1.10.0-rc2
Pre-releaseWe are pleased to announce Cilium v1.10.0-rc2. This release is not recommended for use in production clusters, but if you're in a position to pull it and try it out in staging / testing environments and report issues that you find, this will help us to put out a high-quality, stable final v1.10.0 release.
The summary of changes below reflect the diff between the last release candidate (v1.10.0-rc1) and tag v1.10.0-rc2.
Summary of Changes
Major Changes:
Minor Changes:
- daemon: Add wildcard support to --devices ("eth+") (Backport PR #15919, Upstream PR #15697, @joamaki)
- doc: Add more generic install section for egress gateway guide (Backport PR #16150, Upstream PR #16087, @tgraf)
- doc: Reword some results (Backport PR #16049, Upstream PR #15955, @tgraf)
- doc: Update diagrams in benchmark report (Backport PR #16150, Upstream PR #16063, @tgraf)
- Hubble logs for HTTP responses now include HTTP response headers. (Backport PR #16150, Upstream PR #16013, @jrajahalme)
- images: Bump Hubble CLI to v0.8.0 (Backport PR #16049, Upstream PR #15983, @gandro)
- install: Disable kube-proxy-replacement by default (Backport PR #16150, Upstream PR #15422, @tgraf)
- node-neigh: Locking, logging, misc improvements (Backport PR #16049, Upstream PR #15783, @brb)
- Store the previous Cilium's configuration options in the host (Backport PR #16103, Upstream PR #16017, @aanm)
- wireguard: Set wireguard and route MTU to detected MTU (Backport PR #16103, Upstream PR #16020, @joamaki)
Bugfixes:
- cilium: Encryption EKS 4.14 kernel (default) fixes (Backport PR #16049, Upstream PR #15867, @jrfastab)
- Drop a
@
in clustermesh-apiserver helm chart (Backport PR #16049, Upstream PR #15934, @anthr76) - eni: Fix Cilium overallocating network interfaces (Backport PR #16049, Upstream PR #15911, @gandro)
- Envoy is updated to release 1.17.3 (Backport PR #16150, Upstream PR #16102, @jrajahalme)
- Fix 5.10+ complexity issue with
kubeProxyReplacement=disabled
(Backport PR #16150, Upstream PR #16084, @pchaigno) - Fix aws-cni integration where pods were not being scheduled (Backport PR #16049, Upstream PR #15915, @aanm)
- Fix bug where L7 ingress policies with IPsec dropped traffic in tunneling mode (Backport PR #16103, Upstream PR #16057, @christarazi)
- ui envoy: fix config to keep grpc conn (Backport PR #16049, Upstream PR #15938, @geakstr)
CI Changes:
- ci-gke: Add -v=6 for
kubectl get pods
(Backport PR #16049, Upstream PR #15994, @michi-covalent) - ci/wireguard: Ensure allowedIPs are set as expected (Backport PR #16049, Upstream PR #16011, @gandro)
- connectivity-check: Reduce chances of port conflict with proxy (Backport PR #16049, Upstream PR #15988, @pchaigno)
- jenkinsfiles: fix race detector pipelines (Backport PR #16103, Upstream PR #16056, @nbusseneau)
- node-neigh: Fix unit test flake (Backport PR #16150, Upstream PR #16072, @brb)
- test/runtime: Wait for endpoints to be ready before querying by labels (Backport PR #16049, Upstream PR #15990, @pchaigno)
- test: 5.4 CI job (Backport PR #16049, Upstream PR #15765, @pchaigno)
- test: Extend the clusterIP tests with policy (Backport PR #16049, Upstream PR #15928, @aditighag)
- test: Fix flake in ValidateEndpointsAreCorrect (Backport PR #16103, Upstream PR #16068, @pchaigno)
