Update Helm release cilium to v1.14.0 #212
Loading…
Reference in a new issue
No description provided.
Delete branch "renovate/cilium-1.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
1.13.4
->1.14.0
Release Notes
cilium/cilium
v1.14.0
: 1.14.0Compare Source
Changelog
The Cilium core team are excited to announce the Cilium 1.14 release. 🎉
⚠️ Warning - IPsec ⚠️
Do NOT upgrade to this release if you are using IPsec.
Summary of Changes
Major Changes:
This prevents pods from being scheduled on nodes without Cilium.
The CNI configuration file is no longer removed on agent shutdown.
This means that pod deletion will always succeed; previously it would fail if Cilium was down for an upgrade.
This should help prevent nodes accidentally entering an unmanageable state.
It also means that nodes are not removed from cloud LoadBalancer backends during Cilium upgrades. (#23486, @squeed)
Minor Changes:
CESWriteQPSLimit
toand
CESWriteQPSBurst`.The processed work queue items always trigger a single CES create, update or write request to the kube-apiserver.
The work queue rate limiting effectively limits the rate of writes to the kube-apiserver for CES api objects.
CESWriteQPSLimit
to10
andCESWriteQPSBurst
to20
.50
and burst100
. These values cannot be exceeded regardless of any configuration.CESMaxCEPsInCES
andCESSlicingMode
flags from appearing in logs whenCES
is enabled. (#24675, @dlapcevic)--hubble-monitor-events
flag, to control the event types that get to the hubble subsystem. (#24828, @epk)ingressclass.kubernetes.io/is-default-class
annotation on Cilium's IngressClass (#23719, @meyskens)peerPort
field to CiliumBGPPeeringPolicy for specifying the port of a BGP neighbor. If unspecified, port 179 is used. (#25809, @danehans)--tunnel
in favor of--routing-mode
and--tunnel-protocol
. (#24561, @pchaigno)go_sched_latencies_seconds
(#24745, @derailed)CiliumPodIPPool
resources in multi-pool IPAM mode (#25991, @gandro)ipam.cilium.io/ip-pool
annotation (#25511, @gandro)sec_label
field in remote_endpoint_info structure tosec_identity
(#25057, @ldelossa)enable-endpoint-routes
withenable-high-scale-ipcache
. (#25601, @pchaigno)Bugfixes:
--hubble-monitor-events
logic to be an allowlist (#25167, @epk)toServices
policy where service backend churn left stale CIDR identities (#25687, @christarazi)CI Changes:
MAX_*_OPTIONS
and support for 5.10 (#24122, @pchaigno)useDigest=false
for Hubble Relay (Backport PR #26914, Upstream PR #26890, @gandro)useDigest=false
for Hubble Relay (Backport PR #26887, Upstream PR #26869, @gandro)K8sAgentIstioTest
(#24476, @nbusseneau)2023042
.212204 LVH images (#25681, @brb)master
>main
) (#24958, @nbusseneau)SkipGKEQuarantined
helper (#23354, @pchaigno)tests-smoke
conformance workflow (#25493, @bleggett)--config
when unnecessary (#24567, @pchaigno)Misc Changes:
dev-doctor
- if path togo.mod
invalid, look in current directory (#25327, @bleggett)pkg/fqdn
(#22519, @AdamKorcz).clang-format
for editor-agnostic C formatting hints (#25488, @bleggett)make run_bpf_tests
target to run eBPF unit tests in the Cilium builder container (#25173, @ldelossa)c7g
,m6idn
,m6in
,m7g,
r6idn,
r6in, and
r7g` (#23835, @muratso)cilium bpf migrate-map
sub-command (#25196, @tklauser)MARK_MAGIC_
constants (#23125, @pchaigno)removeIfEmpty
with more effiicientos.ReadDir
(#24566, @Juneezee)959cbb7
to 2.1.39 (#23196, @dependabot[bot])Fix operator panic that occurs when Endpoint CRD is disabled and CiliumEndpointSlice is enabled (#25798, @doniacld)
