cilium/cilium v1.11.0-rc0 on GitHub

Note: The summary of changes below reflect the diff between the last stable
release (v1.10.4) and tag v1.11.0-rc0.

Summary of Changes

Major Changes:

Cilium Istio integration is updated to Istio release 1.9.6. (#16766, @jrajahalme)
doc: New performance benchmarks and tuning guide (#15943, @tgraf)
policy: Add ICMP and ICMPv6 support for CNP and CCNP with a feature flag (#16516, @chez-shanpu)
Provide new installation steps to deploy Cilium in managed kubernetes providers (GKE, EKS, AKS) to allow scale up and down node pools. (#16631, @aanm)

Minor Changes:

allow-any-ingress and allow-remotehost-ingress are now used instead of allow-localhost-ingress in policy rule derivedFrom list when appropriate. (#16972, @jrajahalme)
Add Helm option to disable registering CRD from Cilium Operator (#15655, @Fedosin)
Add validation of agent flag values for ConfigMap (#16014, @romanspb80)
Add workload name and workload kind to slim api and hubble api (#16514, @sugangli)
Adds new Cilium subcommand: cilium encrypt status and cilium encrypt flush (#16770, @h3llix)
Auto discover ipv6-mcast-device if not provided (#16692, @sarveshr7)
Auto-detect Azure cloud name via IMDS (#16515, @ungureanuvladvictor)
Auto-mount bpf file-system from within Cilium DaemonSet and remove the requirement of having it mounted in the host. (#16656, @aanm)
AWS eni: Support Instance Metadata Service Version 2 (IMDSv2) (#15828, @Smana)
bpf: Derive host netns cookie via SO_NETNS_COOKIE (#17018, @brb)
Cilium Istio integration is updated to Istio release 1.10.3. (#17037, @jrajahalme)
cilium: Improve user experience of policy trace with regard to port a… (#15929, @Maddy007-maha)
cilium: Make CLI more graceful on environments with IPv6 disabled (#16168, @Maddy007-maha)
cleanup helm chart (#16896, @dungdm93)
daemon: Add option --bpf-lb-external-clusterip (#15650, @joamaki)
daemon: Add wildcard support to --devices ("eth+") (#15697, @joamaki)
daemon: make consecutive quorum errors threshold configurable (#16885, @ArthurChiao)
daemon: Make L2 neighbor discovery configurable. (#16974, @bjhaid)
datapath: Add a new option to skip socket lb when in pod ns (#17154, @brb)
datapath: optionally disable SIP verification (#16134, @oblazek)
Display host firewall status in cilium status (#17165, @pchaigno)
doc: Add more generic install section for egress gateway guide (#16087, @tgraf)
doc: Reword some results (#15955, @tgraf)
doc: Update diagrams in benchmark report (#16063, @tgraf)
docs: Revert host firewall to beta for kube-proxy setups (#16149, @pchaigno)
Envoy is updated to release 1.18.3 (#17024, @jrajahalme)
Extend cilium config to expose all active configurations. Add subcommand cilium config get to get configurations from CLI (#16519, @h3llix)
feat: generate tls certs for ui on helm install (#16601, @yandzee)
Fixes connectivity issues when kube-proxy replacement is enabled, caused by
ineffective socket based load balancing (aka host reachable services) in the private
cgroup namespace mode of container runtimes (e.g., docker cgroupv2 configuration). (#16259, @aditighag)
health: Add flag to set HTTP port (#16926, @errordeveloper)
helm: add back 'wellKnownIdentities' (#16142, @bmcustodio)
helm: Add support for disable-endpoint-crd option (#16226, @dntosas)
helm: Disable the bandwidth manager by default (#16380, @pchaigno)
HTTP response access logs no longer contain the request headers, except for 'x-request-id',
which is still included for request/response correlation purposes. (#16211, @jrajahalme)
Hubble logs for HTTP responses now include HTTP response headers. (#16013, @jrajahalme)
hubble/recorder: Extend the API to allow stopping a recording automatically (#16473, @gandro)
hubble: bump protoc{,-gen-go} and dependencies (#16915, @rolinh)
hubble: Hubble node_name field should contain cluster name (#15933, @Maddy007-maha)
images: Bump Hubble CLI to v0.8.0 (#15983, @gandro)
Improve Hubble memory usage and performance on decoding events (#17482, @tklauser)
install: Disable kube-proxy-replacement by default (#15422, @tgraf)
Make NodePort BPF to work on VLAN devices (#16772, @kvaster)
node-neigh: Locking, logging, misc improvements (#15783, @brb)
pkg/aws/eni: new subnet-ids parameter (#16119, @mvisonneau)
Pod L7 visibility annotations are now supported also when policy enforcement is enabled. (#16258, @jrajahalme)
Remove deprecated --update-ec2-apdater-limit-via-api option (#16374, @twpayne)
Remove deprecated code (#16502, @pchaigno)
Rename hostFirewall and mark stable (#17221, @pchaigno)
Skip iptables masquerading for packets destined to remote nodes (#16603, @pchaigno)
Store the previous Cilium's configuration options in the host (#16017, @aanm)
Support EndpointSlices with BGP mode by updating MetalLB to v0.10.0 (#16524, @christarazi)
Support non-default Azure clouds (#16043, @ungureanuvladvictor)
Use correct tolerations value when deploying cilium-operator via helm. (#15992, @michaelpetrov)
wireguard: Set wireguard and route MTU to detected MTU (#16020, @joamaki)

Bugfixes:

Add '*.mesh.cilium.io' to the list of SANs for the server certificate of 'clustermesh-apiserver'. (#17027, @bmcustodio)
Adds IPv6 support for generic-veth chaining plugin (#16041, @Weil0ng)
alibabacloud: fix race (#16175, @l1b0k)
bpf: fix hw_csum issue for icmp probe packets (#16604, @borkmann)
bpf: fix iptables masquerading for node -> remote pod traffic (#16136, @jibi)
change log level for lock failed: endpoint is in the process of being removed (#16773, @humancalico)
Cilium Envoy integration is updated to Envoy release 1.18.4 (#17236, @jrajahalme)
Cilium Istio integration is updated to Istio release 1.10.4 (#17275, @jrajahalme)
cilium: Encryption EKS 4.14 kernel (default) fixes (#15867, @jrfastab)
daemon, node: Fix faulty router IP restoration logic (#16672, @christarazi)
daemon: Ignore cilium_* interfaces when deriving NodePort device (#16104, @eyanulis)
daemon: require BPF masq to enable --install-no-conntrack-iptables-rules (#16085, @jibi)
datapath: Do not SNAT replies to outside (#17168, @brb)
datapath: panic explicitly when IP of direct-routing-device not found (#17064, @ArthurChiao)
datapath: Use TUNNEL_MODE as indicator for tunnel mode (#16328, @anfernee)
DNS proxy is now more available during Cilium restarts, including upgrades. (#16391, @jrajahalme)
Drop a @ in clustermesh-apiserver helm chart (#15934, @anthr76)
endpoint: trigger k8s sync controller on identity update (#16381, @jibi)
eni: Fix Cilium overallocating network interfaces (#15911, @gandro)
Envoy configuration with --proxy-prometheus-port is fixed. (#16834, @jrajahalme)
Envoy is updated to release 1.17.3 (#16102, @jrajahalme)
External Workloads service access is enabled again. (#16662, @jrajahalme)
Fix "unable to update ipcache map entry on pod add" harmless log warnings (#16286, @aanm)
Fix 5.10+ complexity issue with kubeProxyReplacement=disabled (#16084, @pchaigno)
Fix a crash where user specifies incorrect service name in a local redirect policy config, or policy selected service is added after the policy is added. (#16216, @aditighag)
Fix aws-cni integration where pods were not being scheduled (#15915, @aanm)
Fix bug where Cilium allocates a new router (cilium_host) IP upon node reboot, breaking connectivity especially with IPsec (#16307, @christarazi)
Fix bug where IP addresses of devices in unknown state are resolved as remote-node (#17418, @jibi)
Fix bug where L7 ingress policies with IPsec dropped traffic in tunneling mode (#16057, @christarazi)
Fix bug where timers used for retries sometimes fired immediately (#16955, @gandro)
Fix bug where users were unable to use node-selectors in the BGP configuration when using BGP support (#16341, @christarazi)
Fix bug with Helm chart where a user could not enable BGP and set Operator resources. (#16273, @rkage)
Fix incorrect packet path with IPsec and endpoint routes, which can cause incorrect policy drops. (#17000, @pchaigno)
Fix issue where generating Hubble certs were broken (#16509, @alex1989hu)
Fix Linux slave interface detection (#17189, @pchaigno)
Fix memory leak that can occur with the presence of FQDN policies (#17432, @aanm)
Fix transient policy deny during agent restart (#17115, @jaffcheng)
Fixed bug causing policy realization being skipped in some scenarios with endpoint identity churn. (#16271, @jrajahalme)
Fixes out-of-sycn CEP update (#17001, @Weil0ng)
helm: Fix patch failure when updating hubble-generate-certs (#16373, @gandro)
helm: upgrade envoy to v1.18.4 for hubble-ui (#17439, @geakstr)
hubble/recorder: Refactor service implementation to fix multiple races (#16472, @gandro)
hubble: Display proxy redirects in policy verdict events (#17411, @pchaigno)
hubble: Never fail with ErrInvalidRead (#17046, @michi-covalent)
Ignore K8s namespace events that have the same labels (#16268, @aanm)
install: Allow setting enable-health-check-nodeport to 'false' (#16323, @dctrwatson)
ipam: fix crd mode (#16493, @joamaki)
ipsec: Fix logging of SPI after key rotations (#16557, @pchaigno)
ipsec: Fix off-by-one error on max keyID (#16647, @pchaigno)
iptables: Remove leading zeroes (#16817, @jrajahalme)
lbmap: fix deletion and recreation logic for maglev maps (#16850, @jibi)
loader: Revert incorrect initialization of endpoints in chaining mode (#16227, @pchaigno)
lrp: Skip clusterIP service restore in service delete callback (#16548, @aditighag)
node: Fix race condition on labels' getter/setter (#17217, @pchaigno)
Optimize memory consumption for clusters with high number of repeated FQDN matchPattern or matchNames (#17224, @aanm)
Perform reverse NAT at host interface (#15354, @krishgobinath)
pkg/identity: Add missing labels to well-known identities (#16585, @mauriciovasquezbernal)
pkg/option: Fix default assignment of EnableWellKnownIdentities (#16434, @mauriciovasquezbernal)
Plumb Azure interface's VPC / primary CIDR and set it as native routing CIDR in Azure IPAM mode (#16696, @christarazi)
policy: Fix cilium policy trace output when only deny rules are applied (#16991, @chez-shanpu)
Potential deadlock in pod identity updates has been fixed. (#16529, @jrajahalme)
Potential deadlock in pod identity updates has been fixed. (#16801, @jrajahalme)
Remove node.cilium.io/agent-not-ready node taints if they are re-added after Cilium has started (#17112, @aanm)
Remove CiliumNode deletion logic from CiliumNode watcher and guarantee CiliumNode's OwnerReference is always set (#17329, @christarazi)
Remove previous PERM ARP entries installed by Cilium when kube-proxy-replacement and IPSec are disabled. (#16359, @aanm)
Removes cilium daemonset's dependencies on utilities like sh and mount having installed in the underlying host distributions. (#16815, @aditighag)
routing: Fix incorrect interface selection for egress pod routes (#17169, @pchaigno)
Set right User Agent in Kubernetes client for all Cilium components. (#17417, @aanm)
ui envoy: fix config to keep grpc conn (#15938, @geakstr)
wireguard: Fix traffic counters in cilium debuginfo (#16178, @gandro)

CI Changes:

.github/workflows: install ginkgo for test suite build test (#16605, @tklauser)
.github/workflows: use latest stable cilium-cli release (#16892, @tklauser)
.github/workflows: verify that each commit builds for test suite changes (#16556, @tklauser)
.github: AWS-CNI end-to-end test (#16365, @pchaigno)
.github: Bump CLI version to v0.6 (#15948, @joestringer)
.github: Cancel outdated GitHub workflows (#16199, @pchaigno)
.github: Capture hubble flows when smoke test fails (#16968, @christarazi)
.github: Disable flow validation in flaky tests (#16388, @pchaigno)
.github: do not useDigest in conformance tests (#16836, @aanm)
.github: Don't persist credentials in repository (#16052, @pchaigno)
.github: Don't run CodeQL for every master push (#16241, @pchaigno)
.github: Don't wait for GKE cluster cleanup (#16319, @pchaigno)
.github: Fix concurrency group comment triggers (#16310, @pchaigno)
.github: Fix error triggered by large comments (#16360, @pchaigno)
.github: Fix scheduled end-to-end tests (#16274, @pchaigno)
.github: Fix smoke tests sysdump collection from failing prematurely (#17032, @christarazi)
.github: harden permissions on GH workflows (#16941, @aanm)
.github: Limit CodeQL workflow to .go files (#16389, @pchaigno)
.github: Set commit status to error when workflow are cancelled (#16155, @pchaigno)
.github: Skip unnecessary workflow steps (#16157, @pchaigno)
.github: Speed up cluster cleanups in end-to-end tests (#16207, @pchaigno)
.github: Test IPsec with high value for keyID (#16113, @pchaigno)
.github: Update docs workflow to checkout v2 (#16135, @pchaigno)
Add workflows for stable branches (#16944, @aanm)
bpf/Makefile: Enable setting complexity options (#17364, @pchaigno)
Bump cilium-cli to v0.8.4 (#16799, @tklauser)
checkpatch: update to lastest image to fix checkpatch exit status (#17450, @qmonnet)
ci-gke: Add -v=6 for kubectl get pods (#15994, @michi-covalent)
ci-multicluster: Fix post-test information gathering (#16712, @gandro)
ci/conformance: Various image-related fixes (#16715, @gandro)
ci/wireguard: Ensure allowedIPs are set as expected (#16011, @gandro)
ci: add slack notification to GH actions (#16218, @nebril)
ci: Bump cilium-cli version (#16617, @nebril)
ci: Bump ubuntu-next image (#16865, @brb)
ci: Disable NFS locking (#16554, @gandro)
ci: fix sysdump path (#17455, @nebril)
ci: restart portmap service on CI nodes (#16506, @nebril)
ci: update cilium-cli to 0.9.1 (#17464, @nebril)
cicd: skip codesql on forks (#16560, @ldelossa)
conformance tests: Use hubble-relay-ci image (#16363, @michi-covalent)
connectivity-check: Reduce chances of port conflict with proxy (#15988, @pchaigno)
ebpf unit testing (#16862, @xinyuannn)
ebpf unit testing -- handle tailcalls and support user-space map emulation (#17114, @xinyuannn)
examples, connectivity-check, test: Use even-numbered nodePort (#16158, @christarazi)
Fix and add more commands in CI sysdumps (#16721, @aanm)
Fix Azure-related data races (#17054, @christarazi)
github: Misc improvements for the L4LB test suite (#17005, @brb)
helm,test: Add standalone L4LB XDP tests in a form of Github Action (#16338, @brb)
hubble/relay: Fix close of closed channel in unit test (#16958, @gandro)
Improve ipsec compile-time testing in CI (#15872, @joestringer)
jenkins: switch runtime tests from 4.9 to net-next on master (#17186, @nbusseneau)
jenkinsfiles: fix race detector pipelines (#16056, @nbusseneau)
Make LRP restore test logic robust and optimized (#16194, @aditighag)
node-neigh: Fix concurrent arping update unit test flake (#16578, @brb)
node-neigh: Fix unit test flake (#16072, @brb)
node-neigh: Wait instead of sleeping in unit tests (#17035, @aanm)
node: fix arpping test (#16432, @jibi)
NodePort health checks should be disabled when kube-proxy is installed (#16477, @pchaigno)
Pick up cilium-cli v0.8.2 (#16650, @michi-covalent)
Pick up cilium-cli v0.8.3 (#16689, @michi-covalent)
rate: fix TestStressRateLimiter when run with race detector (#16262, @tklauser)
Remove tests/ and examples/demo/ (#17003, @brb)
Revert ".github: Create lint-rst.yaml" (#16786, @bmcustodio)
Switch ginkgo upgrade testing to upgrade from v1.10->latest (#16483, @joestringer)
test/Bookinfo: Collect full artifact in case of failure (#16775, @pchaigno)
test/helpers: add the json output debug in case of failure (#17070, @aanm)
test/helpers: Fail test on errors (#16395, @pchaigno)
test/helpers: Fix incorrect count of endpoints (#16437, @pchaigno)
test/helpers: Fix panic due to missing CEP status (#16443, @pchaigno)
test/helpers: Save JSON artifacts as .json (#16442, @pchaigno)
test/K8sBookInfo: Readiness probes for test pods (#16869, @pchaigno)
test/runtime: Look into log errors after test start (#17351, @joamaki)
test/runtime: Wait for endpoints to be ready before querying by labels (#15990, @pchaigno)
test: 5.4 CI job (#15765, @pchaigno)
test: Add klog lock error to allow-list (#16698, @pchaigno)
test: Adds test for BPF NAT engine handles unknown protocol packets (#15914, @navarrothiago)
test: bump coredns version to 1.7.0 (#17489, @aanm)
test: Debug kubectl.GetPrivateIface failure (#16863, @pchaigno)
test: Debug IPsec test (#16700, @pchaigno)
test: Delete DNS pods in AfterAll for datapath tests (#16835, @joestringer)
test: Delete Istio resources if install does not complete (#16440, @jrajahalme)
test: do not useDigest in upstream tests (#16886, @aanm)
test: Don't pass namespace for CCNPs (#16768, @pchaigno)
test: Don't skip encapsulation tests on GKE (#16627, @pchaigno)
test: Enable verbose policy logs to help debug flake (#16748, @pchaigno)
test: Extend the clusterIP tests with policy (#15928, @aditighag)
test: Fix artifact collection for bad log failures (#16489, @pchaigno)
test: Fix artifact collection for FQDN matchPattern test (#16759, @pchaigno)
test: Fix flake in ValidateEndpointsAreCorrect (#16068, @pchaigno)
test: Fix fragment tracking test on GKE (#15959, @pchaigno)
test: Fix helper to retrieve tail call counters (#16803, @pchaigno)
test: Fix incorrect uninstall in K8sBandwidth (#16053, @pchaigno)
test: fix Infinite loop during VM provisioning (#17031, @h3llix)
test: Fix local runs of K8sUpdates (#16802, @pchaigno)
test: Fix missing artifacts for tests with parentheses (#16540, @pchaigno)
test: Fix the search for VIPs in cilium service list (#15968, @pchaigno)
test: Instrument LB IP via BGP test with debug-events (#16445, @christarazi)
test: Log input to json.Unmarshal when it fails (#16099, @pchaigno)
test: Misc improvements (#16064, @pchaigno)
test: Move instrumentation to AfterFailed instead of AfterAll (#16845, @christarazi)
test: Pass container to ExecPodCmdBackground() (#16435, @jrajahalme)
test: Quarantine fragment tracking test on GKE (#16051, @pchaigno)
test: Redeploy DNS after endpointRoutes reconfiguration (#16767, @joestringer)
test: Remove outdated error msg from allowlist (#16998, @pchaigno)
test: Remove Services SCTP test case (#16895, @brb)
test: Remove special case for host identity when remote-node identity is disabled (#16450, @romanspb80)
test: Remove uptime reporting (#16486, @brb)
test: Retrieve the private interface in an Eventually (#16990, @christarazi)
test: Run WG with per-endpoint routes (#15906, @brb)
test: set kubeProxyReplacement=probe for upstream k8s tests (#16162, @aanm)
test: Skip Istio test on k8s <1.17 (#17445, @jrajahalme)
test: Specify node-selectors in BGP configmap (#16412, @christarazi)
test: Spring cleaning of K8sServicesTest (#16470, @brb)
test: Tiny cleanup of k8s_install.sh (#16534, @brb)
test: Update list of allowed level=error logs (#16623, @pchaigno)
test: Use hubble observe's jsonpb output in artifacts (#16054, @pchaigno)
test: Use new test-verifier image in K8sVerifier (#16231, @pchaigno)
test: Wait for kube-dns before starting test (#16411, @jrajahalme)
tests: rework custom calls's AfterEach/AfterAll blocks to skip if needed (#16651, @qmonnet)
Update cilium-cli to v0.9.0 (#17330, @tklauser)
vagrant: Bump all Vagrant box versions (#16589, @pchaigno)
wireguard: Fix timeout in unit test (#16001, @gandro)
workflows/L4LB: Reprovision if vagrant up fails (#17339, @brb)
workflows: issue_comment triggers refactoring (#17419, @nbusseneau)
workflows: add external workload conformance test (#16789, @nbusseneau)
workflows: add test exceptions for failing L7 tests on EKS with IPsec (#17140, @nbusseneau)
workflows: disable scheduled runs for 1.10 AKS workflow (#17053, @nbusseneau)
workflows: disable scheduled runs for 1.10 workflows (#17023, @nbusseneau)
workflows: filter out schedule events from forks (#16012, @nbusseneau)
workflows: Fix change detection of comment-triggered jobs (#17171, @pchaigno)
workflows: fix concurrency group names (#16711, @nbusseneau)
workflows: Fix Hubble flow capture in smoke tests (#17137, @pchaigno)
workflows: fix L4LB test missing PR reporting on issue_comment (#16830, @nbusseneau)
workflows: fix permissions (#17008, @nbusseneau)
workflows: fix Relay pgrep check when using additional flags (#16831, @nbusseneau)
workflows: Fix use of paths-filter on master pushes (#16507, @pchaigno)
workflows: Improve the change check for issue_comment triggers (#16841, @pchaigno)
workflows: increase VM creation retry count on external workloads (#17138, @nbusseneau)
workflows: lessen clustermesh clusters names (#16029, @nbusseneau)
workflows: only gather artifacts on failure (#16010, @nbusseneau)
workflows: pin cilium-cli version to v0.8.6 (#17143, @nbusseneau)
workflows: remove label filters for testing workflows (#16735, @nbusseneau)
workflows: retry GCP VM creation up to 3 times (#17068, @nbusseneau)
workflows: Revert changes to comment-triggered workflows (#17173, @pchaigno)
workflows: Skip building cilium-operator image (#16501, @pchaigno)
workflows: Skip FQDN tests in AWS-CNI workflow (#16868, @pchaigno)
workflows: Skip jobs instead of workflows (#16487, @pchaigno)
workflows: Skip L7 test in AWS-CNI chaining mode (#17122, @pchaigno)
workflows: update cluster names and tags (#15944, @nbusseneau)
workflows: use !success() for sysdump and Slack notifications (#16899, @nbusseneau)
workflows: Use new cilium sysdump (#17428, @pchaigno)
workflows: various fixes & consistency passes (#16787, @nbusseneau)
workflows: various small fixes (#16311, @nbusseneau)

