1.10.0-rc1
Pre-releaseWe are pleased to announce Cilium v1.10.0-rc1. This release is not recommended for use in production clusters, but if you're in a position to pull it and try it out in staging / testing environments and report issues that you find, this will help us to put out a high-quality, stable final v1.10.0 release.
The summary of changes below reflect the diff between the last release candidate (v1.10.0-rc0) and tag v1.10.0-rc1.
Summary of Changes
Major Changes:
- Add AlibabaCloud Operator (#15160, @l1b0k)
- Add support for k8s 1.21 and set minimal k8s supported version to 1.16 (#15502, @aanm)
- Add a Getting Started Guide for Rancher Kubernetes Engine (#15323, @seanmwinn)
- doc: Add Code of Conduct (#15305, @tgraf)
- doc: Deprecate managed etcd mode (#15464, @tgraf)
- Implement external IP (LoadBalancer) allocation & announcement via BGP for services (#15340, @christarazi)
- Integrate Wireguard for pod2pod encryption (#15383, @brb)
- Rework Quick & Helm Installation Guide (#15695, @tgraf)
- Implement egress gateway datapath (#14830, @anfernee)
Minor Changes:
- Add helm option enableEgressGateway (#15777, @anfernee)
- Added a new daemon option
--tofqdns-idle-connection-grace-period
. (#15458, @jrajahalme) - Adds an option to specify Cilium router device IP (#14800, @Weil0ng)
- agent: Silence some useless warnings (#15450, @tgraf)
- bpf: Adds support for drop IPv4 fragmented packet (#15733, @navarrothiago)
- Change default ENI property FirstInterfaceIndex to 0 and improve IPAM logic in ENI & Azure modes (#14801, @christarazi)
- ci: Increase time limit from 15m to 30m (#15371, @tgraf)
- cilium: Add encryption mode to
cilium status
(#15833, @gandro) - custom calls: add new metrics to count skipped tail calls to custom programs (#15475, @qmonnet)
- daemon: add new option --allocator-list-timeout (#15538, @ArthurChiao)
- daemon: Remove --help flags grouping (#15564, @brb)
- datapath: add tail call hooks for custom metrics, bytecounter example (#13191, @qmonnet)
- datapath: Create MAC_BY_IFINDEX_MACRO in Go (#15267, @brb)
- doc: Use Cilium CLI for Cluster Mesh documentation (#15359, @tgraf)
- docs: Move host firewall out of beta (#15761, @pchaigno)
- docs: Update OpenShift (OKD) GSG to use OLM operator (#15608, @errordeveloper)
- examples: remove obsolete Mesos example (#15377, @tklauser)
- Expose more syslog options (#15545, @jaffcheng)
- Hash IPSec keys in the bugtool. Unit test are also added. (#15550, @h3llix)
- helm: add ca.crt to tls secrets (#15443, @kaworu)
- helm: consolidate IPSec and Wireguard encryption options (#15809, @jibi)
- helm: move IPSec options under encryption.ipsec (#15846, @jibi)
- helm: Replaced object-based extraArgs with array-based (#15233, @D1abloRUS)
- hubble: Add a flag to write Hubble events to a rotated file (#15557, @michi-covalent)
- hubble: Add recorder API (#15680, @gandro)
- hubble: add separate API to get agent and debug events (#15715, @tklauser)
- Improve scalability by reducing number of CEP watch events (#15230, @Weil0ng)
- iptables: add support for NOTRACK rules for pod to pod traffic (#15264, @jibi)
- iptables: relax no CT rules to match all pod traffic (#15467, @jibi)
- k8s: add support for ipFamilies to services (#14914, @fristonio)
- Minor README updates (#15372, @tgraf)
- node-neigh: Query once netlink for neigh discovery device (#15431, @brb)