207512c
(main) (#25397, @renovate[bot])ff6bdca
(master) (#24354, @renovate[bot])572f680
(master) (#23575, @renovate[bot])52921e6
(master) (#24103, @renovate[bot])690e413
(main) (#25277, @renovate[bot])6b3fa4b
(main) (#26050, @renovate[bot])8f958bf
(main) (#26283, @renovate[bot])fd9306e
(v1.14) (#26696, @renovate[bot])0bced47
(v1.14) (#26697, @renovate[bot])2a357c4
(main) (#26284, @renovate[bot])ac58ff7
(main) (#25295, @renovate[bot])f05532b
(master) (#23477, @renovate[bot])149531e
(master) (#24614, @renovate[bot])21e5d22
(master) (#23726, @renovate[bot])26d07ba
(master) (#23352, @renovate[bot])42ddd0c
(master) (#23602, @renovate[bot])48e033b
(master) (#23654, @renovate[bot])6b01107
(master) (#23498, @renovate[bot])9ecc53c
(main) (#25398, @renovate[bot])9ecc53c
(main) (#26285, @renovate[bot])ddde70b
(master) (#24254, @renovate[bot])cilium endpoint regenerate
command (#25949, @christarazi)const
qualifiers to BPF code (#24606, @qmonnet)net.IP*
for ingress IPs (#26045, @christarazi)policy_implementation_delay
to metrics (#22998, @learnitall)cluster-pool-v2beta
(#25767, @gandro)PRELOAD_VM
for local CI VM (#22902, @Shunpoco)pkg/datapath/ipcache/listener.go
. (#23963, @hxysayhi)pkg/bgpv1
(#25686, @danehans)nodeEncryption
is only supported with WireGuard (#25770, @gandro)notifyOnDNSMsg()
(#22341, @christarazi)PrefixString()
(#23201, @christarazi)NodeEncryptionOptOutLabels
when marshalling to json (#24470, @gandro)make generate-k8s-api
(#23428, @ldelossa)--metrics
(#22888, @christarazi)slackin
system hosted on heroku, to just a simple generated badge. (#26416, @thebsdbox)Other Changes:
v1.13.5
: 1.13.5Compare Source
We are pleased to release Cilium v1.13.5.
This release addresses the following security issues:
This release includes a security fix for Envoy, performance improvements to clustermesh, the addition of loadBalancerIP and loadBalancerClass on ingress services, and numerous networking improvements.
See the notes below for a full description of the changes.
⚠️ Warning - IPsec ⚠️
Do NOT upgrade to this release if you are using IPsec.
Summary of Changes
Minor Changes:
envoyConfig.enabled
that can be used to enable CiliumEnvoyConfig CRD independently of Cilium Ingress controller. (Backport PR #26421, Upstream PR #26005, @jrajahalme)Bugfixes:
CI Changes:
Skip conntrack
test (Backport PR #27036, Upstream PR #25038, @pchaigno)Misc Changes:
405b708
(v1.13) (#26422, @renovate[bot])6fb612a
(v1.13) (#26249, @renovate[bot])0bced47
(v1.13) (#26701, @renovate[bot])2a357c4
(v1.13) (#26317, @renovate[bot])6120be6
(v1.13) (#26433, @renovate[bot])install-egress-gateway-routes
flag is only for EKS's ENI mode in egress gateway guide (Backport PR #26861, Upstream PR #23616, @deepeshaburse)Other Changes:
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.5@​sha256:e02744b4413824093d25a6fb35e2e418f7301e55825fa53a8e1943fe7e9e5aef
quay.io/cilium/cilium:v1.13.5@​sha256:e02744b4413824093d25a6fb35e2e418f7301e55825fa53a8e1943fe7e9e5aef
docker.io/cilium/cilium:stable@sha256:e02744b4413824093d25a6fb35e2e418f7301e55825fa53a8e1943fe7e9e5aef
quay.io/cilium/cilium:stable@sha256:e02744b4413824093d25a6fb35e2e418f7301e55825fa53a8e1943fe7e9e5aef
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.5@​sha256:466182b742140f1566926d28066943206a62e80114460b8a46de029395b82e47
quay.io/cilium/clustermesh-apiserver:v1.13.5@​sha256:466182b742140f1566926d28066943206a62e80114460b8a46de029395b82e47
