1.9.0-rc3
Pre-release
Pre-release
v1.9.0-rc3
joestringer
Joe Stringer
This tag was signed with the committer’s verified signature.
joestringer
Joe Stringer
Summary of Changes
Minor Changes:
- Add metric 'cilium_k8s_event_lag_seconds' for calculated lag of Kubernetes events (Backport PR #13751, Upstream PR #13702, @aanm)
- Adds API for LRP introspection (Backport PR #13720, Upstream PR #13327, @Weil0ng)
- datapath: Decouple IPV4_MASQUERADE from IPV4_NODEPORT (Backport PR #13751, Upstream PR #13606, @brb)
- docker: update Hubble CLI to v0.7.0 (Backport PR #13688, Upstream PR #13643, @rolinh)
- helm: keep encryption interface value undefined (Backport PR #13688, Upstream PR #13677, @kkourt)
- install/kubernetes: Allow update of "remote" secret (Backport PR #13812, Upstream PR #13784, @jrajahalme)
- test: Remove use of undefined field in TLS test (Backport PR #13856, Upstream PR #13850, @jrajahalme)
- VM Support Refinement (Backport PR #13786, Upstream PR #13666, @jrajahalme)
Bugfixes:
- Add log when allocate nodecidr failure (Backport PR #13688, Upstream PR #13299, @konghui)
- bpf: Fix --force-local-policy-eval-at-source=false (Backport PR #13812, Upstream PR #13769, @joestringer)
- build: bpf: Fix cross-compilation of gcc targets (Backport PR #13812, Upstream PR #13709, @mrostecki)
- endpoint: Avoid benign error messages on restoration (Backport PR #13720, Upstream PR #13667, @pchaigno)
- Fix bug where Cilium leaks a goroutine when an endpoint is deleted. This leak, if left running in a high pod churn environment, can cause Cilium to exceed its memory usage and get OOM killed. (Backport PR #13720, Upstream PR #13683, @christarazi)
- Fix garbage collection of CEPs - delete them in tranches and not every 5 minutes. (Backport PR #13751, Upstream PR #13728, @aanm)
- Fix panic on cilium-agent startup (Backport PR #13856, Upstream PR #13842, @aanm)
- Fix potential bug in ENI IPAM when multiple updates at the same time are performed to the a CiliumNode resource (Backport PR #13688, Upstream PR #13612, @christarazi)
- Fixed installation instructions for K3s and Kubernetes Network Policy enforcement (Backport PR #13812, Upstream PR #13783, @aanm)
- go.mod: update cilium/ipam library with bug fixes (Backport PR #13856, Upstream PR #13810, @aanm)
- Helm: Adapt Hubble ingress template to the new Ingress API (Backport PR #13751, Upstream PR #13682, @youssefazrak)
- hubble/relay: flush old flows when the buffer drain timeout is reached (Backport PR #13786, Upstream PR #13776, @rolinh)
- hubble: Fix reply state unknown being interpreted as false (Backport PR #13786, Upstream PR #13750, @gandro)
- k8s/watchers: fix data race in (*K8sWatcher).addK8sServiceV1 (Backport PR #13688, Upstream PR #13604, @tklauser)
- lbmap: Correct issue that port info display error (Backport PR #13624, Upstream PR #13244, @Jianlin-lv)
- redirectpolicy: Check lrp type before restoring lrp service (Backport PR #13786, Upstream PR #13741, @aditighag)
- reduce cardinality of prometheus labels (Backport PR #13720, Upstream PR #13699, @aanm)
CI Changes:
- .github: Add action to build all BPF permutations (Backport PR #13786, Upstream PR #13770, @joestringer)
- checkpatch: switch to an external container image (Backport PR #13688, Upstream PR #13642, @qmonnet)
- ci: Avoid null pointer exception in non-pr builds (Backport PR #13786, Upstream PR #13779, @nebril)
- ci: Print hint to fix auto-generated file checks (Backport PR #13751, Upstream PR #13718, @sayboras)
- ci: run baseline perf tests nightly (Backport PR #13688, Upstream PR #13376, @nebril)
- ci: skip tests involving L7 proxy if race detector is enabled (Backport PR #13786, Upstream PR #13755, @tklauser)
- Fix focus in jenkinsfile (Backport PR #13812, Upstream PR #13791, @nebril)
- images: Fix handing of dev suffix when tag is used (cilium/image-tools#76) (Backport PR #13688, Upstream PR #13639, @errordeveloper)
- smoketest: Add image tag as latest for cilium agent and operator (Backport PR #13624, Upstream PR #13664, @sayboras)