- test: Fix fragment tracking test on GKE (Backport PR #16049, Upstream PR #15959, @pchaigno)
- test: Fix the search for VIPs in
cilium service list
(Backport PR #16049, Upstream PR #15968, @pchaigno) - test: Run WG with per-endpoint routes (Backport PR #16049, Upstream PR #15906, @brb)
- test: set kubeProxyReplacement=probe for upstream k8s tests (Backport PR #16150, Upstream PR #16162, @aanm)
- wireguard: Fix timeout in unit test (Backport PR #16049, Upstream PR #16001, @gandro)
Misc Changes:
- Add arm64 support for the connectivity test (Backport PR #15919, Upstream PR #15894, @aanm)
- build(deps): bump docker/login-action from f3364599c6aa293cdc2b8391b1b56d0c30e45c8a to 1.9.0 (#15918, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 012185ccbeb554a7f5f987bea0f1a73519b3cdf5 to 1.3.0 (#15941, @dependabot[bot])
- build(deps): bump KyleMayes/install-llvm-action from 1.2.2 to 1.3.0 (#16090, @dependabot[bot])
- bwm: queue mapping & cong fixes (Backport PR #16049, Upstream PR #15964, @borkmann)
- CODEOWNERS: add maintainers to be codeowners of .github (#15925, @aanm)
- contrib: Ensure release tag is upstream before push (Backport PR #15919, Upstream PR #15903, @joestringer)
- contrib: Fix scripts for v1.10 (Backport PR #15919, Upstream PR #15898, @joestringer)
- doc/encryption: improve consistency between ipsec and wireguard guides (Backport PR #16049, Upstream PR #15965, @rolinh)
- doc: update Hubble/Hubble Relay guides for recent CLI changes (Backport PR #16049, Upstream PR #15981, @rolinh)
- Dockerfile: use alpine 3.12 (Backport PR #16049, Upstream PR #15950, @aanm)
- docs/ipsec: misc improvements (Backport PR #16103, Upstream PR #15978, @kaworu)
- docs: add 'endpointRoutes.enabled=true' to aws-cni (Backport PR #16103, Upstream PR #16045, @bmcustodio)
- docs: add ids to the list of special identities (Backport PR #16150, Upstream PR #16123, @bmcustodio)
- docs: Add note about DNS-related policies on OpenShift (Backport PR #16150, Upstream PR #16083, @twpayne)
- docs: clustermesh: fix output of "cilium clustermesh status" command (Backport PR #16049, Upstream PR #15982, @jibi)
- docs: Fix egress gateway getting started guide (Backport PR #16049, Upstream PR #15984, @gandro)
- docs: gsg/operations - use parsed-literal for all blocks referring SCM_WEB (Backport PR #16049, Upstream PR #15963, @ti-mo)
- docs: improve and fix minor issues (Backport PR #16103, Upstream PR #15975, @qmonnet)
- docs: improve the aws-cni chaining page (Backport PR #16103, Upstream PR #15979, @bmcustodio)
- docs: minor improvements to tuning guide (Backport PR #16049, Upstream PR #16024, @borkmann)
- docs: remove misplaced sentence from Quick Installation guide (Backport PR #16049, Upstream PR #15971, @lfundaro)
- docs: Some Wireguard improvements (Backport PR #16049, Upstream PR #16023, @brb)
- docs: tell how to deploy demo app in Hubble CLI guide (Backport PR #16049, Upstream PR #15973, @lfundaro)
- docs: update OpenShift getting started guide (Backport PR #16103, Upstream PR #16006, @twpayne)
- docs: Update SIG-Datapath meeting time. (Backport PR #16103, Upstream PR #16027, @joestringer)
- ebpf: delete existing pinned map if incompatible with the spec (Backport PR #16049, Upstream PR #15832, @jibi)
- Encryption docs update (Backport PR #16049, Upstream PR #14940, @aditighag)
