artifacthub helm/cilium/cilium 1.13.1

latest releases: 1.17.0-pre.2, 1.14.16, 1.16.3...
20 months ago

We are pleased to release Cilium v1.13.1. This is the first patch release in 1.13 series and it contains a lot of good stuff! We improved docs, fixed memory leaks and deadlocks, improved helm charts and did so much more! Full list below.

This release addresses following security issues:

Note: When updating to this release, make sure that you are using new helm chart version.

Summary of Changes

Minor Changes:

  • Add CLI command to dump cgroups metadata (Backport PR #23834, Upstream PR #23641, @alexkats)
  • Add pod-name hubble metrics context for pod name label without namespace (Backport PR #24058, Upstream PR #23199, @chancez)
  • envoy: Bump envoy to 1.23.4 (Backport PR #23956, Upstream PR #23800, @sayboras)
  • helm: Add pod and container security context (Backport PR #24086, Upstream PR #23443, @sayboras)
  • helm: Add SA automount configuration (Backport PR #24086, Upstream PR #23441, @sayboras)
  • helm: Add support of annotations in hubble ui service (Backport PR #23834, Upstream PR #23709, @brnck)
  • Hide --install-iptables-rules agent flag and remove installIptablesRules Helm flag (Backport PR #24200, Upstream PR #24081, @pchaigno)

Bugfixes:

  • [EKS] Fix deadlock causing network connectivity outages when kube-apiservers scale down (Backport PR #23956, Upstream PR #23836, @christarazi)
  • Add the option to preserve CNI configuration file on agent shutdown. This can help prevent issues where pods can no longer be deleted. This may cause some transient error messages to be displayed if a pod is scheduled while Cilium is being upgraded. (Backport PR #24200, Upstream PR #24009, @squeed)
  • agent: fix incorrect deletion of veth host interfaces on bootstrap (Backport PR #23956, Upstream PR #23787, @giorio94)
  • Avoid k8s CiliumNode initialization problems when Cilium connects to the KVStore (Backport PR #24200, Upstream PR #24156, @aanm)
  • bpf: Fix broken remote-node identity classification (Backport PR #23956, Upstream PR #23091, @ysksuzuki)
  • clustermesh: fix cluster synchronization wait group increment (Backport PR #24058, Upstream PR #23741, @giorio94)
  • clustermesh: fix services cache bloat due to incorrect deletion (Backport PR #24058, Upstream PR #23947, @giorio94)
  • envoy: Avoid empty typeURL for all resources (Backport PR #23860, Upstream PR #23763, @sayboras)
  • Fix bug that would prevent IPsec from working with GENEVE encapsulation. (Backport PR #24200, Upstream PR #24116, @borkmann)
  • Fix bug that would prevent SRv6 decapsulation when BPF Host Routing was disabled. (Backport PR #23834, Upstream PR #23825, @ldelossa)
  • Fix connectivity issue upon agent restart in case of ipv6 + direct routing + KPR replacement (Backport PR #23956, Upstream PR #23857, @giorio94)
  • Fix enable-stale-cilium-endpoint-cleanup flag not actually disabling the cleanup init set when set to false. This provides a workaround for an existing panic that can occur when running using etcd kvstore. (Backport PR #24311, Upstream PR #23874, @sjdot)
  • Fix incorrectly dropping in-cluster traffic for L7 ingress resources (Backport PR #24200, Upstream PR #23984, @sayboras)
  • Fix memory leak caused on clustermesh reconnect. (Backport PR #24086, Upstream PR #23785, @oblazek)
  • Fix operator crash race condition for CES identity map concurrent read/write (Backport PR #24086, Upstream PR #23605, @dlapcevic)
  • Fix restoreServicesLocked() potential nil pointer panic (Backport PR #23834, Upstream PR #23446, @dlapcevic)
  • fix(helm): add missing updateStrategy to hubble-ui deployment (Backport PR #24058, Upstream PR #23975, @mhulscher)
  • Fixes a bug where the Helm value cni.configMap no longer worked. (Backport PR #23834, Upstream PR #23743, @squeed)
  • Fixes a memory leak and (possible) source of stale data for Clustermesh whenever the connection to the remote cluster is disrupted or restarted. (Backport PR #23834, Upstream PR #23532, @squeed)
  • gateway-api: Combine metrics registry with operator (Backport PR #23834, Upstream PR #23501, @sayboras)
  • helm: Fix duplicate enable-envoy-config flag when enabling L7LB, Ingress Controller, or GatewayAPI simultaneously (Backport PR #23956, Upstream PR #23866, @DWSR)
  • Hubble Relay: fix reported uptime (Backport PR #24058, Upstream PR #23966, @rolinh)
  • install: don't render role / rolebinding when agent disabled (Backport PR #24200, Upstream PR #23877, @squeed)
  • ipam/crd: Fix panic due to concurrent map read and map write (Backport PR #23834, Upstream PR #23713, @gandro)
  • k8s: Handle EndpointSlice AddressType field properly (Backport PR #23956, Upstream PR #23803, @YutaroHayakawa)
  • kvstore: prevent deletion delay for node-unrelated events (Backport PR #24086, Upstream PR #23745, @giorio94)
  • node: require ipv4 address when wireguard is enabled (#23552, @giorio94)
  • watchers: endpointsync can manage already owned CiliumEndpoints. (Backport PR #24086, Upstream PR #23499, @tommyp1ckles)

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests

cilium

docker.io/cilium/cilium:v1.13.1@sha256:428a09552707cc90228b7ff48c6e7a33dc0a97fe1dd93311ca672834be25beda
quay.io/cilium/cilium:v1.13.1@sha256:428a09552707cc90228b7ff48c6e7a33dc0a97fe1dd93311ca672834be25beda
docker.io/cilium/cilium:stable@sha256:428a09552707cc90228b7ff48c6e7a33dc0a97fe1dd93311ca672834be25beda
quay.io/cilium/cilium:stable@sha256:428a09552707cc90228b7ff48c6e7a33dc0a97fe1dd93311ca672834be25beda

