artifacthub helm/cilium/cilium 1.11.9

latest releases: 1.14.16, 1.16.3, 1.15.10...
2 years ago

We are pleased to release Cilium v1.11.9. It provides many bugfixes and several quality of life improvements.

Summary of Changes

Minor Changes:

  • Added hubble.ui.frontend.server.ipv6.enabled helm flag to control nginx server ipv6 listener (Backport PR #21223, Upstream PR #21127, @geakstr)
  • dnsproxy: stop serving DNS traffic before agent shutdown (Backport PR #21223, Upstream PR #20795, @nebril)
  • install: add TerminationMessagePolicy to cilium pods (Backport PR #21291, Upstream PR #21012, @squeed)
  • put stderr of iptables command into error instead of merging into stdout (Backport PR #21139, Upstream PR #20895, @liuyuan10)

Bugfixes:

  • clustermesh-apiserver: fix key name for delete during k8s->kvstore sync (Backport PR #21139, Upstream PR #21078, @tklauser)
  • datapath: allow local NodePort traffic for eni+ container interfaces with CNI chaining (Backport PR #21223, Upstream PR #21126, @ti-mo)
  • Do not enable health checks if only Terminating backends are present on a Node which is selected by a Service with externalTrafficPolicy: Local Service (Backport PR #21211, Upstream PR #21062, @zuzzas)
  • Fix conflicting routes for multiple ENIs in IPAM mode (Backport PR #21223, Upstream PR #20112, @recollir)
  • Fix identity garbage collection in clustermesh environments (#20933, @aanm)
  • Fix node label synchronization in the KVStore when IPSec configuration changes (Backport PR #21139, Upstream PR #21087, @aanm)
  • Fix regression with cilium-health-probe controller in IPv6-only clusters (Backport PR #20939, Upstream PR #20849, @aanm)
  • Fix Wireguard connectivity issues when using kvstore mode (Backport PR #21139, Upstream PR #21080, @aanm)
  • Fixed PodCIDR announcement being overwritten by SVC announcement (Backport PR #20880, Upstream PR #20413, @dylandreimerink)
  • Fixes typos in enabling fqdn_semaphore_rejected_total metric (Backport PR #20939, Upstream PR #20893, @rahulkjoshi)
  • For configurations with Egress Gateway and Direct-Routing, avoid recreating the cilium_vxlan interface on every restart. (Backport PR #21139, Upstream PR #20780, @julianwiedmann)
  • ipcache/kvstore: fix panic when processing ip= entries (Backport PR #20939, Upstream PR #20706, @ArthurChiao)
  • ipsec: Fix incorrect parsing of SPI from mark (Backport PR #20939, Upstream PR #20900, @pchaigno)
  • k8s/watchers: fix panic in CiliumEndpoint labels update (Backport PR #21139, Upstream PR #20865, @jaffcheng)
  • kvstore/allocator: fix panic on receiving invalid identity entries (Backport PR #21291, Upstream PR #21213, @ArthurChiao)
  • operator: do not GC kvstore nodes if CiliumNodes are not available (Backport PR #21223, Upstream PR #21133, @aanm)
  • operator: update CiliumNode in kvstore without lease (Backport PR #21223, Upstream PR #21202, @tklauser)
  • pkg/k8s/watcher: fix deadlock crash that occurs when handling endpoint and service updates. (Backport PR #21223, Upstream PR #21093, @tommyp1ckles)
  • v1.11: operator: fix key name for delete during k8s->kvstore sync (#20983, @tklauser)
  • When systemd-sysctl sets the rp_filter sysctl, tolerate missing lxc_* / cilium_* interfaces. (Backport PR #21223, Upstream PR #21146, @julianwiedmann)

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests

cilium

docker.io/cilium/cilium:v1.11.9@sha256:a732e57cb4881abe4783562bbba0045209ef85542372b44ce61584c887c49878
quay.io/cilium/cilium:v1.11.9@sha256:a732e57cb4881abe4783562bbba0045209ef85542372b44ce61584c887c49878

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.11.9@sha256:7fdc72903f079a55a5906e64d01fcc7d86024b08d82425b5d63d392e4b21e1a2
quay.io/cilium/clustermesh-apiserver:v1.11.9@sha256:7fdc72903f079a55a5906e64d01fcc7d86024b08d82425b5d63d392e4b21e1a2

docker-plugin

docker.io/cilium/docker-plugin:v1.11.9@sha256:d627d49e18ddf9a343403328497e1c5fe6501c0841e31fc974439a06ef338d46
quay.io/cilium/docker-plugin:v1.11.9@sha256:d627d49e18ddf9a343403328497e1c5fe6501c0841e31fc974439a06ef338d46

hubble-relay

docker.io/cilium/hubble-relay:v1.11.9@sha256:0b2f19895de281e4a416700b17a4dc9b8d3b80eb7b5b65dac173880f5113084e
quay.io/cilium/hubble-relay:v1.11.9@sha256:0b2f19895de281e4a416700b17a4dc9b8d3b80eb7b5b65dac173880f5113084e

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.11.9@sha256:c179af970e6cffaafecd808f5aa3f5fe3a70151a6ff3192ffbdfa852ae7447c2
quay.io/cilium/operator-alibabacloud:v1.11.9@sha256:c179af970e6cffaafecd808f5aa3f5fe3a70151a6ff3192ffbdfa852ae7447c2

operator-aws

docker.io/cilium/operator-aws:v1.11.9@sha256:e07670cfed71007fd49c27c5a7805b8c949caedfc60296b9712b98dbaff82db8
quay.io/cilium/operator-aws:v1.11.9@sha256:e07670cfed71007fd49c27c5a7805b8c949caedfc60296b9712b98dbaff82db8

operator-azure

docker.io/cilium/operator-azure:v1.11.9@sha256:65d1c2a43af3700211290a46ee71dfff194475ac94175b5281dd2c839cf37b31
quay.io/cilium/operator-azure:v1.11.9@sha256:65d1c2a43af3700211290a46ee71dfff194475ac94175b5281dd2c839cf37b31

operator-generic

docker.io/cilium/operator-generic:v1.11.9@sha256:d98c1d94da2ef597981e16fe8d894103f49b5174e6b36f91341e9fbcd723668b
quay.io/cilium/operator-generic:v1.11.9@sha256:d98c1d94da2ef597981e16fe8d894103f49b5174e6b36f91341e9fbcd723668b

operator

docker.io/cilium/operator:v1.11.9@sha256:f6fad3a2c62e8406636976e13d90d852c9e64a353fb303edb492ee9bc6fa2f3f
quay.io/cilium/operator:v1.11.9@sha256:f6fad3a2c62e8406636976e13d90d852c9e64a353fb303edb492ee9bc6fa2f3f

Don't miss a new cilium release

NewReleases is sending notifications on new releases.