We are pleased to release Cilium v1.10.5. This release includes a variety of bugfixes, including improvements to memory consumption when enabling particular features. For more details, read the full release notes below.
Summary of Changes
Minor Changes:
- daemon: Make L2 neighbor discovery configurable. (Backport PR #17531, Upstream PR #16974, @bjhaid)
- datapath: Add a new option to skip socket lb when in pod ns (Backport PR #17531, Upstream PR #17154, @brb)
Bugfixes:
- Cilium Istio integration is updated to Istio release 1.10.4 (Backport PR #17392, Upstream PR #17275, @jrajahalme)
- datapath: Do not SNAT replies to outside (Backport PR #17392, Upstream PR #17168, @brb)
- egress gateway: fix non-tunnel (direct routing) mode (Backport PR #17582, Upstream PR #17517, @kkourt)
- Fix bug where IP addresses of devices in unknown state are resolved as remote-node (Backport PR #17495, Upstream PR #17418, @jibi)
- Fix memory leak that can occur with the presence of FQDN policies (Backport PR #17495, Upstream PR #17432, @aanm)
- helm: upgrade envoy to v1.18.4 for hubble-ui (Backport PR #17495, Upstream PR #17439, @geakstr)
- hubble: Display proxy redirects in policy verdict events (Backport PR #17495, Upstream PR #17411, @pchaigno)
- node: Fix race condition on labels' getter/setter (Backport PR #17313, Upstream PR #17217, @pchaigno)
- Optimize memory consumption for clusters with high number of repeated FQDN matchPattern or matchNames (Backport PR #17313, Upstream PR #17224, @aanm)
- pkg/identity: Add missing labels to well-known identities (Backport PR #17495, Upstream PR #16585, @mauriciovasquezbernal)
- Remove CiliumNode deletion logic from CiliumNode watcher and guarantee CiliumNode's OwnerReference is always set (Backport PR #17495, Upstream PR #17329, @christarazi)
- Set right User Agent in Kubernetes client for all Cilium components. (Backport PR #17495, Upstream PR #17417, @aanm)
CI Changes:
- [v1.10] fix MLH config trigger (#17423, @nbusseneau)
- ci: update cilium-cli to 0.9.1 (Backport PR #17392, Upstream PR #17464, @nebril)
- test/runtime: Look into log errors after test start (Backport PR #17392, Upstream PR #17351, @joamaki)
- test: bump coredns version to 1.7.0 (Backport PR #17531, Upstream PR #17489, @aanm)
- test: Skip Istio test on k8s <1.17 (Backport PR #17392, Upstream PR #17445, @jrajahalme)
- workflows: pin
cilium-cliversion to v0.8.6 (Backport PR #17392, Upstream PR #17143, @nbusseneau)
Misc Changes:
- Add neighbor discovery behavior docs to kubeproxy-free. (Backport PR #17531, Upstream PR #17469, @bjhaid)
- bpf: Add extension for running sock LB on MKE-related containers (Backport PR #17559, Upstream PR #17513, @borkmann)
- bugtool: Include listing of egress gateway map (Backport PR #17495, Upstream PR #17378, @pchaigno)
- build(deps): bump 8398a7/action-slack from 3.9.2 to 3.9.3 (#17379, @dependabot[bot])
- build(deps): bump 8398a7/action-slack from 3.9.3 to 3.10.0 (#17449, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 (#17325, @dependabot[bot])
- contrib/backporting: add environment variables to set ORG and REPO (Backport PR #17495, Upstream PR #17424, @aanm)
- daemon, ipam, option: Introduce ability to bypass IP availability error (Backport PR #17531, Upstream PR #17492, @christarazi)
- daemon: Add --derive-masquerade-ip-addr-from-device opt (Backport PR #17495, Upstream PR #17230, @brb)
- datapath/linux: enable neighbor discovery in unit tests (Backport PR #17557, Upstream PR #17044, @aanm)
- docs: Clarify exact requirements for the egress gateway (Backport PR #17392, Upstream PR #17381, @pchaigno)
- docs: clarify language on libceph and kernel 5.8 in kubeproxy-free GSG (Backport PR #17531, Upstream PR #16969, @bluikko)
- docs: Fix command for overwriting iptables on kube-proxy replacement install (Backport PR #17495, Upstream PR #16264, @Stijn98s)
- docs: Fix up broken minikube link (Backport PR #17495, Upstream PR #17382, @joestringer)
- docs: Fix version sorting for CRD schema docs (Backport PR #17495, Upstream PR #17288, @joestringer)
- ethtool: use ioctl wrapper from golang.org/x/sys/unix (Backport PR #17392, Upstream PR #17153, @tklauser)
- fix(docs): bandwidth-manager install error (Backport PR #17392, Upstream PR #17338, @withlin)
- fqdn: add fqdn proxy interface (Backport PR #17582, Upstream PR #17318, @nebril)
- helm: Expose l2 neigh discovery related agent flags (Backport PR #17557, Upstream PR #17526, @brb)
- helm: set correct versions of docker images in Makefile (Backport PR #17495, Upstream PR #17477, @aanm)