- PolicyImportErrorsTotal metric is now incremented also from k8s policy watchers (#15820, @jrajahalme)
- Remove legacy flannel integration (#15786, @tgraf)
- Remove some obsolete documentation (#15370, @tgraf)
- Support host policies with per-endpoint routes (#15217, @pchaigno)
- Updates & clarifications to Governance Rules (#15325, @tgraf)
- VM support has been updated to make use of the new
cilium
cluster CLI tool. (#15320, @jrajahalme) - wireguard: Add pod2pod encryption support in tunnel mode and fix IPv6 for direct routing mode (#15716, @brb)
- wireguard: Add support for managed K8s (#15674, @gandro)
Bugfixes:
toFQDNs
rules now allow underscores in match patterns and names (#15801, @jrajahalme)- bpf: Fix defines in policy.h (#15763, @pchaigno)
- bpf: fix map_array_get_16 backend retrieval (#15808, @borkmann)
- cilium: encryption, auto-discover interface and subnet (#15357, @jrfastab)
- ctmap: do not call InitMapInfo() in init() (#15590, @kkourt)
- daemon/ipam: correct total IP count in
cilium status
output (#15707, @ArthurChiao) - Decrease verbosity of error "Unable to update ipcache map entry on pod add" for certain conditions (#15757, @aanm)
- encryption: Limit encryption keys to 2 bits (#15335, @tgraf)
- eni: Assign primary IP to support multiple VPC CIDRs (#15453, @gandro)
- Envoy is updated with security fixes for Envoy CVEs released on 4/15/2021 (#15725, @jrajahalme)
- Fix a bug that was causing Azure IPAM to not work when ApplicationSecurityGroups were attached to IPConfigurations of a NIC. (#15194, @AnishShah)
- Fix an issue where packets are dropped when a pod connects to itself via a service clusterIP. (#15321, @aditighag)
- Fix bug where any non-leader Operator in HA mode would crash updating CRDs (#15544, @christarazi)
- Fix channel panic from ipcache kvstore reconnect (#15668, @jomenxiao)
- Fix ethtool issues (#15622, @tklauser)
- Fix ICMP Echo ID placement in CT maps (#15275, @brb)
- Fix the initialization of host endpoint labels (#15780, @pchaigno)
- Fixing pods restart on nodes running containerd on COS (#14708, @fallard84)
- Handle events with pod IP and node IP addresses being modified (#15803, @aanm)
- ipam: Fix ENI routing for secondary CIDRs (#15303, @gandro)
- ipcache: Expose correct source in Cilium API (#15706, @gandro)
- kvstore/etcd: fix etcd rate limit (QPS) not working (#15742, @ArthurChiao)
- kvstore: Fix aborted delayed delete warning (#15409, @tgraf)
- lib/proxy.h: set variable as maybe unused to avoid compilation error (#15607, @johngv2)
- nat: Do not increment delete error metric on nat entry GC (#15587, @joamaki)
- pkg/k8s: reset k8s event lag metric on pod add (#15804, @aanm)
- Treat empty NetworkPolicyPort as "all ports on TCP" during network policy parsing (#14720, @mattfenwick)
- Wait for endpoints to be stopped on agent shutdown (#15447, @jaffcheng)
CI Changes:
- .github: fix kind GH action for encryption e2e tests (#15731, @aanm)
- .travis: Disable email notifications on master failures (#15373, @pchaigno)
- Github action to verify that every commit in a PR compiles on its own (#15659, @Ankurk99)
- Run cloud provider conformance tests every 6 hours (#15796, @michi-covalent)
- Add cyclonus network policy tester. (#14889, @mattfenwick)
- bpf: Extend datapath options for K8sVerifier test (#15540, @pchaigno)
- ci: add AKS workflow (#15466, @nbusseneau)
- ci: add EKS workflow (#15465, @nbusseneau)
