Release 1.12.3 · cilium/cilium

We are pleased to release Cilium v1.12.3.This release improves packet traces by adding a missing identity. It also contains fixes related to the DNS proxy, to IPsec, or to the ipcache, as well as a range of other regular bugfixes.

See the notes below for a full description of the changes.

Summary of Changes

Minor Changes:

bpf: Add missing identity to TRACE_TO_STACK packet traces (Backport PR #21466, Upstream PR #21403, @pchaigno)

Bugfixes:

bugtool: Fix pprof default ports (Backport PR #21631, Upstream PR #21497, @pippolo84)
daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21466, Upstream PR #21449, @tklauser)
daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21466, Upstream PR #21365, @joamaki)
DNS proxy: forward the original security identity (#21474, @aspsk)
Fix agent deadlock caused by frequent kube-apiserver IP recycling (Backport PR #21637, Upstream PR #21629, @joestringer)
Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21646, Upstream PR #21595, @pchaigno)
Fixes cilium startup on certain AWS-VPC clusters. (Backport PR #21631, Upstream PR #21444, @squeed)
ipcache: Fix metadata access from CIDR allocation (Backport PR #21637, Upstream PR #21565, @joestringer)
Remove no more available dockershim flags in kubelet wrapper (Backport PR #21466, Upstream PR #21311, @pippolo84)

CI Changes:

Remove Slack notifications (Backport PR #21466, Upstream PR #21239, @michi-covalent)
test: fix up the number of pods in DemoDaemonSet (Backport PR #21631, Upstream PR #21588, @julianwiedmann)

Misc Changes:

alibabacloud: fix incorrect instance-type reported by cilium-agent (Backport PR #21631, Upstream PR #21495, @ArthurChiao)
bugtool: Dump envoy config for troubleshooting (Backport PR #21466, Upstream PR #21348, @sayboras)
build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21443, @dependabot[bot])
build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21558, @dependabot[bot])
build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21574, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21342, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21398, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21514, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21625, @dependabot[bot])
build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21428, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.5.4 to 1.5.5 (#21427, @dependabot[bot])
cmd/bpf: Log if no policy maps found (Backport PR #21466, Upstream PR #21429, @aditighag)
contrib: avoid reviews from non-collaborators (Backport PR #21631, Upstream PR #21577, @bimmlerd)
docs: Clarify KPR requirements for Kind (Backport PR #21466, Upstream PR #20749, @brb)
Fix a typo in the comment example (Backport PR #21466, Upstream PR #21402, @farcaller)
Fix grpc-ingress.yaml path in Service Mesh docs (Backport PR #21646, Upstream PR #21601, @pippolo84)
helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21466, Upstream PR #20979, @dctrwatson)
helm: Quote all the image fields. (Backport PR #21631, Upstream PR #21463, @michi-covalent)
images: update cilium-{runtime,builder} (#21666, @qmonnet)
ipcache: Release metadata mutex in loop error condition (Backport PR #21637, Upstream PR #21653, @joestringer)
ipcache: Remove unsafe ipc.metadata.get (Backport PR #21646, Upstream PR #21608, @gandro)
ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21646, Upstream PR #21621, @pchaigno)
ipsec: Refactoring around UpsertIPsecEndpoint (Backport PR #21631, Upstream PR #21461, @pchaigno)
ipsec: Simplify XFRM FWD policies (Backport PR #21646, Upstream PR #21602, @pchaigno)
ipsec: Simplify XFRM IN policies (Backport PR #21466, Upstream PR #21370, @pchaigno)
makefile: use versioned Go container when formatting after api generate. (Backport PR #21466, Upstream PR #21254, @tommyp1ckles)
Reference datapath metrics in feature and troubleshooting guides (Backport PR #21631, Upstream PR #20520, @aditighag)
Remove references to node encryption (Backport PR #21466, Upstream PR #21333, @pchaigno)

Other Changes:

install: Update image digests for v1.12.2 (#21310, @nebril)
remove duplication of eCHO episodes (#21587, @kranurag7)
test: node: use Eventually() to check CiliumNode labels (#21353, @jibi)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.12.3@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
quay.io/cilium/cilium:v1.12.3@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
docker.io/cilium/cilium:stable@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
quay.io/cilium/cilium:stable@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.12.3@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
quay.io/cilium/clustermesh-apiserver:v1.12.3@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
docker.io/cilium/clustermesh-apiserver:stable@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
quay.io/cilium/clustermesh-apiserver:stable@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b

docker-plugin

docker.io/cilium/docker-plugin:v1.12.3@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
quay.io/cilium/docker-plugin:v1.12.3@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
docker.io/cilium/docker-plugin:stable@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
quay.io/cilium/docker-plugin:stable@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474

hubble-relay

docker.io/cilium/hubble-relay:v1.12.3@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
quay.io/cilium/hubble-relay:v1.12.3@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
docker.io/cilium/hubble-relay:stable@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
quay.io/cilium/hubble-relay:stable@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.12.3@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
quay.io/cilium/operator-alibabacloud:v1.12.3@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
docker.io/cilium/operator-alibabacloud:stable@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
quay.io/cilium/operator-alibabacloud:stable@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867

operator-aws

docker.io/cilium/operator-aws:v1.12.3@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
quay.io/cilium/operator-aws:v1.12.3@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
docker.io/cilium/operator-aws:stable@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
quay.io/cilium/operator-aws:stable@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0

operator-azure

docker.io/cilium/operator-azure:v1.12.3@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
quay.io/cilium/operator-azure:v1.12.3@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
docker.io/cilium/operator-azure:stable@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
quay.io/cilium/operator-azure:stable@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086

operator-generic

docker.io/cilium/operator-generic:v1.12.3@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
quay.io/cilium/operator-generic:v1.12.3@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
docker.io/cilium/operator-generic:stable@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
quay.io/cilium/operator-generic:stable@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff

operator

docker.io/cilium/operator:v1.12.3@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
quay.io/cilium/operator:v1.12.3@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
docker.io/cilium/operator:stable@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
quay.io/cilium/operator:stable@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.12.3