v1.16.0-rc.1
版本发布时间: 2024-06-29 06:30:50
cilium/cilium最新发布版本:v1.16.1(2024-08-14 21:07:13)
Summary of Changes
Major Changes:
- policy: Add support for port ranges in network policies. (cilium/cilium#32807, @nathanjsweet)
Minor Changes:
- agent: Add EnableRouteMTUForCNIChaining to propagate MTU to pods when CNI chaning is used (cilium/cilium#33190, @brb)
- BGPv1 and BGPv2 - Reject all inbound BGP advertisements (cilium/cilium#33035, @dswaffordcw)
- bgpv2: Fix defaulting of BGP peer config, use the default peer config only when PeerConfigRef is not specified in CiliumBGPClusterConfig. (cilium/cilium#33392, @rastislavs)
- Change default CiliumLoadBalancerIPPool behavior and remove deprecated
cidrsfield from CiliumLoadBalancerIPPool (cilium/cilium#33151, @dylandreimerink) - envoy: Enable DaemonSet only for new installation (cilium/cilium#33384, @sayboras)
- envoy: update envoy 1.29.x to v1.29.6 (main) (cilium/cilium#33406, @sayboras)
- Fixes a rare cause of policy drops on first endpoint regeneration. (cilium/cilium#32914, @squeed)
- helm: ensure that envoy daemonset is installed only when needed (cilium/cilium#33431, @f1ko)
- k8s: improve user facing error logging for k8s decode errors. (cilium/cilium#33245, @tommyp1ckles)
- Removed cilium-agent permissions to update CiliumNetworkPolicy and CiliumClusterWideNetworkPolicy statuses (cilium/cilium#33228, @marseel)
Bugfixes:
- bgpv1: reorder neighbor creation and deletion steps (cilium/cilium#33262, @harsimran-pabla)
- bgpv2: use peer asn and address in the key (cilium/cilium#33263, @harsimran-pabla)
- bpf: rename UINT8_MAX to UINT16_max and fix cluster_id casts (cilium/cilium#33240, @thorn3r)
- Cilium now correctly handles the case when a to/fromCIDRSet policy only contains a cidrGroupRef to a non-existent cidrGroup by denying traffic. (cilium/cilium#33396, @bimmlerd)
- ctmap: Stop GC handler if signal map is closed (cilium/cilium#33281, @gandro)
- datapath: Fix redirect from from L3 netdev to tunnel (cilium/cilium#33421, @brb)
- egress-gateway: Validate ep identity before fetching labels (cilium/cilium#33311, @pippolo84)
- Fix CiliumEnvoyConfig Nodeport handling (cilium/cilium#33040, @youngnick)
- Fix hubble metrics leak by using CiliumEndpoint watcher to remove stale metrics. (cilium/cilium#33260, @sgargan)
- Fix rare spurious double reconnection upon clustermesh configuration change for remote cluster (cilium/cilium#33248, @giorio94)
- gateway-api: Un-set externalTrafficPolicy on LB service for host network (cilium/cilium#33101, @otaconix)
- Recreate CT entries for non-TCP to fix L7 proxy redirect failures. (cilium/cilium#33222, @ysksuzuki)
- Revert PR #32244 which caused unintended side-effects that negatively impacted network performance. (cilium/cilium#33304, @learnitall)
CI Changes:
- Add dispatch for scale/perf workflows and notice (cilium/cilium#33201, @marseel)
- bpf/tests: Add BPF_TEST_FILE to run a single test (cilium/cilium#33407, @brb)
- ci: Extend K8s FQDN test to assert numeric identities after restoration (cilium/cilium#33400, @gandro)
- Fix bug in CES migration workflow causing it to fail when it should be skipped. (cilium/cilium#33290, @learnitall)
- hubble: deflake TestLocalObserverServer_NodeLabels (cilium/cilium#33285, @kaworu)
- ipsec-tests: Fix flaky TestUpsertIPSecKeyMissing (cilium/cilium#32937, @marseel)
- Revert "CI: bump default FQDN datapath timeout from 100 to 250ms" (cilium/cilium#33354, @gandro)
- workflows: integration-test: allow to configure bigger runner (cilium/cilium#33284, @jibi)
Misc Changes:
- .github: add workflow for renovate to build base images (cilium/cilium#33326, @aanm)
- .github: fix cloud workflows for renovate (cilium/cilium#33320, @aanm)
- .github: fix worfklows used by renovate (cilium/cilium#33309, @aanm)
- .github: update kindest to 1.30.0 (cilium/cilium#33375, @aanm)
- Add auto-merge for renovate for trusted dependencies (cilium/cilium#33287, @aanm)