- ci: add gke workflow (#15416, @nebril)
- ci: Fix
BGP router does not have route for LB IP
(#15771, @gandro) - ci: Fix local files chmod in test vagrantfile (#15397, @nebril)
- ci: Fix nightly image (#15605, @nebril)
- ci: fix nightly image sha (#15708, @nebril)
- ci: fix/update GKE workflow (#15482, @nbusseneau)
- ci: push cilium-test image to quay.io, use it in nightly (#15569, @nebril)
- ci: retry gke cluster scale up, don't clear cluster at start (#14819, @nebril)
- cilium: Add workflows for GKE in tunnel mode, with and without encryption (#15678, @jrfastab)
- cilium: test encryption workflows for GKE (#15595, @jrfastab)
- cilium: Use build-and-push-with-qemu for builder (#15679, @jrfastab)
- daemon: Do not attach bpf_host to L3 dev if skb_change_head is unavailable (#15343, @brb)
- Remove unused jenkinsfiles (#15578, @aanm)
- Revert "ci: push cilium-test image to quay.io, use it in nightly" (#15574, @pchaigno)
- test/gke: refactor test-clusters operations (#15863, @nbusseneau)
- test/gke: use correct cluster IPv4 CIDR (#15346, @jibi)
- test/helpers: Support non-standard nodes names with NO_CILIUM_ON_NODE (#15384, @christarazi)
- test/provision: adjust Dockerfiles considered for image download (#15389, @tklauser)
- test: add e2e tests for fromEntities: cluster and all (#15398, @chez-shanpu)
- test: Allow hostfw tests to run on GKE (#15479, @pchaigno)
- test: CI pipeline with kube-proxy running alongside our replacement (#14543, @pchaigno)
- test: Disable host firewall in incompatible tests (#14545, @pchaigno)
- test: ensure kubectl version is available for test run (#15748, @nebril)
- test: Format test-only's kernel_version to avoid mistakes (#15743, @pchaigno)
- test: K8sUpdates: Remove deprecated code (#15349, @pchaigno)
- test: make RunsOnNetNextKernel() helper work with KERNEL="net-next" (#15395, @qmonnet)
- test: Make Wireguard tcpdump filter more fine grained (#15507, @brb)
- test: quarantine failing NodePort tests on 1.14 (#15415, @nebril)
- test: Skip K8sPolicy on GKE and 4.19 (#15762, @pchaigno)
- test: Uncouple KPR from presence of kube-proxy (#15543, @pchaigno)
- test: Unquarantine K8sVerifier on k8s-all (#15154, @pchaigno)
- test: update k8s testing versions to 1.18.18, 1.19.10 and 1.20.6 (#15755, @aanm)
- test: Use node labels when testing host policies (#15714, @pchaigno)
- test: Wait for cilium monitor to match expected output (#15848, @pchaigno)
- vagrant: Bump all Vagrant box versions (#15772, @pchaigno)
- vagrant: Bump all Vagrant box versions (#15812, @pchaigno)
- vagrant: Upgrade Vagrant box versions (#15356, @aditighag)
- wireguard: Add pod2pod encryption tests (#15573, @brb)
- workflows: add encryption for AKS testing (#15657, @nbusseneau)
- workflows: add multicluster CI 3.0 workflow (#15710, @nbusseneau)
- workflows: fix EKS encryption testing not using aws operator image (#15745, @nbusseneau)
- workflows: fix GKE
if
condition (#15788, @nbusseneau) - workflows: fix schedule triggers (#15813, @nbusseneau)
- workflows: improvements to CI 3.0 workflows (#15694, @nbusseneau)
- workflows: increase multicluster timeout to 30 minutes (#15811, @nbusseneau)
- workflows: small fixes to Kind (#15658, @nbusseneau)
Misc Changes:
- .github: change dependabot interval to daily (#15651, @aanm)
- .github: fix markdown typo (#15792, @aanm)
- .github: remove unnecessary docker hub credentials (#15841, @aanm)
