1.12.0-rc2
Pre-release
Pre-release
We are pleased to release Cilium v1.12.0-rc2. The summary of changes are using as a base the version v1.12.0-rc1.
Summary of Changes
Major Changes:
- Promote egress gateway to stable (#19320, @jibi)
- Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. (#18814, @aditighag)
Minor Changes:
- daemon: Split --bpf-lb-map-max into multiple options (#19326, @koncha99)
- datapath: Allow egress GW with XDP (#19587, @brb)
- egressgw: emit a warning rather than a fatal error when L7 proxy is enabled (#19608, @jibi)
- helm: Create cilium IngressClass (#19524, @sayboras)
- hubble/relay: Make the Hubble Peer service available by making it a Kubernetes service to eliminate the need to share a local Unix domain socket between a privileged pod (cilium daemon) and an unprivileged one (hubble-relay). (#18620, @nathanjsweet)
- ingress: Add SocketOptions configuration (#19549, @sayboras)
- ingress: Avoid plain text TLS secret in CEC (#19410, @sayboras)
- ingress: Fix conformance tests for host-rules and path-rule (#19321, @sayboras)
- ingress: Set max stream duration as 0 (#19550, @sayboras)
- k8s: keep KVStore CiliumNode labels synced with Node object (#19375, @jibi)
- Making operator aware of pending pod backlog on nodes for IP allocations (#19007, @hemanthmalla)
- Remove privileged mode in Cilium's DaemonSet (#14446, @aanm)
- vtep: VTEP map implementation to improve VTEP integration feature (#18824, @vincentmli)
Bugfixes:
- bgpv1: Use IP address used for peering as a nexthop (#19402, @YutaroHayakawa)
- clustermesh-apiserver: fixed nil pointer dereference (#18957, @abocim)
- Consider VPC's secondary CIDRs during cilium_host IP restoration (#19341, @hemanthmalla)
- Fatal when IPv6 is enabled but corresponding kernel modules are missing (#18941, @vadorovsky)
- Fixed Cilium agent regression causing a crash due to ipcache controller being scheduled too soon. (#19501, @jrajahalme)
- helm: Fix Hubble Service when ServiceMonitor is being used (#19220, @juissi-t)
- Improve garbage collection for resources allocated by ToFQDNs policy for services which rotate IP addresses frequently such as Amazon S3 (#19452, @joestringer)
- Only apply XDP acceleration for IPv6 Nodeport when enabled (with --bpf-lb-acceleration=native). (#19534, @julianwiedmann)
- operator: fix identity GC collection (#19649, @aanm)
- Revert Prometheus client to fix 'cilium metrics list' (#19496, @ti-mo)
- Use identity labels for selector matching for Egress NAT Gateway (#19194, @blzhao-0)
CI Changes:
- .github/workflow: revert cilium-cli changes in stable workflows (#19582, @aanm)
- .github/workflows: do not use pre-defined image digests (#19575, @aanm)
- .github/workflows: fix hubble installation using cilium-cli (#19568, @aanm)
- .github/workflows: install the right helm chart version for stable branches (#19609, @aanm)
- ci: Bump cyclonus to v0.4.7 (#18747, @joamaki)
- ci: update master workflows to cilium-cli v0.11.4 (#19665, @tklauser)
- ci: Update Uninstall Command For Cilium CLI (#19679, @nathanjsweet)
- jenkinsfiles: add
IMAGE_REGISTRY
env parameter (#19459, @nbusseneau) - jenkinsfiles: Increase VM boot timeout (#19458, @pchaigno)
- Partially revert ".github: enable cilium-cli helm based installation" (#19554, @aanm)
- runtime: Bump privileged test timeout (#19487, @joestringer)
- test/nat46x64: Fix out-of-bounds index error (#19466, @pchaigno)
- test: Fix directory name for source archive (#19635, @michi-covalent)
- test: Pin eksctl version (#19631, @michi-covalent)
- vagrant: Bump all Vagrant box versions except net-next (#19507, @pchaigno)
- vagrant: Don't recreate natnetworks (#19523, @pchaigno)
- vagrant: Update the net-next VM image (#19607, @pchaigno)
Misc Changes:
- .github/workflows: fix hubble-relay cilium-cli installation (#19579, @aanm)
- .github: add dependabot for docker images (#19390, @aanm)
- .github: Fix external workloads workflow for master (#19483, @jrajahalme)
- [users] Add Mux Inc entry. (#19419, @dilyevsky)
- Add cilium cli to aws cni conformance tests (#19555, @aanm)
- Add Elastic Path to USERS.md (#19622, @sealneaward)
- Add ENI limits for i4i and x2i instance types (#19627, @hemanthmalla)
- add gsod application form to docs (#19512, @xmulligan)
- Add Kube-OVN to USERS (#19605, @oilbeater)
- add roadmap section and fix governance link (#19615, @xmulligan)
- add robots.txt to Cilium documentation (#19578, @aanm)
- Adding Liquid Reply to Users (#19342, @mkorbi)
- alignchecker: fix LLVM 15 build by removing an unused variable (#19368, @aspsk)
- BGP Control Plane Followups: Conditionally load CRDs, tune back relist interval for shared informers, server side filter nodes. (#19417, @ldelossa)
- bpf/sock: Use renamed field (#19532, @jrajahalme)
- bpf: do not pass 0 as a trace reason for send_trace_notify() (#19424, @qmonnet)
- bpf: egressgw: don't redirect to tunnel dev if EP is running on gateway node (#19629, @jibi)
- build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19448, @dependabot[bot])
- build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#19535, @dependabot[bot])
- build(deps): bump azure/login from 1.4.3 to 1.4.4 (#19670, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19612, @dependabot[bot])
- build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 (#19620, @dependabot[bot])
- build(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 (#19596, @dependabot[bot])
- build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#19636, @dependabot[bot])
