The Cilium core team is pleased to announce Cilium v1.10.8. This release includes a range of bugfixes and updates Envoy to v1.21.1 to address several low, moderate and high severity CVEs.
Summary of Changes
Minor Changes:
- helm: Add values for custom service monitor annotations (Backport PR #18782, Upstream PR #18681, @michi-covalent)
- metrics: Expose xfrm stats in prometheus metrics (Backport PR #18668, Upstream PR #18553, @sayboras)
Bugfixes:
- Cilium host proxy is updated to Envoy release 1.21.1 (Backport PR #18890, Upstream PR #18899, @jrajahalme)
- clustermesh-apiserver: fix cmd-line args processing (Backport PR #18724, Upstream PR #18277, @abocim)
- cmd: Fix issue reading string map type via config map (Backport PR #18724, Upstream PR #18478, @sayboras)
- datapath: Only unload obsolete XDP when attached (Backport PR #18668, Upstream PR #18636, @jaffcheng)
- Fix a bug with local redirect policies selecting host networked pods as local endpoints not taking effect. (Backport PR #18724, Upstream PR #18563, @aditighag)
- Fix bug where Cilium drops traffic from remote nodes in etcd mode, despite policy that allows the traffic (Backport PR #18801, Upstream PR #18777, @joestringer)
- labelfilter: Refine default label regexps (Backport PR #18724, Upstream PR #18693, @twpayne)
CI Changes:
- ci: fix QEMU image build following Google Cloud SDK updates (Backport PR #18782, Upstream PR #18720, @nbusseneau)
- ci: remove box download timeout in upstream tests (Backport PR #18724, Upstream PR #18707, @nbusseneau)
- Enable CI for feature branches (Backport PR #18617, Upstream PR #18554, @jibi)
- test/runtime: fix flake on non-ready endpoints (Backport PR #18668, Upstream PR #18627, @tklauser)
- test: Fix pod cleanup after various tests (Backport PR #18668, Upstream PR #18448, @joestringer)
Misc Changes:
- build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18754, @dependabot[bot])
- build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18689, @dependabot[bot])
- build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18837, @dependabot[bot])
- Cilium host proxy is updated to Envoy release 1.21.0 (Backport PR #18890, Upstream PR #18748, @jrajahalme)
- contrib: Fix backport submission for own PRs (Backport PR #18668, Upstream PR #17988, @joestringer)
- doc: getting started minor fixes (Backport PR #18668, Upstream PR #18024, @kaworu)
- docs: add Hands-on tutorial (Backport PR #18724, Upstream PR #18583, @vannyle)
- docs: disable k3s network policy enforcement (Backport PR #18724, Upstream PR #18671, @tklauser)
- docs: export KUBECONFIG for cilium-cli with k3s (Backport PR #18724, Upstream PR #18697, @tklauser)
- docs: Update clustermesh example verification steps (Backport PR #18782, Upstream PR #18764, @sayboras)
- update k8s library versions (#18588, @aanm)
- v1.10: Update Go to 1.16.14 (#18798, @tklauser)
Other Changes:
- install: Update image digests for v1.10.7 (#18537, @joestringer)
- v1.10: Update Cilium base images (#18875, @joestringer)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.8@sha256:e6147e39a03c685e5f1225c5642e1358dcd4899bbd94e8a043bb4be52cd2f008
quay.io/cilium/cilium:v1.10.8@sha256:e6147e39a03c685e5f1225c5642e1358dcd4899bbd94e8a043bb4be52cd2f008
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.8@sha256:c675830b9f87596680d2a45cd78c2d64ab1ceb8707629e8da71217f64e5e72e1
quay.io/cilium/clustermesh-apiserver:v1.10.8@sha256:c675830b9f87596680d2a45cd78c2d64ab1ceb8707629e8da71217f64e5e72e1
docker-plugin
docker.io/cilium/docker-plugin:v1.10.8@sha256:d442e44a50ff188ca90a0af04778574348d23e21c059763491a4527ea94e0b38
quay.io/cilium/docker-plugin:v1.10.8@sha256:d442e44a50ff188ca90a0af04778574348d23e21c059763491a4527ea94e0b38
hubble-relay
docker.io/cilium/hubble-relay:v1.10.8@sha256:4d2ee6b41475f6d74855d77b018f508ba978d964528f903c8e3e7be8dd275b31
quay.io/cilium/hubble-relay:v1.10.8@sha256:4d2ee6b41475f6d74855d77b018f508ba978d964528f903c8e3e7be8dd275b31
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.8@sha256:5b488759bd37890aaf1607287b902f1199288f35fc6d8ee9e2f51644f8fdc646
quay.io/cilium/operator-alibabacloud:v1.10.8@sha256:5b488759bd37890aaf1607287b902f1199288f35fc6d8ee9e2f51644f8fdc646
operator-aws
docker.io/cilium/operator-aws:v1.10.8@sha256:d591b998273f8601dd42a3f0a0b097d65077c30255b7dc5af837e0118bda6f5f
quay.io/cilium/operator-aws:v1.10.8@sha256:d591b998273f8601dd42a3f0a0b097d65077c30255b7dc5af837e0118bda6f5f
operator-azure
docker.io/cilium/operator-azure:v1.10.8@sha256:81b62495f6c682446a07f7a5ca9ec2887c99f4820b460a3c5610ecec05789140
quay.io/cilium/operator-azure:v1.10.8@sha256:81b62495f6c682446a07f7a5ca9ec2887c99f4820b460a3c5610ecec05789140
operator-generic
docker.io/cilium/operator-generic:v1.10.8@sha256:a77dff6103d047d8810ea5e80067b2fade6d099771c8dda197bdba5e4e2f0255
quay.io/cilium/operator-generic:v1.10.8@sha256:a77dff6103d047d8810ea5e80067b2fade6d099771c8dda197bdba5e4e2f0255
operator
docker.io/cilium/operator:v1.10.8@sha256:98b31afa482cb9160d7bf7420b2fabf32435c0ea44164696013b5356014809c7
quay.io/cilium/operator:v1.10.8@sha256:98b31afa482cb9160d7bf7420b2fabf32435c0ea44164696013b5356014809c7