- test: improve debugging of dns issues, add retries to external conn check (Backport PR #13720, Upstream PR #13694, @nebril)
- test: skip new tests in upstream k8s (Backport PR #13812, Upstream PR #13758, @aanm)
Misc Changes:
- backporting: Clean tmp files after backport with conflicts (Backport PR #13751, Upstream PR #13707, @pchaigno)
- backporting: Properly escape commit message when used as regex (Backport PR #13812, Upstream PR #13756, @gandro)
- backporting: Update labels by default when submitting backport (Backport PR #13720, Upstream PR #13703, @pchaigno)
- bandwidth: adjust version to 5.1 in log message (Backport PR #13856, Upstream PR #13817, @tklauser)
- bpf: fix up lrp for v4-in-v6 sockets (Backport PR #13688, Upstream PR #13638, @borkmann)
- bpf: redirect fixes and follow-ups (Backport PR #13688, Upstream PR #13646, @borkmann)
- bpf: redirect_neigh signature fix (Backport PR #13786, Upstream PR #13747, @borkmann)
- bpf: simplify local redirect a bit for sock lb (Backport PR #13624, Upstream PR #13613, @borkmann)
- certloader: Fix reload on K8s Secret/ConfigMap update (Backport PR #13751, Upstream PR #13636, @gandro)
- cilium, docs: small readme update (Backport PR #13856, Upstream PR #13846, @borkmann)
- cilium, helm: rename helm load balancer related parameters (Backport PR #13856, Upstream PR #13841, @borkmann)
- cilium/cmd: Cosmetic code clean-ups (Backport PR #13812, Upstream PR #13762, @twpayne)
- cilium: minor lb follow-ups (Backport PR #13836, Upstream PR #13821, @borkmann)
- cilium: Node to node encryption is not supported with vxlan (Backport PR #13856, Upstream PR #13800, @jrfastab)
- contrib: match commit subject exactly when searching for upstream commit (Backport PR #13688, Upstream PR #13630, @tklauser)
- daemon: Don't check XDPDevice in DevicePreFilter case (Backport PR #13812, Upstream PR #13794, @brb)
- doc: update Hubble doc for 1.9 (Backport PR #13751, Upstream PR #13669, @rolinh)
- doc: Update OpenShift GSG (Backport PR #13751, Upstream PR #13713, @michi-covalent)
- docker: update Hubble CLI to v0.7.1 (Backport PR #13720, Upstream PR #13693, @rolinh)
- docs/gettingstarted: Fix minor issues in Metrics guide (Backport PR #13720, Upstream PR #13668, @twpayne)
- docs/gettingstarted: Update AKS instructions (Backport PR #13688, Upstream PR #13632, @twpayne)
- docs: Add a note about systemd 245 rp_filter issue (Backport PR #13751, Upstream PR #13717, @brb)
- docs: Add Azure troubleshooting tips (Backport PR #13856, Upstream PR #13714, @jrajahalme)
- docs: Add gsg cross-link for cluster-pool IPAM (Backport PR #13812, Upstream PR #13771, @joestringer)
- docs: Add how to remove kube-proxy from existing clusters (Backport PR #13856, Upstream PR #13808, @brb)
- docs: add instructions to update Kubernetes libraries (Backport PR #13856, Upstream PR #12784, @aanm)
- docs: Clarify bumping the runtime images step (Backport PR #13786, Upstream PR #13781, @christarazi)
- docs: Do not over promise in BPF-masq docs (Backport PR #13751, Upstream PR #13733, @brb)
- docs: docker: update some command outputs (Backport PR #13720, Upstream PR #13695, @jibi)
- docs: Document some caveats of kube-proxy replacement (Backport PR #13688, Upstream PR #13640, @brb)
- docs: document test-only ci command (Backport PR #13786, Upstream PR #12268, @nebril)
- docs: Fix broken formating and link (Backport PR #13688, Upstream PR #13661, @pchaigno)
- docs: fix minor issue in cilium support with external etcd gsg (Backport PR #13688, Upstream PR #13651, @fristonio)
- docs: Fix shell session highlighting (Backport PR #13720, Upstream PR #13704, @joestringer)
- docs: GKE - fix some indentation, specify bash code segments (Backport PR #13688, Upstream PR #13645, @ti-mo)
- docs: improve Host Firewall GSG (Backport PR #13720, Upstream PR #13673, @qmonnet)
- docs: NodePort XDP on GCP is not supported (Backport PR #13688, Upstream PR #13665, @gandro)
- docs: remove repeated words (Backport PR #13751, Upstream PR #13719, @tklauser)
- docs: update CODEOWNERS review process (Backport PR #13786, Upstream PR #13764, @aanm)