- .github: update steps for the release process of a RC (#15319, @aanm)
- Add Cluster Health metrics (#15380, @h3llix)
- Add custom resource for egress nat policies (#14998, @MasterZ40)
- add doc for AlibabaCloud ENI (#15512, @l1b0k)
- add support for EndpointSlice V1 (#15524, @aanm)
- Add support to enable EndpointStatus in Helm chart (#15844, @carloscastrojumo)
- Add warning log when host enable SELinux (#15414, @konghui)
- Adds ipv6 support for local-router-ip (#15662, @Weil0ng)
- all: don't use the deprecated io/ioutil package (#15242, @tklauser)
- Assign specific, unique ports for pprof (Agent, Operator, Hubble Relay) (#15441, @christarazi)
- AUTHORS: Update email (#15885, @jrajahalme)
- aws/eni/limits: lazily populate limits map (#15523, @tklauser)
- azure: Fix API rate limit test (#15493, @twpayne)
- bpf: Comment BPF hook points, some tail calls, and local delivery code (#15204, @pchaigno)
- bpf: initial pcap exporter for lb (#15376, @borkmann)
- bpf: lift port restriction and allow l4 dnat in ipip (#15396, @borkmann)
- bpf: option for selecting DSR L4 DNAT method for IPIP (#15880, @borkmann)
- bpf_host: declare variables in the beginning of the block (#15560, @johngv2)
- bugtool: dump iptables-legacy and iptables-nft (#15363, @h3llix)
- build(deps): bump actions/cache from v2.1.4 to v2.1.5 (#15666, @dependabot[bot])
- build(deps): bump actions/download-artifact from 4a7a711286f30c025902c28b541c10e147a9b843 to 2.0.9 (#15582, @dependabot[bot])
- build(deps): bump docker/build-push-action from 9379083e426e2e84abb80c8c091f5cdeb7d3fd7a to 2.4.0 (#15586, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 154c24e1f33dbb5865a021c99f1318cfebf27b32 to 1.1.2 (#15600, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 2a4b53665e15ce7d7049afb11ff1f70ff1610609 to 1.2.0 (#15862, @dependabot[bot])
- build(deps): bump docker/setup-qemu-action from 25f0500ff22e406f7191a2a8ba8cda16901ca018 to 1.1.0 (#15854, @dependabot[bot])
- build(deps): bump docker/setup-qemu-action from 6520a2d2cb6db42c90c297c8025839c98e531268 to 1.0.2 (#15585, @dependabot[bot])
- build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds from 1.0.2 to 1.0.3 (#15358, @dependabot[bot])
- build(deps): bump github.com/Azure/go-autorest/autorest/azure/auth from 0.5.6 to 0.5.7 (#15412, @dependabot[bot])
- build(deps): bump golangci/golangci-lint-action from v2.5.1 to v2.5.2 (#15552, @dependabot[bot])
- build(deps): bump jinja2 from 2.10.1 to 2.11.3 in /Documentation (#15407, @dependabot[bot])
- build(deps): bump KyleMayes/install-llvm-action from v1.1.1 to v1.2.1 (#15571, @dependabot[bot])
- build(deps): bump KyleMayes/install-llvm-action from v1.2.1 to v1.2.2 (#15684, @dependabot[bot])
- build(deps): bump pygments from 2.4.2 to 2.7.4 in /Documentation (#15495, @dependabot[bot])
- build(deps): bump pyyaml from 5.3.1 to 5.4 in /Documentation (#15473, @dependabot[bot])
- build(deps): bump Sibz/github-status-action from e92e9076ba64fe070b6f06221720fc647d82e90e to 1.1.5 (#15584, @dependabot[bot])
- build(deps): update actions/upload-artifact requirement to ee69f02b3dfdecd58bb31b4d133da38ba6fe3700 (#15599, @dependabot[bot])
- Bump hubble UI version and pinned digest for envoy proxy (#15889, @aanm)
- cilium/cmd: don't write copyright header in generated shell completion (#15845, @tklauser)
- cilium: Fix EKS encryption panic and reinit path and add workflows test (#15669, @jrfastab)
