eBPF-based Networking, Security, and Observability
Major Changes:
Minor Changes:
IPv6Pool
field to the spec of CiliumNodes CRD to list of IPv6 addresses available to the node for allocation.
Adds IPv6Used
field to the status of CiliumNodes CRD to list all IPv6 addresses from ciliumnodes.spec.ipam.ipv6pool
which have been allocated and are in use. (#31143, @danehans)service_implementation_delay
metric accounting the duration in seconds to propagate the data plane programming of a service, its network and endpoints from the time the service or the service pod was changed excluding the event queue latency (#32055, @ovidiutirla)Bugfixes:
agent-not-ready
taint too early if the primary network is slow in deploying. (#32168, @squeed)CI Changes:
workflow_dispatch
event. (#31424, @learnitall)Misc Changes:
set_ipsec_encrypt
to optionally fill SPI with node map value (#31804, @ldelossa)ingress-default-xff-num-trusted-hops
to cell config (#32190, @mhofstetter)allow-remotehost-ingress
derivedFrom label (#32058, @gandro)option.Config.{Get,Set,Append}Devices
by table lookups (#30578, @bimmlerd)Other Changes:
quay.io/cilium/cilium:v1.16.0-pre.2@sha256:79a6b5903407760a5df8eb14699ef5fa03f5bd4cd8da55b391c3f7cc374925fe
quay.io/cilium/clustermesh-apiserver:v1.16.0-pre.2@sha256:4010e6cb28b12b88946c07016fadd4cfe954be1c19f41d24e3128961461856b9
quay.io/cilium/docker-plugin:v1.16.0-pre.2@sha256:2106c0da543a50a38870a1418af2ab5d5fb6cb3eeda80b5335d6d70eb73b03dd
quay.io/cilium/hubble-relay:v1.16.0-pre.2@sha256:a21e14356b3cb555de6f791f2b046750b8c10d79b487791d2e11042aef7ab51c
quay.io/cilium/operator-alibabacloud:v1.16.0-pre.2@sha256:a7aefa8359c3d929650e4fdc43bd1404a8a4f9f9bfd148889252515bde6cd3fe
quay.io/cilium/operator-aws:v1.16.0-pre.2@sha256:00d10995fdd7bb38a5491d993682f0c663a68d87d2fc0a6a281b8d23818b863c
quay.io/cilium/operator-azure:v1.16.0-pre.2@sha256:c118cb3c52ca80054b8b5929dc8c080807aca2e2a45dc465985d3c98473059a2
quay.io/cilium/operator-generic:v1.16.0-pre.2@sha256:be77aaf620dfe5030fa0f1911c2622ed9c9a069e66a0ee88722d441510d60a6c
quay.io/cilium/operator:v1.16.0-pre.2@sha256:c947b1c55d4fdfff4a9a30b1175cd774eab91626fe006feba517ce61c2f43839
We are pleased to announce the release of Cilium v1.13.15.
This release includes a fix to the retry logic in the cilium health controllers, a fix to a race condition when updating L7 LB Services, and a fix for Node ID assignment in BPF maps for very large clusters. In addition, there were a variety of testing enhancements and documentation updates.
