cilium/cilium v1.13.0-rc1

1.13.0-rc1

on GitHub

We are pleased to release Cilium v1.13.0-rc1. These summary of changes are a diff between v1.13.0-rc0 and v1.13.0-rc1.

Summary of Changes

Major Changes:

• Adds partial support for SCTP (#20033, @DolceTriade)
• Add tracing for socket-based load balancing. (#20492, @aditighag)
• ingress: Support shared load balancer mode (#21386, @sayboras)

Minor Changes:

• Add support to fallback from ENI PD if subnet is out of /28 prefixes (#20822, @hemanthmalla)
• Add the additional print columns CiliumInternalIP and InternalIP for kubectl get ciliumnode command. (#21258, @bavarianbidi)
• Add TraceID field to Hubble flow and populate it from L7/HTTP flow. (#21456, @rolinh)
• bpf: Add missing identity to TRACE_TO_STACK packet traces (#21403, @pchaigno)
• cilium, bwm: Disable slow start after idle under pacing (#21356, @borkmann)
• document ipv4/ipv6 native routing cidr helm option missing in Documentation and helm reference (#21195, @vincentmli)
• eni: Add garbage collector for leaked ENIs (#21409, @gandro)
• Fix a crash in cilium bpf endpoint delete when ran without arguments. (#21349, @farcaller)
• fix empty message when tunnel and socketLB service missing in switch case (#21314, @vincentmli)
• helm: Properly support passing subnet-tags/subnet-ids/instance-tags filters as a list (#21297, @slayer321)
• hubble/filter: add a new endpoint workload filter (#21296, @kaworu)
• hubble: Add kafka metrics (#21318, @chancez)
• ingress: Rename LB annotation to annotation prefixes (#21222, @sayboras)
• install: add TerminationMessagePolicy to cilium pods (#21012, @squeed)
• Introduce Hubble HTTP v2 metrics and dashboards (#21181, @chancez)
• ipam: Add exponential backoff when pool maintanance fails (#21473, @gandro)
• ipam: Change default rate limiting access to external APIs (#21387, @gandro)
• K8s client as reusable cell (#21026, @joamaki)
• maglev: support setting a weight of a backend in a service spec via new cmdline argument (#18306, @oblazek)
• sctp: Handle SCTP when correlating Endpoints to services. (#21490, @DolceTriade)
• Support configuring metricsRelabelings on ServiceMonitors (#21051, @chancez)
• Support L4 any port policy. (#21185, @liuxu623)
• Support new hubble metrics context: "labelsContext" (#21079, @chancez)
• When combining XDP Nodeport Acceleration with Egress Gateway, forwarding the EgressGW reply traffic no longer requires a specific iptables configuration on the Gateway node. (#20837, @julianwiedmann)

Bugfixes:

• Cilium-envoy now sets option to allow (source) port reuse when binding to a source address of a pod for upstream connections. (#20996, @jrajahalme)
• cilium/cmd: check datapath mode on running daemon (#21304, @tklauser)
• daemon: avoid nil pointer dereference on invalid endpoint state (#21449, @tklauser)
• daemon: Call initEnv from start hook to avoid data race (#21232, @joamaki)
• daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (#21365, @joamaki)
• kvstore/allocator: fix panic on receiving invalid identity entries (#21213, @ArthurChiao)
• operator: update CiliumNode in kvstore without lease (#21202, @tklauser)
• Remove no more available dockershim flags in kubelet wrapper (#21311, @pippolo84)

CI Changes:

• ci: Move HostPort test from Jenkins CI to the ConformanceKind GitHub Action (#21130, @gandro)
• ci: switch to google-github-actions/auth for GKE based workflows (#21212, @tklauser)
• ci: update cilium-cli to v0.12.4 for master, v1.11 and v1.12 workflows (#21388, @tklauser)
• controlplane: Add support for FieldSelectors and fix NodePort golden output (#21105, @joamaki)
• egressGW: test improvements (#21385, @julianwiedmann)
• gh/workflows: Add datapath conformance suite (#21071, @brb)
• gh/workflows: Make cilium status to wait in DP suite (#21501, @brb)
• gh/workflows: Set LVH image version to 5.10 (#21425, @brb)
• gh/worklows: Add connectivity tests to DP conformance (#21384, @brb)
• gh: bump timeout for ConformanceGKE (#21321, @julianwiedmann)
• k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (#21220, @tommyp1ckles)
• Push workflow status to Loki (#21238, @michi-covalent)
• Read quay organization names from env variables (#21197, @michi-covalent)
• Remove Slack notifications (#21239, @michi-covalent)
• Remove tests-nightly.yaml (#21362, @michi-covalent)
• Set up env variables for build-and-push-with-qemu job (#21233, @michi-covalent)
• test/controlplane: add 1.25, remove 1.23, bump all patch versions (#21286, @squeed)
• test/e2e: Remove GuestBook test in net_policies.go (#21274, @sayboras)
• test: add external_endpoints file for v1beta1 (#21242, @aanm)
• test: add ownership SIG for each ginkgo context (#21315, @aanm)
• test: Extend checkReady condition (#21337, @brb)

Misc Changes:

• Add a helper to assist net.IP -> netip.Addr conversion (#21183, @YutaroHayakawa)
• Add Cilium debugger images and default debugging configuration for kind, vscode (#21108, @joestringer)
• Add Edgeless Systems to Users (#21520, @m1ghtym0)
• add Giant Swarm as Cilium User (#21319, @bavarianbidi)
• Add Magic Leap to USERS.md (#21193, @romachalm)
• Add missing egressGateway/SRV6 Go struct field align tag (#21363, @vincentmli)
• Added Tetragon to the roadmap (#21338, @xmulligan)
• Added Tetragon to the roadmap (#21372, @xmulligan)
• Added ungleich to USERS.md (#21361, @xmulligan)
• alibabacloud: fix incorrect instance-type reported by cilium-agent (#21495, @ArthurChiao)
• An emeritus section was added to MAINTAINERS (#21335, @xmulligan)
• bugtool: Dump envoy config for troubleshooting (#21348, @sayboras)
• build(deps): bump azure/login from 1.4.5 to 1.4.6 (#21265, @dependabot[bot])
• build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3 (#21521, @dependabot[bot])
• build(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible (#21266, @dependabot[bot])
• build(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#21245, @dependabot[bot])
• build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.2 (#21150, @dependabot[bot])
• build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.7 to 3.22.8 (#21168, @dependabot[bot])
• build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21339, @dependabot[bot])
• build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21397, @dependabot[bot])
• build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21511, @dependabot[bot])
• build(deps): bump go.uber.org/goleak from 1.1.12 to 1.2.0 (#21246, @dependabot[bot])
• build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21423, @dependabot[bot])
• build(deps): bump michi-covalent/push-to-loki from 0.2.0 to 0.2.1 (#21308, @dependabot[bot])
• cilium-cni: use netip.Addr instead of CiliumIPv{4,6} types (#21421, @tklauser)
• clustermesh: explicitly report zero remote nodes on connection release (#21248, @tklauser)
• cmd/bpf: Log if no policy maps found (#21429, @aditighag)
• connectivity-check: update images to latest versions (#21467, @tklauser)
• contrib/cherry-pick: parameterize the source branch (#21199, @julianwiedmann)
• counter: add generic implementation and use it to replace StringCounter (#21301, @tklauser)
• daemon: Remove SelectiveRegeneration option (#21413, @joestringer)
• daemon: Skip KPR feature probing when DryMode is enabled (#21129, @joamaki)
• docs: Add cilium overview to internals section (#21412, @joestringer)
• docs: Clarify KPR requirements for Kind (#20749, @brb)
• docs: fix check-crd-compat-table script (#21208, @aanm)
• docs: link tutorials to training section (#21383, @xmulligan)
• docs: Remove RancherOS (#21182, @joestringer)
• docs: retire install using microk8s (#21273, @yoyo-go)
• docs: Update docs.cilium.io navigation bar (#21436, @Kikiodazie)
• Document per-endpoint route requirement in aws-cni Helm snippet (#21276, @ti-mo)
• elf: avoid flooding debug log with empty symbol names (#21448, @tklauser)
• examples: Add connectivity check with netpol (#21415, @joestringer)
• Expand documentation around CODEOWNERS and review expectations (#21057, @joestringer)
• filter out pod labels from synchronizing with cilium endpoint labels (#21135, @NikhilSharmaWe)
• Fix a typo in the comment example (#21402, @farcaller)
• Fix improper regex in check-sources.sh awk command (#21285, @nathanperkins)
• gops: Fix the gops default port (#21481, @joamaki)
• Graduation documentation updated (#21336, @xmulligan)
• helm: Quote all the image fields. (#21463, @michi-covalent)
• Improve memory usage for encoding endpoint objects into JSON (#20524, @odinuge)
• Introduce a cluster-aware addressing scheme and convert some types to use that (#21161, @YutaroHayakawa)
• ip: Add MustAddrFromIP (#21283, @christarazi)
• ipsec: Simplify XFRM IN policies (#21370, @pchaigno)
• k8s-conformance: fix doc formatting (#21203, @julianwiedmann)
• k8s: Resource[T], an implementation of informers with per-sub queues (#21352, @joamaki)
• loader: replace DWARF with BTF for C and Go struct alignment check (#20809, @vincentmli)
• make: fix kind-image-operator target to build the operator-generic image (#21263, @tklauser)
• makefile: use versioned Go container when formatting after api generate. (#21254, @tommyp1ckles)
• Masquerading bpf mode - Improve code readability and comlexity of the datapath. (#19712, @sahid)
• monitor: Add parser for socket-lb tracing events (#21516, @aditighag)
• mount host /boot into cilium-agent container (#21113, @agrevtcev)
• node: Add LocalNodeStore for coordinating updates to local node state (#21191, @joamaki)
• node: Fix incorrect code comment (#21209, @pchaigno)
• operator: Fix enabling of API discovery (#21459, @joamaki)
• policy,labels: Convert more packages to use netip library (#21414, @joestringer)
• policy: Add more ICMP unit tests (#20779, @sayboras)
• policy: use netip.Addr when constructing CIDR rules (#21300, @tklauser)
• Prepare for release v1.13.0-rc0 (#21174, @aanm)
• promise: Add promise package (#21295, @joamaki)
• Reference datapath metrics in feature and troubleshooting guides (#20520, @aditighag)
• Remove __non_bpf_context macro from bpf C code (#21475, @ti-mo)
• Remove references to node encryption (#21333, @pchaigno)
• Replace addressing.CiliumIPv{4,6} by netip.Addr type (#21445, @tklauser)
• Restructure IPCache to handle metadata merging (#19765, @joestringer)
• Revert "cni-install: bump to v0.4.0, switch to ConfList" (#21207, @squeed)
• Revert "eni: fix new node not triggering creation of ENI" (#21477, @gandro)
• Revert "roadmap: add Tetragon, remove GSoD" (#21360, @joestringer)
• Slack channels and descriptions updated in the docs (#21281, @xmulligan)
• test: fix regression on check-complexity.sh introduced by 6e34314 (#21216, @sahid)
• Update CLOMonitor badge url (#21166, @cynthia-sg)
• update comments (#21316, @lucming)
• Update Go to 1.19.1 (#21226, @tklauser)
• Update stable releases (#21313, @nebril)
• Use pod Deployment name as workload name for flow workload field (#21124, @chancez)