Misc Changes:

.gitattributes: Hide Documentation/_static. (#16929, @joestringer)
.github/workflows: Fix typo (#16074, @christarazi)
.github: add external docs references to be updated after a release (#16177, @aanm)
.github: add instructions when releasing a new minor version (#16405, @aanm)
.github: add MLH config for flake tracking (#17040, @aanm)
.github: add more release steps (#16257, @aanm)
.github: add step to check for GH workflow when chart is released (#16851, @aanm)
.github: Create lint-rst.yaml (#16387, @geyslan)
.github: Fix image digest job printing (#16660, @joestringer)
.github: ignore k8s deps in dependabot (#16240, @tklauser)
.github: Rename project/ci-force to ci/flake (#17344, @pchaigno)
.github: Rename maintainer's little helper's config file (#16458, @pchaigno)
.github: set link for GH issue feature template (#17214, @aanm)
Add arm64 support for the connectivity test (#15894, @aanm)
Add AWS & Yahoo (#17406, @tgraf)
Add cilium_egress_v4 to ignoredELFPrefixes (#16334, @Divya063)
Add Cognite to USERS (#17405, @tgraf)
Add developer build option to disable optimizations (#16923, @xyz-li)
Add eCHO (#16283, @lizrice)
Add Form3 to users (#16643, @kevholditch-f3)
Add identity GC metrics for CRD allocation mode (#15905, @rscampos)
Add missing bpftool map dumps (#16055, @h3llix)
Add neighbor discovery behavior docs to kubeproxy-free. (#17469, @bjhaid)
add note about selecting proper interface name for masquerading (#17443, @rootkamil)
add stable.txt (#16453, @rolinh)
Adding error checks for ctx_load_bytes. (#16138, @trvll)
Allow configuration of probe timers in Helm chart (#16584, @jonkerj)
Avoid transitive dependency on github.com/miekg/dns in policy API (#16806, @tklauser)
backporting: Suggest only one related commit for a backport (#16907, @joestringer)
Better error reporting/catching in agent on nativeRoutingCIDR (#16646, @jibi)
bpf/pcap: Use CAPTURE{4,6}_RULES macros (#16809, @pchaigno)
bpf: Cleanup datapath macros (#17150, @pchaigno)
bpf: ct: use union to hide the rx_bytes hack (#16471, @jibi)
bpf: Remove duplicate define from MAX_BASE_OPTIONS (#16911, @christarazi)
bpf: rename variables with camel-case names (#16476, @qmonnet)
bpf: two small janitorial cleanups (#16198, @tklauser)
bpf_host: emit '-> network' traces for egress packets (#16082, @navarrothiago)
bugtool: Collect BPF cgroup programs related information (#16691, @aditighag)
bugtool: Default pprof to the agent's gops port (#17004, @glibsm)
bugtool: Dump xfrm policy stats (#17354, @pchaigno)
bugtool: Include listing of egress gateway map (#17378, @pchaigno)
bugtool: Update ip{6,}tables commands (#16778, @pchaigno)
build(deps): bump 8398a7/action-slack from 3.9.1 to 3.9.2 (#16995, @dependabot[bot])
build(deps): bump 8398a7/action-slack from 3.9.2 to 3.9.3 (#17383, @dependabot[bot])
build(deps): bump 8398a7/action-slack from 3.9.3 to 3.10.0 (#17447, @dependabot[bot])
build(deps): bump actions/cache from 2.1.5 to 2.1.6 (#16345, @dependabot[bot])
build(deps): bump actions/cache from 2.1.5 to 2.1.6 (#16357, @dependabot[bot])
build(deps): bump actions/download-artifact from 2.0.9 to 2.0.10 (#16575, @dependabot[bot])
build(deps): bump actions/setup-go from 2.1.3 to 2.1.4 (#17247, @dependabot[bot])
build(deps): bump actions/upload-artifact from 2.2.3 to 2.2.4 (#16576, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.10 to 1.5.11 (#16942, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.10 to 1.5.11 (#16959, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.8 to 1.5.9 (#16182, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.9 to 1.5.10 (#16413, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.9 to 1.5.10 (#16504, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.4.0 to 2.5.0 (#16327, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.5.0 to 2.6.1 (#16743, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.6.1 to 2.7.0 (#17196, @dependabot[bot])
build(deps): bump docker/login-action from 1.9.0 to 1.10.0 (#16638, @dependabot[bot])
build(deps): bump docker/login-action from f3364599c6aa293cdc2b8391b1b56d0c30e45c8a to 1.9.0 (#15917, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 012185ccbeb554a7f5f987bea0f1a73519b3cdf5 to 1.3.0 (#15940, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.3.0 to 1.4.1 (#16682, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.4.1 to 1.5.0 (#16760, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.5.0 to 1.5.1 (#16853, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 (#17346, @dependabot[bot])
build(deps): bump docker/setup-qemu-action from 1.1.0 to 1.2.0 (#16326, @dependabot[bot])
build(deps): bump dorny/paths-filter from 2.10.1 to 2.10.2 (#16532, @dependabot[bot])
build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1095 to 1.61.1153 (#16606, @dependabot[bot])
build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1153 to 1.61.1214 (#17072, @dependabot[bot])
build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.957 to 1.61.1095 (#16215, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2 from 1.6.0 to 1.7.1 (#16905, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.1.6 to 1.2.0 (#16143, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.2.0 to 1.5.0 (#16927, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.5.0 to 1.6.0 (#17096, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/feature/ec2/imds from 1.1.0 to 1.1.1 (#16452, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.13.0 to 1.16.0 (#17347, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/service/ec2 from 1.5.0 to 1.9.0 (#16625, @dependabot[bot])
build(deps): bump github.com/Azure/azure-sdk-for-go from 50.0.0+incompatible to 50.2.0+incompatible (#16077, @dependabot[bot])
build(deps): bump github.com/go-openapi/errors from 0.19.9 to 0.20.0 (#16796, @dependabot[bot])
build(deps): bump github.com/go-openapi/loads from 0.20.0 to 0.20.2 (#16185, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.19.26 to 0.19.28 (#16242, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.19.28 to 0.19.29 (#17055, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (#17101, @dependabot[bot])
build(deps): bump github.com/go-openapi/swag from 0.19.14 to 0.19.15 (#16351, @dependabot[bot])