This release addresses a security vulnerability. For more information, see GHSA-j654-3ccm-vfmm
Minor Changes:
Bugfixes:
cilium-health-ep
controller (Backport PR #31722, Upstream PR #31622, @gandro)CI Changes:
Misc Changes:
No node ID found
drops in case of remote node deletion (Backport PR #31722, Upstream PR #31635, @pchaigno)Other Changes:
docker.io/cilium/cilium:v1.13.15@sha256:3d77d6e463ccc462c7574399fe22f6177a6e484bc5c149c76b7d597163253eed
quay.io/cilium/cilium:v1.13.15@sha256:3d77d6e463ccc462c7574399fe22f6177a6e484bc5c149c76b7d597163253eed
docker.io/cilium/clustermesh-apiserver:v1.13.15@sha256:9cfdc40a689fc087d19aff4944657ca98df7795ba1836744400f6b77e59e1e5c
quay.io/cilium/clustermesh-apiserver:v1.13.15@sha256:9cfdc40a689fc087d19aff4944657ca98df7795ba1836744400f6b77e59e1e5c
docker.io/cilium/docker-plugin:v1.13.15@sha256:485857b80cb4c726aba7e8c41536db97b0558f05f22dce6f97c8db2c1792cf75
quay.io/cilium/docker-plugin:v1.13.15@sha256:485857b80cb4c726aba7e8c41536db97b0558f05f22dce6f97c8db2c1792cf75
docker.io/cilium/hubble-relay:v1.13.15@sha256:40135c6b0e2034c9f06abfe0c85f7f088ac6ba2c619d5354d4af6179d33b9a1e
quay.io/cilium/hubble-relay:v1.13.15@sha256:40135c6b0e2034c9f06abfe0c85f7f088ac6ba2c619d5354d4af6179d33b9a1e
docker.io/cilium/operator-alibabacloud:v1.13.15@sha256:99c124f199f3cb48c41d43a423144bd9638d68705f347ec2326b34af50291a05
quay.io/cilium/operator-alibabacloud:v1.13.15@sha256:99c124f199f3cb48c41d43a423144bd9638d68705f347ec2326b34af50291a05
docker.io/cilium/operator-aws:v1.13.15@sha256:e09044b516be9ce9936253469411618d6790791dbe501829e6062244a24e815a
quay.io/cilium/operator-aws:v1.13.15@sha256:e09044b516be9ce9936253469411618d6790791dbe501829e6062244a24e815a
docker.io/cilium/operator-azure:v1.13.15@sha256:ea05ba909b573b4a52731aec36b91a0a582781a48c2ade7719dfbae05c21d268
quay.io/cilium/operator-azure:v1.13.15@sha256:ea05ba909b573b4a52731aec36b91a0a582781a48c2ade7719dfbae05c21d268
docker.io/cilium/operator-generic:v1.13.15@sha256:21f6707e99722b41a24e9bf4e24b7e4d00597cc7dbaef6e7588dedbf3b270101
quay.io/cilium/operator-generic:v1.13.15@sha256:21f6707e99722b41a24e9bf4e24b7e4d00597cc7dbaef6e7588dedbf3b270101
docker.io/cilium/operator:v1.13.15@sha256:971c9b6294216df668881917132a4a41fcc43fba64315e91ed632f62eab9eac9
quay.io/cilium/operator:v1.13.15@sha256:971c9b6294216df668881917132a4a41fcc43fba64315e91ed632f62eab9eac9
We are pleased to announce the release of Cilium v1.14.10.
This release includes hubble metrics when using cilium sysdump
, and a fix to an issue with overlapping keys that may have affected the ability to recover from a full Service map. Bugfixes include improved behavior for overlapping and restored DNS policies, a fix to a race condition in Service updates for L7 LB, and a fix to the retry logic in the cilium health controllers.