docker.io/cilium/clustermesh-apiserver:stable@sha256:466182b742140f1566926d28066943206a62e80114460b8a46de029395b82e47
quay.io/cilium/clustermesh-apiserver:stable@sha256:466182b742140f1566926d28066943206a62e80114460b8a46de029395b82e47
docker-plugin
docker.io/cilium/docker-plugin:v1.13.5@​sha256:8803098ca8710f6c48189e8918a77d81c20657494c7af3da154c1ca66759df25
quay.io/cilium/docker-plugin:v1.13.5@​sha256:8803098ca8710f6c48189e8918a77d81c20657494c7af3da154c1ca66759df25
docker.io/cilium/docker-plugin:stable@sha256:8803098ca8710f6c48189e8918a77d81c20657494c7af3da154c1ca66759df25
quay.io/cilium/docker-plugin:stable@sha256:8803098ca8710f6c48189e8918a77d81c20657494c7af3da154c1ca66759df25
hubble-relay
docker.io/cilium/hubble-relay:v1.13.5@​sha256:a1bca42ac2f9f934d7dc9311ecff5ff7012023830a63ba2980091abbfc148cbb
quay.io/cilium/hubble-relay:v1.13.5@​sha256:a1bca42ac2f9f934d7dc9311ecff5ff7012023830a63ba2980091abbfc148cbb
docker.io/cilium/hubble-relay:stable@sha256:a1bca42ac2f9f934d7dc9311ecff5ff7012023830a63ba2980091abbfc148cbb
quay.io/cilium/hubble-relay:stable@sha256:a1bca42ac2f9f934d7dc9311ecff5ff7012023830a63ba2980091abbfc148cbb
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.5@​sha256:acbcabaa7a7baa9a696f8ffffc428ee262c87fc36bc792099ac1bed6a7bfe993
quay.io/cilium/operator-alibabacloud:v1.13.5@​sha256:acbcabaa7a7baa9a696f8ffffc428ee262c87fc36bc792099ac1bed6a7bfe993
docker.io/cilium/operator-alibabacloud:stable@sha256:acbcabaa7a7baa9a696f8ffffc428ee262c87fc36bc792099ac1bed6a7bfe993
quay.io/cilium/operator-alibabacloud:stable@sha256:acbcabaa7a7baa9a696f8ffffc428ee262c87fc36bc792099ac1bed6a7bfe993
operator-aws
docker.io/cilium/operator-aws:v1.13.5@​sha256:e2b93136fe0a3f3d3914a24c76f78011c9a626e5510f50afd5fc24e48793ea20
quay.io/cilium/operator-aws:v1.13.5@​sha256:e2b93136fe0a3f3d3914a24c76f78011c9a626e5510f50afd5fc24e48793ea20
docker.io/cilium/operator-aws:stable@sha256:e2b93136fe0a3f3d3914a24c76f78011c9a626e5510f50afd5fc24e48793ea20
quay.io/cilium/operator-aws:stable@sha256:e2b93136fe0a3f3d3914a24c76f78011c9a626e5510f50afd5fc24e48793ea20
operator-azure
docker.io/cilium/operator-azure:v1.13.5@​sha256:561be7360082515f22d6e34f073c2299e6889567a0578cd0ce51d68e0b0dcb81
quay.io/cilium/operator-azure:v1.13.5@​sha256:561be7360082515f22d6e34f073c2299e6889567a0578cd0ce51d68e0b0dcb81
docker.io/cilium/operator-azure:stable@sha256:561be7360082515f22d6e34f073c2299e6889567a0578cd0ce51d68e0b0dcb81
quay.io/cilium/operator-azure:stable@sha256:561be7360082515f22d6e34f073c2299e6889567a0578cd0ce51d68e0b0dcb81
operator-generic
docker.io/cilium/operator-generic:v1.13.5@​sha256:d77f3e1472725b3c28b5d88d6a49c7fcba3072c0c08a26e2e16c1e9139c96207
quay.io/cilium/operator-generic:v1.13.5@​sha256:d77f3e1472725b3c28b5d88d6a49c7fcba3072c0c08a26e2e16c1e9139c96207
docker.io/cilium/operator-generic:stable@sha256:d77f3e1472725b3c28b5d88d6a49c7fcba3072c0c08a26e2e16c1e9139c96207
quay.io/cilium/operator-generic:stable@sha256:d77f3e1472725b3c28b5d88d6a49c7fcba3072c0c08a26e2e16c1e9139c96207
operator
docker.io/cilium/operator:v1.13.5@​sha256:7d2128278d33bd191c1cdc5968456fe702d8b7f9c81e63689f7a1510091dd54d
quay.io/cilium/operator:v1.13.5@​sha256:7d2128278d33bd191c1cdc5968456fe702d8b7f9c81e63689f7a1510091dd54d
docker.io/cilium/operator:stable@sha256:7d2128278d33bd191c1cdc5968456fe702d8b7f9c81e63689f7a1510091dd54d
quay.io/cilium/operator:stable@sha256:7d2128278d33bd191c1cdc5968456fe702d8b7f9c81e63689f7a1510091dd54d
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.