- cilium: pcap recorder agent management (#15633, @borkmann)
- cilium: pcap recorder follow ups (#15782, @borkmann)
- CODEOWNERS: Add @cilium/wireguard for pkg/wireguard (#15618, @brb)
- CODEOWNERS: Add pkg/bgp (#15663, @christarazi)
- CODEOWNERS: Create cilium/alibabacloud team (#15665, @l1b0k)
- CODEOWNERS: Create cilium/loader team (#15451, @pchaigno)
- CODEOWNERS: Remove @cilium/monitor team (#15368, @pchaigno)
- contrib: add dual-stack support for dev VMs (#15827, @aanm)
- contrib: Clean output of submit-backport script (#15838, @pchaigno)
- contrib: fix remote overriding (#15328, @kaworu)
- custom calls: cleanup and improve a few elements (#15480, @qmonnet)
- daemon/cmd: fix Cilium version status output (#15649, @aanm)
- daemon: Add hidden --cflags debug command (#15549, @joestringer)
- daemon: Create RuntimePath if not equal to StateDir (#15711, @oblazek)
- daemon: Fatal on XDP + egress gateway (#15511, @pchaigno)
- daemon: Fix the init of the endpoints' datapath config (#15785, @pchaigno)
- daemon: log errors from bpf.TestDummyProg() (#15460, @rgo3)
- daemon: Make Hubble Recorder API opt-out (#15781, @gandro)
- daemon: Remove unnecessary log (#15776, @christarazi)
- datapath/linux/arp: avoid leaking sock fd if unix.SetNonblock fails in func listen (#15646, @tklauser)
- datapath/linux/probes: remove unused (*ProbeManager).GetMisc (#15647, @tklauser)
- datapath: Move XDP handling from bpf/init.sh to agent (#15497, @brb)
- doc: Add Egress Gateway Getting Started Guide (#15661, @MasterZ40)
- docs/contrib: Clarify the options for the Vagrant setup (#15835, @pchaigno)
- docs/encryption: Document limitations and workarounds (#15876, @gandro)
- docs/policy: Clarify table for deny policy scenarios (#15836, @pchaigno)
- docs: Add BGP GSG (#15519, @christarazi)
- docs: add cilium-operator technical overview documentation (#14530, @fristonio)
- docs: Add section for filtering by subnet tags in ENI mode (#15635, @christarazi)
- docs: Add Wireguard Getting Started Guide (#15787, @gandro)
- docs: De-duplicate k8s integration section (#15454, @joestringer)
- docs: document final steps for nomination of new committers (#15378, @qmonnet)
- docs: example cluster-wide health endpoint (#15348, @Shikugawa)
- docs: Fix commands for IPSec key rotations (#15481, @pchaigno)
- docs: Fix invalid link for BPF Newsletter (#15746, @LiangZhou-CTY)
- docs: Fix pip installation (#15705, @brb)
- docs: Fix sed in OKD GSG (#15822, @christarazi)
- docs: fix the Cilium namespace in GKE (#15463, @kaworu)
- docs: Hide "Edit on GitHub" buttons (#15579, @joestringer)
- docs: Make cross-cluster policy more explicit (#15778, @jrajahalme)
- docs: Mention KUBEPROXY ENV var in e2e section (#15535, @brb)
- docs: Tweak backporting doc (#15369, @twpayne)
- docs: Update DNS proxy timeout value (#15581, @aditighag)
- docs: update k3s installation instructions (#15503, @aanm)
- docs: use dedicated Sphinx role to reference GitHub issue (#15814, @qmonnet)
- Documentation: fix key rotation command in encryption guide (#15365, @mauriciovasquezbernal)
- Egress NAT control plane watchers and egress policy manager (#15134, @MasterZ40)
- endpoint: Add named type for endpoint state (#15614, @ammmk)
- ENI migration followups (#15702, @christarazi)
- examples: add 'rebel-base-global-shared.yaml' (#15886, @bmcustodio)
- examples: Split host policies for dev. VMs (#15577, @pchaigno)