- build(deps): bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#19397, @dependabot[bot])
- build(deps): bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#19668, @dependabot[bot])
- build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#19595, @dependabot[bot])
- build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 (#19328, @dependabot[bot])
- build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 (#19669, @dependabot[bot])
- build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#19430, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#19599, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.2 to 3.5.3 (#19442, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.3 to 3.5.4 (#19559, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.2 to 3.5.3 (#19443, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.3 to 3.5.4 (#19557, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.3 (#19444, @dependabot[bot])
- build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.3 to 3.5.4 (#19558, @dependabot[bot])
- build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#19560, @dependabot[bot])
- build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19413, @dependabot[bot])
- build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0 (#19577, @dependabot[bot])
- build: Fix compilation issue for non-linux platform (#19662, @sayboras)
- ci: Update Cilium CLI to v0.11.3 (#19602, @nathanjsweet)
- cilium: Add knob for local address to be considered host id in ipcache (#19513, @borkmann)
- Clean up UpdateIPCacheVTEPMapping() (#19510, @vincentmli)
- Code of conduct email updated to conduct@cilium.io (#19511, @xmulligan)
- daemon, fqdn: Add flag to control FQDN regex LRU size (#19383, @christarazi)
- daemon: Initialize k8sCachesSynced channel before calling Initk8sSubsystem() (#19626, @jrajahalme)
- Docs: add project roadmap (#19540, @lizrice)
- docs: Add requirement for ginkgo version (#19248, @sayboras)
- docs: add robots.txt in a static directory (#19564, @aanm)
- docs: Fix display of misspelled words (#19542, @qmonnet)
- docs: fix version warning banner (#19611, @aanm)
- docs: fix version warning URL to point to docs.cilium.io (#19563, @aanm)
- docs: improve description for session affinity with KPR (#19478, @julianwiedmann)
- docs: improve guide to setup Cilium overlay on EKS (#19207, @oliwave)
- docs: move sitemap-index.xml to static directory (#19681, @aanm)
- docs: set right path for robots.txt (#19638, @aanm)
- docs: set the right url for API version check (#19610, @aanm)
- docs: Update company name in MAINTAINERS.md (#19431, @sayboras)
- docs: update copybutton.css following the docutils update (#19498, @qmonnet)
- docs: Update max MTU value for Nodeport XDP on AWS (#19593, @qmonnet)
- docs: Update Sphinx to v4.5.0 (#19348, @qmonnet)
- Documentation for adding CRDs into Cilium (#19275, @ldelossa)
- Enable cilium-cli helm based installation (#18898, @aanm)
- Expose hubble-ui security context in helm chart
hubble.ui.securityContext
(#19441, @hemslo) - feat(command): allow to dump as YAML (#19480, @raphink)
- Fix comment for EndpointCreated function (#19465, @Jiang1155)
- fqdn: Use read-write mutex inside NameManager (#19486, @christarazi)
- github: Backport DNS fix for external workloads 1.10 and 1.11 tests (#19516, @jrajahalme)
- go.mod, vendor: update cloud provider SDK Go modules (#19409, @tklauser)
- go.mod, vendor: update cloud provider SDK Go modules (#19664, @tklauser)
- Helm Chart loop monitor sidecar (#19363, @yuriydzobak)
- helm: Enable ingress controller in smoke tests (ipv4 + ipv6) (#19644, @sayboras)
- hubble/filters: strict number check for full HTTP status code (#19429, @kaworu)
- identity: Initialize local identity allocator early (#19556, @jrajahalme)
- Improve the efficiency of the
k8s-unmanaged.sh
script (#19471, @gavinmcnair) - k8s-conformance: Improve skipped tests format/links (#19628, @joestringer)
- LRP minor improvements (#19489, @aditighag)
- maglev: fix TestPermutations backend generation (#19663, @kaworu)
- make: check that Go major/minor version matches required version (#19528, @tklauser)
- make: grep for new go:build tags in PRIV_TEST_PKGS_EVAL (#19415, @tklauser)
- make: remove deprecated test targets (#19436, @tklauser)
- maps/lbmap: fix maglev test suite build (#19435, @tklauser)
- Move Equinix to the correct place in the alphabet (#19527, @xmulligan)
- pkg/bpf: add map name in error message for OpenParallel (#19491, @aanm)
- pkg/k8s: use subresource "nodes/status" to update node annotations (#19590, @aanm)
- pkg/labels: Optimize SortedList() and FormatForKVStore() (#19423, @christarazi)
- pkg/policy/api: Optimize FQDNSelector String() (#19570, @christarazi)
- Prepare for release v1.12.0-rc1 (#19393, @aanm)
- README.rst: fix stable release table (#19517, @tklauser)
- Removes any log swallowing that was occuring on daemon/cmd init (#19188, @ldelossa)
- Select new backend if old connection from src port to cluster IP was closed (#19451, @amol-go)
- test: Revert sys-fs-bpf.mount rename (#19385, @jrajahalme)
- testutils/mockmaps: Bring duplicate backend calls check back (#19544, @aditighag)
- Trimmed down Cilium's Cluster Roles to only the necessary rules (#19074, @aanm)
- Update AUTHORS and mailmap (#19488, @joestringer)
- Update bpftool to get latest feature probes (#19422, @borkmann)
- Update Go to 1.18.1 (#19432, @tklauser)
- Update stable releases (#19503, @tklauser)
- update USERS.md with Equinix info (#19504, @matoszz)