Skip to content

1.14.0-rc.0

Pre-release
Pre-release
Compare
Choose a tag to compare
@joestringer joestringer released this 29 Jun 00:04
· 5752 commits to main since this release
v1.14.0-rc.0
This tag was signed with the committer’s verified signature.
joestringer Joe Stringer
SSH Key Fingerprint: up2UNiGoKPJzKD6RD0wAbZjD7U0m/YpqXK1sjpCgLQI Learn about vigilant mode.
08239f5

Summary of Changes

Minor Changes:

  • Add a new set of flags for CES work queue limit and burst rates, CESWriteQPSLimit to andCESWriteQPSBurst`. (#24675, @dlapcevic)
    The processed work queue items always trigger a single CES create, update or write request to the kube-apiserver.
    The work queue rate limiting effectively limits the rate of writes to the kube-apiserver for CES api objects.
  • Set the default CESWriteQPSLimit to 10 and CESWriteQPSBurst to 20. (#24675, @dlapcevic)
  • Set the maximums for qps 50 and burst 100. These values cannot be exceeded regardless of any configuration. (#24675, @dlapcevic)
  • Unhide CESMaxCEPsInCES and CESSlicingMode flags from appearing in logs when CES is enabled. (#24675, @dlapcevic)
  • agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead (#26036, @brb)
  • Allow to use a Secret for the caBundle (#25728, @farcaller)
  • BGPv1: Set N-bit in graceful restart capability negotiation. (#26325, @harsimran-pabla)
  • Cilium now waits longer before returning a failure in the event of a pod creation burst. (#25805, @squeed)
  • envoy: Use embedded proxylib from cilium-proxy image (#26101, @sayboras)
  • metrics: Add k8s client rate limiter latency metric (#25555, @ysksuzuki)
  • Retire Cilium-Integrated Istio documentation (#25722, @networkop)
  • Revert "Revert agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead" (#26496, @brb)

Bugfixes:

  • bpf: ct: fix CT-based packet tracing for IPv6 (#26476, @julianwiedmann)
  • Bypassing policy check for IPv6 NDP to fix broken pod-to-pod connectivity when per-endpoint route is enabled with policy. (#24919, @jschwinger233)
  • CIDRGroup reference metric will not count nonexistent CIDRGroups (#26133, @akstron)
  • datapath: bigtcp: Fix the IPv4 BIG TCP may not work (#26336, @haiyuewa)
  • Fix a bug where datapath option DisableSipVerification can no longer be used. (#25533, @oblazek)
  • Fix bug in AlibabaCloud where instance type limits could not be determined (#25387, @haozhangami)
  • Fix bug where CNI gets installed even if cni.install=false (#26278, @joestringer)
  • Fix compilation error when enabling Wireguard and XDP (#25734, @ysksuzuki)
  • Fix crash of cilium-agent happening when a remote node without node IP addresses is removed. (#25851, @cyclinder)
  • Fix: Return "Content-Type" and "X-Content-Type-Options" headers from Health Check Node Port (#26458, @cezarygerard)
  • Handles nodeIP changes when CEPs are checkpointed to tmpfs and the nodeIP changes across a reboot. (#26281, @bprashanth)
  • ipsec: Split removeStaleXFRMOnce to fix deprioritization issue (#26113, @jschwinger233)
  • iptables: Fix wrong use of podCIDR in cluster node NAT exclusion (#26397, @gandro)
  • Keep sync on deployed proxy ports when retrying proxy redirect creation. (#26343, @jrajahalme)
  • nat: fix usage in nat.h of csum.h module (#25576, @sahid)
  • test/controlplane: Disable endpoint GC (#26383, @pippolo84)
  • test: bigtcp: Update the BIG TCP checking message (#26377, @haiyuewa)
  • Updates TransformXXX Functions in k8s pkg (#26244, @danehans)

CI Changes:

Misc Changes:

  • Add Back Market in the USERS list (#26413, @NitriKx)
  • Add cilium bpf nodeid list to bugtool and print nodeid in hex in ipcache dump (#26130, @brb)
  • Add documentation about kvstoremesh (#26348, @giorio94)
  • Adding an AWS architecture diagram for AWS FTR review (#26016, @amitmavgupta)
  • auth: delete cache-entry on ErrKeyNotExist (#26342, @mhofstetter)
  • auth: display textual representation of auth type in authKey.String() (#26525, @mhofstetter)
  • backporting: Fix pattern to handle commit subjects that begin with a space (#25653, @gentoo-root)
  • BGP CP: Adds Intro to Docs (#26195, @danehans)
  • bgpv1: pass router state to gobgp (#26194, @harsimran-pabla)
  • bgpv1: skip invalid node selector config in policy selection (#26365, @harsimran-pabla)
  • bpf: add new macro __section_entry (#26123, @Jack-R-lantern)
  • bpf: nat: fix build error in snat_v6_prepare_state() (#26510, @julianwiedmann)
  • bpf: remove unused type ProgType and ProgType* consts (#26360, @tklauser)
  • bpf: Update IPv6 BPF masquerading code to bring it closer to IPv4's, fix SNAT for packets from local endpoints, for overlay (#26236, @qmonnet)
  • Calling out support for Single-Region, Multi-Region, Multi-AZ for EKS (#26015, @amitmavgupta)
  • Change wording on toServices limitations (see #20067) (#25796, @atykhyy)
  • chore(deps): update actions/setup-go action to v4.0.1 (main) (#26313, @renovate[bot])
  • chore(deps): update all github action dependencies (main) (minor) (#26306, @renovate[bot])
  • chore(deps): update all github action dependencies (main) (patch) (#26425, @renovate[bot])
  • chore(deps): update dependency cilium/cilium-cli to v0.14.8 (main) (#26482, @renovate[bot])
  • chore(deps): update dependency kubernetes-sigs/kind to v0.20.0 (main) (#26428, @renovate[bot])
  • chore(deps): update docker.io/library/alpine docker tag to v3.18.2 (main) (#26297, @renovate[bot])
  • chore(deps): update docker.io/library/golang docker tag to v1.20.5 (main) (#26304, @renovate[bot])
  • chore(deps): update docker.io/library/golang:1.20.5 docker digest to 8f958bf (main) (#26283, @renovate[bot])
  • chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 9ecc53c (main) (#26285, @renovate[bot])
  • cilium statedb dump command & bugtool (#26256, @joamaki)
  • cilium, bigtcp: Add max gso/gro rates to sysdump (#26392, @borkmann)
  • cilium, bigtcp: Make probing for GRO/GSO max size more graceful (#26385, @borkmann)
  • cilium: enable bpf host routing with per endpoint routes for IPv6 as well (#26205, @borkmann)
  • cilium: Repoint netlink lib back to upstream. (#26359, @borkmann)
  • clustermesh: fix broken test due to merge race (#26389, @giorio94)
  • clustermesh: improve reliability of TestClusterMesh (#26370, @giorio94)
  • cni-plugin: Clean up code (#26505, @gandro)
  • daemon: fix spelling in ipam-multi-pool-pre-allocation flag usage (#26529, @tklauser)
  • datapath: Introduce helpers for __ctx_is checks (#23820, @spacewander)
  • docs: clarify that L3 DNS policies require L7 proxy enabled (#26180, @wedaly)
  • docs: Fix the cilium-cli default branch name (#26461, @michi-covalent)
  • docs: Fix the cilium/proxy default branch name (#26464, @learnitall)
  • docs: Mark IPv6 BPF masquerading as beta (#26499, @qmonnet)
  • docs: reword incorrect L7 policy description (#26092, @peterj)
  • docs: Update kvstore documentation with potential circular dependency. (#26353, @marseel)
  • docu: add section about envoy daemonset deployment (#26033, @mhofstetter)
  • Document multi-pool IPAM mode (#26308, @tklauser)
  • Documentation: Add graceful restart section in BGP documentation (#26354, @harsimran-pabla)
  • endpoint: don't hold the endpoint lock while generating policy (#26242, @squeed)
  • envoy: Re-organize supported envoy resource import (#26469, @sayboras)
  • etcd: start the status checker only after establishing the initial session (#26363, @giorio94)
  • Fix some map handling logic as well as some issues with CLI commands related to ip-masq-agent, introduced with IPv6 support (#26435, @qmonnet)
  • fix(deps): update all go dependencies main (main) (minor) (#26429, @renovate[bot])
  • fix(deps): update all go dependencies main (main) (patch) (#26056, @renovate[bot])
  • fix(deps): update all go dependencies main (main) (patch) (#26427, @renovate[bot])
  • fix(deps): update module github.com/prometheus/procfs to v0.11.0 (main) (#26319, @renovate[bot])
  • helm: add .extraEnv to cilium-agents config init container (#26408, @nberlee)
  • identity: Make identity allocations observable (#26373, @mhofstetter)
  • Improve reliability of kvstore-related tests (#26347, @giorio94)
  • kafka: remove unused package (#26523, @tklauser)
  • kvstore: share etcd client logger to reduce memory usage (#26485, @giorio94)
  • kvstoremesh: mark the cilium-kvstoremesh secret as optional in the clustermesh-apiserver volume definition (#26318, @giorio94)
  • Log error message on unhealthy /healthz check (#24683, @sjdot)
  • plugins/cilium-cni: clean up code in cmdAdd (#26533, @tklauser)
  • policy: Optimize getNets() (#26345, @jrajahalme)
  • Prepare for release v1.14.0-snapshot.4 (#26324, @joestringer)
  • Publish the 2022 Cilium security audits (#26213, @zacharysarah)
  • README: Bump latest snapshot release version (#26326, @joestringer)
  • Remove 'ip' shellout from setUpRoutingTable() (#26486, @ti-mo)
  • Require binary.Size and unsafe.Sizeof of all types to match (#26340, @ti-mo)
  • Revert "agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead" (#26493, @joestringer)
  • This moves from the autogenerated badge from the deprecated slackin system hosted on heroku, to just a simple generated badge. (#26416, @thebsdbox)
  • This moves from the larger default code spaces logo, to a smaller logo in keeping with all existing links in the README. (#26417, @thebsdbox)
  • treewide: fix some shebangs (#26293, @markpash)
  • vendor: Update vishvananda/netlink/ and x/sys (#26410, @borkmann)

Contributors

farcaller, gandro, and 50 other contributors
Assets 2
Loading