- Extend the monitor notification interface with endpoint id getter (#15391, @aditighag)
- Fix BPF_JMP_MAP_ID on tail call toy example. (#15576, @yiannisy)
- Helm: adjust comment in values.yaml to accomodate Vim users (#15334, @qmonnet)
- images/runtime: update ubuntu base image (#15615, @aanm)
- images: squash common operator images in a single Dockerfile (#15849, @aanm)
- Improve release scripts (#15294, @joestringer)
- Improve the docs CRD schema version update script (#15869, @joestringer)
- install/kubernetes: fix upgrade envoy to 1.18.2 for Hubble UI (#15879, @kaworu)
- ipam: Fix empty interface number in Azure (#15533, @christarazi)
- ipsec: Fix routing CIDR iteration on EKS (#15645, @gandro)
- iptables: GetProxyPort(): run iptables quietly (#15779, @kkourt)
- iptables: use CILIUM_* chains for per-endpoint no CT rules (#15411, @jibi)
- k8s/api: More consistent field name capitalisation (#15521, @errordeveloper)
- k8s: Consolidate check for EndpointSlice support (#15561, @christarazi)
- k8s: Fix Wireguard with IPAM != ClusterPool (#15784, @gandro)
- k8s: Introduce subscriber package to simplify & consolidate K8s watcher callbacks / event handling (#15295, @christarazi)
- Kata: Mention incompatibility with host-reachable services or strict KPR in documentation (#15589, @qmonnet)
- loader : Log upsert and remove route errors (#15339, @h3llix)
- loader : Log upsert and remove route errors (#15525, @h3llix)
- MAINTAINERS: update MAINTAINERS.md (#15603, @kaworu)
- Make encryption+chaining limitations clearer (#15598, @joestringer)
- make: add help target to root Makefile for printing info about availble targets (#15087, @fristonio)
- Makefile: Fix microk8s image target (#15516, @joestringer)
- mtu: Switch to v/netlink for querying netdevs (#15260, @brb)
- Multi-arch enabled strip operations (#15113, @TrevorTaoARM)
- node-neigh: Reduce arping related log msg's level (#15261, @brb)
- node: Remove SetInternalIPv4From Method (#15873, @nathanjsweet)
- pkg/client/client.go: Set EnabledProtocols when pointer is nil (#15688, @johngv2)
- pkg/datapath: ignore certain error types on route delete (#15730, @aanm)
- pkg/k8s: fix concurrent access in CNP field (#15518, @aanm)
- pkg/k8s: set the right api group for EndpointSlice (#15631, @aanm)
- pkg/sysctl: Sanitize parameter names (#14533, @twpayne)
- policy: improve CNP initial sync (#15492, @jaffcheng)
- Prepare branch for v1.10 release cycle (#15868, @joestringer)
- Prepare helm charts for v1.10.0-rc0 (#15322, @aanm)
- release: Automate image digest PR creation (#15818, @joestringer)
- Remove duplicated ruleLabels in DerivedFromRules (#15280, @aanm)
- Remove NEEDS_RELAX_VERIFIER (#15610, @rscampos)
- rename ciliumNodeInformer to ciliumEndpointsInformer according to the context (#15806, @sstoner)
- Revert "encryption: Limit encryption keys to 2 bits" (#15487, @brb)
- Revert "loader : Log upsert and remove route errors" (#15517, @nbusseneau)
- Revert exported NoTrack rule function names. (#15505, @Weil0ng)
- Simplify runtime/builder image update (#15326, @tklauser)
- Small updates to image build doc to make it a bit clearer (#15816, @Weil0ng)
- source: Reorder AllowSource switch Statement and Comment Nits (#15696, @nathanjsweet)
- Stub out some functionality on non-Linux platforms (#15355, @joestringer)
- test: Remove nop condition from tests (#15541, @pchaigno)
- test: update add_vagrant_box.sh (#15831, @twpayne)