This release addresses a security vulnerability. For more information, see GHSA-j654-3ccm-vfmm
Minor Changes:
Bugfixes:
cilium-health-ep
controller (Backport PR #31724, Upstream PR #31622, @gandro)CI Changes:
Misc Changes:
No node ID found
drops in case of remote node deletion (Backport PR #31724, Upstream PR #31635, @pchaigno)Other Changes:
docker.io/cilium/cilium:v1.14.10@sha256:0a1bcd2859c6d18d60dba6650cca8c707101716a3e47b126679040cbd621c031
quay.io/cilium/cilium:v1.14.10@sha256:0a1bcd2859c6d18d60dba6650cca8c707101716a3e47b126679040cbd621c031
docker.io/cilium/clustermesh-apiserver:v1.14.10@sha256:609fea274caa016f15646f6e0b0f1f7c56b238c551e7b261bc1e99ce64f7b798
quay.io/cilium/clustermesh-apiserver:v1.14.10@sha256:609fea274caa016f15646f6e0b0f1f7c56b238c551e7b261bc1e99ce64f7b798
docker.io/cilium/docker-plugin:v1.14.10@sha256:8aa57cb38a30dbe56345b5d549054beaea96a210c15a1e4ca5224b4f858cdcda
quay.io/cilium/docker-plugin:v1.14.10@sha256:8aa57cb38a30dbe56345b5d549054beaea96a210c15a1e4ca5224b4f858cdcda
docker.io/cilium/hubble-relay:v1.14.10@sha256:c156c4fc2da520d2876142ea17490440b95431a1be755d2050e72115a495cfd0
quay.io/cilium/hubble-relay:v1.14.10@sha256:c156c4fc2da520d2876142ea17490440b95431a1be755d2050e72115a495cfd0
docker.io/cilium/operator-alibabacloud:v1.14.10@sha256:2fbb53c2fc9c7203db9065c4e6cedb8e98d32d5ebc64549949636b5344cd1f14
quay.io/cilium/operator-alibabacloud:v1.14.10@sha256:2fbb53c2fc9c7203db9065c4e6cedb8e98d32d5ebc64549949636b5344cd1f14
docker.io/cilium/operator-aws:v1.14.10@sha256:72440aa4cb8a42dddb05cfc74c6fba0a18d0902b1e434f5dcde8dca0354a8be6
quay.io/cilium/operator-aws:v1.14.10@sha256:72440aa4cb8a42dddb05cfc74c6fba0a18d0902b1e434f5dcde8dca0354a8be6
docker.io/cilium/operator-azure:v1.14.10@sha256:404a46bb0a232c7d5ab7ab97a1d1a55635cdf0e334529a18d1ddb50f4aad71b4
quay.io/cilium/operator-azure:v1.14.10@sha256:404a46bb0a232c7d5ab7ab97a1d1a55635cdf0e334529a18d1ddb50f4aad71b4
docker.io/cilium/operator-generic:v1.14.10@sha256:415b7f0bb0e7339c6231d4b9ee74a6a513b2865acfccec884dbc806ecc3dd909
quay.io/cilium/operator-generic:v1.14.10@sha256:415b7f0bb0e7339c6231d4b9ee74a6a513b2865acfccec884dbc806ecc3dd909
docker.io/cilium/operator:v1.14.10@sha256:20cadfbc68b37766b5747ca21f1cbfe8dec518c26232852f6c655f76999a8f92
quay.io/cilium/operator:v1.14.10@sha256:20cadfbc68b37766b5747ca21f1cbfe8dec518c26232852f6c655f76999a8f92
We are pleased to announce the release of Cilium v1.15.4.
This release includes the option to configure Node map size, additional detail when using cilium-dbg bpf metrics list
, a fix to an issue with overlapping keys that may have affected the ability to recover from a full Service map, and performance improvements to the Connection Tracking implementation. Bugfixes include improved behavior for overlapping and restored DNS policies, a fix to a race condition in Service updates for L7 LB, and a fix to the retry logic in the cilium health controllers.
