We are pleased to release Cilium v1.13.0-rc1. These summary of changes are a diff between v1.13.0-rc0 and v1.13.0-rc1.
Summary of Changes
Major Changes:
- Adds partial support for SCTP (#20033, @DolceTriade)
- Add tracing for socket-based load balancing. (#20492, @aditighag)
- ingress: Support shared load balancer mode (#21386, @sayboras)
Minor Changes:
- Add support to fallback from ENI PD if subnet is out of /28 prefixes (#20822, @hemanthmalla)
- Add the additional print columns
CiliumInternalIP
andInternalIP
forkubectl get ciliumnode
command. (#21258, @bavarianbidi) - Add TraceID field to Hubble flow and populate it from L7/HTTP flow. (#21456, @rolinh)
- bpf: Add missing identity to
TRACE_TO_STACK
packet traces (#21403, @pchaigno) - cilium, bwm: Disable slow start after idle under pacing (#21356, @borkmann)
- document ipv4/ipv6 native routing cidr helm option missing in Documentation and helm reference (#21195, @vincentmli)
- eni: Add garbage collector for leaked ENIs (#21409, @gandro)
- Fix a crash in
cilium bpf endpoint delete
when ran without arguments. (#21349, @farcaller) - fix empty message when tunnel and socketLB service missing in switch case (#21314, @vincentmli)
- helm: Properly support passing subnet-tags/subnet-ids/instance-tags filters as a list (#21297, @slayer321)
- hubble/filter: add a new endpoint workload filter (#21296, @kaworu)
- hubble: Add kafka metrics (#21318, @chancez)
- ingress: Rename LB annotation to annotation prefixes (#21222, @sayboras)
- install: add TerminationMessagePolicy to cilium pods (#21012, @squeed)
- Introduce Hubble HTTP v2 metrics and dashboards (#21181, @chancez)
- ipam: Add exponential backoff when pool maintanance fails (#21473, @gandro)
- ipam: Change default rate limiting access to external APIs (#21387, @gandro)
- K8s client as reusable cell (#21026, @joamaki)
- maglev: support setting a weight of a backend in a service spec via new cmdline argument (#18306, @oblazek)
- sctp: Handle SCTP when correlating Endpoints to services. (#21490, @DolceTriade)
- Support configuring metricsRelabelings on ServiceMonitors (#21051, @chancez)
- Support L4 any port policy. (#21185, @liuxu623)
- Support new hubble metrics context: "labelsContext" (#21079, @chancez)
- When combining XDP Nodeport Acceleration with Egress Gateway, forwarding the EgressGW reply traffic no longer requires a specific iptables configuration on the Gateway node. (#20837, @julianwiedmann)
Bugfixes:
- Cilium-envoy now sets option to allow (source) port reuse when binding to a source address of a pod for upstream connections. (#20996, @jrajahalme)
- cilium/cmd: check datapath mode on running daemon (#21304, @tklauser)
- daemon: avoid nil pointer dereference on invalid endpoint state (#21449, @tklauser)
- daemon: Call initEnv from start hook to avoid data race (#21232, @joamaki)
- daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (#21365, @joamaki)
- kvstore/allocator: fix panic on receiving invalid identity entries (#21213, @ArthurChiao)
- operator: update CiliumNode in kvstore without lease (#21202, @tklauser)
- Remove no more available dockershim flags in kubelet wrapper (#21311, @pippolo84)
CI Changes:
- ci: Move HostPort test from Jenkins CI to the ConformanceKind GitHub Action (#21130, @gandro)
- ci: switch to google-github-actions/auth for GKE based workflows (#21212, @tklauser)
- ci: update cilium-cli to v0.12.4 for master, v1.11 and v1.12 workflows (#21388, @tklauser)
- controlplane: Add support for FieldSelectors and fix NodePort golden output (#21105, @joamaki)
- egressGW: test improvements (#21385, @julianwiedmann)
