We are excited to announce the Cilium 1.8 release. A total of 2162 commits have
been contributed by a community of 72 developers, many of whom made their first
contributions this cycle.
For more information, see the blog post:
https://cilium.io/blog/2020/06/22/cilium-18
Highlights
- XDP Load Balancing Support
- Cluster-wide flow visibility
- Better policy visibility and control
- Performance optimizations across the board
- Native Azure IPAM
- Initial ARM64 support
- Making more functionality iptables-free
Upgrade guide
https://docs.cilium.io/en/v1.8/install/upgrade/#upgrade-guide
Summary of Changes
Note: The summary of changes represents the diff between v1.7.5 and v1.8.0
Major Changes:
- Add a new DSR/SNAT hybrid mode which allows to work without MTU changes and enables DSR for TCP and SNAT for UDP workloads. Enable it by default for Cilium's kube-proxy replacement in probe and strict mode. (#10203, @borkmann)
- Add a new event type for policy verdicts (#9943, @lzang)
- Add BPF masquerading for veth mode, Add BPF-based ip-masq-agent (#11148, @brb)
- Add Cilium Operator IPAM (#11083, @aanm)
- Add DeepEquals generated code (#11435, @aanm)
- Add scalability report of Cilium on large clusters in CRD mode (Backport PR #11856, Upstream PR #11760, @aanm)
- add support for k8s 1.18 (#10654, @aanm)
- Add support for services sessionAffinity (without and with kube-proxy) (#11085, @brb)
- Allow attaching BPF NodePort and BPF masquerade to multiple devices (#11267, @brb)
- Azure IPAM Support (#10089, @tgraf)
- bpf: getpeername hook implementation for socket lb (#11617, @borkmann)
- Embed Hubble (#10238, @michi-covalent)
- Host endpoint (#10994, @pchaigno)
- hubble-proxy: implement 'serve' command (#10653, @rolinh)
- hubble-relay: add initial multi-node support (#11171, @rolinh)
- hubble: implement peer service, enable it locally (#10969, @rolinh)
- Implement policy audit mode for the daemon (#9970, @ap4y)
- Merge all Hubble server-side code into Cilium (#10860, @tgraf)
- Network policies for the host endpoint (#11507, @pchaigno)
- Support for IPv4 fragments (#10264, @qmonnet)
- Support for named k8s container ports is added to both K8s Network Policies and Cilium Network Policies. (#11092, @jrajahalme)
- XDP-based NodePort LB handling for BPF-based DSR, SNAT and Hybrid mode. (#10877, @borkmann)
Minor Changes:
- Accessing a NodePort service via cilium_host IP addr is no longer recommended. (#11692, @brb)
- Add a flag to disable feeder installation on certain iptables tables (#10639, @Sh4d1)
- Add command line option to dynamically size BPF maps based on total system memory. (#10780, @tklauser)
- Add completion support for fish shell (#11284, @sayboras)
- Add hubble helm charts to cilium install/kubernetes (#10648, @soumynathan)
- Add informatin to docs about network interfaces in tunnelling mode (#11357, @cortopy)
- Add more PriorityClassName fields in Helm charts (#10583, @johngmyers)
- Add Pod as an owner of a CiliumEndpoint and remove useless Delete (#11195, @aanm)
- Add PodSecurityPolicies to helm chart (#10330, @maxbischoff)
- Add possibility to configure native-routing-cidr in helm chart. (#11132, @zbindenren)
- Add priorityClassName to operator deployment in helm chart (#10285, @maxbischoff)
- Add the data path filtering for policy verdict logs. (#10477, @lzang)
- added a
max-allocate
flag on pkg/ipam to control the maximum amount of IPs being allocated to a node (#10786, @mvisonneau) - Added support for logging in JSON format (#11133, @mvisonneau)
- agent: Remove awareness of IPv4 cluster-range (#10194, @tgraf)
- Allow specifying on which interface the Azure IPAM should allocate IPs on (#10875, @ungureanuvladvictor)
- api/v1: Add observation proto enum (Backport PR #12173, Upstream PR #12085, @glibsm)
- azure: retrieve subscriptionID/resourceGroupName from Azure IMS if not provided via CLI flags (#10764, @ungureanuvladvictor)
- Azure: support multiple pods subnets, and networks in different resource groups (#11268, @bpineau)
- Azure: support non VMSS instances (Backport PR #12027, Upstream PR #11571, @bpineau)
- bpf: Check native-routing-cidr in BPF masquerade (#11473, @brb)
- bpf: don't answer ARP requests for endpoint IP (#11533, @jcaamano)
- bpf: make socket lb progs netns aware (#10778, @borkmann)
- bump k8s dependencies and test to v1.18.1 (#10924, @aanm)
- bump k8s dependencies and test to v1.18.2 (#11047, @aanm)
- Cilium host proxy has has been updated to Envoy release 1.13.1. (#10222, @jrajahalme)
- Cilium Operator can now use the flags specified
cilium-config
k8s configuration map (#10347, @aanm) - cilium, docker: runtime dependency updates (#10542, @borkmann)
- cilium-operator: support subnets filters (#10738, @bpineau)
- cilium: bpf-based hostport implementation (#10592, @borkmann)
- cilium: fix up all --help sections properly (Backport PR #12027, Upstream PR #11007, @soumynathan)
- cli: Add Hubble section to cilium status output (#10879, @gandro)
- cli: Clarify help of 'cilium map' (#10855, @pchaigno)
- connectivity-check: Do not perform hostport in standard check (Backport PR #11856, Upstream PR #11715, @tgraf)
- daemon: adding support for egress policy tracing (#10020, @wofanli)
- daemon: Allow to fallback to iptables-based masquerading and friends (Backport PR #12039, Upstream PR #12026, @brb)
- daemon: Clarify log msg how to use only TCP socket-lb (Backport PR #11926, Upstream PR #11918, @brb)
- daemon: Fix detection of BPF/XDP NodePort, BPF masq and host-fw devices (Backport PR #12027, Upstream PR #11894, @brb)
- daemon: Make build depend on Makefiles and Dockerfile (#10367, @jrajahalme)
- datapath: Enable session affinity for older kernels (#11678, @brb)
- Decrease CRD setup API calls when starting cilium-agent (#10676, @aanm)
- Deprecate --disable-k8s-services cilium-agent flag (#10552, @soumynathan)
- Deprecate DNS Poller in v1.8 (#10629, @soumynathan)
- doc: Change machine-type to n1-standard-4 for GKE guide (#11529, @tgraf)
- doc: Update LLVM/Clang requirement to 10.0 (#11686, @pchaigno)
- docker: add hubble CLI binary to the base cilium image (Backport PR #11856, Upstream PR #11784, @rolinh)
- docs: Extend BPF-based masquerading section (Backport PR #12203, Upstream PR #12145, @brb)
- Envoy is updated to release 1.13.2. (Backport PR #12027, Upstream PR #11973, @jrajahalme)
- Expose BPF kernel memory usage as a prometheus metric (#11682, @aanm)
- golang: update to 1.14 (#10340, @aanm)
- grafana: Add Hubble dashboard (Backport PR #12039, Upstream PR #12004, @gandro)
- Handle audit mode in cilium endpoint list and kubectl get cep (#11011, @ap4y)
- helm: Add hubble section (#10358, @michi-covalent)
- helm: added global.logOptions parameter (Backport PR #12039, Upstream PR #11861, @mvisonneau)
- helm: Allow for overriding the size of the managed
etcd
cluster. (#10644, @bmcustodio) - helm: Remove affinity from cilium-etcd-operator (Backport PR #12173, Upstream PR #12139, @brb)
- helm: set hubble-ui securityContext (#11475, @alex1989hu)
- hubble-proxy: add initial skeleton (#10545, @rolinh)
- hubble-relay: add Dockerfile and make target to build hubble-relay image (#11192, @rolinh)
- hubble-relay: enable gRPC reflection (#11616, @rolinh)
- hubble-relay: implement flows reordering (#11397, @rolinh)
- hubble-relay: persist connections to hubble peers (#11335, @rolinh)
- hubble: Populate traffic direction for trace and drop events (#11062, @gandro)
- hubble: Update uint size in flow proto (#11161, @matej-g)
- Implement per-provider operator deployments in Helm (Backport PR #12039, Upstream PR #12029, @joestringer)
- Improve 'cilium-agent --help' (#10795, @soumynathan)
- ipmasq: Add default nonMasq CIDRs if config is empty (#11409, @brb)
- Make resources in agent and operator helm chart configurable (#10296, @maxbischoff)
- Makefile: Add multi-arch support for cilium images (#10021, @iecedge)
- monitor: Support more verbosity levels (#10820, @joestringer)
- operator: Ship slimmer binaries (#10972, @errordeveloper)
- Optimize scalability of CiliumIdentity operation (#11275, @tgraf)
- Pass native-routing-cidr to ENI CNI for route rules (#10887, @dctrwatson)
- pkg/identity: Watch and update labels for the host (#11543, @pchaigno)
- proxy: Remove access-log option (#10393, @tgraf)
- Remove deprecated --container-runtime{,-endpoint} options (#11060, @tklauser)
- Remove deprecated --flannel-manage-existing-containers option (Backport PR #12027, Upstream PR #12008, @tklauser)
- Remove netstat from cilium-bugtool and replace with ss tool (#11667, @soumynathan)
- Support on-disk etcd client certificate and key reload when using trusted-ca-file (#10754, @bpineau)
- Switch k8s liveness/readiness probes to use HTTP /healthz endpoint instead of "cilium status --brief" command. (#11408, @tklauser)
- test: Avoid panics due to dereferencing a nil error (#10390, @jrajahalme)
- test: Do not set tty for preloaded VM (Backport PR #11926, Upstream PR #11877, @jrajahalme)
- test: set hubble-relay image in helm defaults if available (Backport PR #11926, Upstream PR #11904, @jrajahalme)
- The default maximum number of entries in the BPF TCP ctmap is reduced to 512K. (#10289, @tklauser)
- Update the Cilium eBPF library to the latest version. (Backport PR #12103, Upstream PR #12068, @tklauser)
- Updated grafana dashboard (#11744, @aanm)
- Use bpftool for generating BPF feature macros (#10019, @mrostecki)
- Use slimmer protobuf definitions on k8s structures (#11326, @aanm)
- Watch for CEPs in the cluster instead of all pods (#11249, @aanm)
