We are pleased to release Cilium v1.8.8. This release addresses GHSA-c66w-hq56-4q97, addresses a memory leak found in clusters with high pod churn, fixes some issues when enabling encryption mode, and includes a variety of other fixes described below.
Summary of Changes
Minor Changes:
- datapath: Do not log when kernel config not found (Backport PR #15038, Upstream PR #14902, @brb)
- Envoy is updated to release 1.17.1 (Backport PR #15221, Upstream PR #14754, @jrajahalme)
- k8s: update k8s libraries to 1.18.16 (#15028, @aanm)
Bugfixes:
- Avoid an empty instanceID on EC2 (Backport PR #15038, Upstream PR #15012, @kkourt)
- cilium: encryption fix, ipv4-pod-subnets without encryptnode fails (Backport PR #15117, Upstream PR #14999, @jrfastab)
- cilium: encryption, fixes for ENI & Azure mode with shared podIPs and networkIPs (Backport PR #15193, Upstream PR #15048, @jrfastab)
- Fix failing
bpf-map-sync-cilium_snat_v{4,6}_external
controllers when BPF NodePort is disabled (Backport PR #15297, Upstream PR #15175, @pchaigno) - Fix ICMP Echo ID placement in CT maps (#15273, @brb)
- Fix memory leak on stable policy identity churn. (Backport PR #15046, Upstream PR #15042, @jrajahalme)
- Fix possible deadlock when querying network interfaces for arping (#15225, @brb)
- Fix potential panic on clustermesh environments (Backport PR #15180, Upstream PR #15107, @aanm)
- ipsec: Use 64bits for XFRM output sequence number (Backport PR #15117, Upstream PR #15039, @pchaigno)
Misc Changes:
- .github: publish into official repo for next release (#15032, @aanm)
- add GH action to push hot fix images into -dev repositories (#15063, @aanm)
- Add support for image digests in helm charts (#15187, @aanm)
- Adds a Getting Started Guide for Rancher 2.x using Existing Nodes (Backport PR #15297, Upstream PR #15179, @seanmwinn)
- backporting: Add support for forked cilium repositories (Backport PR #15038, Upstream PR #15008, @gandro)
- backporting: Update instructions for backporting workflow (Backport PR #15180, Upstream PR #15118, @aditighag)
- build(deps): bump actions/setup-go from v1 to v2.1.3 (#15210, @dependabot[bot])
- build(deps): bump helm/chart-testing-action from v1.0.0-rc.2 to v2.0.1 (#15236, @dependabot[bot])
- Improve release scripts (Backport PR #15258, Upstream PR #15121, @joestringer)
Other Changes:
- [v1.8] helm: Remove duplicate
tolerations
value in hubble-relay (#15165, @gandro) - test: Fix docker compose in precheck (Backport PR #15156, Upstream PR #15171, @nebril)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.8.8@sha256:a3700a673e148356ee538e22bc87b6d4ddcde76b43e6712c7a225918549d7b2b
quay.io/cilium/cilium:v1.8.8@sha256:a3700a673e148356ee538e22bc87b6d4ddcde76b43e6712c7a225918549d7b2b
docker-plugin
docker.io/cilium/docker-plugin:v1.8.8@sha256:4761b6ac66f07af2f9b1bb8efee6cfb2afb302438402ed2e88535dcd7c0ffd3e
quay.io/cilium/docker-plugin:v1.8.8@sha256:4761b6ac66f07af2f9b1bb8efee6cfb2afb302438402ed2e88535dcd7c0ffd3e
hubble-relay
docker.io/cilium/hubble-relay:v1.8.8@sha256:3865c0d6aee0956efaab39584242a7319860d4f72d4bee846c3a00ec243f159a
quay.io/cilium/hubble-relay:v1.8.8@sha256:3865c0d6aee0956efaab39584242a7319860d4f72d4bee846c3a00ec243f159a
operator-aws
docker.io/cilium/operator-aws:v1.8.8@sha256:74cab6a40c31de0fd790f637ad7c75de7c6005e970ed3e250457f2eb10b24ce9
quay.io/cilium/operator-aws:v1.8.8@sha256:74cab6a40c31de0fd790f637ad7c75de7c6005e970ed3e250457f2eb10b24ce9
operator-azure
docker.io/cilium/operator-azure:v1.8.8@sha256:1d8b8d1c8e6b3bae33dbe3ca9884c6b7773d14b7430acde862b94b040fd43679
quay.io/cilium/operator-azure:v1.8.8@sha256:1d8b8d1c8e6b3bae33dbe3ca9884c6b7773d14b7430acde862b94b040fd43679
operator-generic
docker.io/cilium/operator-generic:v1.8.8@sha256:453393fbb80fe894dd6e5999142cf97e96694c2715bf06df5f24365c9366203e
quay.io/cilium/operator-generic:v1.8.8@sha256:453393fbb80fe894dd6e5999142cf97e96694c2715bf06df5f24365c9366203e
operator
docker.io/cilium/operator:v1.8.8@sha256:c027049fdeaa4ae2337cfee0ef2d90b97c265a9b7c1af82431cd27de1b54e466
quay.io/cilium/operator:v1.8.8@sha256:c027049fdeaa4ae2337cfee0ef2d90b97c265a9b7c1af82431cd27de1b54e466