helm/cilium/cilium 1.8.6 on Artifact Hub

Summary of Changes

Major Changes:

change default docker image repository from docker.io to quay.io (Backport PR #14022, Upstream PR #13937, @aanm)

Minor Changes:

Add Resource Quotas in Cilium Namespace for GKE installations (Backport PR #13951, Upstream PR #13878, @aanm)
docs: Point OKD guide at 1.8.5 (#13849, @errordeveloper)
k8s: update k8s libraries to 1.18.12 (#14034, @aanm)
node: Handle arpinging when remote node is in different L2 (Backport PR #14249, Upstream PR #14201, @brb)
v1.8: Update Go to 1.14.12 (#14015, @tklauser)

Bugfixes:

bpf: Fix --force-local-policy-eval-at-source=false (Backport PR #13875, Upstream PR #13769, @joestringer)
bpf: fix disable PolicyVerdictNotification broken (Backport PR #13951, Upstream PR #13921, @ArthurChiao)
ctmap: GC orphan SNAT entries (Backport PR #14022, Upstream PR #13912, @brb)
Fix bug in cluster-pool IPAM mode where the user is never alerted of a node CIDR allocation failure (Backport PR #14022, Upstream PR #13916, @christarazi)
Fix bug where Cilium on smaller instance types cannot allocate IPs (Backport PR #14059, Upstream PR #13865, @christarazi)
Fix dynamic NAT table size calculation if CT map sizes are configured statically. (Backport PR #13875, Upstream PR #13844, @tklauser)
Fix etcd's auth token invalid after watch reconnects (Backport PR #14249, Upstream PR #14238, @aanm)
Fix panic on cilium-agent startup when restoring LB source range maps (Backport PR #13875, Upstream PR #13842, @aanm)
Fixed Goroutine leak for unresponded ARP pings. (Backport PR #14249, Upstream PR #14222, @jrajahalme)
Fixed installation instructions for K3s and Kubernetes Network Policy enforcement (Backport PR #13875, Upstream PR #13783, @aanm)
FQDN rule restoration IP limit has been made configurable (--tofqdns-max-ips-per-restored-rule, default 1000). (Backport PR #14022, Upstream PR #13992, @jrajahalme)
fqdn: Add a nil check for security id lookup (Backport PR #13951, Upstream PR #13886, @aditighag)
fqdn: Delay ipcache upserts until policies have been updated (Backport PR #14213, Upstream PR #14110, @jrajahalme)
fqdn: keep IPs alive if their name is alive (Backport PR #13951, Upstream PR #13914, @kkourt)
go.mod: update cilium/ipam library with bug fixes (Backport PR #13875, Upstream PR #13810, @aanm)
Hubble-relay now proxies the GRPC context to its servers. (Backport PR #13951, Upstream PR #12865, @nathanjsweet)
hubble/parser: Always preserve datapath numeric identity (Backport PR #14213, Upstream PR #14090, @gandro)
hubble: Fix reply state unknown being interpreted as false (Backport PR #13876, Upstream PR #13750, @gandro)
Increment the default value of maximum garbage collected security identities from 250 to 2500 per minute (Backport PR #13951, Upstream PR #13907, @aanm)
kpr: ensure DirectRoutingDevice is in devices (Backport PR #14249, Upstream PR #14054, @kkourt)
Trim spaces from loadBalancerSourceRanges when parsing its values. (Backport PR #14059, Upstream PR #13996, @aanm)

CI Changes:

bpf: Compile test POLICY_VERDICT_NOTIFY (Backport PR #13951, Upstream PR #13922, @pchaigno)
ci: log in to docker in vagrant boxes (Backport PR #14022, Upstream PR #13969, @nebril)
daemon: Fix netns usage in kpr privileged unit tests (Backport PR #14213, Upstream PR #14171, @brb)
test/bpf: Fix XDP loading in verifier-test.sh (Backport PR #13951, Upstream PR #13927, @pchaigno)
test: Don't wait for network to schedule test-verifier (Backport PR #14142, Upstream PR #14074, @pchaigno)
test: Increase timeout on privileged unit tests (Backport PR #14022, Upstream PR #13944, @pchaigno)
test: Move RuntimeVerifier to K8sVerifier (Backport PR #13951, Upstream PR #12658, @pchaigno)

Misc Changes:

Add Registry Credentials to Tests (Backport PR #14009, Upstream PR #13959, @nathanjsweet)
Added new Cilium agent option --debug-verbose=policy to log policy map updates. (Backport PR #14213, Upstream PR #14112, @jrajahalme)
bpf: fix session affinity timeout test flake (Backport PR #13875, Upstream PR #13859, @fristonio)
bugtool: Add lsmod (Backport PR #14213, Upstream PR #14145, @joestringer)
ci/github: Replace set-env command by echo command (Backport PR #14059, Upstream PR #14053, @sayboras)
cilium: disable bind-protection in kube-proxy free probe mode (Backport PR #14213, Upstream PR #14182, @borkmann)
cilium: fix redirect limits on multi dev case (Backport PR #14087, Upstream PR #13884, @borkmann)
cilium: Node to node encryption is not supported with vxlan (Backport PR #13875, Upstream PR #13800, @jrfastab)
daemon: Don't check XDPDevice in DevicePreFilter case (Backport PR #13875, Upstream PR #13794, @brb)
dnsproxy: print total number of rules if too many (Backport PR #14022, Upstream PR #13991, @kkourt)
doc: Link hubble metrics to L7 visibility (Backport PR #14213, Upstream PR #13923, @mandarjog)
docs: Add Azure troubleshooting tips (Backport PR #13875, Upstream PR #13714, @jrajahalme)
docs: Add how to remove kube-proxy from existing clusters (Backport PR #13875, Upstream PR #13808, @brb)
docs: Fix helm install command in kubeadm getting started guide (Backport PR #14087, Upstream PR #14061, @pchaigno)
docs: Fix shell session highlighting (Backport PR #13875, Upstream PR #13704, @joestringer)
docs: Fix wording around labels configuration (Backport PR #14087, Upstream PR #14064, @joestringer)
Documentation: Fix Loadbalancer Guide for Clustermesh (Backport PR #13875, Upstream PR #13822, @nathanjsweet)
examples: Fix grafana and prometheus (Backport PR #13875, Upstream PR #13860, @nathanjsweet)
Fix GetFlows Test (Backport PR #13951, Upstream PR #13206, @nathanjsweet)
fqdn: Fix confusion of ToFQDNs vs. DNS rules. (Backport PR #14087, Upstream PR #14012, @jrajahalme)
fqdn: Fix unit test (Backport PR #14087, Upstream PR #14085, @jrajahalme)
helm: Backport agent.extraHostPathMounts (#14173, @errordeveloper)
helm: Fix format issue for logOptions in ConfigMap (Backport PR #13875, Upstream PR #13837, @sayboras)
Hubble-Relay: proxy metadata from originating client (Backport PR #14022, Upstream PR #13994, @nathanjsweet)
hubble: Fix dropped flows not showing up in Hubble UI (Backport PR #13876, Upstream PR #13796, @gandro)
Improve and expand on documentation for the API rate limiter (Backport PR #13875, Upstream PR #13825, @christarazi)
k8s: clarify CRD schema versioning and its update process (Backport PR #13875, Upstream PR #13811, @aanm)
loader: Use netlink lib instead of tc binary to delete filters (Backport PR #13875, Upstream PR #13724, @pchaigno)
metrics: add cilium_datapath_nat_gc_entries (Backport PR #14142, Upstream PR #12832, @ArthurChiao)
node: Fix ineffectual assignment (Backport PR #14249, Upstream PR #14256, @brb)
node: Misc neighbor related changes (Backport PR #14142, Upstream PR #14070, @brb)
pkg/kvstore: fix race in etcd initialization (Backport PR #13875, Upstream PR #13780, @aanm)
release: add script to check presence of docker images (Backport PR #13951, Upstream PR #13892, @aanm)
Update wording for BPFFS requirement and move to main system requirements page (Backport PR #13875, Upstream PR #13710, @joestringer)
Various fixes for NodePort XDP kube-proxy free guide (Backport PR #13875, Upstream PR #13674, @tklauser)
[v1.8] Update Go to 1.14.11 (#13948, @tklauser)

Other Changes:

[v1.8] backporting: Escape commit message when used as regex (#13873, @tklauser)
[v1.8] contrib: Sort authors without depending on locale (#13802, @christarazi)
v1.8: hubble/relay: flush old flows when the buffer drain timeout is reached (#13877, @rolinh)