- test: update k8s tested versions (#15528, @aanm)
- test: update k8s to 1.21.0 (#15616, @aanm)
- ui deployment: upgrade envoy to 1.18.2, fix config (#15847, @geakstr)
- Update AWS deps (#15759, @ungureanuvladvictor)
- Update Go to 1.16.2 (#15344, @tklauser)
- Update Go to 1.16.3 (#15566, @tklauser)
- Update gops to v0.3.18 and build it statically linked (#15853, @tklauser)
- Update kube-router YAML to a newer release in the guide (#15639, @weirdwiz)
- Update stable releases (#15805, @joestringer)
- Updates golang:1.16.3 digest (#15790, @Weil0ng)
- Use go embed and remove go-bindata dependency (#15834, @aanm)
- vagrant: Follow cilium-agent options on development VM to Helm defaults (#15367, @Shikugawa)
- vendor: Bump to latest vishvananda/netlink (#15461, @joestringer)
- vendor: Update sigs.k8s.io/structured-merge-diff to v4.1.0 (#15488, @christarazi)
- vendor: Upgrade github.com/cilium/ebpf to v0.5.0 (#15386, @aditighag)
- wireguard: Better error message if kernel support is lacking (#15825, @gandro)
- wireguard: Fix rp_filter setting (#15542, @brb)
- wireguard: Improve logging (#15807, @brb)
- wireguard: Remove operator and disable KPR encryption (#15565, @brb)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.0-rc1@sha256:bdec5db5b9651c208a326f8d3b1d6a1caf5d943989ea2fdb68b24802dd17b134
quay.io/cilium/cilium:v1.10.0-rc1@sha256:bdec5db5b9651c208a326f8d3b1d6a1caf5d943989ea2fdb68b24802dd17b134
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.0-rc1@sha256:1a9b2488b13b43d6917b674dc17d86586fc3c8b37d787dbfe0c587275b22a12b
quay.io/cilium/clustermesh-apiserver:v1.10.0-rc1@sha256:1a9b2488b13b43d6917b674dc17d86586fc3c8b37d787dbfe0c587275b22a12b
docker-plugin
docker.io/cilium/docker-plugin:v1.10.0-rc1@sha256:9ae94306f4b843312468d0d52e100017b28da6b6151000f1d596484800679040
quay.io/cilium/docker-plugin:v1.10.0-rc1@sha256:9ae94306f4b843312468d0d52e100017b28da6b6151000f1d596484800679040
hubble-relay
docker.io/cilium/hubble-relay:v1.10.0-rc1@sha256:9e1120dd272bf5ebce5f7b2002ac7ae9a2854d9b7a799e0548312432c9c28b8d
quay.io/cilium/hubble-relay:v1.10.0-rc1@sha256:9e1120dd272bf5ebce5f7b2002ac7ae9a2854d9b7a799e0548312432c9c28b8d
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.0-rc1@sha256:c31d79a2b8f5225632199a81c829270cb33f1f2e752fea30c8846d3a44dd07d7
quay.io/cilium/operator-alibabacloud:v1.10.0-rc1@sha256:c31d79a2b8f5225632199a81c829270cb33f1f2e752fea30c8846d3a44dd07d7
operator-aws
docker.io/cilium/operator-aws:v1.10.0-rc1@sha256:301195fe8e5587353632f61e2ad53a037ae35816cf2c119406021883ebfcccbd
quay.io/cilium/operator-aws:v1.10.0-rc1@sha256:301195fe8e5587353632f61e2ad53a037ae35816cf2c119406021883ebfcccbd
operator-azure
docker.io/cilium/operator-azure:v1.10.0-rc1@sha256:2cd08484744f49ca86d3dd367ef4b63c3b9dfcd26a96072479f599e0f2a51d6b
quay.io/cilium/operator-azure:v1.10.0-rc1@sha256:2cd08484744f49ca86d3dd367ef4b63c3b9dfcd26a96072479f599e0f2a51d6b
operator-generic
docker.io/cilium/operator-generic:v1.10.0-rc1@sha256:3b46c6fc9dc085d395136ca9cf8af1d0f653184c797e0ad7038e103abfbffacd
quay.io/cilium/operator-generic:v1.10.0-rc1@sha256:3b46c6fc9dc085d395136ca9cf8af1d0f653184c797e0ad7038e103abfbffacd
operator
docker.io/cilium/operator:v1.10.0-rc1@sha256:79935c3b3124e93c74c74879c6231c9cba3a027336337596b1f32a7d8d2febe6
quay.io/cilium/operator:v1.10.0-rc1@sha256:79935c3b3124e93c74c74879c6231c9cba3a027336337596b1f32a7d8d2febe6