Bugfixes:
- Add ability to detect iptables mode (nft/legacy) in cilium daemon image (#11199, @mskrocki)
- Add anti-affinity for Cilium pods to prevent 2 pods being executed on the same node at the same time (Backport PR #11893, Upstream PR #11830, @nebril)
- Add check for IPv6 before generating bpf headers (#10628, @christarazi)
- Allow enabling ServiceMonitor without Prometheus installed. (#11261, @diversario)
- Autodetection of the mtu correctly detects the mtu of the interface used for the kubernetes cluster communication. The mtu was incorrectly detected in cases where multiple interfaces were present and the gateway interface was not the one used for kubernetes cluster communication (Backport PR #11893, Upstream PR #10635, @manuelbuil)
- Avoid duplication of generated toCIDRs when using a toServices based CNP (or CCNP) (Backport PR #11926, Upstream PR #11901, @aanm)
- azure: fix excess/off-by-one addresses allocation (#11669, @bpineau)
- bpf: clean up IPv4 fragments support (and bpf/), add option for map size (#10927, @qmonnet)
- bpf: Set DIRECT_ROUTING_DEV* in routed mode (#11419, @brb)
- bpf: Use
nproc --all
for NR_CPUS (Backport PR #12173, Upstream PR #12121, @gandro) - cilium-cni: Only start gops in debug mode (#11711, @aanm)
- cilium-operator: Wait for CRDs before running Informers (Backport PR #12173, Upstream PR #10899, @mrostecki)
- cilium/charts: set system-{node,cluster}-critical priorityClass for k8s >= 1.17 (Backport PR #12173, Upstream PR #12151, @aanm)
- cilium: chaining mode skb->mark can be mangled by iptables allow opt-out (Backport PR #12196, Upstream PR #12185, @jrfastab)
- cilium: fix encryption flow labels in ip6 case (Backport PR #12039, Upstream PR #12015, @jrfastab)
- cilium: fix helm usage of enableIdentityMap -> enableIdentityMark (Backport PR #12196, Upstream PR #12194, @jrfastab)
- cli: do not output shell completion copyright header on error (#10558, @rolinh)
- cli: Fix JSON output for BPF conntrack & NAT tables dump (#10904, @qmonnet)
- clustermesh: Ignore ..data directory of secrets mount (#10200, @tgraf)
- daemon: Fix fallback to iptables-based masquerading (Backport PR #12103, Upstream PR #12081, @brb)
- daemon: fix panic when starting Cilium (Backport PR #12173, Upstream PR #12101, @aanm)
- daemon: Fix session affinity map creation (Backport PR #12173, Upstream PR #12134, @brb)
- datapath,daemon: Fix initialization panics when IPv6 is enabled (Backport PR #12203, Upstream PR #12197, @brb)
- datapath: Accept proxy traffic if enable-endpoint-routes are enabled (Backport PR #11856, Upstream PR #11819, @tgraf)
- datapath: Fix back-edge in bpf_sock for older kernels (#11739, @brb)
- datapath: Only NOTRACK proxy return traffic going to Cilium datapath (Backport PR #11937, Upstream PR #11899, @jrajahalme)
- do not ignore Kubernetes event updates for CCNP and CNP with 'specs' field after being created (Backport PR #12173, Upstream PR #12143, @aanm)
- doc: Ensure ConfigMap remains compatible across 1.7 -> 1.8 upgrade (Backport PR #12173, Upstream PR #12097, @tgraf)
- Don't require (not supported on Azure) ipam.Cidrs when masquerade is disabled (Backport PR #12103, Upstream PR #11978, @bpineau)
- endpoint: Fix data races while accessing GetIdentity() (Backport PR #11984, Upstream PR #11941, @tgraf)
- eni: Fix potential deadlock (Backport PR #11856, Upstream PR #11831, @christarazi)
- Fix Cilium blocking its initialization for nodes where the hostname was different that the Kubernetes node name. (#11717, @aanm)
- Fix datarace issue in spanstat.go (Backport PR #11856, Upstream PR #11615, @sayboras)
- Fix issue when Cilium randomly stops doing service translation in k8s 1.18 (Backport PR #12027, Upstream PR #11947, @aanm)
- Fix leaking endpoint state metric (Backport PR #11937, Upstream PR #11884, @christarazi)
- Fix setting monitorAggregationLevel to max reflects via CLI (Backport PR #12039, Upstream PR #12014, @soumynathan)
- Fix several data races in unit tests (#10602, @tgraf)
- Fix syslog hook missing in DefaultLogger (Backport PR #12216, Upstream PR #12170, @ArthurChiao)
- fix transparent encryption related bugs (Backport PR #12027, Upstream PR #11974, @jrfastab)
- Fix tunneling and ARP resolution when host firewall is enabled. (Backport PR #11893, Upstream PR #11795, @pchaigno)
- Fix up ipcache access in datapath (#11525, @soumynathan)
- Fix: resync IP addresses for instances that have been stopped for more than a minute (#11091, @willdeuschle)
- GKE CI: Fix K8sDatapathConfig* tests (#10259, @tgraf)
- Gracefully handle lost events from k8s without printing warnings (#11461, @aanm)
- hubble/container: Properly deal with nil values in RingReader (#11323, @gandro)
- hubble/parser/threefour: handle IPv6 CIDR labels (#11719, @rolinh)
- hubble/peer: handle burst of change notifications (Backport PR #12039, Upstream PR #12024, @rolinh)
- Hubble: fix unknown identities for some CIDR (#11703, @rolinh)
- IPAM related bugfixes (#10587, @tgraf)
- ipam/allocator: set missing v4 or v6 podCIDR in CiliumNode (Backport PR #12216, Upstream PR #12211, @aanm)
- IPAM: dynamically fetch the allocatable ipv4 addresses amount from instance limits (AWS) (#10831, @mvisonneau)
- ipcache: Fix deadlock when ipcache GC results in datapath reload (Backport PR #11984, Upstream PR #11950, @tgraf)
- Istio integration is updated to Istio release 1.5.6. (Backport PR #12216, Upstream PR #12214, @jrajahalme)
- k8s/identitybackend: exclude k8s namespace labels from CRD metadata (#11382, @rlenglet)
- loader: Fix tunneling when device is set without NodePort (Backport PR #12027, Upstream PR #11980, @pchaigno)
- nodeinit: Fix for restarting kubenet managed pods (Backport PR #11856, Upstream PR #11779, @dctrwatson)
- operator: fix panic for non existing CEPs (#11749, @aanm)
- operator: sync CiliumNodes into etcd instead of k8s nodes (Backport PR #12173, Upstream PR #12179, @aanm)
- option: Require native-routing-cidr only if IPv4 is enabled (Backport PR #12203, Upstream PR #12198, @brb)
- Properly cancel endpoint creations as they become obsolete (Backport PR #11951, Upstream PR #11920, @tgraf)
- Protect ENI and Azure IPAM from misbehaving cloud APIs (#11231, @tgraf)
- proxy: Keep DNS port allocated (Backport PR #11856, Upstream PR #11661, @jrajahalme)
- Remove default bpf map size values for new installations and use the dynamic calculation based on system's memory. (Backport PR #12039, Upstream PR #11991, @aanm)
- service: Fix wrong localEndpoints count in HealthCheckNodePort (Backport PR #11893, Upstream PR #11863, @gandro)
- stop Cilium from hanging on CNP or CCNP events from Kubernetes if running with 'k8s-event-handover=true' and 'kvstore=""' (Backport PR #12173, Upstream PR #12146, @aanm)
- Valid CNP and CCNP 'matchLabel' values must be 63 characters or less and must be empty or begin and end with an alphanumeric character ([a-z0-9A-Z]) with dashes (-), underscores (_), dots (.), and alphanumerics between. (Backport PR #12216, Upstream PR #12117, @aanm)
CI Changes:
- .travis: disable Documentation building on ARM64 (Backport PR #12039, Upstream PR #12043, @Jianlin-lv)
- [CI] Randomize ns in policy tests (#10180, @nebril)
- Add CI flag -cilium.multinode[=true] (#11625, @joestringer)
- add missing hook in misc unit tests (Backport PR #12203, Upstream PR #12122, @aanm)
- Add quarantine mechanism to test suite (Backport PR #12103, Upstream PR #11981, @nebril)
- Add timeout to docker prune after building images (#11359, @nebril)
- bpf: Add test for __ct_lookup return value (#10064, @pchaigno)
- build: Add bpf to PATH for privileged tests (#11515, @jrajahalme)
- build: Few minor makefile and dockerfile improvements (#10970, @errordeveloper)
- CI monitor reading (#10859, @raybejjani)
- ci/K8sHubble: Retry failed requests on hubble-relay (#11708, @gandro)
- CI: Actually read in CILIUM_IMAGE when splitting it (#10963, @raybejjani)
- ci: add comments to gke-specific scripts (#10898, @nebril)
- ci: add gke cluster name to build name (#11422, @nebril)
- ci: Add Hubble helpers (#11232, @gandro)
- ci: Add runtime jenkinsfile (#11190, @nebril)
- ci: Add tests for embedded Hubble (#11084, @gandro)
- ci: adjust kernel jenkinsfile to be more versatile (#11061, @nebril)
- ci: avoid null build names in master builds (#10803, @nebril)
- ci: Change vagrant timeout mechanism (Backport PR #11893, Upstream PR #11858, @nebril)
- ci: Check whether pod is being terminated before deleting it (#11655, @nebril)
- ci: Don't cleanup in gke job (#10901, @nebril)
- ci: fix archiving artifacts in runtime jenkinsfile (#11585, @nebril)
- CI: fix bash complaining about "unexpected tokens" (parenthesis) (Backport PR #11937, Upstream PR #11307, @qmonnet)
- ci: Fix cleanup on gke job (#10995, @nebril)
- ci: Fix focus handling in ginkgo-ext (#11534, @nebril)
- ci: fix gke cluster lock (#11712, @nebril)
- CI: fix kubectl.CiliumPolicyAction() by casting "cilium policy wait" duration to integer (#11358, @qmonnet)
- ci: Fix nightly image build (#10423, @nebril)
- ci: Fix NightlyEpsMeasurement (#10514, @nebril)
- ci: fix timeout vagrant up timeout (Backport PR #11856, Upstream PR #11798, @nebril)
- ci: gather cilium-config configmap as part of ci logs (#10556, @nebril)
- ci: Gather commands from local node (#11102, @nebril)
- CI: GKE build only prunes docker images older than 6h (#11100, @raybejjani)
- CI: GKE build prunes only docker images (fix filter) (#11135, @raybejjani)
- CI: GKE more cleaning (#10965, @raybejjani)