- gh/workflows: Add datapath conformance suite (#21071, @brb)
- gh/workflows: Make cilium status to wait in DP suite (#21501, @brb)
- gh/workflows: Set LVH image version to 5.10 (#21425, @brb)
- gh/worklows: Add connectivity tests to DP conformance (#21384, @brb)
- gh: bump timeout for ConformanceGKE (#21321, @julianwiedmann)
- k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (#21220, @tommyp1ckles)
- Push workflow status to Loki (#21238, @michi-covalent)
- Read quay organization names from env variables (#21197, @michi-covalent)
- Remove Slack notifications (#21239, @michi-covalent)
- Remove tests-nightly.yaml (#21362, @michi-covalent)
- Set up env variables for build-and-push-with-qemu job (#21233, @michi-covalent)
- test/controlplane: add 1.25, remove 1.23, bump all patch versions (#21286, @squeed)
- test/e2e: Remove GuestBook test in net_policies.go (#21274, @sayboras)
- test: add external_endpoints file for v1beta1 (#21242, @aanm)
- test: add ownership SIG for each ginkgo context (#21315, @aanm)
- test: Extend checkReady condition (#21337, @brb)
Misc Changes:
- Add a helper to assist net.IP -> netip.Addr conversion (#21183, @YutaroHayakawa)
- Add Cilium debugger images and default debugging configuration for kind, vscode (#21108, @joestringer)
- Add Edgeless Systems to Users (#21520, @m1ghtym0)
- add Giant Swarm as Cilium User (#21319, @bavarianbidi)
- Add Magic Leap to USERS.md (#21193, @romachalm)
- Add missing egressGateway/SRV6 Go struct field align tag (#21363, @vincentmli)
- Added Tetragon to the roadmap (#21338, @xmulligan)
- Added Tetragon to the roadmap (#21372, @xmulligan)
- Added ungleich to USERS.md (#21361, @xmulligan)
- alibabacloud: fix incorrect instance-type reported by cilium-agent (#21495, @ArthurChiao)
- An emeritus section was added to MAINTAINERS (#21335, @xmulligan)
- bugtool: Dump envoy config for troubleshooting (#21348, @sayboras)
- build(deps): bump azure/login from 1.4.5 to 1.4.6 (#21265, @dependabot[bot])
- build(deps): bump github.com/cilium/ebpf from 0.9.1 to 0.9.3 (#21521, @dependabot[bot])
- build(deps): bump github.com/docker/docker from 20.10.17+incompatible to 20.10.18+incompatible (#21266, @dependabot[bot])
- build(deps): bump github.com/google/go-cmp from 0.5.8 to 0.5.9 (#21245, @dependabot[bot])
- build(deps): bump github.com/onsi/gomega from 1.20.0 to 1.20.2 (#21150, @dependabot[bot])
- build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.7 to 3.22.8 (#21168, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21339, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21397, @dependabot[bot])
- build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21511, @dependabot[bot])
- build(deps): bump go.uber.org/goleak from 1.1.12 to 1.2.0 (#21246, @dependabot[bot])
- build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21423, @dependabot[bot])
- build(deps): bump michi-covalent/push-to-loki from 0.2.0 to 0.2.1 (#21308, @dependabot[bot])
- cilium-cni: use netip.Addr instead of CiliumIPv{4,6} types (#21421, @tklauser)
- clustermesh: explicitly report zero remote nodes on connection release (#21248, @tklauser)
- cmd/bpf: Log if no policy maps found (#21429, @aditighag)
- connectivity-check: update images to latest versions (#21467, @tklauser)
- contrib/cherry-pick: parameterize the source branch (#21199, @julianwiedmann)
- counter: add generic implementation and use it to replace StringCounter (#21301, @tklauser)
- daemon: Remove SelectiveRegeneration option (#21413, @joestringer)
- daemon: Skip KPR feature probing when DryMode is enabled (#21129, @joamaki)
- docs: Add cilium overview to internals section (#21412, @joestringer)
- docs: Clarify KPR requirements for Kind (#20749, @brb)
- docs: fix check-crd-compat-table script (#21208, @aanm)
- docs: link tutorials to training section (#21383, @xmulligan)
- docs: Remove RancherOS (#21182, @joestringer)
- docs: retire install using microk8s (#21273, @yoyo-go)
- docs: Update docs.cilium.io navigation bar (#21436, @Kikiodazie)
- Document per-endpoint route requirement in aws-cni Helm snippet (#21276, @ti-mo)
- elf: avoid flooding debug log with empty symbol names (#21448, @tklauser)
- examples: Add connectivity check with netpol (#21415, @joestringer)
- Expand documentation around CODEOWNERS and review expectations (#21057, @joestringer)
- filter out pod labels from synchronizing with cilium endpoint labels (#21135, @NikhilSharmaWe)
- Fix a typo in the comment example (#21402, @farcaller)
- Fix improper regex in check-sources.sh awk command (#21285, @nathanperkins)
- gops: Fix the gops default port (#21481, @joamaki)
- Graduation documentation updated (#21336, @xmulligan)
- helm: Quote all the image fields. (#21463, @michi-covalent)
- Improve memory usage for encoding endpoint objects into JSON (#20524, @odinuge)
- Introduce a cluster-aware addressing scheme and convert some types to use that (#21161, @YutaroHayakawa)
- ip: Add MustAddrFromIP (#21283, @christarazi)
- ipsec: Simplify XFRM IN policies (#21370, @pchaigno)
- k8s-conformance: fix doc formatting (#21203, @julianwiedmann)
- k8s: Resource[T], an implementation of informers with per-sub queues (#21352, @joamaki)
- loader: replace DWARF with BTF for C and Go struct alignment check (#20809, @vincentmli)
- make: fix kind-image-operator target to build the operator-generic image (#21263, @tklauser)
- makefile: use versioned Go container when formatting after api generate. (#21254, @tommyp1ckles)
- Masquerading bpf mode - Improve code readability and comlexity of the datapath. (#19712, @sahid)
- monitor: Add parser for socket-lb tracing events (#21516, @aditighag)
- mount host /boot into cilium-agent container (#21113, @agrevtcev)
- node: Add LocalNodeStore for coordinating updates to local node state (#21191, @joamaki)
- node: Fix incorrect code comment (#21209, @pchaigno)
- operator: Fix enabling of API discovery (#21459, @joamaki)
- policy,labels: Convert more packages to use netip library (#21414, @joestringer)
- policy: Add more ICMP unit tests (#20779, @sayboras)
- policy: use netip.Addr when constructing CIDR rules (#21300, @tklauser)
- Prepare for release v1.13.0-rc0 (#21174, @aanm)
- promise: Add promise package (#21295, @joamaki)
- Reference datapath metrics in feature and troubleshooting guides (#20520, @aditighag)
- Remove
__non_bpf_context
macro from bpf C code (#21475, @ti-mo) - Remove references to node encryption (#21333, @pchaigno)
- Replace addressing.CiliumIPv{4,6} by netip.Addr type (#21445, @tklauser)
- Restructure IPCache to handle metadata merging (#19765, @joestringer)
- Revert "cni-install: bump to v0.4.0, switch to ConfList" (#21207, @squeed)
- Revert "eni: fix new node not triggering creation of ENI" (#21477, @gandro)
- Revert "roadmap: add Tetragon, remove GSoD" (#21360, @joestringer)
- Slack channels and descriptions updated in the docs (#21281, @xmulligan)
- test: fix regression on check-complexity.sh introduced by 6e34314 (#21216, @sahid)
- Update CLOMonitor badge url (#21166, @cynthia-sg)
- update comments (#21316, @lucming)
- Update Go to 1.19.1 (#21226, @tklauser)
- Update stable releases (#21313, @nebril)
- Use pod Deployment name as workload name for flow workload field (#21124, @chancez)