- docs: update NodePort XDP kube-proxy-free GSG for Azure AKS (Backport PR #13720, Upstream PR #13685, @tklauser)
- docs: Updates kube-proxy-free getting started guide (Backport PR #13720, Upstream PR #13692, @pchaigno)
- docs: Various LRP gsg fixups (Backport PR #13751, Upstream PR #13737, @nebril)
- Documentation: Fix Loadbalancer Guide for Clustermesh (Backport PR #13856, Upstream PR #13822, @nathanjsweet)
- examples/doc Add example LRP yaml files for real-world use cases (Backport PR #13720, Upstream PR #13543, @aditighag)
- examples: getting-started: bump Cilium docker image to 1.9 (Backport PR #13720, Upstream PR #13697, @jibi)
- Expose operator azure-user-assigned-identity-id flag to its chart (Backport PR #13688, Upstream PR #13424, @ombre9)
- Fix deadlock on eventqueue when it's being drained when endpoints are being restored (Backport PR #13751, Upstream PR #13716, @christarazi)
- Fix Helm upgrade compatibility (Backport PR #13720, Upstream PR #13691, @joestringer)
- Fix install/ version update scripts (Backport PR #13861, Upstream PR #13858, @joestringer)
- Fixes for troubleshooting guide re. Hubble/Hubble Relay (Backport PR #13688, Upstream PR #13644, @tklauser)
- helm, docs: Avoid use of term policy drops (Backport PR #13856, Upstream PR #13848, @pchaigno)
- helm: Add check for prometheus service monitoring CRDs (Backport PR #13786, Upstream PR #13549, @sayboras)
- helm: Remove
type: kubernetes.io/tlsfrom hubble-ca-secret (Backport PR #13812, Upstream PR #13792, @gandro) - helm: Remove hardcoded port check for hubble, etc (Backport PR #13688, Upstream PR #13607, @nathanjsweet)
- hubble: Fix dropped flows not showing up in Hubble UI (Backport PR #13812, Upstream PR #13796, @gandro)
- Improve documentation of filtering unnecessary labels (Backport PR #13720, Upstream PR #13696, @aanm)
- install/kubernetes: Fix experimental-install.yaml for Hubble (Backport PR #13812, Upstream PR #13782, @gandro)
- install/kubernetes: remove nodePort.device from values (Backport PR #13688, Upstream PR #13684, @tklauser)
- k8s Don't treat empty pod IPs as error condition (Backport PR #13856, Upstream PR #13648, @aditighag)
- k8s: clarify CRD schema versioning and its update process (Backport PR #13856, Upstream PR #13811, @aanm)
- k8s: update k8s libraries to 1.19.3 (Backport PR #13688, Upstream PR #13654, @aanm)
- loader: Use netlink lib instead of tc binary to delete filters (Backport PR #13786, Upstream PR #13724, @pchaigno)
- nodeinit: Update image tag (Backport PR #13751, Upstream PR #13726, @errordeveloper)
- operator: Fix CEP owner type (Backport PR #13688, Upstream PR #13550, @jrajahalme)
- Optimizations for initialization of CRDs (Backport PR #13720, Upstream PR #13675, @aanm)
- pkg/k8s: keep resource version when watching CRDs (Backport PR #13751, Upstream PR #13729, @aanm)
- pkg/kvstore: fix race in etcd initialization (Backport PR #13812, Upstream PR #13780, @aanm)
- Pre-allocate slices with known size (Backport PR #13812, Upstream PR #13778, @tklauser)
- redirectpolicy: Move the feature behind feature flag and remove CCLRP related code (Backport PR #13786, Upstream PR #13671, @aditighag)
- Refresh upgrade guide for v1.9 (Backport PR #13720, Upstream PR #13689, @joestringer)
- Remove high cardinality port-distribution metric from default install (Backport PR #13786, Upstream PR #13734, @jedsalazar)
- Remove remnants of bindata check script (Backport PR #13751, Upstream PR #13730, @tklauser)
- test: Debug RuntimeConntrackInVethModeTest flake (Backport PR #13688, Upstream PR #13295, @pchaigno)
- Update wording for BPFFS requirement and move to main system requirements page (Backport PR #13751, Upstream PR #13710, @joestringer)
- vagrant: Add host name argument in vagrant port command (Backport PR #13720, Upstream PR #13698, @sayboras)
- Various fixes for NodePort XDP kube-proxy free guide (Backport PR #13751, Upstream PR #13674, @tklauser)
- vendor: pin yaml.v2 to v2.2.8 (Backport PR #13688, Upstream PR #13620, @twpayne)