build(deps): bump github.com/go-openapi/validate from 0.20.1 to 0.20.2 (#16808, @dependabot[bot])
build(deps): bump github.com/google/go-cmp from 0.5.5 to 0.5.6 (#16368, @dependabot[bot])
build(deps): bump github.com/google/renameio from 1.0.0 to 1.0.1 (#16921, @dependabot[bot])
build(deps): bump github.com/hashicorp/consul/api from 1.3.0 to 1.9.1 (#17188, @dependabot[bot])
build(deps): bump github.com/kr/pretty from 0.2.1 to 0.3.0 (#17117, @dependabot[bot])
build(deps): bump github.com/mattn/go-shellwords from 1.0.10 to 1.0.12 (#17061, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.2 to 3.21.5 (#16410, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.5 to 3.21.7 (#17127, @dependabot[bot])
build(deps): bump google.golang.org/protobuf from 1.26.0 to 1.27.1 (#17233, @dependabot[bot])
build(deps): bump helm/kind-action from 1.1.0 to 1.2.0 (#16706, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.3.0 to 1.4.0 (#16466, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.4.0 to 1.4.1 (#16956, @dependabot[bot])
build(deps): bump Sibz/github-status-action from 1.1.5 to 1.1.6 (#17476, @dependabot[bot])
build(deps): update KyleMayes/install-llvm-action requirement to v1.3.0 (#16059, @dependabot[bot])
Bump github.com/aws/aws-sdk-go-v2/service/ec2 to v1.13.0 (#17113, @ungureanuvladvictor)
bwm: queue mapping & cong fixes (#15964, @borkmann)
byteorder: Simplify byteorder package (#16201, @twpayne)
checkpatch: update image to fix checks on commit object and message (#17067, @qmonnet)
checkpatch: update image to improve checks and extend to all commits (#16739, @qmonnet)
Checks k8s metadata for pod before removing IP from ipcache (#17161, @Weil0ng)
choir: normalize error handling in kube_proxy_replacement.go (#16811, @ldelossa)
chore: normalize returning of errors in NewDaemon (#16861, @ldelossa)
ci: Increase the CI image wait timeout to 30 minutes (#17409, @michi-covalent)
ci: use git status instead of git diff to check for a clean state (#16619, @kaworu)
Clarify one-time setup for backporting (#16016, @christarazi)
Cleanup Azure allocator cloud name detection code (#16888, @ungureanuvladvictor)
clustermesh: fix CEP status patch (#16986, @nbusseneau)
CODEOWNERS: add entries for health, recorder and relay APIs (#16522, @tklauser)
CODEOWNERS: Assign pkg/cgroups to cilium/bpf (#16758, @pchaigno)
CODEOWNERS: Give maintainer's code to github-sec team (#16426, @pchaigno)
codeql: Fix GitHub Action permissions (#17376, @twpayne)
conditionally change hubble relay port in hubble-ui (#16511, @alex1989hu)
contrib/backporting: add environment variables to set ORG and REPO (#17424, @aanm)
contrib/docs: rename 'cilium-actions.yml' with 'maintainers-little-helper.yaml (#16750, @aanm)
contrib/vagrant/start.sh: add a NO_BUILD export (#17425, @kkourt)
contrib/vagrant: Use CRDs instead of kvstore if K8S=1 (#15913, @pchaigno)
contrib: Ensure release tag is upstream before push (#15903, @joestringer)
contrib: Explicitly set remote for backport branches (#16804, @twpayne)
contrib: Fix bump-readme.sh script (#17311, @joestringer)
contrib: fix dual-stack support in dev VMs (#15887, @aanm)
contrib: Fix scripts for v1.10 (#15898, @joestringer)
contrib: Identify upstream commits by author and date (#16572, @pchaigno)
contrib: Improve release script guard rails (#16936, @joestringer)
contrib: Make upstream commit check more generic (#16160, @joestringer)
contrib: Request author review during backports (#16484, @joestringer)
contrib: simplify check-docker-images script (#16176, @aanm)
contrib: update etcd's dev VM version (#16193, @aanm)
Convert license headers to SPDX (#16887, @ldelossa)
correct comment Service6Key and Service4Key (#17271, @ChenYahui2019)
daemon, ipam, option: Introduce ability to bypass IP availability error (#17492, @christarazi)
daemon: Add --derive-masquerade-ip-addr-from-device opt (#17230, @brb)
daemon: fix race in config handler (#17413, @h3llix)
daemon: Improve logging of device auto-detection (#16118, @brb)
daemon: log any error returned by RestoreServices() (#16666, @jibi)
daemon: Warn on disabling iptables (#16611, @joestringer)
datapath/linux: enable neighbor discovery in unit tests (#17044, @aanm)
datapath: Sort VLAN IDs in generated macros (#17105, @jrajahalme)
dev-doctor: add check for the root directory (#16205, @twpayne)
dev-doctor: Add docker and docker buildx checks (#16265, @twpayne)
dev-doctor: Bump minimum hub version requirement for backporting (#16734, @twpayne)
dev-doctor: use default GOPATH when missing from env (#17385, @kaworu)
doc/encryption: improve consistency between ipsec and wireguard guides (#15965, @rolinh)
doc: update Hubble/Hubble Relay guides for recent CLI changes (#15981, @rolinh)
Dockerfile: use alpine 3.12 (#15950, @aanm)
docs(k3s): add back the flag to disable network policies (#16755, @rio)
docs, bpf: fix llvm-objdump --no-show-raw-insn options (#16848, @ClaudiaJKang)
docs, gsg: add link to plumbers talk on service lb mechanisms (#16171, @borkmann)
docs, gsg: minor edits to kpr guide and note on hybrid use (#16169, @borkmann)
docs/ipsec: misc improvements (#15978, @kaworu)
docs: account for bandwidth manager now being disabled by default (#16782, @bmcustodio)
docs: add 'endpointRoutes.enabled=true' to aws-cni (#16045, @bmcustodio)
docs: add a "Copy Commands" button for shell-session snippets (#16408, @qmonnet)
docs: add a reference of helm values (#16238, @bmcustodio)
docs: Add caveat for OpenShift (#16161, @christarazi)
docs: add cilium build depedency when regen'ing docs (#17155, @ldelossa)
docs: add custom spelling filter to check WireGuard spelling (#16513, @qmonnet)
docs: add forking instructions + workflow + fix contributing notes (#16025, @nbusseneau)
docs: add guidelines for contributing to Cilium's documentation (#16738, @qmonnet)
docs: add ids to the list of special identities (#16123, @bmcustodio)
docs: add information about ConfigMap updates (#16141, @aanm)
docs: Add missed build tag flags in testing docs (#17160, @twpayne)
docs: add missing mount bpf fs on minikube GSG (#16324, @aanm)
docs: Add note about DNS-related policies on OpenShift (#16083, @twpayne)
Docs: Changed parameters for minikube start (#16570, @mauilion)