- Fix encryption getting started guides for v1.10 (Backport PR #16049, Upstream PR #15961, @jibi)
- Follow ups for host firewall support of endpoint routes (Backport PR #16103, Upstream PR #15942, @pchaigno)
- issue_14922: Fixed the 429 response code handling (Backport PR #15919, Upstream PR #15760, @Maddy007-maha)
- Minor fixes for OKD GSG (Backport PR #16049, Upstream PR #16000, @errordeveloper)
- node-neigh: Avoid flooding the same next hop (Backport PR #16049, Upstream PR #15882, @brb)
- Update base images with most recent SHAs (Backport PR #15919, Upstream PR #15895, @aanm)
- Update CI infrastructure for v1.10 release (Backport PR #15919, Upstream PR #15947, @christarazi)
- Update weekly community meeting timeslot (Backport PR #16049, Upstream PR #15985, @joestringer)
- v1.10: Update Go to 1.16.4 (#16061, @tklauser)
- vendor: bump github.com/vishvananda/netlink to latest master (Backport PR #16103, Upstream PR #16070, @tklauser)
- vendor: update wireguard library (Backport PR #16103, Upstream PR #16066, @aanm)
Other Changes:
- install: Update image digests for v1.10.0-rc1 (#15904, @joestringer)
- workflows: fix image workflows for v1.10 (#16009, @nbusseneau)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.0-rc2@sha256:f1645ef7d012d185de0d44e3957dd60e5dc2898c7f433232189da5249f8cfca7
quay.io/cilium/cilium:v1.10.0-rc2@sha256:f1645ef7d012d185de0d44e3957dd60e5dc2898c7f433232189da5249f8cfca7
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.0-rc2@sha256:d631be3bff2877ee9e307e8f68f33a384cabfbf61439e996428cba87a5651ac8
quay.io/cilium/clustermesh-apiserver:v1.10.0-rc2@sha256:d631be3bff2877ee9e307e8f68f33a384cabfbf61439e996428cba87a5651ac8
docker-plugin
docker.io/cilium/docker-plugin:v1.10.0-rc2@sha256:67fbc1382ab0d8f7c9d055ac8b5fb864a0f2aa146b3e210c17b82de3f0ec12ce
quay.io/cilium/docker-plugin:v1.10.0-rc2@sha256:67fbc1382ab0d8f7c9d055ac8b5fb864a0f2aa146b3e210c17b82de3f0ec12ce
hubble-relay
docker.io/cilium/hubble-relay:v1.10.0-rc2@sha256:5b0d185c0e544bd4ac2dba8ca256e6735a25ff475ab00f86aed5b9032d74c296
quay.io/cilium/hubble-relay:v1.10.0-rc2@sha256:5b0d185c0e544bd4ac2dba8ca256e6735a25ff475ab00f86aed5b9032d74c296
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.0-rc2@sha256:9ff54bb42782517800b6a5f978014f296e53ab4290b0e77cd45bd4d65ba9e746
quay.io/cilium/operator-alibabacloud:v1.10.0-rc2@sha256:9ff54bb42782517800b6a5f978014f296e53ab4290b0e77cd45bd4d65ba9e746
operator-aws
docker.io/cilium/operator-aws:v1.10.0-rc2@sha256:29defa47afae62685ea49cf2c4877c24e065a1300cd177baf1c24cc38ecdb1c9
quay.io/cilium/operator-aws:v1.10.0-rc2@sha256:29defa47afae62685ea49cf2c4877c24e065a1300cd177baf1c24cc38ecdb1c9
operator-azure
docker.io/cilium/operator-azure:v1.10.0-rc2@sha256:ff09332fd72b85dc3dde1b00be9b8dd013a43ff6ee9cc3b5a4d9489db79c9a98
quay.io/cilium/operator-azure:v1.10.0-rc2@sha256:ff09332fd72b85dc3dde1b00be9b8dd013a43ff6ee9cc3b5a4d9489db79c9a98
operator-generic
docker.io/cilium/operator-generic:v1.10.0-rc2@sha256:3ea7c4ccd9be2c9484fb0d78390039c82441a4208fd650d4acbaf213e30d9eec
quay.io/cilium/operator-generic:v1.10.0-rc2@sha256:3ea7c4ccd9be2c9484fb0d78390039c82441a4208fd650d4acbaf213e30d9eec
operator
docker.io/cilium/operator:v1.10.0-rc2@sha256:ddef5d8a0febe65ce32269a3b005fb438fc6b2bc6235e5021df0ef14c3af57c1
quay.io/cilium/operator:v1.10.0-rc2@sha256:ddef5d8a0febe65ce32269a3b005fb438fc6b2bc6235e5021df0ef14c3af57c1