- CI: GKE terminating namespace hack find orphaned objects (#10570, @raybejjani)
- CI: Increase GKE/EKS ginkgo timeout to 3 hours (#10809, @raybejjani)
- CI: integrate hubble-relay and add initial hubble-relay tests (#11549, @rolinh)
- CI: K8sFQDNTest retry initial DNS lookups (#10871, @raybejjani)
- CI: K8sPolicyTest Shorter timeout for successful redirection policy tests (#11059, @raybejjani)
- CI: Local CI runs don't set CILIUM_REGISTRY (#10077, @raybejjani)
- ci: make docker images in ghaction (Backport PR #11893, Upstream PR #11693, @nebril)
- ci: No error if there are no terminating ns (#10318, @nebril)
- ci: outer vm boot timeout was smaller than inner (#11758, @nebril)
- ci: outer vm boot timeout was smaller than inner (Backport PR #11856, Upstream PR #11758, @nebril)
- ci: overwrite jenkins build url in gke cluster lock (#11421, @nebril)
- ci: parametrize jenkinsfile to accept k8s version (Backport PR #12216, Upstream PR #12140, @nebril)
- ci: Prune only docker images built for current build (#11222, @nebril)
- ci: remove correct temporary config file (#11145, @nebril)
- ci: remove nightly image build (#11674, @nebril)
- CI: remove path filter in docs workflow (#10784, @errordeveloper)
- CI: Restart all kube-system pods in GKE (#11136, @raybejjani)
- ci: retry docker build in jenkins (Backport PR #11856, Upstream PR #11796, @nebril)
- CI: Retry KubeDNSPreflightCheck with timeout (#10866, @raybejjani)
- CI: Rework how docs are built (#10572, @errordeveloper)
- ci: Run GKE jobs only on gke nodes (#10715, @nebril)
- ci: run lscpu at end of build (Backport PR #11856, Upstream PR #11814, @nebril)
- ci: Set PR build name (#10696, @nebril)
- CI: Skip Istio tests on GKE (#10707, @raybejjani)
- ci: tag images built in CI (#11070, @nebril)
- CI: Upgrade test on GKE (#10422, @raybejjani)
- ci: Use already built nightly image to push to nightly (#10498, @nebril)
- ci: use specified docker tag on gke tests (#10737, @nebril)
- ci: various gke script fixes (Backport PR #11926, Upstream PR #11864, @nebril)
- CI: Wait for cilium to regenerate when updating k8s network policies (#10779, @raybejjani)
- cilium, test: Only run sockops tests on 4.19 and bpf-next kernels (Backport PR #12027, Upstream PR #11998, @jrfastab)
- Correct prometheus template in integration test (#11611, @sayboras)
- daemon: cancel daemon context on TearDownTest (Backport PR #11893, Upstream PR #11870, @aanm)
- datapath/test: Do not SNAT for WORLD_ID and enable BPF masquerading by default in CI (#11426, @brb)
- docs: Add instructions for adding a new managed k8s provider (#10788, @raybejjani)
- docs: Add instructions to run e2e tests on GKE (#10029, @raybejjani)
- docs: Explain test-focus CI trigger (#10695, @raybejjani)
- Docs: update backport commands for jenkins builds (Backport PR #11893, Upstream PR #11860, @nebril)
- Dynamically determine native dev iface for NodePort/externalIPs (#10119, @brb)
- eni: Fix node manager test (Backport PR #11856, Upstream PR #11773, @errordeveloper)
- Fix flaky assertion on metrics (Backport PR #11984, Upstream PR #11966, @christarazi)
- Fix gke zone in release cluster script (#10109, @nebril)
- Forcibly remove namespace (#10265, @nebril)
- ginkgo-ext: Fix data-race in Writer (Backport PR #12039, Upstream PR #12025, @gandro)
- helpers: Remove hubble-relay service in cleanup (#11721, @gandro)
- iana: Hook up unit test (#11516, @jrajahalme)
- ipmasq: Stop and wait until goroutine is finished in unit tests (#11387, @brb)
- maps: remove old map names (#10992, @qmonnet)
- Move GKE CI to US zone (#10091, @nebril)
- Re-enable Services test with l7 policy (#11623, @jrajahalme)
- RenderTemplateToFile writes file to node (#11160, @David0922)
- Revert "ci: Run GKE jobs only on gke nodes" (#10736, @nebril)
- Run precheck make target in Travis CI (#11740, @tklauser)
- test(helm): Correct invalid input in kind-action (#11704, @sayboras)
- test,daemon: Fix repeated devices (Backport PR #12196, Upstream PR #12176, @brb)
- test/helpers: allow passing custom number of requests to helpers.Ping() (Backport PR #11937, Upstream PR #11897, @qmonnet)
- test/k8s: keep configmap across upgrade test (Backport PR #12039, Upstream PR #12051, @aanm)
- test/k8s: Migrate L7 visibility tests to hubble (#11622, @glibsm)
- test/k8sHubble: Clean up hubble-cli and hubble-relay pods (#11687, @gandro)
- test/K8sServices: disable fragment tracking test for kernel 4.19 (Backport PR #12039, Upstream PR #12041, @qmonnet)
- test/K8sServices: re-enable IPv4 fragment tests on kernel 4.19 (Backport PR #12216, Upstream PR #12159, @qmonnet)
- test/K8sServices: redeploy Cilium before fragment tracking tests (#11663, @qmonnet)
- test/K8sServices: Skip checks for externalTrafficPolicy=Local with kube-proxy <1.15 (Backport PR #11951, Upstream PR #11965, @gandro)
- test: Add debugging info for potential flakes in NodePort services tests with L4 and L7 (Backport PR #12027, Upstream PR #11765, @jrajahalme)
- test: Add externalIPs tests to K8sServicesTest and disable K8sKubeProxyFreeMatrix (#11696, @brb)
- test: Add generated files to .gitignore, avoid pulling stale images. (Backport PR #12173, Upstream PR #12110, @jrajahalme)
- test: Add K8sServicesTest with L4-only policy (#11605, @jrajahalme)
- test: Add retries to curl command (Backport PR #12027, Upstream PR #11993, @christarazi)
- test: add retries to expected successful curl calls (Backport PR #11893, Upstream PR #11797, @nebril)
- test: Add simple retries for flaky Helm operations (Backport PR #11856, Upstream PR #11762, @christarazi)
- test: Aid flake debugging (#11520, @errordeveloper)
- test: Annotate lock deployment with Jenkins $BUILD_URL (#11391, @errordeveloper)
- test: Apply deployments in BeforeAll rather than BeforeEach (#11514, @jrajahalme)
- test: Check kubectl with 'which' instead of 'dpkg -l' (#10998, @jrajahalme)
- test: disable "Tests NodePort with L7 Policy" (#11710, @nebril)
- test: disable fqdn restart test (Backport PR #11856, Upstream PR #11776, @nebril)
- test: Do not sleep in sessionAffinity tests (#11216, @brb)
- test: don't check destination label in RuntimePolicies with PolicyAuditMode (Backport PR #12216, Upstream PR #12003, @tklauser)
- test: Download correct cilium-istioctl for the executing OS. (Backport PR #12173, Upstream PR #12109, @jrajahalme)
- test: Enable K8sUpdates for kube-proxy-free CI job (#10586, @brb)
- test: Enable Prometheus metrics in K8sHubbleTest (#11508, @michi-covalent)
- test: Extend "Checks service on same node" test case (#10687, @brb)
- test: Extend RunsOnNetNext helper family (#10870, @brb)
- test: Fix and re-enable test reliant on managed etcd (Backport PR #11856, Upstream PR #11818, @errordeveloper)
- test: Fix cleanup after PolicyAuditMode test (#10493, @joestringer)
- test: fix cli flags handling (Backport PR #12173, Upstream PR #12099, @nebril)
- test: Fix configuring the Cilium agent in dev VM (#10578, @joestringer)
- test: Fix issue with unmanaged pod deletions hitting the timeout (#11654, @errordeveloper)
- test: Fix looping tests (#11621, @jrajahalme)
- test: fix nightly upgrade test (#10306, @aanm)
- test: Fix operator param in ManagedEtcd suite (#10593, @brb)
- test: Fix running CI on microk8s (#11604, @joestringer)
- test: Fix typo (Backport PR #12173, Upstream PR #12090, @jrajahalme)
- test: Fix typo that prevented GKE clusters from scaling down (#11494, @errordeveloper)
- test: Fix waiting for PODs (#11506, @jrajahalme)
- test: force restarting of Cilium pods (#11613, @nebril)
- test: Gather combined Cilium logs as last resort (Backport PR #12027, Upstream PR #12007, @nebril)
- test: Improve
gke/{select,release}-cluster.sh
scripts (#11173, @errordeveloper) - test: Improve K8sServicesTest naming and expectation offsets (#11675, @brb)
- test: increase timeout for getting pod list for logs (#11747, @nebril)
- test: Make sure the namespace for Cilium exists (#11350, @michi-covalent)
- test: Mend gingko-ext (#11553, @errordeveloper)
- test: merge waitToDelete* functions (#10559, @aanm)
- test: Override env variables after parsing command line (#11480, @michi-covalent)
- test: parallelize log gathering (#11748, @nebril)
- test: retry fqdn requests, increase curl timeout (#11775, @nebril)
- test: retry fqdn requests, increase curl timeout (Backport PR #11856, Upstream PR #11775, @nebril)
- test: Skip Istio test if Ginkgo runs on unsupported runtime. (Backport PR #12173, Upstream PR #11905, @jrajahalme)
- test: update k8s testing versions to 1.15.11, 1.16.8 and 1.17.4 (#10661, @aanm)
- test: upgrade tests from v1.7 to master (#10239, @aanm)
- test: use local copy of Cilium Star Wars Demo (Backport PR #11856, Upstream PR #11817, @tklauser)
- test: Use longer timeout for ginkgo DNS lookups (Backport PR #12216, Upstream PR #12062, @jrajahalme)
- test: use pkg/lock instead of stdlib sync (#11729, @tklauser)
- test: Wait for IPCache entries in testSessionAffinity (#11771, @brb)
- test: Wait for IPCache entries in testSessionAffinity (Backport PR #11856, Upstream PR #11771, @brb)
- test: Wait for POD policy revision increment in all cases. (Backport PR #12027, Upstream PR #11995, @jrajahalme)
- test: Wait for POD readiness before test steps (#11413, @jrajahalme)
- travis: fix arm64 build (#11774, @tklauser)
Misc Changes:
- .github: Add release issue template (#10452, @joestringer)
- .github: fix doc links in PR template (#10287, @tklauser)
- .github: Minor release issue fixups (#10475, @joestringer)
- .github: Run GitHub Actions on master (#11439, @pchaigno)