- Add explicit deprecation notice in the Ginkgo-based E2E testing documentation (cilium/cilium#33288, @learnitall)
- bitlpm: Add Comment for UintTrie (cilium/cilium#33241, @nathanjsweet)
- bpf,tests: Add IPv4 checsum validation (cilium/cilium#33341, @viktor-kurchenko)
- bpf: ct: return actual error from CT lookup (cilium/cilium#33225, @julianwiedmann)
- bpf: ensure test objects are compiled before tests are run (cilium/cilium#33275, @lmb)
- bpf: fix skip_tunnel_nodeport_revnat (cilium/cilium#33113, @lmb)
- bpf: host: sanitize whole skb->cb in to-netdev (cilium/cilium#33183, @julianwiedmann)
- bpf: improve some trace notifications to report the correct ifindex (cilium/cilium#33229, @julianwiedmann)
- bpf: lxc: fix ifindex in TO_ENDPOINT trace notification (cilium/cilium#33085, @julianwiedmann)
- bpf: lxc: prefer SECLABEL_IPV4 over SECLABEL in ipv4_policy() (cilium/cilium#33181, @julianwiedmann)
- bpf: nodeport: clean up redundant 0-initializations (cilium/cilium#33255, @julianwiedmann)
- build(deps): bump urllib3 from 2.0.7 to 2.2.2 in /Documentation (cilium/cilium#33218, @dependabot[bot])
- build-images-base: cancel github runs based on branch name (cilium/cilium#33353, @aanm)
- build-images-base: push to branch if pull request ref doesn't exist (cilium/cilium#33368, @aanm)
- build-images: fetch artifacts with specific pattern (cilium/cilium#33216, @aanm)
- chore(deps): update all github action dependencies (main) (cilium/cilium#33300, @cilium-renovate[bot])
- chore(deps): update all github action dependencies (main) (cilium/cilium#33402, @cilium-renovate[bot])
- chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#33297, @cilium-renovate[bot])
- chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#33343, @cilium-renovate[bot])
- chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#33401, @cilium-renovate[bot])
- chore(deps): update all-dependencies (main) (cilium/cilium#33298, @cilium-renovate[bot])
- chore(deps): update cilium/scale-tests-action digest to 511e3d9 (main) (cilium/cilium#33210, @cilium-renovate[bot])
- chore(deps): update dependency renovatebot/renovate to v37.410.1 (main) (cilium/cilium#33205, @cilium-renovate[bot])
- chore(deps): update dependency renovatebot/renovate to v37.415.0 (main) (cilium/cilium#33350, @cilium-renovate[bot])
- chore(deps): update docker.io/library/golang:1.22.4 docker digest to a66eda6 (main) (cilium/cilium#33331, @cilium-renovate[bot])
- cilium: add note into upgrade guide and perf guide about netkit enablement (cilium/cilium#33404, @borkmann)
- clustermesh: grant read permissions to the cilium/.heartbeat prefix (cilium/cilium#33436, @giorio94)
- contrib,tool: exclude slice cleanup (cilium/cilium#33365, @viktor-kurchenko)
- daemon/ipam: don't swallow parse error of CIDR (cilium/cilium#33283, @bimmlerd)
- datapath: clean up unused SECLABEL_NB (cilium/cilium#33211, @julianwiedmann)
- docs: Add note about WG and MTU with CNI chaining (cilium/cilium#33429, @brb)
- docs: Document enable-node-selector-labels flag (cilium/cilium#31188, @oblazek)
- docs: Extend LRP guide with troubleshooting section (cilium/cilium#33373, @aditighag)
- docs: Fix a spelling mistake in BGP docs (cilium/cilium#33328, @saintdle)
- docs: Improve note on kube-apiserver entity limitations (cilium/cilium#33382, @gandro)
- Documentation update for BGPv2 transport configuration (cilium/cilium#33307, @dswaffordcw)
- Documentation: Add troubleshooting section to L2 Announcements (cilium/cilium#33386, @dylandreimerink)
- examples: Fix subject selector in ingress policy (cilium/cilium#33292, @joestringer)
- Fix CiliumEnvoyConfig Nodeport handling again (cilium/cilium#33266, @youngnick)
- fix(deps): update all go dependencies main (main) (cilium/cilium#33200, @cilium-renovate[bot])
- fix(deps): update all go dependencies main (main) (cilium/cilium#33359, @cilium-renovate[bot])
- fix(deps): update aws-sdk-go-v2 monorepo (main) (cilium/cilium#33213, @cilium-renovate[bot])
- fix(deps): update kubernetes packages to v0.30.2 (main) (cilium/cilium#33299, @cilium-renovate[bot])
- fix(deps): update module github.com/hashicorp/go-hclog to v1.6.3 (main) (cilium/cilium#33371, @cilium-renovate[bot])
- fqdn: Skip "open ports" check for statically configured ports (cilium/cilium#33230, @gandro)
- helm: drop IDENTITY_ALLOCATION_MODE environment variable from clustermesh-apiserver (cilium/cilium#33191, @giorio94)
- hive: Fixed copy-paste error in reconciler.Metrics implementation (cilium/cilium#33374, @dylandreimerink)
- identity: Ensure checkpoint runs on shutdown (cilium/cilium#33272, @gandro)
- install/kubernetes: update nodeinit image to latest version (cilium/cilium#33427, @marseel)
- ipam: cell for IPAM and IPAMRestAPIHandler (cilium/cilium#33089, @mhofstetter)
- Makefile: suppress error in comment line. (cilium/cilium#33334, @paulosjca)
- Miscellaneous improvements about closing kvstore client. (cilium/cilium#33250, @giorio94)
- Miscellaneous improvements to clustermesh-related troubleshooting tools (cilium/cilium#32951, @giorio94)
- operator/identitygc: Disable identitygc when Operator manages CID (cilium/cilium#33381, @ovidiutirla)
- operator: include CRD categories when applying cilium CRDs (cilium/cilium#33387, @mhofstetter)
- operator: Remove deprecated CES sync errors metric (cilium/cilium#33305, @christarazi)
- pkg/endpoint: store template hash in template.txt (cilium/cilium#33252, @lmb)
- pkg/k8s: Add required resources for Operator managing CIDs (cilium/cilium#33021, @ovidiutirla)
- Policy catch invalid port wildcard (cilium/cilium#33302, @jrajahalme)
- policy: Replace panics with error logs with stacktrace (cilium/cilium#33333, @jrajahalme)
- policy: take SelectorCache read lock when applying incremental changes (cilium/cilium#33345, @squeed)
- Prepare for release v1.16.0-rc.0 (cilium/cilium#33207, @aanm)
- README: Update releases (cilium/cilium#33217, @aanm)
- Reconcile qdiscs accurately when using BW manager (cilium/cilium#33161, @hemanthmalla)
- renovate add trusted dependencies (cilium/cilium#33312, @aanm)
- renovate: update k8s dependencies automatically (cilium/cilium#33236, @aanm)
- Revert "Fix CiliumEnvoyConfig Nodeport handling" #33040 (cilium/cilium#33256, @markpash)
- Revert "IPAM: Adds AWS IPv6 Prefix Delegation Config Option" (cilium/cilium#33394, @christarazi)
- toFQDNs: Add documention and metrics for
fqdnidentities (cilium/cilium#33237, @gandro) - v1.16 stable branch preparation (cilium/cilium#33453, @aanm)
- Wait for CEC and CCEC resources before restoring endpoints. (cilium/cilium#32981, @jrajahalme)
Docker Manifests
cilium
quay.io/cilium/cilium:v1.16.0-rc.1@sha256:0729d9eff50c2c6b798c073c6ecac15c880095c989bf4312b43da7be90bb44f2
clustermesh-apiserver
quay.io/cilium/clustermesh-apiserver:v1.16.0-rc.1@sha256:59ddda649562bbf369dc6584f4bf8a699e80b9db3db8f93010df8ccf11ea5eb6
docker-plugin
quay.io/cilium/docker-plugin:v1.16.0-rc.1@sha256:93b95ca13e00b3178ae2efa063bb44cbb1fc3030c84277fbaea8f0415bc6a8bf
hubble-relay
quay.io/cilium/hubble-relay:v1.16.0-rc.1@sha256:8c941e9c9cb94d23874b988adb9794a497e6d35f9893ef741e37838add909413
operator-alibabacloud
quay.io/cilium/operator-alibabacloud:v1.16.0-rc.1@sha256:488cf234f6730b989162e2cb2de4b479ff312d0392ec6a4bb57d697606e36a3a
operator-aws
quay.io/cilium/operator-aws:v1.16.0-rc.1@sha256:798917d351dc2ec53e9b71be6d3397c10a0d2d12135ac6a6e9d999862107d432
operator-azure
quay.io/cilium/operator-azure:v1.16.0-rc.1@sha256:0f8b0ebe8e5dc9908418602be49dfb40e5f938ed99fe1d3ddc1fec066fb42e37
operator-generic
quay.io/cilium/operator-generic:v1.16.0-rc.1@sha256:300d55216909d163060aae17de6305084c8208871d25f8e5962e643f6b58e216
operator
quay.io/cilium/operator:v1.16.0-rc.1@sha256:52adead4d4440bc85e66b32fe2ed4336cdb6b89cf4c7b2658f394e00705c2e92