artifacthub helm/cilium/cilium 1.12.1

latest releases: 1.17.0-pre.2, 1.14.16, 1.16.3...
2 years ago

We are pleased to release Cilium v1.12.1. This release fixes a moderate severity security issue GHSA-pfhr-pccp-hwmh, adds websockets support for Ingress, and fixes a range of bugs that have been recently reported in the community.

See the notes below for a full description of the changes.

Summary of Changes

Minor Changes:

Bugfixes:

  • Add EndpointSlice support for clustermesh-apiserver (Backport PR #20851, Upstream PR #20697, @YutaroHayakawa)
  • bpf: Add send_trace_notify hook for redirect_direct_{v4,v6} (Backport PR #20851, Upstream PR #20479, @qmonnet)
  • Ensure that Cilium CNI in delegated-plugin IPAM mode avoids leaking IPs even when the network namespace has been deleted. (Backport PR #20851, Upstream PR #20630, @wedaly)
  • Fix bug where Cilium would crash on startup with an error about being unable to delete iptables rules. (Backport PR #20890, Upstream PR #20885, @jibi)
  • Fix bug where network policies that select namespace labels may incorrectly select identities (Advisory, commit 2494ce4)
  • Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #20851, Upstream PR #20721, @joestringer)
  • Fix ineffective post-start hook in ENI mode (Backport PR #20851, Upstream PR #20741, @bmcustodio)
  • fix k8s latency metrics label cardinality (Backport PR #20851, Upstream PR #20831, @aanm)
  • Fix parsing of string map command line options when more than one separator is present. (Backport PR #20851, Upstream PR #20673, @tklauser)
  • Fix regression with cilium-health-probe controller in IPv6-only clusters (Backport PR #20867, Upstream PR #20849, @aanm)
  • helm: Guard apply sysctl init container (Backport PR #20851, Upstream PR #20643, @sayboras)
  • helm: Set KPR default to "disabled" for >= 1.12 (Backport PR #20851, Upstream PR #20610, @brb)
  • Helm: Use the correct operator.dnsPolicy value for the operator deployment template (Backport PR #20867, Upstream PR #20844, @michi-covalent)
  • ipcache/kvstore: fix panic when processing ip= entries (Backport PR #20867, Upstream PR #20706, @ArthurChiao)
  • iptables: handle case where kernel IPv6 support is disabled (Backport PR #20851, Upstream PR #20680, @jibi)
  • Optimize Eni update latency after new eni created (Backport PR #20851, Upstream PR #20609, @wu0407)

CI Changes:

  • CI: Enable IPv6 in the L4LB suite (Backport PR #20867, Upstream PR #20821, @brb)
  • ci: fix code changes detection on push events (Backport PR #20851, Upstream PR #20685, @nbusseneau)
  • ci: pick up cilium-cli v0.12.0 for master, v1.11 and v1.12 workflows (Backport PR #20851, Upstream PR #20617, @tklauser)

Misc Changes:

  • build(deps): bump actions/cache from 3.0.5 to 3.0.6 (#20806, @dependabot[bot])
  • build(deps): bump actions/cache from 3.0.6 to 3.0.7 (#20873, @dependabot[bot])
  • build(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 (#20590, @dependabot[bot])
  • build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#20804, @dependabot[bot])
  • build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (#20710, @dependabot[bot])
  • build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (#20785, @dependabot[bot])
  • build(deps): bump KyleMayes/install-llvm-action from 1.5.3 to 1.5.4 (#20578, @dependabot[bot])
  • build(deps): bump library/alpine from 3.16.0 to 3.16.1 in /images/cache (#20588, @dependabot[bot])
  • build(deps): bump library/alpine from 3.16.1 to 3.16.2 in /images/cache (#20857, @dependabot[bot])
  • CHANGELOG: fix v1.12.0 changelog (#20696, @aanm)
  • cilium-cni: don't set interface link up twice (Backport PR #20851, Upstream PR #20674, @tklauser)
  • clean up IPVLAN leftover code in setupBaseDevice() (Backport PR #20867, Upstream PR #20608, @vincentmli)
  • Consider $GO environment variable make precheck checks (Backport PR #20851, Upstream PR #20750, @tklauser)
  • contrib: Add CRD generation to release process (Backport PR #20656, Upstream PR #20564, @joestringer)
  • daemon: Improve dnsproxy error when EP not found (Backport PR #20656, Upstream PR #20649, @joestringer)
  • doc: clarify CentOS 7 third-part kernel upgrade and Cilium advance features kernel config requirements (Backport PR #20851, Upstream PR #20605, @vincentmli)
  • docs: Add required ec2:DescribeInstances when instance-tags-filter is used (Backport PR #20851, Upstream PR #20703, @lht)
  • docs: Clarify identity table for reserved identities (Backport PR #20867, Upstream PR #20832, @joestringer)
  • docs: correct IPAM mode name in BGP control plane installation docs (Backport PR #20851, Upstream PR #20758, @tklauser)
  • docs: Update clustermesh troubleshooting with more details (Backport PR #20851, Upstream PR #20260, @sayboras)
  • docs: update etcd kvstore migration instructions (Backport PR #20656, Upstream PR #20624, @hhoover)
  • docs: Update Helm values (Backport PR #20851, Upstream PR #20716, @qmonnet)
  • docs: update the version specific notes table for v1.12 release (Backport PR #20851, Upstream PR #20669, @tklauser)
  • Fix subnet_id label value being empty in IP allocation and interface creation in ENI IPAM metrics (Backport PR #20851, Upstream PR #20449, @wu0407)
  • Fix complaint about nil IP address on restore of cilium_host (Backport PR #20867, Upstream PR #20734, @christarazi)
  • hubble-ui: release v0.9.1 (Backport PR #20851, Upstream PR #20572, @geakstr)
  • ipcache: Fix lock leak (Backport PR #20851, Upstream PR #20833, @joestringer)
  • maglev: Don't populate v4 inner table upon nat46 service (Backport PR #20851, Upstream PR #20648, @borkmann)
  • pkg/k8s: set the right IP addresses in log messages (Backport PR #20851, Upstream PR #20757, @aanm)
  • Reduce the vtep route log noise and avoid cilium_vtep_map symbol substitution warning log (Backport PR #20656, Upstream PR #20532, @vincentmli)
  • Remove completed items from Service Mesh Roadmap (Backport PR #20656, Upstream PR #20635, @margamanterola)
  • Revert "Revert "doc: update the api spec for fqdn egress policies cod… (Backport PR #20851, Upstream PR #20744, @aanm)
  • v1.12: Update Go to 1.18.5 (#20746, @tklauser)
  • vtep skip symbol substituation cilium_vtep_map (Backport PR #20656, Upstream PR #20589, @vincentmli)

