cilium/cilium v1.9.0-rc2

1.9.0-rc2

on GitHub

We are pleased to release Cilium v1.9.0-rc2.

Summary of Changes

Minor Changes:

• Add a new daemon CLI argument, "--iptables-random-fully" to specify the
  iptables "--random-fully" argument when invoking the iptables CLI binary
  directly from cilium-agent. (#13383, @kh34)
• Add an alternative method to generate the Hubble mTLS certificates based on Kubernetes Jobs. (#13449, @gandro)
• Azure IPAM: option to ignore primary addresses (#13415, @bpineau)
• cli: Add cilium bpf lb maglev get $SVC_ID (#13586, @brb)
• Create healthz HTTP endpoint for kube-proxy replacement (#11733, @soumynathan)
• Helm: support affinity settings for operator (#13548, @youssefazrak)
• maglev: Add native implementation of murmur3 (#13501, @brb)

Bugfixes:

• bpf: only clean up XDP from devices with XDP attached (#13532, @jaffcheng)
• cilium, ipsec: Do revalidate_data_pull() early in do_decrypt() case (#13500, @jrfastab)
• Fix 1 potential deadlock in Azure IPAM and 1 other in ENI and Azure IPAM (#13517, @aanm)
• Fix bug where events cannot be enqueued during endpoint restoration (#13608, @christarazi)
• Fix natting of non-first ipv4 fragments. (#13476, @liuyuan10)
• Fixes panic when setting up encryption with azure IPAM (#13593, @aanm)
• identity: Fix nil pointer panic in LookupIdentityByID (#13514, @gandro)
• Ignore "Failed to load program" errors when Cilium agent is being teared down (#13281, @mrostecki)
• kvstore: Do not write to read-only keys in join-cluster mode (#13524, @jrajahalme)
• loader: Check if device has BPF prog before trying to detach it (#13591, @pchaigno)
• lock: fix data race in (*SemaphoredMutexSuite).TestParallelism() (#13570, @tklauser)
• service: Use initNextID in acquireLocalID() (#13576, @hzhou8)

CI Changes:

• build: Fix CC for CGO compilation for Arm (#13605, @errordeveloper)
• images: Fix handling of git tags (#13602, @errordeveloper)
• test: Fix kube-proxy-free on GKE due to wrong k8sServiceHost value (#13559, @pchaigno)
• test: Increase timeout for waiting LB IP addr on GKE (#13557, @brb)
• update cilium and hubble-relay dockerfiles to use built-in buildx ARGs (#13551, @xUnholy)

Misc Changes:

• allocator/podcidr: fix race conditions in tests (#13567, @aanm)
• api-limiter: Make auto adjust test less flaky (#13568, @twpayne)
• Avoid loops with local-redirect service translation (#13287, @aditighag)
• bpf_host: describe the position of {to,from}-{host,netdev} in the data path (#13483, @ti-mo)
• build Add a debug make target (#13522, @aditighag)
• ci: Do not label control plane nodes with cilium.io/node (#13504, @mrostecki)
• Cilium Agent will now wait for CRDs to become available instead of the Operator; the Operator will register the CRDs (#13418, @christarazi)
• CODEOWNERS: change docs to docs-structure (#13589, @aanm)
• CODEOWNERS: fix owner assignment for hubble related helm charts (#13540, @rolinh)
• Disable bandwidth-manager by default for new deployments (#13515, @qmonnet)
• doc: Kubeadm guide (#13488, @mrostecki)
• docs/performance: update scripts repo and tf version (#13596, @kkourt)
• docs: Add Hubble to SIGs table (#13563, @b3a-dev)
• docs: Adjust the hubble CLI definition (#13546, @glibsm)
• docs: Fix shell syntax issue in OpenShift guide (#13560, @errordeveloper)
• docs: Update CI documentation following Helm refactoring (#13561, @pchaigno)
• Fix extraction of manifest for OpenShift (#13598, @errordeveloper)
• Fix install/kubernetes update-versions make target (#13523, @joestringer)
• Fix kubectl command in cassandra NetworkPolicy documentation. (#13545, @velp)
• Fix typo in UpdateEC2AdapterLimitViaAPI command line flag (#12969, @soumynathan)
• Fixes errors "executable file not found" in script examples/kubernetes-cassandra/cass-populate-tables.sh (#13534, @velp)
• fqdn: remove remnants godoc comments mentioning DNS poller (#13531, @tklauser)
• helm: bring back hubble dependencies validation (#13539, @rolinh)
• helm: Correct indentation for imagePullSecret (#13547, @sayboras)
• helm: improve hubble related config documentation in values file (#13566, @rolinh)
• helm: remove random value file (#13538, @rolinh)
• helm: Remove unused serviceAccount values (#13585, @gandro)
• helm: remove unused var in make quick-install target (#13541, @rolinh)
• helm: Update documentation links to point to stable (#13520, @joestringer)
• helm: Update README.md for helm chart (#13584, @sayboras)
• Improve policy documentation (#13409, @manuelbuil)
• install/kubernetes: consistent case spelling of iptables related values (#13556, @tklauser)
• install: repository changed from quay.io to docker.io for hubble-ui (#13542, @yandzee)
• maps: move mocks into separate testutils/mockmaps package (#13489, @jibi)
• pkg/azure/ipam: fix data race in (*Node).PopulateStatusFields (#13581, @tklauser)
• pkg/hubble: ignore klog/v2 in goleak detector (#13525, @aanm)
• pkg/idpool: fix test for race detector (#13562, @aanm)
• pkg/k8s: mark unused 'k8s-watcher-queue-size' flag for removal (#13536, @aanm)
• pkg/policy: ignore test mutex comparison (#13582, @aanm)
• Prepare v1.9.0-rc2 release (#13618, @aanm)
• Revert "Differentiate UDP and TCP Protocols in Services" (#13587, @nathanjsweet)
• test/vagrant: Fix NFS setup for test VMs (#13527, @pchaigno)
• test: Disable host firewall by default when running tests locally (#13465, @pchaigno)
• Update Go to 1.15.3 (#13578, @tklauser)
• vagrant: Default to NFS in the dev. VMs (#13516, @pchaigno)
• vagrant: New kubectl aliases (#13470, @pchaigno)