53e1b7a2de6dda5198bda746469cff0f2d3bbc4

operator-azure

docker.io/cilium/operator-azure:v1.10.0-rc0@sha256:ef3da6a565234ab737fdd0d481d2b4b567a8c5cf206657b22d1fb7960dddf190
quay.io/cilium/operator-azure:v1.10.0-rc0@sha256:ef3da6a565234ab737fdd0d481d2b4b567a8c5cf206657b22d1fb7960dddf190

operator-generic

docker.io/cilium/operator-generic:v1.10.0-rc0@sha256:d96f65b7fcd8015858b4c4703822752b3a5affc2bbcfc009a9a30eea752cd9b9
quay.io/cilium/operator-generic:v1.10.0-rc0@sha256:d96f65b7fcd8015858b4c4703822752b3a5affc2bbcfc009a9a30eea752cd9b9

operator

docker.io/cilium/operator:v1.10.0-rc0@sha256:8c10b7288578ca981187d639d3b449ca89cbff654b0f2a9e2e1456c1c64eb61c
quay.io/cilium/operator:v1.10.0-rc0@sha256:8c10b7288578ca981187d639d3b449ca89cbff654b0f2a9e2e1456c1c64eb61c

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.10.0-rc0