helm/cilium/cilium 1.10.8

on Artifact Hub

The Cilium core team is pleased to announce Cilium v1.10.8. This release includes a range of bugfixes and updates Envoy to v1.21.1 to address several low, moderate and high severity CVEs.

Summary of Changes

Minor Changes:

• helm: Add values for custom service monitor annotations (Backport PR #18782, Upstream PR #18681, @michi-covalent)
• metrics: Expose xfrm stats in prometheus metrics (Backport PR #18668, Upstream PR #18553, @sayboras)

Bugfixes:

• Cilium host proxy is updated to Envoy release 1.21.1 (Backport PR #18890, Upstream PR #18899, @jrajahalme)
• clustermesh-apiserver: fix cmd-line args processing (Backport PR #18724, Upstream PR #18277, @abocim)
• cmd: Fix issue reading string map type via config map (Backport PR #18724, Upstream PR #18478, @sayboras)
• datapath: Only unload obsolete XDP when attached (Backport PR #18668, Upstream PR #18636, @jaffcheng)
• Fix a bug with local redirect policies selecting host networked pods as local endpoints not taking effect. (Backport PR #18724, Upstream PR #18563, @aditighag)
• Fix bug where Cilium drops traffic from remote nodes in etcd mode, despite policy that allows the traffic (Backport PR #18801, Upstream PR #18777, @joestringer)
• labelfilter: Refine default label regexps (Backport PR #18724, Upstream PR #18693, @twpayne)

CI Changes:

• ci: fix QEMU image build following Google Cloud SDK updates (Backport PR #18782, Upstream PR #18720, @nbusseneau)
• ci: remove box download timeout in upstream tests (Backport PR #18724, Upstream PR #18707, @nbusseneau)
• Enable CI for feature branches (Backport PR #18617, Upstream PR #18554, @jibi)
• test/runtime: fix flake on non-ready endpoints (Backport PR #18668, Upstream PR #18627, @tklauser)
• test: Fix pod cleanup after various tests (Backport PR #18668, Upstream PR #18448, @joestringer)

Misc Changes:

• build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18754, @dependabot[bot])
• build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18689, @dependabot[bot])
• build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18837, @dependabot[bot])
• Cilium host proxy is updated to Envoy release 1.21.0 (Backport PR #18890, Upstream PR #18748, @jrajahalme)
• contrib: Fix backport submission for own PRs (Backport PR #18668, Upstream PR #17988, @joestringer)
• doc: getting started minor fixes (Backport PR #18668, Upstream PR #18024, @kaworu)
• docs: add Hands-on tutorial (Backport PR #18724, Upstream PR #18583, @vannyle)
• docs: disable k3s network policy enforcement (Backport PR #18724, Upstream PR #18671, @tklauser)
• docs: export KUBECONFIG for cilium-cli with k3s (Backport PR #18724, Upstream PR #18697, @tklauser)
• docs: Update clustermesh example verification steps (Backport PR #18782, Upstream PR #18764, @sayboras)
• update k8s library versions (#18588, @aanm)
• v1.10: Update Go to 1.16.14 (#18798, @tklauser)

Other Changes:

• install: Update image digests for v1.10.7 (#18537, @joestringer)
• v1.10: Update Cilium base images (#18875, @joestringer)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.10.8@sha256:e6147e39a03c685e5f1225c5642e1358dcd4899bbd94e8a043bb4be52cd2f008
quay.io/cilium/cilium:v1.10.8@sha256:e6147e39a03c685e5f1225c5642e1358dcd4899bbd94e8a043bb4be52cd2f008

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.10.8@sha256:c675830b9f87596680d2a45cd78c2d64ab1ceb8707629e8da71217f64e5e72e1
quay.io/cilium/clustermesh-apiserver:v1.10.8@sha256:c675830b9f87596680d2a45cd78c2d64ab1ceb8707629e8da71217f64e5e72e1

docker-plugin

docker.io/cilium/docker-plugin:v1.10.8@sha256:d442e44a50ff188ca90a0af04778574348d23e21c059763491a4527ea94e0b38
quay.io/cilium/docker-plugin:v1.10.8@sha256:d442e44a50ff188ca90a0af04778574348d23e21c059763491a4527ea94e0b38

hubble-relay

docker.io/cilium/hubble-relay:v1.10.8@sha256:4d2ee6b41475f6d74855d77b018f508ba978d964528f903c8e3e7be8dd275b31
quay.io/cilium/hubble-relay:v1.10.8@sha256:4d2ee6b41475f6d74855d77b018f508ba978d964528f903c8e3e7be8dd275b31

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.10.8@sha256:5b488759bd37890aaf1607287b902f1199288f35fc6d8ee9e2f51644f8fdc646
quay.io/cilium/operator-alibabacloud:v1.10.8@sha256:5b488759bd37890aaf1607287b902f1199288f35fc6d8ee9e2f51644f8fdc646

operator-aws

docker.io/cilium/operator-aws:v1.10.8@sha256:d591b998273f8601dd42a3f0a0b097d65077c30255b7dc5af837e0118bda6f5f
quay.io/cilium/operator-aws:v1.10.8@sha256:d591b998273f8601dd42a3f0a0b097d65077c30255b7dc5af837e0118bda6f5f

operator-azure

docker.io/cilium/operator-azure:v1.10.8@sha256:81b62495f6c682446a07f7a5ca9ec2887c99f4820b460a3c5610ecec05789140
quay.io/cilium/operator-azure:v1.10.8@sha256:81b62495f6c682446a07f7a5ca9ec2887c99f4820b460a3c5610ecec05789140

operator-generic

docker.io/cilium/operator-generic:v1.10.8@sha256:a77dff6103d047d8810ea5e80067b2fade6d099771c8dda197bdba5e4e2f0255
quay.io/cilium/operator-generic:v1.10.8@sha256:a77dff6103d047d8810ea5e80067b2fade6d099771c8dda197bdba5e4e2f0255

operator

docker.io/cilium/operator:v1.10.8@sha256:98b31afa482cb9160d7bf7420b2fabf32435c0ea44164696013b5356014809c7
quay.io/cilium/operator:v1.10.8@sha256:98b31afa482cb9160d7bf7420b2fabf32435c0ea44164696013b5356014809c7