1.12.3
We are pleased to release Cilium v1.12.3.This release improves packet traces by adding a missing identity. It also contains fixes related to the DNS proxy, to IPsec, or to the ipcache, as well as a range of other regular bugfixes.
See the notes below for a full description of the changes.
Summary of Changes
Minor Changes:
- bpf: Add missing identity to
TRACE_TO_STACK
packet traces (Backport PR #21466, Upstream PR #21403, @pchaigno)
Bugfixes:
- bugtool: Fix pprof default ports (Backport PR #21631, Upstream PR #21497, @pippolo84)
- daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21466, Upstream PR #21449, @tklauser)
- daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21466, Upstream PR #21365, @joamaki)
- DNS proxy: forward the original security identity (#21474, @aspsk)
- Fix agent deadlock caused by frequent kube-apiserver IP recycling (Backport PR #21637, Upstream PR #21629, @joestringer)
- Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21646, Upstream PR #21595, @pchaigno)
- Fixes cilium startup on certain AWS-VPC clusters. (Backport PR #21631, Upstream PR #21444, @squeed)
- ipcache: Fix metadata access from CIDR allocation (Backport PR #21637, Upstream PR #21565, @joestringer)
- Remove no more available dockershim flags in kubelet wrapper (Backport PR #21466, Upstream PR #21311, @pippolo84)
CI Changes:
- Remove Slack notifications (Backport PR #21466, Upstream PR #21239, @michi-covalent)
- test: fix up the number of pods in DemoDaemonSet (Backport PR #21631, Upstream PR #21588, @julianwiedmann)
Misc Changes:
- alibabacloud: fix incorrect instance-type reported by cilium-agent (Backport PR #21631, Upstream PR #21495, @ArthurChiao)
- bugtool: Dump envoy config for troubleshooting (Backport PR #21466, Upstream PR #21348, @sayboras)
- build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21443, @dependabot[bot])
- build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21558, @dependabot[bot])
- build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21574, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21342, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21398, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21514, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21625, @dependabot[bot])
- build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21428, @dependabot[bot])
- build(deps): bump KyleMayes/install-llvm-action from 1.5.4 to 1.5.5 (#21427, @dependabot[bot])
- cmd/bpf: Log if no policy maps found (Backport PR #21466, Upstream PR #21429, @aditighag)
- contrib: avoid reviews from non-collaborators (Backport PR #21631, Upstream PR #21577, @bimmlerd)
- docs: Clarify KPR requirements for Kind (Backport PR #21466, Upstream PR #20749, @brb)
- Fix a typo in the comment example (Backport PR #21466, Upstream PR #21402, @farcaller)
- Fix grpc-ingress.yaml path in Service Mesh docs (Backport PR #21646, Upstream PR #21601, @pippolo84)
- helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21466, Upstream PR #20979, @dctrwatson)
- helm: Quote all the image fields. (Backport PR #21631, Upstream PR #21463, @michi-covalent)
- images: update cilium-{runtime,builder} (#21666, @qmonnet)
- ipcache: Release metadata mutex in loop error condition (Backport PR #21637, Upstream PR #21653, @joestringer)
- ipcache: Remove unsafe ipc.metadata.get (Backport PR #21646, Upstream PR #21608, @gandro)
- ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21646, Upstream PR #21621, @pchaigno)
- ipsec: Refactoring around
UpsertIPsecEndpoint
(Backport PR #21631, Upstream PR #21461, @pchaigno) - ipsec: Simplify XFRM FWD policies (Backport PR #21646, Upstream PR #21602, @pchaigno)
- ipsec: Simplify XFRM IN policies (Backport PR #21466, Upstream PR #21370, @pchaigno)
- makefile: use versioned Go container when formatting after api generate. (Backport PR #21466, Upstream PR #21254, @tommyp1ckles)
- Reference datapath metrics in feature and troubleshooting guides (Backport PR #21631, Upstream PR #20520, @aditighag)
- Remove references to node encryption (Backport PR #21466, Upstream PR #21333, @pchaigno)
Other Changes:
- install: Update image digests for v1.12.2 (#21310, @nebril)
- remove duplication of eCHO episodes (#21587, @kranurag7)
- test: node: use Eventually() to check CiliumNode labels (#21353, @jibi)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.12.3@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
quay.io/cilium/cilium:v1.12.3@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
docker.io/cilium/cilium:stable@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
quay.io/cilium/cilium:stable@sha256:30de50c4dc0a1e1077e9e7917a54d5cab253058b3f779822aec00f5c817ca826
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.12.3@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
quay.io/cilium/clustermesh-apiserver:v1.12.3@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
docker.io/cilium/clustermesh-apiserver:stable@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
quay.io/cilium/clustermesh-apiserver:stable@sha256:9ff9499d3852466a6c55ae982ef7145f980676c939b4127fc1fa0f0e86b23e1b
docker-plugin
docker.io/cilium/docker-plugin:v1.12.3@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
quay.io/cilium/docker-plugin:v1.12.3@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
docker.io/cilium/docker-plugin:stable@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
quay.io/cilium/docker-plugin:stable@sha256:f519e70d9fcca05b1bedaae26a0c3e75ca16c53f611c13da6d15d00875d91474
hubble-relay
docker.io/cilium/hubble-relay:v1.12.3@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
quay.io/cilium/hubble-relay:v1.12.3@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
docker.io/cilium/hubble-relay:stable@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
quay.io/cilium/hubble-relay:stable@sha256:320dff9389e3fc6e2d33863510d497e8bcf245a5755236ae466a0729cc656a79
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.12.3@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
quay.io/cilium/operator-alibabacloud:v1.12.3@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
docker.io/cilium/operator-alibabacloud:stable@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
quay.io/cilium/operator-alibabacloud:stable@sha256:208ef027af5b6c41807107a086849529eff2ca7f906a2a303b208067daa9a867
operator-aws
docker.io/cilium/operator-aws:v1.12.3@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
quay.io/cilium/operator-aws:v1.12.3@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
docker.io/cilium/operator-aws:stable@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
quay.io/cilium/operator-aws:stable@sha256:08b2d6fa24cbd6e8a5b0647aabb1d8ee3bfd2763adcaed35835a6976aded74d0
operator-azure
docker.io/cilium/operator-azure:v1.12.3@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
quay.io/cilium/operator-azure:v1.12.3@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
docker.io/cilium/operator-azure:stable@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
quay.io/cilium/operator-azure:stable@sha256:1effb4b91d55349a7c2d3b0b011e96a29d27562911580c57fbdde11657967086
operator-generic
docker.io/cilium/operator-generic:v1.12.3@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
quay.io/cilium/operator-generic:v1.12.3@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
docker.io/cilium/operator-generic:stable@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
quay.io/cilium/operator-generic:stable@sha256:816ec1da586139b595eeb31932c61a7c13b07fb4a0255341c0e0f18608e84eff
operator
docker.io/cilium/operator:v1.12.3@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
quay.io/cilium/operator:v1.12.3@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
docker.io/cilium/operator:stable@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a
quay.io/cilium/operator:stable@sha256:1e4c4998eed98d4982d7703cfa78eb2fa18841fc3ef30ba16c4f36d27732101a