- .github: Tweak the release note label message (#10617, @pchaigno)
- .github: update cilium-actions for latest 1.7 RC (#10172, @joestringer)
- .gitignore: Ignore some more common output files (#11354, @joestringer)
- .travis: Adjust travis related code (#10327, @iecedge)
- .travis: delete allow_failures for Arm64 job (#10540, @Jianlin-lv)
- .travis: fix failure to install clang-10 on Arm64 (#11418, @Jianlin-lv)
- .travis: fix issue that etcd exited on Arm64 (#10527, @Jianlin-lv)
- .travis:fix test failed caused by timeout (#10656, @Jianlin-lv)
- 1.8 Documentation updates (Backport PR #11926, Upstream PR #11892, @tgraf)
- 1.8 documentation updates: Concepts & menu structure (Backport PR #12173, Upstream PR #11979, @tgraf)
- [Doc] - Update link to the contribution guide (#10307, @manuelbuil)
- Add a function to get connection info in a structure format from data (#11352, @lzang)
- Add and use concurrency-safe PRNG source (#10997, @tklauser)
- Add audit action to the policy verdict log (Backport PR #11893, Upstream PR #11843, @ap4y)
- Add benchmark for pkg/bpf/binary (#10620, @tklauser)
- Add command-line instructions to install the hubble CLI (Backport PR #12103, Upstream PR #12001, @michi-covalent)
- Add connectivity test to troubleshooting (Backport PR #11856, Upstream PR #11643, @jedsalazar)
- Add deepcopy generator checker (#11165, @aanm)
- Add DeepEqual on all K8s update events (#11510, @aanm)
- Add detector and fix write access on read-only structures (#11020, @aanm)
- Add GitLab to USERS.md (#10487, @whaber)
- Add Hubble store getter to gain access to k8s data store. (Backport PR #12173, Upstream PR #12114, @lzang)
- Add new cilium docker file target for linux developers (#10513, @aanm)
- Add note about Cilium with CRIO on minikube (#10796, @christarazi)
- Add pkg/ipmasq to CODEOWNERS (#11389, @brb)
- Add policy verdicts GSG (Backport PR #12196, Upstream PR #12165, @joestringer)
- Add RancherOS to documentation OS compatibility matrix (#10881, @nathanjsweet)
- Add SAP Concur to USERS.md (#11384, @dragan)
- Add support for file based authorizer for Azure (#10876, @ashrayjain)
- Added Sphere Knowledge as users (#10787, @mvisonneau)
- Adds newline after unit-tests target. (#10837, @Weil0ng)
- agent: Fix data race when accessing d.monitorAgent (Backport PR #11856, Upstream PR #11823, @tgraf)
- agent: Remove color support (#10392, @tgraf)
- agent: Remove leftovers from IPv6 /96 prefix requirement (#10196, @tgraf)
- alignchecker: split alignment checks for monitor types into own package (#10107, @tklauser)
- all: convert package level vars to consts where possible (#10329, @tklauser)
- all: don't use global PRNG state from math/rand (#10575, @tklauser)
- all: fix remaining prealloc issues (#10913, @tklauser)
- all: preallocate slices with known size (#10716, @tklauser)
- all: remove unnecessary use of fmt.Sprintf (#10858, @tklauser)
- Allow to configure bpf-nat-global-max using Helm (#10511, @tklauser)
- Allow to create docker images with unstripped binaries (#11689, @tklauser)
- api, daemon: drop unnecessary dependency on github.com/go-openapi/runtime/flagext (#10905, @tklauser)
- api, daemon: drop unused dependency on github.com/jessevdk/go-flags (#10890, @tklauser)
- api: add namespace as part of endpoint external identifiers (#10038, @fristonio)
- Avoid reallocations in loops (#10224, @tklauser)
- aws/eni/types: move ENI-specific types to own package (#10282, @tklauser)
- azure/ipam: Fix nil dereference with logger (Backport PR #11856, Upstream PR #11786, @christarazi)
- azure: Fix allocation of addresses (#10815, @tgraf)
- BPF programs no longer depend on libc headers. (#10204, @tklauser)
- bpf, docs: add list of XDP supported drivers (Backport PR #11984, Upstream PR #11970, @borkmann)
- bpf, maps: consistently use MapType (#10394, @tklauser)
- bpf, sock: avoid allocating cilium_lb6_reverse_sk if v6 is disabled (#10573, @borkmann)
- bpf, xdp: migrate prefilter program to generic __ctx_buff (#10404, @borkmann)
- bpf, xdp: various optimizations for nodeport (#11082, @borkmann)
- bpf: add -nostdinc and a few more misc compilation options (#11205, @borkmann)
- bpf: add tail_call_{static,dynamic} helpers (#11484, @borkmann)
- bpf: atomically replace XDP program when in same XDP mode (#10958, @borkmann)
- bpf: check for cilium-map-migrate instead of cilium CLI client in ini… (#10670, @tklauser)
- bpf: Coccinelle scripts for align_stack_8 and const qualifier (#11234, @pchaigno)
- bpf: constify pointer function arguments (#10825, @tklauser)
- bpf: convert datapath over to generic ctx type (#10333, @borkmann)
- bpf: Declare config. variables as volatile (#10557, @pchaigno)
- bpf: enable hairpin optimizations to avoid fib lookup also for tc (Backport PR #12027, Upstream PR #11989, @borkmann)
- bpf: Ensure build_all target always builds all bpf datapath permutations (#11274, @joestringer)
- bpf: Fix build warning for unused parameter (#10611, @pchaigno)
- bpf: Fix build warning in conntrack test (#10598, @joestringer)
- bpf: fix circular dependency warning (#11479, @tklauser)
- bpf: Fix name for example map (#10768, @joestringer)
- bpf: Fix pointer-to-int-cast warning in newer Clang (#10522, @pchaigno)
- bpf: Fix race when accessing m.fd (Backport PR #11856, Upstream PR #11812, @tgraf)
- bpf: Fix reversed ENABLE_EXTRA_HOST_DEV condition (#10843, @pchaigno)
- bpf: fix test/bpf/unit-test segfault due to memcmp looping (#11709, @borkmann)
- bpf: fix typo in function name (#10589, @tklauser)
- bpf: Improve compilation coverage (#10712, @pchaigno)
- bpf: make setting fifo policy non-fatal when probing hz (#11454, @borkmann)
- bpf: more scalability improvements (Backport PR #11856, Upstream PR #11694, @borkmann)
- bpf: only update nodeport neigh entry if stale or non-existant (#11371, @borkmann)
- bpf: optimized memmove for XDP + DSR (#11676, @borkmann)
- bpf: optmize builtin functions before we fallback to them (#11089, @borkmann)
- bpf: really only enforce bind rejection when in hostns (#11210, @borkmann)
- bpf: Refactor identity resolution on bpf_netdev egress (#10776, @pchaigno)
- bpf: Refactor meta, ipsec/hostdev_ingress (#10766, @joestringer)
- bpf: remove
Map.DeleteWithErrno()
(#10058, @rolinh) - bpf: Remove duplicate code in bpf_sock.c (#10862, @brb)
- bpf: Remove unused code (#10671, @pchaigno)
- bpf: Remove unused variables (#10665, @pchaigno)
- bpf: split off debug options and do not run it in ci (Backport PR #12039, Upstream PR #11977, @borkmann)
- bpf: switch csum_l4_replace and ipv4_dec_ttl to csum_diff (#10521, @borkmann)
- bpf: use per-cpu scratch space from xdp context to store meta data (#11595, @borkmann)
- bpf: use syscall.BytePtrFromString instead of deprecated syscall.StringBytePtr (#10117, @tklauser)
- bpf: various datapath follow-up optimisations and fixes (Backport PR #11984, Upstream PR #11924, @borkmann)
- bpf: xdp asm volatile fix in relation to reg spill (#11152, @borkmann)
- bpf: xdp generalization prep work (#10491, @borkmann)
- build: Optionally use git for all docker builds with BUILDKIT (#11513, @jrajahalme)
- build: Remove
sysctl
from Dockerfiles (#11017, @errordeveloper) - bump k8s dependencies and test to v1.18.3 (#11679, @aanm)
- bump k8s libraries to 1.18.0 (#10713, @aanm)
- byteorder: simplify type switches (#10463, @tklauser)
- ci/hubble: Fully remove Cilium installation (#11141, @gandro)
- CI/RuntimePolicies: Replace cilium monitor with hubble observe (#11474, @gandro)
- CI: Change trigger event for docs workflow, add filter (#10748, @errordeveloper)
- CI: Improve ability to run tests on non-CI clusters (#11167, @tgraf)
- CI: Improve bootstraping before each test (#11287, @tgraf)
- CI: Increase timeouts and retries when accessing external destinations (#11770, @tgraf)
- CI: New deployment manager to ease deployment into random namespaces (#11170, @tgraf)
- CI: Run coccicheck BPF target with GitHub Actions (#11306, @pchaigno)
- ci: skip fqdn restart test (#11639, @nebril)
- CI: update Go version in .travis.yml directly (#11252, @tklauser)
- CI: use GitHub action to check Go module vendoring (#11254, @tklauser)
- Cilium has added support for "named ports". Updating docs to reflect this (#11754, @jedsalazar)
- cilium, builder: declutter all unused packages in builder (#11346, @borkmann)
- cilium, docker: switch to {clang,llvm}-10.0 and externalize build deps (#11308, @borkmann)
- cilium, tests: reenable BPF xdp/tc nodeport tests (#11347, @borkmann)
- cilium.io/v2: move files around to reduce imports in API (#11077, @aanm)
- cilium: add visibility for all flags in CT dump (#10967, @borkmann)
- cilium: downgrade kernel_hz clock probe warning to info message (Backport PR #11856, Upstream PR #11816, @borkmann)
- cilium: fix cell alignment in status output (#11031, @tklauser)
- cilium: improve bpf dp signal upon ct insertion error (#11684, @borkmann)
- cilium: improve host-port generated service names (#11469, @borkmann)
- cilium: optimize bpf to use jiffies for ct maps (#11434, @borkmann)
- cilium: rename --node-port-acceleration=none to =disabled (Backport PR #11951, Upstream PR #11925, @borkmann)
- cilium: various xdp related follow-ups (#10910, @borkmann)
- Cleanups in
pkg/maps
(#10872, @tklauser) - cli: remove hidden 'generate-bash-completion' command (#10584, @rolinh)
- client, identity: remove unnecessary guards around delete() (#10148, @tklauser)
- cocci: Detect unlogged missed tail calls (Backport PR #11893, Upstream PR #11808, @pchaigno)