- jenkinsfiles: Don't display nulls in current build display name (Backport PR #17392, Upstream PR #17258, @twpayne)
- operator: Improve identity GC efficiency (Backport PR #17495, Upstream PR #17359, @christarazi)
- proxy: Expose cachedSelectorREEntry type (Backport PR #17531, Upstream PR #17341, @nebril)
- Update Go to 1.16.9 (#17566, @tklauser)
- v1.10: Update Go to 1.16.8 (#17361, @tklauser)
- vendor: update mongo-driver to 1.5.1 to fix CVE-2021-20329 (Backport PR #17313, Upstream PR #17234, @aanm)
Other Changes:
- install: Update image digests for v1.10.4 (#17298, @joestringer)
- Populates backend map from V2 backend map (#17308, @Weil0ng)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb
quay.io/cilium/cilium:v1.10.5@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb
docker.io/cilium/cilium:stable@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb
quay.io/cilium/cilium:stable@sha256:0612218e28288db360c63677c09fafa2d17edda4f13867bcabf87056046b33bb
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.5@sha256:6c6d57195de2595a3c58f688e26bf5c5f4715011a07fdf22e48917d47418b410
quay.io/cilium/clustermesh-apiserver:v1.10.5@sha256:6c6d57195de2595a3c58f688e26bf5c5f4715011a07fdf22e48917d47418b410
docker.io/cilium/clustermesh-apiserver:stable@sha256:6c6d57195de2595a3c58f688e26bf5c5f4715011a07fdf22e48917d47418b410
quay.io/cilium/clustermesh-apiserver:stable@sha256:6c6d57195de2595a3c58f688e26bf5c5f4715011a07fdf22e48917d47418b410
docker-plugin
docker.io/cilium/docker-plugin:v1.10.5@sha256:6584c2444290948b1e21cfc2ccfafef889ded621b48b14b363e1c68bbf7e5ae2
quay.io/cilium/docker-plugin:v1.10.5@sha256:6584c2444290948b1e21cfc2ccfafef889ded621b48b14b363e1c68bbf7e5ae2
docker.io/cilium/docker-plugin:stable@sha256:6584c2444290948b1e21cfc2ccfafef889ded621b48b14b363e1c68bbf7e5ae2
quay.io/cilium/docker-plugin:stable@sha256:6584c2444290948b1e21cfc2ccfafef889ded621b48b14b363e1c68bbf7e5ae2
hubble-relay
docker.io/cilium/hubble-relay:v1.10.5@sha256:5d83c9d674e01c449f7fa65f176f2bde6568498acb726f5fe25cc12149c216c5
quay.io/cilium/hubble-relay:v1.10.5@sha256:5d83c9d674e01c449f7fa65f176f2bde6568498acb726f5fe25cc12149c216c5
docker.io/cilium/hubble-relay:stable@sha256:5d83c9d674e01c449f7fa65f176f2bde6568498acb726f5fe25cc12149c216c5
quay.io/cilium/hubble-relay:stable@sha256:5d83c9d674e01c449f7fa65f176f2bde6568498acb726f5fe25cc12149c216c5
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.5@sha256:2445cf7af5700f0409b9e852ded9dcd5cd6d0b9cd03fa28f3093c59aeb1d416d
quay.io/cilium/operator-alibabacloud:v1.10.5@sha256:2445cf7af5700f0409b9e852ded9dcd5cd6d0b9cd03fa28f3093c59aeb1d416d
docker.io/cilium/operator-alibabacloud:stable@sha256:2445cf7af5700f0409b9e852ded9dcd5cd6d0b9cd03fa28f3093c59aeb1d416d
quay.io/cilium/operator-alibabacloud:stable@sha256:2445cf7af5700f0409b9e852ded9dcd5cd6d0b9cd03fa28f3093c59aeb1d416d
operator-aws
docker.io/cilium/operator-aws:v1.10.5@sha256:8c43aebef64a024a4d0406e61dafe3f875227826f551d377825d3d4bf14a965e
quay.io/cilium/operator-aws:v1.10.5@sha256:8c43aebef64a024a4d0406e61dafe3f875227826f551d377825d3d4bf14a965e
docker.io/cilium/operator-aws:stable@sha256:8c43aebef64a024a4d0406e61dafe3f875227826f551d377825d3d4bf14a965e
quay.io/cilium/operator-aws:stable@sha256:8c43aebef64a024a4d0406e61dafe3f875227826f551d377825d3d4bf14a965e
operator-azure
docker.io/cilium/operator-azure:v1.10.5@sha256:11f82e09123f79e336583cfe32b250e025738f6a8ed8d5e18e1177b566f77a00
quay.io/cilium/operator-azure:v1.10.5@sha256:11f82e09123f79e336583cfe32b250e025738f6a8ed8d5e18e1177b566f77a00
docker.io/cilium/operator-azure:stable@sha256:11f82e09123f79e336583cfe32b250e025738f6a8ed8d5e18e1177b566f77a00
quay.io/cilium/operator-azure:stable@sha256:11f82e09123f79e336583cfe32b250e025738f6a8ed8d5e18e1177b566f77a00
operator-generic
docker.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972
quay.io/cilium/operator-generic:v1.10.5@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972
docker.io/cilium/operator-generic:stable@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972
quay.io/cilium/operator-generic:stable@sha256:2d2f730f219d489ff0702923bf24c0002cd93eb4b47ba344375566202f56d972
operator
docker.io/cilium/operator:v1.10.5@sha256:099c835fa387c567823ef5cf4fc670cb95f8fb201d6144adf375c89c9283e279
quay.io/cilium/operator:v1.10.5@sha256:099c835fa387c567823ef5cf4fc670cb95f8fb201d6144adf375c89c9283e279
docker.io/cilium/operator:stable@sha256:099c835fa387c567823ef5cf4fc670cb95f8fb201d6144adf375c89c9283e279
quay.io/cilium/operator:stable@sha256:099c835fa387c567823ef5cf4fc670cb95f8fb201d6144adf375c89c9283e279