1.10.7
joestringer
Joe Stringer
This release fixes various bugs relating to packet drops, IP address management and egress gateway, and updates the underlying container images for the latest upstream updates.
Summary of Changes
Bugfixes:
- bpf: egressgw: sync logic to determine if destination is outside cluster (Backport PR #18379, Upstream PR #18246, @jibi)
- daemon: Fix multi-dev XDP check (Backport PR #18365, Upstream PR #18305, @brb)
- egressgateway: fix initial reconciliation (Backport PR #18461, Upstream PR #18325, @jibi)
- Fix an issue where the tunnel map sync controller causes errors even though tunneling is disabled. (Backport PR #18276, Upstream PR #18247, @tklauser)
- Fix crash on startup if proxy is disabled (Backport PR #18276, Upstream PR #18198, @chaosbox)
- Fix possible IP leak in case ENI's are not present in the CN yet (Backport PR #18487, Upstream PR #18352, @codablock)
- Fix TCP connectivity issues in the DSR mode when conntrack entries with missing DSR flag are reused. (Backport PR #18276, Upstream PR #18041, @Inode1)
- hubble: Fix misclassification of
to-networkreply packets (Backport PR #18276, Upstream PR #18196, @gandro)
CI Changes:
- ci: use python3 instead of python (Backport PR #18445, Upstream PR #18443, @nebril)
- github: Misc improvements for the L4LB test suite (Backport PR #18233, Upstream PR #17005, @brb)
- test: Add Error Log Exceptions (Backport PR #18233, Upstream PR #18117, @nathanjsweet)
- test: bump l4lb Vagrantfile kind to 0.11.1 (Backport PR #18487, Upstream PR #18370, @jibi)
- v1.10 ci: set PR base for codeql workflow (#18369, @tklauser)
Misc Changes:
- bpf: Reset Pod's queue mapping in host veth to fix phys dev mq selection (Backport PR #18487, Upstream PR #18388, @borkmann)
- build(deps): bump 8398a7/action-slack from 3.12.0 to 3.13.0 (#18425, @dependabot[bot])
- build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#18321, @dependabot[bot])
- build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#18265, @dependabot[bot])
- build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#18519, @dependabot[bot])
- build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#18309, @dependabot[bot])
- Changed the documentation for Kubespray installation to recommend using
-eflag forcilium_versionvariable instead of editing the role variables. (Backport PR #18445, Upstream PR #18342, @necatican) - docs: Fix
first-interface-indexdocumentation (Backport PR #18445, Upstream PR #18327, @gandro) - docs: Fix incorrect mention of
bpf.masquerade's default value (Backport PR #18445, Upstream PR #18420, @pchaigno) - docs: Replace 'micro version' with 'patch version' (Backport PR #18445, Upstream PR #18279, @pchaigno)
- docs: Replace janitors team with tophat team (Backport PR #18445, Upstream PR #18430, @pchaigno)
- docs: Warn against Helm's
--reuse-valuesin Cilium upgrades (Backport PR #18276, Upstream PR #18259, @gandro) - Revert "test: Add Error Log Exceptions" (#18457, @nbusseneau)
- v1.10: Update Go to 1.16.12 (#18228, @tklauser)
- v1.10: Update Go to 1.16.13 (#18415, @tklauser)
Other Changes:
- .github: stop pushing last stable image from v1.10 branches (#18272, @joestringer)
- install: add mountPropagation directive to bpf-maps volume in cilium DS (#18438, @jibi)
- install: Update image digests for v1.10.6 (#18235, @joestringer)
- v1.10: CODEOWNERS: janitors renamed to tophat (#18362, @pchaigno)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.10.7@sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca
quay.io/cilium/cilium:v1.10.7@sha256:e23f55e80e1988db083397987a89967aa204ad6fc32da243b9160fbcea29b0ca
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.10.7@sha256:9afb0a15afffdf84812c8174df9de86e35239fb87a6ffd9539877a9e643d8132
quay.io/cilium/clustermesh-apiserver:v1.10.7@sha256:9afb0a15afffdf84812c8174df9de86e35239fb87a6ffd9539877a9e643d8132
docker-plugin
docker.io/cilium/docker-plugin:v1.10.7@sha256:7178d952e22c5fadd42dab3e0ee5e174c922cb811d9f5c01143fb0227bb42ad6
quay.io/cilium/docker-plugin:v1.10.7@sha256:7178d952e22c5fadd42dab3e0ee5e174c922cb811d9f5c01143fb0227bb42ad6
hubble-relay
docker.io/cilium/hubble-relay:v1.10.7@sha256:385fcc4fa315eb6b66626c3e5f607b6b6514c8c3a863c47c2b2dbc97790acb47
quay.io/cilium/hubble-relay:v1.10.7@sha256:385fcc4fa315eb6b66626c3e5f607b6b6514c8c3a863c47c2b2dbc97790acb47
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.10.7@sha256:7a6ccc99195ae6a8216d2a1e1e0cc05d49c2d263b194895da264899fe9d0f45a
quay.io/cilium/operator-alibabacloud:v1.10.7@sha256:7a6ccc99195ae6a8216d2a1e1e0cc05d49c2d263b194895da264899fe9d0f45a
operator-aws
docker.io/cilium/operator-aws:v1.10.7@sha256:97b378e0e3b6b5ade6ae1706024c7a25fe6fc48e00102b65a6b7ac51d6327f40
quay.io/cilium/operator-aws:v1.10.7@sha256:97b378e0e3b6b5ade6ae1706024c7a25fe6fc48e00102b65a6b7ac51d6327f40
operator-azure
docker.io/cilium/operator-azure:v1.10.7@sha256:556d692b2f08822101c159d9d6f731efe6c437d2b80f0ef96813e8745203c852
quay.io/cilium/operator-azure:v1.10.7@sha256:556d692b2f08822101c159d9d6f731efe6c437d2b80f0ef96813e8745203c852
operator-generic
docker.io/cilium/operator-generic:v1.10.7@sha256:d0b491d8d8cb45862ed7f0410f65e7c141832f0f95262643fa5ff1edfcddcafe
quay.io/cilium/operator-generic:v1.10.7@sha256:d0b491d8d8cb45862ed7f0410f65e7c141832f0f95262643fa5ff1edfcddcafe
operator
docker.io/cilium/operator:v1.10.7@sha256:cd80afc7a5a7a70130fad0ef61977fb3dc42f8fb73201ce244b0f39843ab4b82
quay.io/cilium/operator:v1.10.7@sha256:cd80afc7a5a7a70130fad0ef61977fb3dc42f8fb73201ce244b0f39843ab4b82
