cilium/cilium v1.13.17

1.13.17

on GitHub

We are pleased to release Cilium v1.13.17 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! ❤️

Summary of Changes

Minor Changes:

• Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR #32885, Upstream PR #32577, @marseel)
• Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR #32573, Upstream PR #32336, @giorio94)
• ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR #32884, Upstream PR #32588, @marseel)

Bugfixes:

• .github/workflows: fix digests file creation (Backport PR #32887, Upstream PR #32860, @aanm)
• [v1.13] iptables: Do not install NOTRACK rules if IPv4NativeRoutingCIDR is nil (#32652, @pippolo84)
• cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR #32786, Upstream PR #32725, @gandro)
• Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR #32696, Upstream PR #32548, @squeed)
• ipsec: Safely delete Xfrm state (Backport PR #32705, Upstream PR #32450, @jschwinger233)
• Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (Backport PR #32887, Upstream PR #32338, @stelucz)

CI Changes:

• ci: Filter supported versions of EKS (Backport PR #32887, Upstream PR #32304, @marseel)
• ci: Filter supported versions of GKE (Backport PR #32696, Upstream PR #32302, @marseel)
• ci: l4lb: Don't hang on gathering logs forever (Backport PR #32963, Upstream PR #32947, @joestringer)
• ci: l4lb: gather more infos about docker-in-docker issues (Backport PR #32696, Upstream PR #32570, @mhofstetter)
• ci: l4lb: restart docker-in-docker container on failure (Backport PR #32696, Upstream PR #32600, @mhofstetter)
• ci: update unsupported ci-aks k8s version from 1.26 to 1.27 (#32502, @mhofstetter)
• eks: Don't use spot instances (Backport PR #32696, Upstream PR #32553, @michi-covalent)
• GCP OIDC instead of SA creds. (Backport PR #32709, Upstream PR #30809, @viktor-kurchenko)
• gha: correctly trigger integration tests via ariane commands (#32843, @giorio94)
• Modify GitHub Actions Workflows to echo the inputs they are given when triggered by a workflow_dispatch event. (Backport PR #32504, Upstream PR #31424, @learnitall)
• Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR #32504, Upstream PR #32402, @michi-covalent)
• workflows: ignore "No egress gateway found" drops (Backport PR #32696, Upstream PR #32564, @jibi)
• workflows: Remove stale CodeQL workflow (Backport PR #32696, Upstream PR #32084, @pchaigno)

Misc Changes:

• (v1.13) Bump golang.org/x/net (#32791, @ferozsalam)
• background-sync: fix bootstrap issue and edge-case with 1 node (Backport PR #32885, Upstream PR #32630, @marseel)
• bump cni plugins to v1.5.0 (Backport PR #32696, Upstream PR #32629, @antonipp)
• Bump timeout of lint-build-commits.yaml (Backport PR #32786, Upstream PR #32746, @YutaroHayakawa)
• chore(deps): update all github action dependencies (v1.13) (#32499, @renovate[bot])
• chore(deps): update all github action dependencies (v1.13) (#32742, @renovate[bot])
• chore(deps): update all github action dependencies (v1.13) (#32845, @renovate[bot])
• chore(deps): update cilium/little-vm-helper action to v0.0.18 (v1.13) (#32582, @renovate[bot])
• chore(deps): update dependency cilium/hubble to v0.13.5 (v1.13) (#32950, @cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.21.10 docker digest to 16438a8 (v1.13) (#32740, @renovate[bot])
• chore(deps): update docker.io/library/ubuntu:22.04 docker digest to 19478ce (v1.13) (#32926, @renovate[bot])
• chore(deps): update docker.io/library/ubuntu:22.04 docker digest to a6d2b38 (v1.13) (#32376, @renovate[bot])
• chore(deps): update github/codeql-action action to v3.25.5 (v1.13) (#32516, @renovate[bot])
• chore(deps): update go to v1.21.11 (v1.13) (#32896, @renovate[bot])
• chore(deps): update google/cloud-sdk docker tag to v479 (v1.13) (#32927, @renovate[bot])
• chore(deps): update hubble cli to v0.13.4 (v1.13) (#32837, @renovate[bot])
• chore(deps): update kindest/node docker tag to v1.26.15 (v1.13) (#32583, @renovate[bot])
• chore(deps): update stable lvh-images (v1.13) (patch) (#32844, @renovate[bot])
• contrib: Remove CHARTS_PATH dependency (Backport PR #32696, Upstream PR #32328, @joestringer)
• Docs: add note about AKS kube-apiserver entity (Backport PR #32696, Upstream PR #32464, @darox)
• Miscellaneous improvements to the clustermesh troubleshooting guide (Backport PR #32573, Upstream PR #32552, @giorio94)
• Remove release scripts (Backport PR #32963, Upstream PR #32938, @aanm)

Other Changes:

• [v1.13] bugtool: Avoid sensitive data in envoy config dump (#32966, @sayboras)
• [v1.13] envoy: Bump envoy version to v1.28.4 (#32911, @sayboras)
• [v1.13] images: update cilium-{runtime,builder} (#32449, @michi-covalent)
• envoy: Update envoy 1.27.x to 1.28.3 (#32540, @sayboras)
• install: Update image digests for v1.13.16 (#32547, @nebril)

v1.13.17

Docker Manifests

cilium

docker.io/cilium/cilium:v1.13.17@sha256:db7553ec384eeeb786aa3f7472bb8ecfc1b50d37a64a8309e94e4a82fda4882e
quay.io/cilium/cilium:v1.13.17@sha256:db7553ec384eeeb786aa3f7472bb8ecfc1b50d37a64a8309e94e4a82fda4882e

clustermesh-apiserver

docker.io/cilium/clustermesh-apiserver:v1.13.17@sha256:bce520cc4e234a63cf3eb58b51f18fb24c3a7c38365241ba59b395fa4bb07b38
quay.io/cilium/clustermesh-apiserver:v1.13.17@sha256:bce520cc4e234a63cf3eb58b51f18fb24c3a7c38365241ba59b395fa4bb07b38

docker-plugin

docker.io/cilium/docker-plugin:v1.13.17@sha256:ea64f2abca1271cf03904da37c123c3013926eb8610226c548a251f61343561e
quay.io/cilium/docker-plugin:v1.13.17@sha256:ea64f2abca1271cf03904da37c123c3013926eb8610226c548a251f61343561e

hubble-relay

docker.io/cilium/hubble-relay:v1.13.17@sha256:9398e764708197aee93f5ee3d6a42b087b9c777ef13c81b175be7235be1fb478
quay.io/cilium/hubble-relay:v1.13.17@sha256:9398e764708197aee93f5ee3d6a42b087b9c777ef13c81b175be7235be1fb478

operator-alibabacloud

docker.io/cilium/operator-alibabacloud:v1.13.17@sha256:5d8d5253339f1fba9404730a8f44aa6ea10439b97098e84325051c6877bfc9f7
quay.io/cilium/operator-alibabacloud:v1.13.17@sha256:5d8d5253339f1fba9404730a8f44aa6ea10439b97098e84325051c6877bfc9f7

operator-aws

docker.io/cilium/operator-aws:v1.13.17@sha256:a99201ecf60265f4a38cb78805023af12c19c9a309b86a73ffcd815a26962279
quay.io/cilium/operator-aws:v1.13.17@sha256:a99201ecf60265f4a38cb78805023af12c19c9a309b86a73ffcd815a26962279

operator-azure

docker.io/cilium/operator-azure:v1.13.17@sha256:b2f504420114da2f6f8138e9c7e4a8700684f15b9cce4304a8616649ed91aa4c
quay.io/cilium/operator-azure:v1.13.17@sha256:b2f504420114da2f6f8138e9c7e4a8700684f15b9cce4304a8616649ed91aa4c

operator-generic

docker.io/cilium/operator-generic:v1.13.17@sha256:caa8e0da2b3946463ed9206ff97a88115522999a8b276e09841f4bbd7974da3a
quay.io/cilium/operator-generic:v1.13.17@sha256:caa8e0da2b3946463ed9206ff97a88115522999a8b276e09841f4bbd7974da3a

operator

docker.io/cilium/operator:v1.13.17@sha256:febf6ffa2e44717165e985b6ef65d89f4d3caff6288750084c0a12013d2fdd81
quay.io/cilium/operator:v1.13.17@sha256:febf6ffa2e44717165e985b6ef65d89f4d3caff6288750084c0a12013d2fdd81