docs: Clarify coordination for backporting process (#15989, @christarazi)
docs: Clarify exact requirements for the egress gateway (#17381, @pchaigno)
docs: clarify language on libceph and kernel 5.8 in kubeproxy-free GSG (#16969, @bluikko)
docs: Clarify LRP loop related note (#16342, @aditighag)
docs: Clarify SA target in KPR gsg (#16954, @brb)
docs: clustermesh: fix output of "cilium clustermesh status" command (#15982, @jibi)
docs: deprecate native-routing-cidr from v1.10 (#16688, @jibi)
docs: Document --debug-verbose=datapath in debugging datapath section (#16022, @navarrothiago)
docs: Document dns visibility limitations (#16822, @joestringer)
docs: document the policy for backporting documentation changes (#16137, @qmonnet)
docs: ENIs should not be managed by the OS (#16186, @gandro)
docs: fix a typo in Helm installation documentation (#16325, @netflash)
docs: Fix build failure (#16454, @pchaigno)
docs: fix check-crd-compat-table script (#16545, @aanm)
docs: fix code-block for bpf mount example (#16719, @aanm)
docs: fix code-block formatting for XDP load example (#16876, @ClaudiaJKang)
docs: Fix command for overwriting iptables on kube-proxy replacement install (#16264, @Stijn98s)
docs: Fix egress gateway getting started guide (#15984, @gandro)
docs: fix Helm documentation and doc checks (#16737, @qmonnet)
docs: Fix Helm instructions for BGP (#16263, @xentobias)
Docs: Fix maglev.hashSeed byte size documentation (#16690, @gaffneyd4)
docs: Fix missing quote in gcloud command for GKE (#17014, @christarazi)
docs: fix some dead links (#16336, @aanm)
docs: Fix typo in BGP GSG (#16563, @christarazi)
docs: Fix up broken minikube link (#17382, @joestringer)
docs: Fix version sorting for CRD schema docs (#17288, @joestringer)
docs: fix warnings for documentation build, use a linter (#16407, @qmonnet)
docs: Fix WireGuard spelling (#16293, @gandro)
docs: gsg/operations - use parsed-literal for all blocks referring SCM_WEB (#15963, @ti-mo)
docs: Hubble UI does not show HTTP endpoints anymore (#16535, @gandro)
docs: ignore __pycache__ directory created by custom spelling filters (#16791, @qmonnet)
docs: improve and fix minor issues (#15975, @qmonnet)
docs: improve the aws-cni chaining page (#15979, @bmcustodio)
docs: improve the bandwidth manager page (#16783, @bmcustodio)
docs: Improve wording around Helm values in OKD GSG (#16069, @errordeveloper)
docs: include maintainers CODEOWNERS release process (#15924, @aanm)
docs: Instructions to upgrade aws-cni (#16431, @pchaigno)
docs: mark node-to-node IPSec encryption as beta (#16200, @qmonnet)
docs: minor improvements to tuning guide (#16024, @borkmann)
docs: Minor language tweak (#15923, @glibsm)
docs: remove 1.7 upgrade guide and add upgradeCompatibility for 1.9 (#16288, @aanm)
docs: remove misplaced sentence from Quick Installation guide (#15971, @lfundaro)
docs: rename maintainers team to cilium-maintainers (#16591, @aanm)
docs: run GitHub action when Charts are touched to check Helm values ref (#16577, @qmonnet)
docs: Some Wireguard improvements (#16023, @brb)
docs: tell how to deploy demo app in Hubble CLI guide (#15973, @lfundaro)
docs: Update link to be specific to Janitors (#16732, @pchaigno)
docs: update OpenShift getting started guide (#16006, @twpayne)
docs: Update packer-ci-build docs (#17395, @twpayne)
docs: update requirements (urllib3 1.26.5, requests 2.25.1) (#16396, @qmonnet)
docs: Update SIG-Datapath meeting time. (#16027, @joestringer)
docs: update the version specific notes table (#16710, @bmcustodio)
docs: Update troubleshooting for 1.10 (#16081, @twpayne)
docs: use .. code-block:: shell-session wherever relevant (#16474, @qmonnet)
docs: Use cilium sysdump instead of python sysdump (#17402, @michi-covalent)
docs: various fixes to documentation, notably Getting Started Guides (#16126, @nbusseneau)
Documentation/gettingstarted: fix helm arguments (#17496, @AlexZzz)
Documentation: dont use docker for check-cmdref (#16939, @kkourt)
ebpf: delete existing pinned map if incompatible with the spec (#15832, @jibi)
Encryption docs update (#14940, @aditighag)
ethtool: use ioctl wrapper from golang.org/x/sys/unix (#17153, @tklauser)
examples: add an example of a hubble-cli Deployment (#16459, @kaworu)
examples: Fix up standalone-etcd.yaml (#17369, @joestringer)
Fix alias of cilium-health get (#16891, @xyz-li)
Fix encryption getting started guides for v1.10 (#15961, @jibi)
Fix logging for expired FQDN IPs (#16030, @youssefazrak)
fix warning log for list IPV6 address: move IPV4 to IPv6. (#16475, @lic17)
fix(docs): bandwidth-manager install error (#17338, @withlin)
Fixed a minor race condition on drop counts when hubble starts drops flows/events, because of a full channel. This change also will log the fact that drops are happening once, rather than a log message for every drop, and will log an additional comment after drops are no longer happening with the number of events/flows that were dropped. (#15967, @nathanjsweet)
Follow ups for host firewall support of endpoint routes (#15942, @pchaigno)
fqdn: add fqdn proxy interface (#17318, @nebril)
github: Fix external workloads test file syntax (#17019, @brb)
github: Increase workflow timeout (#16819, @jrajahalme)
helm: Remove redundant capabilities (#17131, @gandro)
helm: set correct versions of docker images in Makefile (#17477, @aanm)
hubble: Fix data races in pkg/hubble.TestRingReader_NextFollow_WithEmptyRing (#17397, @gandro)
images/script: update the example hubble cli Deployment version (#16537, @kaworu)
images: Bump Hubble CLI to v0.8.2 (#17362, @kaworu)
images: Bump iproute2 image (#17222, @brb)
images: Move hubble-proto into cilium-builder (#16217, @gandro)
images: Remove trailing newlines before computing SHA256 (#16621, @pchaigno)
Improve author attribution scripts (#15899, @joestringer)
Improve logging when cgroupfs mount fails (#15999, @johngv2)
Improve output of development VM startup (#17343, @pchaigno)
Improve the Helm chart documentation. (#16469, @bmcustodio)
Improves the error logs during the bpf maps updating (#16034, @elfadel)
install/kubernetes: remove duplicated 'key' in volumes (#17123, @aanm)
install: Fix hubble-ui-backend digest tracking (#15900, @joestringer)
install: Fix README links to getting started guides (#16947, @joestringer)
Introduce v2 backend map with u32 backend ID (#17235, @Weil0ng)
ipam/allocator/podcidr: fix old pod cidr logging error (#17372, @lrouter)
ipcache: Remove unused fields (#17356, @joestringer)
iptables: Add extra warning message listing missing IPV6 kernel modules (#16842, @oneiro-naut)
issue_14922: Fixed the 429 response code handling (#15760, @Maddy007-maha)
jenkinsfiles: Don't display nulls in current build display name (#17258, @twpayne)
k8s: Bump schema version for v1.11 development (#17289, @joestringer)
k8s: Fix logging (#16530, @jrajahalme)
lbmap: Log svc update after bpf() syscall invocation (#17017, @brb)
logging: enhanced log level setting interface (#16021, @mvisonneau)
MAINTAINERS: update MAINTAINERS.md (#17427, @nbusseneau)
Make backporting responsibility more clear (#15700, @joestringer)
Make go test ./... succeed by default (#16914, @twpayne)
Makefile, contrib: Add script to create kind cluster (#12527, @christarazi)
Makefile: fix line continuation in docker build (#17059, @krsna1729)
Makefile: fix typo in helper message (#17128, @aanm)
maps: switch maglev to cilium/ebpf package (#15546, @jibi)
Minikube guide updates (#16346, @aditighag)
Minor fixes for OKD GSG (#16000, @errordeveloper)
Misc. GH workflow improvements and hardness (#16908, @aanm)
monitor: Initialize agent in deamon early (#17407, @gandro)
monitor: print error message on failure to decode layer (#16397, @qmonnet)
netns: Fix socket leak (#17051, @brb)
node-neigh: Avoid flooding the same next hop (#15882, @brb)
node: Add WireguardPubKey to ToCiliumNode (#16420, @gandro)
operator: Improve identity GC efficiency (#17359, @christarazi)
operator: misc. refactoring and code removal (#16918, @aanm)
option: Fix ipvlan master device config (#17130, @joestringer)
pkg/k8s: add pod IP event change (#16190, @aanm)
pkg/k8s: ignore overwrite source "custom-resource" with "k8s" errors (#16153, @aanm)
pkg/k8s: re-add CiliumIsUp Node condition even if removed (#16857, @aanm)
pkg/kvstore: fix concurrent access of var in testing (#16427, @aanm)
pkg/kvstore: fix TestRunLocksGC unit test (#16596, @aanm)
pkg/node: add comments for IPLen in getCiliumHostIPsFromFile (#16877, @aanm)
Prepare for 1.11.0 development (#15870, @joestringer)
proxy: Expose cachedSelectorREEntry type (#17341, @nebril)
proxylib/test: fix data race between StartAccessLogServer and Close (#16298, @tklauser)
proxylib: Fix data races in unit tests (#17141, @gandro)
README: fix the Weekly Community Meeting time (#17215, @tixxdz)
README: update link to docker images to quay.io (#16116, @jibi)
refactor cert-gen logic (#16900, @dungdm93)
Refactor logging package to split syslog functionality into separate file (#16600, @tklauser)
Refactored, renamed and small misc changes in GH workflows (#16312, @aanm)
Removes CEP subresource. (#15632, @Weil0ng)
replaced and removed useless field in RemoteCache (#16290, @sstoner)
Restrict Kubernetes access for hubble-relay (#16937, @jonkerj)
Restructure helm chart into components (#16795, @dungdm93)
Revert "config: Fix incorrect packet path with IPsec and endpoint rou… (#17057, @aanm)
Revert "docs: add 'endpointRoutes.enabled=true' to aws-cni" (#16756, @bmcustodio)
Revert "docs: deprecate native-routing-cidr from v1.10" (#16695, @jibi)
Revert "Perform reverse NAT at Host Interface" (#17319, @nbusseneau)
Revert "policy: Make selectorcache callbacks lock-free" (#16769, @aanm)
SECURITY.md: Update security policy for v1.10 release cycle (#16254, @joestringer)
sockops: Remove duplicate error logging (#16417, @pchaigno)
Specify scrape interval for Hubble metrics (#16214, @christian-2)
Support serviceAnnotations to helm-metrics service (#17366, @carloscastrojumo)
test/bpf: Flag to continue in case of errors (#16793, @pchaigno)
test: Add HostPort conformance to upstream-k8s (#17048, @joestringer)
test: align filter for kubectl.GetPodsNodes() on kubectl.GetPodsIPs() (#16398, @qmonnet)
test: Delete the test namespace in CLI test (#17134, @jrajahalme)
test: Increase service/DNS timeout from 30 to 240 seconds (#16820, @jrajahalme)
tests: re-enable Host Firewall for AutoDirectNodeRoutes test and encryption + direct routing (#16652, @qmonnet)
Togroups policy fixup (#15987, @psinghal20)
tooling: introduce target for generating json compilation database (#17065, @ldelossa)
treewide: convert more license headers to SPDX (#17151, @twpayne)
Update base images with most recent SHAs (#15895, @aanm)
Update CI infrastructure for v1.10 release (#15947, @christarazi)
Update Go to 1.16.4 (#16058, @tklauser)
Update Go to 1.16.5 (#16428, @tklauser)
Update Go to 1.16.7 (#17116, @tklauser)
Update Go to 1.17 (#17190, @tklauser)
Update Go to 1.17.1 (#17360, @tklauser)
Update stable releases (#16184, @joestringer)
Update stable releases (#16355, @aanm)
Update stable releases (#16547, @aanm)
Update stable releases (#16765, @aanm)
Update stable releases (#16902, @aanm)
Update stable releases (#16948, @joestringer)
Update stable releases (#16988, @joestringer)
Update stable releases (#17310, @joestringer)
update stable releases in README (#16244, @aanm)
Update test/packet instructions for running CI tests on dedicated instances (#16423, @christarazi)
Update USERS.md (#17231, @acholt)
Update weekly community meeting timeslot (#15985, @joestringer)
Use iproute2 with libbpf for loading datapath BPF programs (#16727, @brb)
vagrant: Disable KPR in development VM to match Helm default (#16152, @pchaigno)
vendor: bump etcd to v3.5.0 and grpc to v1.39.0 (#15123, @rolinh)
vendor: bump github.com/vishvananda/netlink to latest master (#16070, @tklauser)
vendor: Bump go.universe.tf/metallb (#16187, @christarazi)
vendor: Update go.universe.tf/metallb (#16523, @christarazi)
vendor: update k8s dependencies and tests to 1.21.1 (#16212, @aanm)
vendor: Update k8s dependencies and tests to 1.21.3 (#16608, @christarazi)
vendor: update mongo-driver to 1.5.1 to fix CVE-2021-20329 (#17234, @aanm)
vendor: update wireguard library (#16066, @aanm)
verifier-test.sh: allow for empty FOO_PROGS (#17408, @kkourt)
version, metrics: allow to build on non-unix platforms (#16679, @tklauser)

Other Changes:

docs: Delete old CRD create by ACK CNI (#16145, @l1b0k)

Docker Manifests

cilium

docker.io/cilium/cilium:v1.11.0-rc0@sha256:95fa7c285f525cf1cf53921d39fccaede425e52e94033015ffa046ddb0edf461
quay.io/cilium/cilium:v1.11.0-rc0@sha256:95fa7c285f525cf1cf53921d39fccaede425e52e94033015ffa046ddb0edf461

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.11.0-rc0@sha256:498f9a2ac1df54c4597d63713a4b79a9e2bd33f71ad88d8341455fc6b4a8754b
quay.io/cilium/clustermesh-apiserver:v1.11.0-rc0@sha256:498f9a2ac1df54c4597d63713a4b79a9e2bd33f71ad88d8341455fc6b4a8754b

docker-plugin

docker.io/cilium/docker-plugin:v1.11.0-rc0@sha256:839e72fa61b333c9cdd02fd10979bcad3915d9d80552babbcd21ba5174e5b26d
quay.io/cilium/docker-plugin:v1.11.0-rc0@sha256:839e72fa61b333c9cdd02fd10979bcad3915d9d80552babbcd21ba5174e5b26d

hubble-relay

docker.io/cilium/hubble-relay:v1.11.0-rc0@sha256:6701a9d2368f02ba866c5e790b9df51920da1756de619701807151be1c6d8568
quay.io/cilium/hubble-relay:v1.11.0-rc0@sha256:6701a9d2368f02ba866c5e790b9df51920da1756de619701807151be1c6d8568

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.11.0-rc0@sha256:65b2a46838ab79547ab0bf92673e08e8350028a43394763118c883d85f84051a
quay.io/cilium/operator-alibabacloud:v1.11.0-rc0@sha256:65b2a46838ab79547ab0bf92673e08e8350028a43394763118c883d85f84051a

operator-aws

docker.io/cilium/operator-aws:v1.11.0-rc0@sha256:3ae7c52766640cdd4a3d0f0967109ecf9796f34c95caab3b4b121165fda71d85
quay.io/cilium/operator-aws:v1.11.0-rc0@sha256:3ae7c52766640cdd4a3d0f0967109ecf9796f34c95caab3b4b121165fda71d85

operator-azure

docker.io/cilium/operator-azure:v1.11.0-rc0@sha256:f9b0ef0ec8b9f2ab46254d217ad532350df3efb41417658afd408922c3a0b7c9
quay.io/cilium/operator-azure:v1.11.0-rc0@sha256:f9b0ef0ec8b9f2ab46254d217ad532350df3efb41417658afd408922c3a0b7c9

operator-generic

docker.io/cilium/operator-generic:v1.11.0-rc0@sha256:587a2c33c698b4900493e31aaded714480be7bde54ed9ce8e41d05a02af9ade5
quay.io/cilium/operator-generic:v1.11.0-rc0@sha256:587a2c33c698b4900493e31aaded714480be7bde54ed9ce8e41d05a02af9ade5

operator

docker.io/cilium/operator:v1.11.0-rc0@sha256:50f5197b356abff51c90c49b6fb185793f8ba49773a3c6bddb21f93bdb40aba6
quay.io/cilium/operator:v1.11.0-rc0@sha256:50f5197b356abff51c90c49b6fb185793f8ba49773a3c6bddb21f93bdb40aba6

cilium/cilium v1.11.0-rc0 1.11.0-rc0 on GitHub