- coccinelle: Enable patching of missing __align_stack_8 (#11285, @pchaigno)
- coccinelle: Fix Docker image name printed on errors (#11403, @pchaigno)
- coccinelle: Use Docker image to patch issues (#11370, @pchaigno)
- CODEOWNERS: Add CI team as code-owner of vagrant_box_defaults.rb (#11404, @gandro)
- CODEOWNERS: add cilium/agent to owners for pkg/option (#11407, @tklauser)
- CODEOWNERS: add helm as codeowner of install/kubernetes (#11723, @aanm)
- CODEOWNERS: add pkg/operator to cilium/operator (#10348, @aanm)
- CODEOWNERS: Clean up (#10807, @pchaigno)
- CODEOWNERS: fix path for contribution process docs (#10305, @tklauser)
- CODEOWNERS: ignore auto-generated documentation (#11366, @aanm)
- contrib, docs: fixes for the backporting guide and script README (#10672, @tklauser)
- contrib/backporting: remove requires-janitor-review label (Backport PR #12039, Upstream PR #11986, @aanm)
- contrib/vagrant: enable hubble by default (#11337, @rolinh)
- contrib/vagrant: enable hubble listener on :4244 (TCP) by default (#11618, @rolinh)
- contrib/vagrant: Fix warning when K8S is unset (#10280, @pchaigno)
- contrib/vagrant: only ssh to k8s1 if vagrant up suceeded (#10049, @tklauser)
- contrib: Add backport submission script (#10642, @joestringer)
- contrib: Add environment variable to script to control K8s namespace (Backport PR #12103, Upstream PR #12082, @christarazi)
- contrib: Add script to bump stable releases (#10711, @joestringer)
- contrib: Fix submit-backport PR set-labels detection (Backport PR #11926, Upstream PR #11912, @joestringer)
- contrib: Fixes for backporting scripts (#10829, @pchaigno)
- contrib: include branch name in file generated by start-backport (#10649, @rolinh)
- contrib: Misc. fixups for k8s-cilium-exec.sh script (Backport PR #12173, Upstream PR #12126, @christarazi)
- Correct message for kvstore get (consul) (#11568, @sayboras)
- daemon/cli: Add SessionAffinity to cilium status (Backport PR #11951, Upstream PR #11927, @brb)
- daemon: Create all global maps in cilium-agent (#10626, @pchaigno)
- daemon: Do not auto enable hybrid DSR mode (#10332, @brb)
- daemon: Enable device auto detection for host-fw when BPF NodePort is disabled (Backport PR #12103, Upstream PR #12050, @brb)
- daemon: Fix TriggerReloadWithoutCompile comment (#10954, @joestringer)
- daemon: Improve error msg for endpoint IP reallocation (#10494, @brb)
- daemon: Move files into own go package (#10594, @gandro)
- daemon: preallocate prefilter spec slices with known size (#10751, @tklauser)
- daemon: Remove checkHostFirewallWithEgressLB() (Backport PR #12027, Upstream PR #11982, @pchaigno)
- daemon: remove deprecated and hidden --sidecar-http-proxy option (#10432, @tklauser)
- daemon: remove deprecated conntrack-garbage-collector-interval option (#11134, @tklauser)
- daemon: Remove old policy call map (#10845, @pchaigno)
- daemon: remove unused type rulesManager (#10188, @tklauser)
- daemon: silence log messages during cmdref generation (#10090, @tklauser)
- daemon: Warn when policy audit mode is enabled (Backport PR #12173, Upstream PR #12166, @joestringer)
- datapath, service: Isolate runtime-specific types from widely imported types (#10610, @errordeveloper)
- datapath/link: Add unit tests (#10613, @mrostecki)
- datapath/linux,maps/ipcache: consistently use BackedByLPM() helper (#10122, @rolinh)
- datapath: Abstract LoadBalancerNodeAddresses() via NodeAddressing (#10409, @tgraf)
- datapath: Clarify loader interfaces (#10771, @joestringer)
- datapath: convert global variables to consts where possible (#10176, @tklauser)
- datapath: Fix panic on direct routing config (#11756, @pchaigno)
- datapath: Remove unnecessary matching on internal IP in proxy rules (#10408, @tgraf)
- datapath: Silent iptables removal on first init (Backport PR #11856, Upstream PR #11815, @tgraf)
- datapath: use net.IP.IsLoopback instead of string comparison (#10195, @tklauser)
- delete pkg/hubble/ipcache and GetIPIdentity func from ipcache (#11652, @rolinh)
- doc: add "observing flows with Hubble Relay" to troubleshooting section (Backport PR #11937, Upstream PR #11919, @rolinh)
- doc: Add Cilium container networking control flow (#10387, @soumynathan)
- doc: Add code overview section (#11150, @tgraf)
- doc: add documentation section about Hubble internals (#11139, @rolinh)
- doc: Add make render-docs-live-preview target (#11536, @michi-covalent)
- doc: add Networking and security observability with Hubble guide (Backport PR #12173, Upstream PR #12155, @michi-covalent)
- doc: Add NodePort tests to connectivity-check (#11087, @tgraf)
- doc: Add SKIP_LINT option to render-docs target (#11383, @michi-covalent)
- doc: de-duplicate instructions in kind and hubble getting started guides (Backport PR #12216, Upstream PR #12210, @rolinh)
- doc: Document render-docs target (#11298, @michi-covalent)
- doc: Enable Netlify Deploy Preview (#11537, @michi-covalent)
- doc: ensure to use --set config.ipam=kubernetes with kind (Backport PR #12196, Upstream PR #12181, @rolinh)
- Doc: Fix ipam crd backend getting started guide (#10553, @soumynathan)
- doc: Fix minor issue with rst syntax (#10453, @errordeveloper)
- doc: Fix require-ipv4-pod-cidr value for ENI and Azure mode (#11725, @tgraf)
- doc: fix up GKE install guide (Backport PR #11984, Upstream PR #11960, @rolinh)
- doc: minor typo fix CRD allocator guide (#11143, @MQasimSarfraz)
- doc: Misc fixups for Transparent Encryption GSG (Backport PR #12173, Upstream PR #12088, @christarazi)
- doc: revamp kata containers getting started guide (Backport PR #12203, Upstream PR #12144, @rolinh)
- doc: Specify CILIUM_NAMESPACE for Hubble installation instruction (Backport PR #12173, Upstream PR #12149, @michi-covalent)
- doc: Tidy up usage of Helm (#10435, @errordeveloper)
- doc: Troubleshooting with Hubble (Backport PR #11893, Upstream PR #11827, @gandro)
- doc: uniformize name when referring to Hubble Relay (Backport PR #11937, Upstream PR #11923, @rolinh)
- doc: Update End-To-End Testing Framework page (#11353, @michi-covalent)
- doc: Update spelling for Netlify (#11642, @michi-covalent)
- doc: Update the EKS getting started guide (Backport PR #11893, Upstream PR #11697, @michi-covalent)
- doc: Update the Hubble section of getting started guides (Backport PR #12027, Upstream PR #11882, @michi-covalent)
- Doc: Update the unit test section for privileged tests (#11433, @soumynathan)
- doc: Upgrade dependency verisons to remove warnings (#11299, @michi-covalent)
- doc: Use --reuse-values option for helm upgrade (Backport PR #12027, Upstream PR #12020, @michi-covalent)
- doc: Use a personal registry for dev images (#11658, @michi-covalent)
- doc: Use docker.io instead of quay.io (#11606, @michi-covalent)
- doc: Use Hubble version specified in stable.txt (Backport PR #12216, Upstream PR #12167, @michi-covalent)
- docker, runtime: only build clang and llc targets (#10956, @tklauser)
- docker, runtime: remove apt cache from runtime image (#10704, @tklauser)
- Docker: Speed up dev image builds (#11443, @jrajahalme)
- docker: update cilium-{runtime,builder} images (#11734, @borkmann)
- Dockerfile: Change WORKDIR, remove redundant logic (#10531, @errordeveloper)
- Dockerfile: Run apt-get update before apt-get install (#11665, @michi-covalent)
- Dockerfile:Add arm64 support for building images (#10618, @Jianlin-lv)
- Dockerfiles: Add git log when checking out from git (#10819, @joestringer)
- Docs fix for mounting bpf fs (#11001, @nathanjsweet)
- docs, bpf: Add description about bpftool btf command (#10947, @DanielTimLee)
- docs/scalability: set right ipam option (Backport PR #11926, Upstream PR #11890, @aanm)
- docs: add
test-gke
command to ci docs (#10996, @nebril) - docs: Add Further Readings section to kube-proxy-free getting started guide (#11137, @brb)
- docs: Add Hubble metrics reference (Backport PR #12027, Upstream PR #11996, @gandro)
- docs: Add IP fragmentation tracking section (Backport PR #12203, Upstream PR #12162, @joestringer)
- docs: add missing dependency to use docs live-preview (#11761, @aanm)
- docs: add missing words to spelling word list (#10328, @tklauser)
- docs: add NAT table to BPF map limitations table (#10968, @tklauser)
- docs: Add note about
--node-ip
kubelet option (Backport PR #12103, Upstream PR #12095, @gandro) - docs: Add session affinity to kubeproxy-free guide (Backport PR #11984, Upstream PR #11957, @brb)
- docs: add table for test-focus (#11752, @nebril)
- docs: add Wildlife Studios to USERS.md (#10548, @guilhermeoki)
- docs: add word to misspelled list (Backport PR #11856, Upstream PR #11822, @aanm)
- docs: adjust to new mapDynamicSizeRatio default in upgrade guide (Backport PR #12103, Upstream PR #12065, @tklauser)
- docs: adjust VM name and cilium status output in Docker GSG (#11032, @tklauser)
- docs: bump minimum required clang version for development to 7.0 (#10524, @tklauser)
- docs: consolidate BPF map documentation in concepts/ebpf/intro.rst (Backport PR #12173, Upstream PR #12183, @tklauser)
- docs: Consolidate bpf-map-dynamic-size-ratio documentation (Backport PR #12039, Upstream PR #12028, @tklauser)
- docs: Document how to run tests on backport PRs (#11211, @joestringer)
- docs: document that policyMapMax overrides dynamic policy map size (#11558, @tklauser)
- docs: Extend kubeproxy-free GSG wrt multi-dev (Backport PR #12103, Upstream PR #12054, @brb)
- docs: Fix "make render-docs" permissions issue (#10922, @joestringer)
- docs: fix build in non-verbose mode (#11119, @tklauser)
- docs: Fix documentation postchecks (#10585, @pchaigno)
- docs: fix hyperlinks and other minor issues (#11080, @qmonnet)
- docs: fix issue link in k8s policy docs (#10971, @tklauser)
- docs: fix line-break in parsed-literal instance (Backport PR #12173, Upstream PR #12157, @borkmann)
- docs: Fix multiple broken links (#10576, @errordeveloper)
- docs: fix SCM_WEB expansion in troubleshooting guide (Backport PR #12103, Upstream PR #12096, @tklauser)
- docs: fix section heading level in upgrade guide (#10456, @tklauser)
- docs: fix spelling of "primarily" in Kubernetes IPAM docs (#10458, @tklauser)
- docs: Fix up backporting instructions. (#10155, @jrajahalme)
- docs: Host firewall documentation (Backport PR #12203, Upstream PR #12187, @pchaigno)
- docs: Improve consistency in Azure docs (Backport PR #12173, Upstream PR #12108, @errordeveloper)
- docs: Improve session affinity section in kube-proxy free guide (Backport PR #11984, Upstream PR #11958, @brb)
- docs: Include directions to restart pods in the k3s install guide (Backport PR #11893, Upstream PR #11879, @seanmwinn)
- docs: k3s command missing
sh -
(Backport PR #11926, Upstream PR #11878, @glibsm) - docs: mention disabling of lro on hv_netvsc (Backport PR #12173, Upstream PR #12172, @borkmann)
- docs: Minor adjustments to the development dependencies (#10697, @pchaigno)
- docs: NodePort XDP on AWS (Backport PR #12173, Upstream PR #12156, @borkmann)
- docs: NodePort XDP on Azure (Backport PR #12173, Upstream PR #12150, @gandro)
- docs: Parameterize READTHEDOCS_VERSION (Backport PR #11856, Upstream PR #11840, @joestringer)
- docs: point cilium docs into a stable version of sphinx theme (Backport PR #12032, Upstream PR #12010, @genbit)
- docs: Point GKE doc to the cluster name var (#11590, @glibsm)
- docs: properly format code in NFS configuration note (#10071, @tklauser)
- docs: Quieten cmdref generation (#10725, @joestringer)
- docs: quote helm flags with brackets (Backport PR #11984, Upstream PR #11922, @nebril)
- docs: re-design cilium docs theme (Backport PR #12032, Upstream PR #11803, @genbit)
- docs: Refresh ginkgo CLI flags documentation (#11629, @joestringer)
- docs: Remove redundant stable release instructions (Backport PR #11926, Upstream PR #11898, @joestringer)
- docs: Rework live-preview to use docker container (Backport PR #11951, Upstream PR #11940, @joestringer)
- docs: simplify one of the steps in GKE guide (Backport PR #12173, Upstream PR #12148, @errordeveloper)
- docs: Update debugging section for data races and deadlocks (#11700, @christarazi)
- docs: update example output in HTTP-aware policy enforcement GSG (Backport PR #12103, Upstream PR #12069, @tklauser)
- docs: update list of advanced kernel requirements: fragment tracking (#11501, @qmonnet)
- docs: update on hostport for upgrade guide and cni chanining (Backport PR #12103, Upstream PR #12066, @borkmann)
- docs: Update PR docs for split jobs (#11463, @nebril)
- docs: Update trigger phrases for CI (#10791, @pchaigno)
- docs: updating contribution guide process (#11174, @aanm)
- docs: which k8s-kernel pairs are we testing (#10880, @nebril)
- Drop dependency on pkg/option in cilium-cni and cilium-docker (#11327, @tklauser)
- early spring cleanup helper prep for xdp (#10344, @borkmann)
- Enable
-Wextra
when compiling bpf programs (#10596, @tklauser) - Enable helm-check github action for master branch (#11482, @sayboras)
- endpoint: Avoid logging about disconnected EPs during restore (#10974, @jrajahalme)
- endpoint: Fix incorrect warning for stat(2) (#11281, @pchaigno)
- Ensure endpoint validation occurs before initial regeneration (Backport PR #11856, Upstream PR #11714, @tgraf)
- envoy: Include detail in NACK warning (Backport PR #12027, Upstream PR #12016, @jrajahalme)
- etcd: propagate Context from higher-level calls (Backport PR #12027, Upstream PR #11891, @tklauser)
- examples/getting-started: Bump Cilium version (#10459, @errordeveloper)
- examples/getting-started: fix docker-compose getting started (#10108, @aanm)
- examples/getting-started: revert bind mount for /var/lib/cilium (#11030, @tklauser)
- Fix bpf unit test build in dev VM (#10735, @tklauser)
- Fix commands in EKS kube-proxy free GSG (Backport PR #12173, Upstream PR #12174, @tklauser)
- Fix comment typos (#10749, @ungureanuvladvictor)
- Fix corrupted bpf_features.h (#10861, @pchaigno)
- Fix DOCKER_BUILDKIT builds (Backport PR #12216, Upstream PR #12091, @jrajahalme)
- Fix GKE Helm options for CI and docs. (Backport PR #12196, Upstream PR #12087, @jrajahalme)
- Fix hubble metricsServer label in values.yaml (#10908, @soumynathan)
- Fix live preview with Python 3.8 (Backport PR #11893, Upstream PR #11838, @joestringer)
- Fix make generate-k8s-api (#11468, @sayboras)
- Fix makefile and a small interface change (#11736, @anfernee)
- Fix missing newlines at end of file (#10334, @maxbischoff)
- Fix missing operator-generic in upstream k8s tests (Backport PR #12039, Upstream PR #12055, @aanm)
- Fix native routing cidr missing flag in daemon (Backport PR #12173, Upstream PR #12180, @aanm)
- Fix off-by-one warning from LGTM and add tests for NodePort range (#10151, @christarazi)
- Fix up install make target (#10320, @joestringer)
- Fix various data races in pkg/aws/eni and pkg/ipam (#11685, @christarazi)
- fix(datarace): Fix possible nil pointer dereference (Backport PR #11856, Upstream PR #11804, @sayboras)
- fix(helm): To fix un-expected {{end}} in helm template (#11400, @sayboras)
- fqdn: Fix missing IsNil checks in unit tests (Backport PR #11984, Upstream PR #11953, @pchaigno)
- fqdn: Update high-level package docs (#11034, @raybejjani)
- Further IPAM simplifcations (#10569, @tgraf)
- Ginkgo: Simplify all --focus regexes (Backport PR #12173, Upstream PR #12089, @jrajahalme)
- git: ignore cilium yamls created by tests (#11509, @jrajahalme)
- go-bindata is no longer used to install BPF assets. (#10177, @tklauser)
- go-mod: remove unecessary go module helper scripts (#10221, @aanm)
- helm: Add a chart for hubble-relay (#11244, @michi-covalent)
- helm: added global.cni.readCniConf parameter (Backport PR #12039, Upstream PR #11597, @mvisonneau)
- helm: Bump hubble-ui to v0.6.0 (Backport PR #11893, Upstream PR #11854, @gandro)
- helm: Clean up hubble-listen-addresses (#11264, @michi-covalent)
- helm: Clean up the hubble-relay DNS name in the UI chart (Backport PR #12173, Upstream PR #12033, @michi-covalent)
- helm: correct lint error in preflight template (#11671, @sayboras)
- helm: Do not enable hubble-cli subchart by default (#11124, @gandro)
- helm: enable prometheus metrics in cilium-operator (#10539, @aanm)
- helm: Ensure hubble is enabled when hubble-{relay,ui} is deployed (#11577, @gandro)
- helm: fixed hubble servicemonitor matchLabels parameter (Backport PR #11926, Upstream PR #11886, @mvisonneau)
- helm: Generate experimental-install.yaml (Backport PR #11984, Upstream PR #11907, @michi-covalent)
- helm: re-generate quick-install.yaml after PR #10289 (#10604, @tklauser)
- helm: Set --enable-hubble/--hubble-socket-path flags (#10794, @michi-covalent)
- helm: Simplify Hubble metrics values (Backport PR #11926, Upstream PR #11887, @gandro)
- helm: Update hubble related configuration (#11090, @michi-covalent)
- helm: Update hubble-ui chart (#11273, @michi-covalent)
- helm: Use port 80 for service/hubble-ui (Backport PR #12027, Upstream PR #12023, @gandro)
- hostport: read the hostport setting from viper (#11051, @wangli8850)
- hubble-cli: Mount /var/run/cilium as a directory (#11129, @michi-covalent)
- hubble-proxy: fix completion code (#10631, @rolinh)
- hubble-proxy: remove explicit binary stripping (#11058, @tklauser)
- hubble-relay: add an option to run pprof (#11465, @rolinh)
- hubble-relay: Add gops agent (#11372, @gandro)
- hubble-relay: Add node status message (#11589, @gandro)
- hubble/observer: increment 'numObservedFlows' atomically (Backport PR #11856, Upstream PR #11835, @aanm)
- hubble: Add OnFlowDelivery and OnGetFlows (#10896, @tgraf)
- hubble: Change the default event queue size (#10488, @michi-covalent)
- hubble: Change uint64 -> uint32 in getters interfaces (#11242, @matej-g)
- hubble: delete parser/endpoint package and move Endpoint struct to testutils (#11769, @rolinh)
- hubble: Enable grpc reflection (#11116, @michi-covalent)
- hubble: enable metrics before starting server (Backport PR #11893, Upstream PR #11846, @aanm)
- hubble: Export FilterByLabelSelectors (#10937, @michi-covalent)
- hubble: move hubble-serve out of daemon, re-organize packages (#10892, @rolinh)
- hubble: remove pkg/hubble/logger and use cilium's default logger (#11576, @rolinh)
- hubble: remove unused code (#11584, @rolinh)
- hubble: Simplify unix domain socket listener setup (#11067, @gandro)
- hubble: Use a single string to configure the server address (#11330, @michi-covalent)
- identity: Recognize host and health identities as fixed (#11583, @pchaigno)
- idpool: don't initialize ID cache in random order (#10546, @tklauser)
- Implement values for hubble-relay to properly control sub chart values (Backport PR #12027, Upstream PR #11757, @seanmwinn)
- Improve tunnel identity notifications (#11027, @joestringer)
- Improve unit test for kvstore (#11300, @sayboras)
- install/kubernetes: re-generate quick-install.yaml (#10424, @tklauser)
- install: Fix up version/pullPolicy for multiple values files (Backport PR #12027, Upstream PR #12030, @joestringer)
- IPAM cleanups (#10535, @tgraf)
- ipam/metrics: mention interfaces instead of ENI (#10406, @tklauser)
- ipam/types: fix missing deep copy fields (#10500, @aanm)
- ipam: Adjust log format of FirstInterfaceIndex (#11010, @Jianlin-lv)
- ipam: Ensure the package builds on macOS (#10755, @errordeveloper)
- ipcache: Better logging for conflicting named ports (#11702, @jrajahalme)
- iptables: carry on and log on failure to set up transient rules (Backport PR #12027, Upstream PR #12006, @qmonnet)
- iptables: de-duplicate code for forward chain rules (#10281, @tklauser)
- k8s,node: Reuse retrieveNodeInformation to retrieve node labels (#11659, @pchaigno)
- k8s/identitybackend: use self validation function (#11427, @aanm)
- k8s/informer: panic Cilium if k8s watcher panic (#11196, @aanm)
- k8s: Fix CCNP for host policies (#11638, @pchaigno)
- k8s: Fix data race when setting node address (Backport PR #11893, Upstream PR #11851, @tgraf)
- k8s: Initialize CRD version (#11156, @jrajahalme)
- k8s: update k8s libraries to v1.18.4 (Backport PR #12216, Upstream PR #12209, @aanm)
- kubernetes/cilium: bump helm version to 1.7.90 (#10102, @aanm)
- linux: check policy routing of running kernel (#10068, @iecedge)
- loader: Attach bpf_host to cilium_net from Golang (Backport PR #11856, Upstream PR #11598, @pchaigno)
- loader: Fix "Skipping symbol substitution" warnings (#10934, @pchaigno)
- loader: Fix missing dot in assembly output files (#11716, @pchaigno)
- loader: Fixes for map creation from daemon (#10728, @pchaigno)
- loader: Move direct routing config. to node_config.h (#11594, @pchaigno)
- loader: Remove unused arguments in DeleteDatapath (#11495, @pchaigno)
- logo: change SVG file used for the logo (Backport PR #12032, Upstream PR #12002, @qmonnet)
- Make used version of some docker images consistent (#11728, @tklauser)
- make: allow make docker-image with symbol table and debug info (#11445, @jaffcheng)
- make: Allow to build documentation with podman (#10959, @mrostecki)
- make: avoid building plugins/cni twice (#11309, @tklauser)
- make: consistently use $(GO) to invoke the Go tool (#10181, @tklauser)
- make: fix govet target after moving 'common' to 'pkg' (#11406, @tklauser)
- make: fix govet target after renaming hubble-proxy to hubble-relay (#11178, @tklauser)
- make: fix reference to CONTAINER_ENGINE_FULL variable (#11258, @rolinh)
- make: Remove CONTAINER_ENGINE_FULL, use QUIET and CONTAINER_ENGINE (#11128, @mrostecki)
- make: silence more sub-make output in quiet mode (#10891, @tklauser)
- make: silence sub-make output when building in quiet mode (#10664, @tklauser)
- make: strip symbol tables from all binaries by default (#10167, @tklauser)
- make: use microk8s.kubectl in microk8s target (#10533, @tklauser)
- Makefile: Add hubble-proxy to govet target (#10989, @gandro)
- Makefile: Fix build when RACE is provided (#11735, @christarazi)
- Makefile: fix deepcopy generation for pkg/service/store (#10921, @aanm)
- Makefile: Fix errors when specifying RACE (#11631, @christarazi)
- Makefile: fix generating coverage when specifiying TESTPKGS (#11318, @christarazi)
- Makefile: fix test selection for privileged tests (#11005, @qmonnet)
- Makefile: generate coverage for privileged unit tests (#11375, @christarazi)
- Makefile: Move bpf 'build_all' to ci-precheck target (#11291, @joestringer)
- Makefile: move cscope.files generation to its own target (#10182, @qmonnet)
- Makefile: Pass lockdebug tag to tests (#11657, @christarazi)
- Makefile: use $GOARCH instead of deriving it from $(shell uname -m) (#10605, @tklauser)
- Makefiles: Disable CGO globally (#10724, @joestringer)
- Makes k8s cert generation modular in vagrant startup scripts. (#10015, @Weil0ng)
- maps/ctmap: unexport NewMap, MapType type and related consts (#10440, @tklauser)
- metrics: Do not rely on global HTTP server (#11071, @gandro)
- metricsmap: reduce MaxEntries to account for maximum key space (#10292, @tklauser)
- Minor BIRD guide improvements (Backport PR #12103, Upstream PR #12092, @joestringer)
- Misc 1.8 upgrade docs fixups (Backport PR #12103, Upstream PR #12083, @joestringer)
- Misc docs index & development section improvements (Backport PR #11856, Upstream PR #11839, @joestringer)
- Misc improvements for Session Affinity (#11251, @brb)
- Misc ip-masq-agent improvements (#11317, @brb)
- Misc project maintenance updates (#10042, @aanm)
- Misc vagrant dev VM improvements (#10723, @joestringer)
- misc: bump net-next vagrant box version (#9657, @borkmann)
- modules, mountinfo: check scanner.Err after scanner.Scan (#10720, @tklauser)
- monitor: Export policy verdict match type (#10705, @gandro)
- monitor: Fix ipcache lookup debug msg (#11745, @pchaigno)
- monitor: Move PolicyMatchType into pkg/monitor/api (#10893, @tgraf)
- monitor: Refactor listener registration logic (#9924, @michi-covalent)
- monitor: Remove listener from monitor before calling Close() (#10300, @michi-covalent)
- monitor: rename and use traceNotifyV[12]Len consts (#10863, @tklauser)
- Move all 'common' code to 'pkg' (#11331, @soumynathan)
- Move ALLOW_ICMP_FRAG_NEEDED into cDefinesMap (#10769, @soumynathan)
- move bpf nodeport from hybrid to snat by default (#11120, @borkmann)
- Move JSON/YAML precheck into Documentation target (#10952, @joestringer)
- Moved the
Node
type from the main "node" package to the sub-package, "node/types". This continues the effort to decouple commonly used code from being Linux specific. So that the type, itself, may be imported easily by other packages. (#10849, @nathanjsweet) - Moved the sub package, "connector", from the "endpoint" package to the "datapath" package in order to continue to decouple common code from being linux specific. (#10822, @nathanjsweet)
- nodeinit: Use newly built image (Backport PR #11893, Upstream PR #11876, @errordeveloper)
- Omit rendering resources when not supplied (#10363, @maxbischoff)
- operator: Change AWS policy group provider registration (#10689, @errordeveloper)
- operator: fix bugs on reading configuration from config-map (#10520, @aanm)
- operator: Fix operator flags (#11270, @tgraf)
- operator: populate CLI flags from cilium-operator (#10372, @aanm)
- operator: Refactor AWS and Azure allocators (#10758, @errordeveloper)
- operator: remove pod list of an entire cluster (#11376, @aanm)
- option: re-use ToFQDNsMaxDeferredConnectionDeletes const in fatal log (#10483, @tklauser)
- option: remove unused Config.KeepTemplates (#11489, @tklauser)
- pkg/bpf: remove outdated godoc for UpdateElementFromPointers (#10403, @tklauser)
- pkg/bpf: remove unused (Get|Set)MapPrefix funcs (#10529, @tklauser)
- pkg/bpf: remove unused metrics labels (#10830, @tklauser)
- pkg/clustermesh: protect tests against concurrent access (Backport PR #11893, Upstream PR #11852, @aanm)
- pkg/datapath/linux/route: ensure the package compiles on macOS (#10824, @errordeveloper)
- pkg/datapath/linux/route: reduce duplicate code (#10052, @florianl)
- pkg/datapath/loader: log versions (#10096, @florianl)
- pkg/endpoint: return NamedPorts model consistently (#11490, @aanm)
- pkg/endpoint: Simplify search for C header file during restore (#11028, @pchaigno)
- pkg/identity: protect LabelsSHA256 against concurrent initializations (Backport PR #11893, Upstream PR #11872, @aanm)
- pkg/ipam: Don't let ENI IPAM override native-routing-cidr (#10886, @dctrwatson)
- pkg/ipcache: create a GetK8sMetadata for public access (Backport PR #11856, Upstream PR #11833, @aanm)
- pkg/k8s: decrease CEP status initialization (Backport PR #11893, Upstream PR #11829, @aanm)
- pkg/k8s: do not DeepCopy when converting to CiliumEndpoint (#10915, @aanm)
- pkg/k8s: ignore status field in CNP DeepEqual (Backport PR #12173, Upstream PR #12171, @aanm)
- pkg/k8s: remove unused consts and variables (#11177, @aanm)
- pkg/k8s: use node name from pkg/node instead of env variable (Backport PR #11856, Upstream PR #11834, @aanm)
- pkg/mac: small cleanups in MAC address parsing (#10719, @tklauser)
- pkg/maps/encrypt: allocate BPF map in MapCreate only if EnableIPSec is set (#10189, @tklauser)
- pkg/option: do not log warnings if flag is not set (#10817, @aanm)
- policy/api: Rework Rule.MarshalJSON() to ease maintainability (#11651, @pchaigno)
- policy: Fix enforcement status for host endpoint (Backport PR #11856, Upstream PR #11759, @pchaigno)
- policy: Fix incorrect comment (#10588, @pchaigno)
- policy: Fix rule translation test flake (Backport PR #11926, Upstream PR #11913, @joestringer)
- policy: Track policy rule labels from which map entries are derived from (#10512, @gandro)
- Preparatory refactoring for dynamic BPF map sizing (#10957, @tklauser)
- Prepare for GCP IPAM (#10691, @tgraf)
- Prepare for release v1.8.0-rc2 (#11783, @aanm)
- preparing v1.8 branch (#11780, @aanm)
- probes: Add more test cases for system config checks (#10612, @mrostecki)
- proxy: remove write-only members from type Redirect (#10242, @tklauser)
- README: Fix release date for v1.7.2 (#10868, @joestringer)
- Refactor pkg/identity to minimize dependencies (#10960, @tgraf)
- Refactor proxy handling and improve monitor messages (#10906, @joestringer)
- release: Improve documentation around release process (Backport PR #12039, Upstream PR #11939, @joestringer)
- Remove deprecated CiliumEndpoint fields (#10509, @tgraf)
- Remove function queues from k8s watchers (#10914, @aanm)
- Remove hubble-cli sub-chart (Backport PR #11856, Upstream PR #11806, @seanmwinn)
- remove k8s.io/kubernetes as a direct dependency (#10220, @aanm)
- Remove leftover in Makefile (#10410, @manuelbuil)
- Remove the deprecated
CiliumExec
method (#10973, @nathanjsweet) - Remove unused funcs, types and global vars (#10085, @tklauser)
- Remove unused function arguments in bpf programs. (#10433, @tklauser)
- Removed the netlink package dependency from the ip package
to decouple common code from being linux specific. (#10885, @nathanjsweet) - rename hubble-proxy to hubble-relay (#11122, @rolinh)
- Replace almost all uses of 'syscall' with 'unix' pkg. (#10158, @Ropes)
- Reuse existing port on Cilium Operator health api (#11575, @sayboras)
- Revert "test: disable fqdn restart test" (Backport PR #12103, Upstream PR #11929, @jrajahalme)
- Rework netns handling in LinuxRoutingSuite privileged tests (#11620, @christarazi)
- runtime: Update LLVM image (Backport PR #11984, Upstream PR #11968, @errordeveloper)
- SECURITY.md: update versions of supported releases (#10313, @rolinh)
- service/test: Fix waiting in testSessionAffinity and regroup affinity match map updates (#11519, @brb)
- service: Clean up HealthCheckNodePort server when traffic policy changes (Backport PR #11984, Upstream PR #11952, @gandro)
- slim/k8s: add missing resourceVersion field (#11531, @aanm)
- Small bpf cleanups (#11688, @tklauser)
- Small fixes for BPF dynamic map size flag (#11405, @tklauser)
- Small fixes for docker getting-started example (#11022, @tklauser)
- Small k8s fixes and optimizations (#11545, @aanm)
- Small scalability improvements (#11683, @aanm)
- Split operator-only options into separate package (#11176, @tklauser)
- Split out cleanups from #10806 (#10823, @tklauser)
- Split various packages to reduce dependency chain (#10909, @tgraf)
- Support service account annotations for helm charts (#11304, @sayboras)
- Swagger generated APIs from master (#10336, @Ropes)
- Switch from gopkg.in/inotify.v1 to github.com/fsnotify/fsnotify (#11138, @tklauser)
- test/bpf: Fix BPF unit tests (#11158, @pchaigno)
- test/bpf: remove unused event.h (#10202, @tklauser)
- test/DatapathConfig: Remove obsolete service deletion workaround (#11169, @tgraf)
- test/gke: Disable K8sServicesTest Checks service across nodes with L7 policy Tests NodePort with L7 Policy (#11290, @tgraf)
- test/K8sServices: send datagrams in one block for fragment support tests (#11016, @qmonnet)
- test/provision: copy all services before enabling/restarting (#10346, @tklauser)
- test/runtime: remove unused runtimeConnectivityTest (#10835, @tklauser)
- test: Add bash aliases and completion for kubectl (#10726, @brb)
- test: Allow kubectl label node to overwrite (#11182, @jrajahalme)
- test: bpf: Fix check for xdp support in ip (#10198, @pchaigno)
- test: Check if the test is using Vagrant (#11355, @michi-covalent)
- test: Cleanup default namespace before each Context() (#11600, @tgraf)
- test: Disable flaky etcd test (#11772, @pchaigno)
- test: Disable flaky RuntimeKVStoreTest tests (Backport PR #11984, Upstream PR #11945, @pchaigno)
- test: disable MetalLB service test until there's a drop-in replacement (#11596, @borkmann)
- test: Disable Tests NodePort with L7 Policy (#11579, @tgraf)
- test: Don't delete and redeploy Cilium at end of test context (#11602, @tgraf)
- test: Enable embedded Hubble globally (#11378, @michi-covalent)
- test: Fail in case of log buffer too small warning (#10699, @borkmann)
- test: Fail in case of map property upgrade warning (#10680, @pchaigno)
- test: Fix -cilium.holdEnvironment on badLogMessages (#10917, @pchaigno)
- test: Fix fragment tracking test under KUBEPROXY=1 (#11098, @pchaigno)
- test: Fix hubble-relay image helm path (Backport PR #12173, Upstream PR #12076, @jrajahalme)
- test: Fix KubeProxyFree tests for Network unreachable case (#10732, @pchaigno)
- test: Fix nativeRoutingCIDR in CI (Backport PR #12196, Upstream PR #12190, @joestringer)
- test: Fix NodePort acceleration param (Backport PR #11951, Upstream PR #11942, @brb)
- test: Fix skipping of NodePort tests (#11186, @pchaigno)
- test: Increase timeout for privileged unit tests (#11677, @pchaigno)
- test: Make "Checks that monitor aggregation restricts notifications" reliable (#11164, @tgraf)
- test: Only call Fail() once for all error logs (#11184, @joestringer)
- test: Only restart KubeDNS if required (#11207, @tgraf)
- test: Overwrite existing taint when labeling nodes with NoSchedule (#11221, @tgraf)
- test: Parallelize Cilium pre-flight check (#11392, @tgraf)
- test: Print message when tests resume (#10686, @pchaigno)
- test: Reduce length of log filenames (#10213, @pchaigno)
- test: Remove duplicate test cases from K8sServicesTest (#11523, @brb)
- test: Remove ginkgo linux dependency (Backport PR #12103, Upstream PR #12074, @jrajahalme)
- test: Remove NodeCleanMetadata (#11574, @tgraf)
- test: Remove runtime ipvlan tests (#10145, @brb)
- test: Replace managed etcd test with generic etcd test (#11544, @tgraf)
- test: Report CNI_INTEGRATION when running ginkgo (#11415, @joestringer)
- test: Scrub GKE cluster more thoroughly when releasing cluster. (Backport PR #12203, Upstream PR #12192, @jrajahalme)
- test: Set devices and enable host firewall in kube-proxy CI (Backport PR #12173, Upstream PR #11969, @pchaigno)
- test: Skip session-affinity tests from outside if no third node (#11288, @pchaigno)
- test: Speed up K8sServicesTest (#11550, @brb)
- test: Support singleton manifests (#11338, @tgraf)
- test: Use CWD instead of making assumptions about GOPATH (#10561, @errordeveloper)
- test: various cleanups found by staticcheck (#11390, @tklauser)
- testing: final conversion 4.19 CI to kube-proxy free (Backport PR #12103, Upstream PR #12045, @borkmann)
- tests: disable base tests in xdp/tc nodeport lb test (#11054, @borkmann)
- Tidy & expand policy docs (Backport PR #12173, Upstream PR #12164, @joestringer)
- travis: Disable arm64 failures (#10978, @joestringer)
- Update CODEOWNERS and hide go.sum (#11125, @pchaigno)
- Update Docker integration docs for IPv6 (#10746, @christarazi)
- Update ENI limits list (Backport PR #11893, Upstream PR #11793, @bpineau)
- Update for release v1.7.0 (#10234, @aanm)
- Update Go to 1.14.1 (#10646, @tklauser)
- Update Go to 1.14.2 (#10912, @tklauser)
- Update Go to 1.14.3 (#11542, @tklauser)
- Update Go to 1.14.4 (Backport PR #11856, Upstream PR #11811, @tklauser)
- Update k8s-install-etcd-operator.rst (#10692, @johnzheng1975)
- Update master branch for latest releases (#10474, @joestringer)
- Update README for set-labels.py script (#10674, @christarazi)
- Update release process and prepare 1.8 development cycle (#10044, @aanm)
- Update stable releases (#10710, @joestringer)
- Update stable releases (#10850, @joestringer)
- Update stable releases (#11247, @joestringer)
- Update stable releases (#11564, @joestringer)
- Update USERS.md to include Acoss (#10360, @JrCs)
- Update xargs usage in restart-pods documentation (Backport PR #12103, Upstream PR #12064, @ap4y)
- Use feature probes to detect kernel support for sockops (#10941, @soumynathan)
- Use Go stdlib context package instead of golang.org/x/net/context (#11187, @tklauser)
- Use left-shift instead of math.Pow where appropriate (#11064, @tklauser)
- Use right schema when validating CCNP in pre-flight upgrade step (Backport PR #12173, Upstream PR #12106, @aanm)
- Use slimmer protobuf structures for remaining k8s structures (#11374, @aanm)
- Use watcher to track unmanaged kube-dns pods in Cilium Operator (#11470, @aanm)
- USERS.md: Add Radio France (#10385, @joulaud)
- vagrant/scripts: bump k8s to v1.18.2 (#11108, @aanm)
- vagrant: Allow running several dev VMs concurrently (#10400, @pchaigno)
- vagrant: Bump all vagrant box versions (#11402, @gandro)
- vagrant: bump all vagrant box versions (#11695, @tklauser)
- vagrant: bump net-next vagrant box version (Backport PR #11951, Upstream PR #11917, @borkmann)
- vagrant: bump net-next vagrant image (#10907, @joestringer)
- vagrant: bump server VM image for clang/llvm (#10703, @borkmann)
- vagrant: bump server VM image for net-next updates (#10775, @borkmann)
- vagrant: bump ubuntu-next VM image and increase jenkins timeouts (#11053, @brb)
- vagrant: Do not define mount type when not using NFS (#11505, @mrostecki)
- vagrant: Fix bootstrap commands (#10777, @gandro)
- vagrant: Fix build in dev. VM (#11388, @pchaigno)
- vagrant: Fix make in net-next dev. VM (Backport PR #12027, Upstream PR #11987, @pchaigno)
- vagrant: Fix missing doc. dependency error (#10562, @pchaigno)
- vagrant: Forward port 9081 for documentation server (#11292, @michi-covalent)
- vagrant: Ignore failures of "chown -R vagrant:vagrant" command (#10549, @mrostecki)
- vagrant: Improve command-line usability (#10933, @pchaigno)
- vagrant: Improvements to provisioning (#10660, @pchaigno)
- vagrant: Only set K8S_NODE_NAME if K8S=1 (#11086, @jrajahalme)
- vagrant: Remove installation of doc. dependencies (#10985, @pchaigno)
- vagrant: Stop provisioning VM if one step fails (#10430, @pchaigno)
- vbox: update net-next box and runtime/builder images (#11649, @borkmann)
- vendor: Bump github.com/cilium/hubble (#10701, @gandro)
- vendor: pick up latest cilium/hubble (#10792, @rolinh)
- vendor: Pick up the latest cilium/hubble (#10563, @michi-covalent)
- vendor: Pick up the latest github.com/sasha-s/go-deadlock (#10298, @michi-covalent)
- vendor: re-vendor golang.org/x/sys and github.com/vishvananda/netlink (#10138, @tklauser)
- vendor: update github.com/go-openapi/loads (#10364, @tklauser)
- vendor: update hubble dependency to get rid of gojay (#10484, @rolinh)