This release addresses a security vulnerability. For more information, see GHSA-j654-3ccm-vfmm
Minor Changes:
Bugfixes:
cilium-health-ep
controller (Backport PR #31727, Upstream PR #31622, @gandro)--devices
provided. (Backport PR #31601, Upstream PR #31345, @pchaigno)CI Changes:
Misc Changes:
No node ID found
drops in case of remote node deletion (Backport PR #31727, Upstream PR #31635, @pchaigno)Other Changes:
quay.io/cilium/cilium:v1.15.4@sha256:b760a4831f5aab71c711f7537a107b751d0d0ce90dd32d8b358df3c5da385426
quay.io/cilium/cilium:stable@sha256:b760a4831f5aab71c711f7537a107b751d0d0ce90dd32d8b358df3c5da385426
quay.io/cilium/clustermesh-apiserver:v1.15.4@sha256:3fadf85d2aa0ecec09152e7e2d57648bda7e35bdc161b25ab54066dd4c3b299c
quay.io/cilium/clustermesh-apiserver:stable@sha256:3fadf85d2aa0ecec09152e7e2d57648bda7e35bdc161b25ab54066dd4c3b299c
quay.io/cilium/docker-plugin:v1.15.4@sha256:af22e26e927ec01633526b3d2fd5e15f2c7f3aab9d8c399081eeb746a4e0db47
quay.io/cilium/docker-plugin:stable@sha256:af22e26e927ec01633526b3d2fd5e15f2c7f3aab9d8c399081eeb746a4e0db47
quay.io/cilium/hubble-relay:v1.15.4@sha256:03ad857feaf52f1b4774c29614f42a50b370680eb7d0bfbc1ae065df84b1070a
quay.io/cilium/hubble-relay:stable@sha256:03ad857feaf52f1b4774c29614f42a50b370680eb7d0bfbc1ae065df84b1070a
quay.io/cilium/operator-alibabacloud:v1.15.4@sha256:7c0e5346483a517e18a8951f4d4399337fb47020f2d9225e2ceaa8c5d9a45a5f
quay.io/cilium/operator-alibabacloud:stable@sha256:7c0e5346483a517e18a8951f4d4399337fb47020f2d9225e2ceaa8c5d9a45a5f
quay.io/cilium/operator-aws:v1.15.4@sha256:8675486ce8938333390c37302af162ebd12aaebc08eeeaf383bfb73128143fa9
quay.io/cilium/operator-aws:stable@sha256:8675486ce8938333390c37302af162ebd12aaebc08eeeaf383bfb73128143fa9
quay.io/cilium/operator-azure:v1.15.4@sha256:4c1a31502931681fa18a41ead2a3904b97d47172a92b7a7b205026bd1e715207
quay.io/cilium/operator-azure:stable@sha256:4c1a31502931681fa18a41ead2a3904b97d47172a92b7a7b205026bd1e715207
quay.io/cilium/operator-generic:v1.15.4@sha256:404890a83cca3f28829eb7e54c1564bb6904708cdb7be04ebe69c2b60f164e9a
quay.io/cilium/operator-generic:stable@sha256:404890a83cca3f28829eb7e54c1564bb6904708cdb7be04ebe69c2b60f164e9a
quay.io/cilium/operator:v1.15.4@sha256:4e42b867d816808f10b38f555d6ae50065ebdc6ddc4549635f2fe50ed6dc8d7f
quay.io/cilium/operator:stable@sha256:4e42b867d816808f10b38f555d6ae50065ebdc6ddc4549635f2fe50ed6dc8d7f
Major Changes:
Minor Changes:
nodeipam.cilium.io/match-node-labels
annotation (#31406, @MrFreezeex)cilium-dbg encrypt flush --stale
flag to remove XFRM states and policies with stale node IDs. (#31159, @pchaigno)enable-remote-node-identity
after being deprecated in v1.15. (#31228, @doniacld)Bugfixes:
bpf_htons
instead of using shift (#31247, @chez-shanpu)cilium-health-ep
controller (#31622, @gandro)--devices
provided. (#31345, @pchaigno)CI Changes:
Misc Changes:
serviceAdvertisements
(#31331, @chaunceyjiang)ENCRYPT_IFACE
macro (#31323, @pchaigno)No node ID found
drops in case of remote node deletion (#31635, @pchaigno)ToServices
translation to policy package (#31062, @gandro)HAVE_LARGE_INSN_LIMIT
(#31094, @dylandreimerink)quay.io/cilium/cilium:v1.16.0-pre.1@sha256:f822fed7e9ab9ef9251e3e21eaf6d4d5179a6b5831e147c3ab1caaa3f9b17b79
quay.io/cilium/clustermesh-apiserver:v1.16.0-pre.1@sha256:6489a11ebdf28be5238842afaea4e5e2a9628e8c4fb66d712b3998fb1bfa034b