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.13.1@sha256:84d386e6025b44125110547b853f166130407301362750235c90163aefc6ac3c
quay.io/cilium/clustermesh-apiserver:v1.13.1@sha256:84d386e6025b44125110547b853f166130407301362750235c90163aefc6ac3c
docker.io/cilium/clustermesh-apiserver:stable@sha256:84d386e6025b44125110547b853f166130407301362750235c90163aefc6ac3c
quay.io/cilium/clustermesh-apiserver:stable@sha256:84d386e6025b44125110547b853f166130407301362750235c90163aefc6ac3c

docker-plugin

docker.io/cilium/docker-plugin:v1.13.1@sha256:1f3bd78dce5ca15e303d8eb49f50995b0fec3d56638985663c6fbb17832ff29b
quay.io/cilium/docker-plugin:v1.13.1@sha256:1f3bd78dce5ca15e303d8eb49f50995b0fec3d56638985663c6fbb17832ff29b
docker.io/cilium/docker-plugin:stable@sha256:1f3bd78dce5ca15e303d8eb49f50995b0fec3d56638985663c6fbb17832ff29b
quay.io/cilium/docker-plugin:stable@sha256:1f3bd78dce5ca15e303d8eb49f50995b0fec3d56638985663c6fbb17832ff29b

hubble-relay

docker.io/cilium/hubble-relay:v1.13.1@sha256:ad7ce650c7877f8d769264e20bf5b9020ea778a9530cfae9d67a5c9d942c04cb
quay.io/cilium/hubble-relay:v1.13.1@sha256:ad7ce650c7877f8d769264e20bf5b9020ea778a9530cfae9d67a5c9d942c04cb
docker.io/cilium/hubble-relay:stable@sha256:ad7ce650c7877f8d769264e20bf5b9020ea778a9530cfae9d67a5c9d942c04cb
quay.io/cilium/hubble-relay:stable@sha256:ad7ce650c7877f8d769264e20bf5b9020ea778a9530cfae9d67a5c9d942c04cb

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.13.1@sha256:e9a99cd02a80b8610fe7789c052e283df0622bf5e641d1fb88a1e22b86a82e02
quay.io/cilium/operator-alibabacloud:v1.13.1@sha256:e9a99cd02a80b8610fe7789c052e283df0622bf5e641d1fb88a1e22b86a82e02
docker.io/cilium/operator-alibabacloud:stable@sha256:e9a99cd02a80b8610fe7789c052e283df0622bf5e641d1fb88a1e22b86a82e02
quay.io/cilium/operator-alibabacloud:stable@sha256:e9a99cd02a80b8610fe7789c052e283df0622bf5e641d1fb88a1e22b86a82e02

operator-aws

docker.io/cilium/operator-aws:v1.13.1@sha256:f645832ef9cec19a8c3fb5ce13ece72175d2dcc5963374e8ac5ff31792cc6d58
quay.io/cilium/operator-aws:v1.13.1@sha256:f645832ef9cec19a8c3fb5ce13ece72175d2dcc5963374e8ac5ff31792cc6d58
docker.io/cilium/operator-aws:stable@sha256:f645832ef9cec19a8c3fb5ce13ece72175d2dcc5963374e8ac5ff31792cc6d58
quay.io/cilium/operator-aws:stable@sha256:f645832ef9cec19a8c3fb5ce13ece72175d2dcc5963374e8ac5ff31792cc6d58

operator-azure

docker.io/cilium/operator-azure:v1.13.1@sha256:b929e7a59f60e7ec306fe6f672546c6b217dffede4946b5f57130ced68d442e0
quay.io/cilium/operator-azure:v1.13.1@sha256:b929e7a59f60e7ec306fe6f672546c6b217dffede4946b5f57130ced68d442e0
docker.io/cilium/operator-azure:stable@sha256:b929e7a59f60e7ec306fe6f672546c6b217dffede4946b5f57130ced68d442e0
quay.io/cilium/operator-azure:stable@sha256:b929e7a59f60e7ec306fe6f672546c6b217dffede4946b5f57130ced68d442e0

operator-generic

docker.io/cilium/operator-generic:v1.13.1@sha256:f47ba86042e11b11b1a1e3c8c34768a171c6d8316a3856253f4ad4a92615d555
quay.io/cilium/operator-generic:v1.13.1@sha256:f47ba86042e11b11b1a1e3c8c34768a171c6d8316a3856253f4ad4a92615d555
docker.io/cilium/operator-generic:stable@sha256:f47ba86042e11b11b1a1e3c8c34768a171c6d8316a3856253f4ad4a92615d555
quay.io/cilium/operator-generic:stable@sha256:f47ba86042e11b11b1a1e3c8c34768a171c6d8316a3856253f4ad4a92615d555

operator

docker.io/cilium/operator:v1.13.1@sha256:54541ddea7b38acd69aa11e1af46b89fb03675e2e9723ef2a95791618085e3ac
quay.io/cilium/operator:v1.13.1@sha256:54541ddea7b38acd69aa11e1af46b89fb03675e2e9723ef2a95791618085e3ac
docker.io/cilium/operator:stable@sha256:54541ddea7b38acd69aa11e1af46b89fb03675e2e9723ef2a95791618085e3ac
quay.io/cilium/operator:stable@sha256:54541ddea7b38acd69aa11e1af46b89fb03675e2e9723ef2a95791618085e3ac

Don't miss a new cilium release

NewReleases is sending notifications on new releases.