Other Changes:

  • install: Update image digests for v1.12.0 (#20581, @aanm)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.12.1@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b
quay.io/cilium/cilium:v1.12.1@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b
docker.io/cilium/cilium:stable@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b
quay.io/cilium/cilium:stable@sha256:ea2db1ee21b88127b5c18a96ad155c25485d0815a667ef77c2b7c7f31cab601b

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.12.1@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f
quay.io/cilium/clustermesh-apiserver:v1.12.1@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f
docker.io/cilium/clustermesh-apiserver:stable@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f
quay.io/cilium/clustermesh-apiserver:stable@sha256:c80a8d6ffdf7cab4699441496f628a09a31d0300e623cadb2837c86fa368c02f

docker-plugin

docker.io/cilium/docker-plugin:v1.12.1@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a
quay.io/cilium/docker-plugin:v1.12.1@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a
docker.io/cilium/docker-plugin:stable@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a
quay.io/cilium/docker-plugin:stable@sha256:cb30dd4f9942fc86f2e65a837d331656d1ece9163680bc36d970a729976ce13a

hubble-relay

docker.io/cilium/hubble-relay:v1.12.1@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1
quay.io/cilium/hubble-relay:v1.12.1@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1
docker.io/cilium/hubble-relay:stable@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1
quay.io/cilium/hubble-relay:stable@sha256:646582b22bf41ad29dd7739b12aae77455ee5757b9ee087f2d45d684afef5fa1

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.12.1@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58
quay.io/cilium/operator-alibabacloud:v1.12.1@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58
docker.io/cilium/operator-alibabacloud:stable@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58
quay.io/cilium/operator-alibabacloud:stable@sha256:a5ae07d5866c3299f6ff2d00634fa500b911fe2629dcabfcd119026aa8062b58

operator-aws

docker.io/cilium/operator-aws:v1.12.1@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3
quay.io/cilium/operator-aws:v1.12.1@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3
docker.io/cilium/operator-aws:stable@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3
quay.io/cilium/operator-aws:stable@sha256:cbd07141fb2c6ef172b3241d4cf3edac21922959b9325ef1f2d12d9f67e13ea3

operator-azure

docker.io/cilium/operator-azure:v1.12.1@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac
quay.io/cilium/operator-azure:v1.12.1@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac
docker.io/cilium/operator-azure:stable@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac
quay.io/cilium/operator-azure:stable@sha256:73f3ecfc331a3bd3017017492489c45979cf43103d61c6eb6af1662e28e499ac

operator-generic

docker.io/cilium/operator-generic:v1.12.1@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1
quay.io/cilium/operator-generic:v1.12.1@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1
docker.io/cilium/operator-generic:stable@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1
quay.io/cilium/operator-generic:stable@sha256:93d5aaeda37d59e6c4325ff05030d7b48fabde6576478e3fdbfb9bb4a68ec4a1

operator

docker.io/cilium/operator:v1.12.1@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82
quay.io/cilium/operator:v1.12.1@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82
docker.io/cilium/operator:stable@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82
quay.io/cilium/operator:stable@sha256:137be4e4b293558e763648b8242f3d351a3edf3709c8362a62a998487e32cf82

Don't miss a new cilium release

NewReleases is sending notifications on new releases.