quay.io/cilium/docker-plugin:v1.16.0-pre.1@sha256:0540dce44dc09dd54cbb1a665736664913dc242b9bca261fb138b8ac6de3aa8e
quay.io/cilium/hubble-relay:v1.16.0-pre.1@sha256:80a213c50bc9915b73950c2efbbc04a32ab2df5058e0d5afe86c64d83a59cc2d
quay.io/cilium/operator-alibabacloud:v1.16.0-pre.1@sha256:9237c6dfc208e5f76c01922932d3c568f269356f485076a62c9a503d1af76710
quay.io/cilium/operator-aws:v1.16.0-pre.1@sha256:bf75d57fcfd1fb0b6ad8c6257e0758872278609847640fc4245cd04be139d7fd
quay.io/cilium/operator-azure:v1.16.0-pre.1@sha256:099fb5537d294bdf41755f93acbf8c6e2ecbca162b139028b4897f2904e04e4b
quay.io/cilium/operator-generic:v1.16.0-pre.1@sha256:73e8c7a415dfd3c6bb166848248c719ced5db53123c0f29c77e08771d1ec8400
quay.io/cilium/operator:v1.16.0-pre.1@sha256:eb3303b6290ee9b06da28c383a65c680d03bc2028f6bdc046d5f1494eb5a485c
We are pleased to release Cilium v1.13.14.
This release addresses a security vulnerability. For more information, see https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586.
Minor Changes:
cilium-dbg encrypt flush --stale
flag to remove XFRM states and policies with stale node IDs. (Backport PR #31309, Upstream PR #31159, @pchaigno)Bugfixes:
--enable-remote-node-identity=false
, and unnecessary ipcache_errors_total
metric increase if Cilium operates in kvstore mode. (#31396, @giorio94)CI Changes:
Misc Changes:
Other Changes:
We are pleased to release Cilium v1.14.9.
This release addresses a security vulnerability. For more information, see https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586.
Minor Changes:
cilium-dbg encrypt flush --stale
flag to remove XFRM states and policies with stale node IDs. (Backport PR #31335, Upstream PR #31159, @pchaigno)Bugfixes:
CI Changes:
github.event.pull_request.head.sha
(Backport PR #31495, Upstream PR #26775, @mhofstetter)Misc Changes:
Other Changes:
We are pleased to release Cilium v1.15.3.
This release addresses a security vulnerability. For more information, see https://github.com/cilium/cilium/security/advisories/GHSA-pwqm-x5x6-5586.
Minor Changes:
cilium-dbg encrypt flush --stale
flag to remove XFRM states and policies with stale node IDs. (Backport PR #31342, Upstream PR #31159, @pchaigno)Bugfixes:
CI Changes:
Misc Changes:
declare_tailcall_if
with logic in the loader (Backport PR #31554, Upstream PR #30467, @dylandreimerink)Other Changes:
We are pleased to release Cilium v1.13.13.
This patch release addresses security vulnerabilities. See the following security advisories for details.
This patch release includes significant changes for the IPsec stack, to resolve issues for connections that are selected by a L7 Network Policy or a DNS Policy.
Such connections may experience disruption during the upgrade, in particular in configurations with overlay routing mode.
Bugfixes:
CI Changes:
Misc Changes:
Other Changes:
We are pleased to release Cilium v1.14.8.
This patch release addresses security vulnerabilities. See the following security advisories for details.
This patch release includes significant changes for the IPsec stack, to resolve issues for connections that are selected by a L7 Network Policy or a DNS Policy.
Such connections may experience disruption during the upgrade, in particular in configurations with overlay routing mode.
Minor Changes:
Bugfixes:
CI Changes:
Misc Changes:
Other Changes: