1.12.0

@sayboras

The Cilium core team are excited to announce the Cilium 1.12 release. 🎉

✨ Release Highlights

New Integrated Ingress Controller
Cilium Service Mesh (Multi control plane, sidecar/sidecar-free, Envoy CRD)
Multi-Cluster Service Affinity, Connecting clusters with Helm, Lightweight cluster support
Stable Egress Gateway, NAT46 for Services, Quarantine service backends
Dynamic Allocation of PodCIDRs, AWS ENI prefix delegation, IPv6 for BGP, BBR
Automatic Helm Values, AKS BYOCNI, Improved Chaining, Hubble CLI Improvements

Summary of Changes

Major Changes:

Add cilium ingress controller implementation (#18867, @sayboras)
Add integration for external VXLAN Tunnel Endpoint devices (#17370, @vincentmli)
Add support for CiliumEnvoyConfig CRD. (#18894, @michi-covalent)
Add support for enabling BBR congestion control for Pods, and move bandwidth manager out of beta. (#19287, @borkmann)
Add support for Kubernetes v1.24.0 (#19545, @aanm)
Adding support for AWS ENI prefix delegation - IPv4 Only (#18463, @hemanthmalla)
Cilium: initial NAT46/64 implementation (#18779, @borkmann)
Delegated IPAM plugin (#19219, @wedaly)
Enables ICMP network policy function by default (#20174, @chez-shanpu)
Implementation of a GoBGP backed BGP control plane. (#18860, @ldelossa)
Promote egress gateway to stable (#19320, @jibi)
Support dynamic allocation of pod CIDRs in cluster pool v2 IPAM mode (#18887, @gandro)
Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. (#18814, @aditighag)

Minor Changes:

add an option to wait for kube-proxy (Backport PR #20563, Upstream PR #20517, @michi-covalent)
Add emptyDir volume for frontend container of hubble-ui (#20027, @mkilchhofer)
Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR #20534, Upstream PR #20491, @rahulkjoshi)
Add Prometheus gRPC metrics for hubble and hubble-relay (Backport PR #20519, Upstream PR #20376, @chancez)
Add source filter for the cilium fqdn cache list command (#19980, @ungureanuvladvictor)
Add support for aws-cni chaining in IPv6 EKS clusters (#18522, @mKeRix)
Add support for disabling ENI PD at node level (Backport PR #20401, Upstream PR #20308, @hemanthmalla)
Add support for getting earliest events from Observer API (#19819, @chancez)
Add support for L7 policies with VTEP integration (#19473, @vincentmli)
Add support to opt-in for using ENI's primary IP for allocations (#20050, @hemanthmalla)
Add unreachable route for pod IP on deletion (#18505, @lbernail)
Align values.yaml with templates (#17243, @dungdm93)
Allow unloading DNS policy rules on graceful shutdown (#18701, @tklauser)
api,cli: add identity range in status response & cli output (#18152, @ArthurChiao)
api: Add cni chaining status in status API. (#18345, @sayboras)
AWS EC2 Instance tag filter (#19181, @prune998)
aws: Add ability to mark ENIs as unmanaged (#19096, @gandro)
bgp: Check the Condition.Ready field when adding ready endpoints (#20176, @ysksuzuki)
bpf, Hubble: Add is_reply information (when available) at the TO_OVERLAY observability point (#19185, @qmonnet)
CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key. (Backport PR #20534, Upstream PR #20458, @jrajahalme)
Change default prometheus ports to new reserved Cilium ports (#20156, @knfoo)
Cilium Istio integration is updated to Istio release 1.10.6 (Backport PR #20519, Upstream PR #18384, @jrajahalme)
cli/metrics: Sort label in metrics list command (#18455, @sayboras)
clustermesh: Add support for service-affinity (#19521, @sayboras)
clustermesh: added new command-line options k8s-kubeconfig-path and clustermesh-health-port (#18803, @abocim)
daemon: add support for IPv6 native routing CIDR (#17332, @jibi)
daemon: Don't auto disable session affinity (Backport PR #20519, Upstream PR #16179, @brb)
daemon: Rename host-reachable services to socket LB (Backport PR #20534, Upstream PR #20369, @brb)
daemon: Split --bpf-lb-map-max into multiple options (#19326, @koncha99)
daemon: Support the wildcard option for directRoutingDevice (#17930, @ysksuzuki)
datapath: make tc filter priority configurable (#18896, @intel-dlanders)
datapath: Remove !CONNTRACK (#18502, @brb)
datapath: Remove !CONNTRACK (v2) (#18551, @brb)
docs: Update alibabacloud RAM permission requirements (#19077, @jaffcheng)
Dynamic Per Resource Timeouts (#19991, @tommyp1ckles)
egressgw: emit a warning rather than a fatal error when L7 proxy is enabled (#19608, @jibi)
Enable VTEP integration dynamic ARP resolution for Cilium-managed pod (#18758, @vincentmli)
Envoy upstream connections no longer use the original source address for any destination associated with a CIDR or toFQDNs policy. (#19255, @jrajahalme)
feat(helm): allow to set Hubble Relay and UI service type and nodePort (#19450, @raphink)
Fix an issue where PodDisruptionBudgets were not created by the Helm chart (#18317, @lic17)
helm: Add bpf-root configuration value in helms (#18335, @sayboras)
helm: add description for some Helm values (#19658, @my-git9)
helm: Create cilium IngressClass (#19524, @sayboras)
helm: Move tls related helm option to 1.12 in upgrade docs (#19089, @sayboras)
helm: Remove duplicated key hostAliases (Backport PR #20333, Upstream PR #20278, @sayboras)
helm: Set Linux nodeSelector for nodeinit and preflight (Backport PR #20333, Upstream PR #20216, @gandro)
helm: support lookup remote CA (#17434, @dungdm93)
helm: Upgrade certgen to the latest version v0.1.8 (#18607, @sayboras)
hubble: Add "flows-to-world" metric to monitor policy decisions on traffic that reaches outside the cluster. (#17790, @michi-covalent)
Improve policy import performance, particularly with CIDR policies (#18433, @joestringer)
Improve verbosity of drop notification messages. (Backport PR #20519, Upstream PR #20387, @aspsk)
In the case of recovering the services, cilium will not fail directly on the first service recovery error but will try to recover other services. (#18422, @chowmean)
ingress: Add SocketOptions configuration (#19549, @sayboras)
ingress: Avoid plain text TLS secret in CEC (#19410, @sayboras)
ingress: Fix conformance tests for host-rules and path-rule (#19321, @sayboras)
ingress: Set max stream duration as 0 (#19550, @sayboras)
install/kubernetes: Add CAP_IPC_LOCK for mmap (#19812, @sayboras)
install: add tolerations for the certgen cronjob (#18019, @wolffberg)
Introduce a new CRD (CiliumEgressGatewayPolicy) for Egress Gateway configuration. Deprecate the previous CRD (CiliumEgressNATPolicy). (#19561, @julianwiedmann)
k8s/crds: Allow ingress entity in CNP (Backport PR #20563, Upstream PR #20536, @sayboras)
Making operator aware of pending pod backlog on nodes for IP allocations (#19007, @hemanthmalla)
Move the BGP Control Plane to utilize CiliumNode objects. This enable support for IPAM driven PodCIDR announcements. (#19872, @ldelossa)
Prefers k8s node IP when picking masquerading IPs (#16849, @liuyuan10)
proxy: Add proxy common http options arguments to agent (#19138, @jmcshane)
Remove privileged mode in Cilium's DaemonSet (#14446, @aanm)
Rename bpf.hostRouting to bpf.hostLegacyRouting in ciliumconfig (#19064, @chenk008)
Runtime device detection (#17460, @joamaki)
Update cilium agent Grafana dashboard to filter by pod (Backport PR #20333, Upstream PR #20307, @ungureanuvladvictor)
Update to CNI spec version 1.0.0 (#19719, @tklauser)
Use direct routing device only when tunneling is disabled and BPF Host Routing or NodePort are enabled. (#18815, @YutaroHayakawa)
vtep: VTEP map implementation to improve VTEP integration feature (#18824, @vincentmli)

Bugfixes:

node-init now takes enableIPv4Masquerade into account on GKE. (Backport PR #20519, Upstream PR #19533, @bmcustodio)
Add/Fix traces for the packets received from the network in IPSec + native routing. (#18704, @YutaroHayakawa)
Additional FQDN selector identity tracking fixes (Backport PR #17988, Upstream PR #17788, @joestringer)
alibabacloud: Fix derived VPC CIDR block (#19056, @jaffcheng)
allocator: fix out-of-valid-range identities being allocated (#18151, @ArthurChiao)
bgpv1: Use IP address used for peering as a nexthop (#19402, @YutaroHayakawa)
bpf: Don't emit policy verdict post-L7 (Backport PR #20401, Upstream PR #20245, @joestringer)
bpf: Provision HostPort also for case of Maglev (Backport PR #20401, Upstream PR #20379, @borkmann)
bug: Fixed a rare CiliumIdentity race deletion. (Backport PR #20333, Upstream PR #19936, @nathanjsweet)
cilium: Fix node mismatch endpoint restoration bug when the CiliumEndPoint CRD is disabled. (#19040, @zhanghe9702)
contrib: Fix passing ipFamily to kind.sh (#19707, @brb)
daemon, option: Fix vlan bpf bypass ids loading (Backport PR #20401, Upstream PR #20282, @pippolo84)
daemon: Fix issue where stale router IPs were not cleaned up (Backport PR #20519, Upstream PR #20389, @gandro)
datapath: Fix IPv6 DSR (#18713, @brb)
datapath: Fix missing monitor events for NodePort BPF traffic when monitor-aggregation set to > none (#18454, @brb)
endpoint: Fix packets to host dropped with the chaining mode and host firewall (#19734, @ysksuzuki)
Envoy version checking is now disabled whenever L7 proxy is disabled too (Backport PR #20519, Upstream PR #20440, @bmcustodio)
Fix a bug where agent would log warnings such as "JoinEP: Failed to load program" in legitimate cases where endpoints are getting deleted. (#18216, @aditighag)
Fix agent crash when IPv6 is partially disabled in the host kernel. (#18716, @pchaigno)
Fix blackhole route error when cleanup (#20042, @soulseen)
Fix config map options validation (Backport PR #20401, Upstream PR #20304, @pippolo84)
Fix drop of large packets redirected through an egress gateway node when running in native routing mode. (Backport PR #20401, Upstream PR #20269, @pchaigno)
Fix error propagation in bpf_lxc (#20144, @DolceTriade)
fix identity gc to return correct max/min id (Backport PR #20401, Upstream PR #20361, @dkhachyan)
Fix mtu setting for tunnel interface in init.sh (Backport PR #20563, Upstream PR #20552, @ChengyuanLiCY)
Fix the bugs when empty CiliumEndpointSlices were created and leaked. (Backport PR #20519, Upstream PR #20251, @alan-kut)
Fixed PodCIDR announcement being overwritten by SVC announcement (Backport PR #20519, Upstream PR #20413, @dylandreimerink)
Fixed removal of stale bpf_netdev tc filters for interfaces with a dot in the name (#18344, @stek29)
Fixes a bug in the BGP control plane which causes the wrong BGP virtual servers to be selected for reconciliation or removal (#19659, @ldelossa)
helm: Fix cluster-id arguments in clustermesh deployment (Backport PR #20333, Upstream PR #20312, @sayboras)
helm: Fix Hubble Service when ServiceMonitor is being used (#19220, @juissi-t)
helm: Fix invalid type for Certificate spec.ipAddresses (#19211, @superbrothers)
helm: Relax hubble ui image versions validation (#20039, @sayboras)
hubble/parser/threefour: check (*Parser).linkGetter before accessing it (Backport PR #20519, Upstream PR #20446, @tklauser)
ipsec: fix stale keys reclaim logic (Backport PR #20401, Upstream PR #19932, @jibi)
ipsec: set interface ID different from 0 (#18789, @tormath1)
makefile: fix unstripped docker images build (#18339, @zhanghe9702)
nodediscovery: make LocalNode return a deep copy of localNode (Backport PR #20401, Upstream PR #20392, @jibi)
Only apply XDP acceleration for IPv6 Nodeport when enabled (with --bpf-lb-acceleration=native). (#19534, @julianwiedmann)
pkg/k8s/version: Also set EndpointSlice when forcing version (Backport PR #20534, Upstream PR #20383, @joamaki)
Restore patch in ciliumnetworkpolicies/status ClusterRole (Backport PR #20401, Upstream PR #20373, @pippolo84)
Revert "pkg/endpoint: Pass endpoint alive context to regeneration tasks" (#18253, @aditighag)
Revert Prometheus client to fix 'cilium metrics list' (#19496, @ti-mo)
vtep: fix pod src identity in send_trace_notify (Backport PR #20534, Upstream PR #19434, @vincentmli)

CI Changes:

.github/workflow: revert cilium-cli changes in stable workflows (#19582, @aanm)
.github/workflows: bump v1.10 workflows to cilium-cli v0.10.5 (#19897, @tklauser)
.github/workflows: bump v1.10 workflows to cilium-cli v0.10.6 (#19935, @tklauser)
.github/workflows: do not use pre-defined image digests (#19575, @aanm)
.github/workflows: fix hubble installation using cilium-cli (#19568, @aanm)
.github/workflows: install the right helm chart version for stable branches (#19609, @aanm)
.github: Change cilium-cleanup order in workflows (#19163, @jtaleric)
.github: Disable EKS encryption tests (#18090, @joestringer)
.github: Exclude Runtime CI job from flake tracker (#19095, @pchaigno)
.travis: Disable race build on master (#19773, @pchaigno)
Add missing VTEP complexity tests (#19539, @vincentmli)
Add support for tparse in go test targets (#20032, @joestringer)
bpf/test: Fix incorrect macro definition (#18660, @pchaigno)
bpf: Cover native routing CIDR check in compile tests (#18702, @pchaigno)
bpf: Reenable features disabled because of complexity issues (#19938, @pchaigno)
build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#19971, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.2 to 1.1.3 (#18930, @dependabot[bot])
Change all IP address that are using Oranges IP range to RFC1918 address space (#17741, @duttaANI)
checkpatch: Update image for "checkpatch" target, reuse target in CI (#19805, @qmonnet)
checkpatch: update to lastest image to fix off-by-one index in commit list (#18270, @tklauser)
ci, images: update all quay.io/cilium/* images (#18299, @tklauser)
ci-l4lb: Check out stable branch (#19905, @michi-covalent)
CI: add CIFuzz integration (#18034, @DavidKorczynski)
ci: Bump cyclonus to v0.4.7 (#18747, @joamaki)
ci: collect sysdump as a separate workflow in L4LB tests (#18380, @oblazek)
ci: create a new subnetwork for each new GKE cluster (#18821, @nbusseneau)
ci: disable failing test on net-next (#18520) (#18544, @nbusseneau)
ci: disable WireGuard testing in multicluster workflow (#18700, @nbusseneau)
CI: Enable IPv6 tests on KIND (#18845, @brb)
ci: fix documentation workflow (#20025, @nbusseneau)
ci: fix missing sysdump as separate workflow in L4LB tests for stable branches (#18428, @oblazek)
ci: fix quotes in backport workflows (#18268, @nebril)
ci: Increase retention for release image CI artifacts to 10 days (#20141, @michi-covalent)
CI: merge NAT46x64 and L4LB GH actions (#19288, @brb)
ci: pick up cilium-cli v0.11.10 for master, v1.11 and v1.12 workflows (Backport PR #20401, Upstream PR #20360, @tklauser)
ci: pick up cilium-cli v0.11.11 for master, v1.11 and v1.12 workflows (Backport PR #20519, Upstream PR #20420, @tklauser)
ci: pick up cilium-cli v0.11.9 for master/v1.11 workflows (#20234, @tklauser)
CI: run K8sServices on KIND (#18812, @brb)
ci: set Cilium base version to v1.10.12 in v1.10 conformance tests (#19946, @tklauser)
ci: update cilium-cli to v0.10.0 (#18207, @tklauser)
ci: update cilium-cli to v0.10.1 (#18575, @sayboras)
ci: update cilium-cli to v0.10.3 (#18820, @tklauser)
ci: update cilium-cli to v0.10.4 (#18933, @tklauser)
ci: update master workflows to cilium-cli v0.11.4 (#19665, @tklauser)
ci: Update Uninstall Command For Cilium CLI (#19679, @nathanjsweet)
cilium/cmd, test/runtime: convert test loading invalid policy JSON to unit test (Backport PR #20534, Upstream PR #20512, @tklauser)
cocci: New test to find missing identity_is_{remote_,}node (#18385, @pchaigno)
config: Fix unit tests for native routing CIDR (Backport PR #20519, Upstream PR #20473, @pchaigno)
connectivity-check: Use ports outside ephemeral range (#19337, @christarazi)
docs: Bump up Netlify Python version to 3.8 (Backport PR #20519, Upstream PR #20486, @michi-covalent)
fix aws-cni conformance test (#20049, @aanm)
ipam/clusterpool_v2: Fix data race in unit test (#19024, @gandro)
ipcache: Fix failing controller check from SupportsDelete (#19751, @joamaki)
jenkinsfiles: fix docker manifest inspect commands in GKE pipeline (Backport PR #20333, Upstream PR #20325, @tklauser)
Load the dev operator image into kind/microk8s as well (#19995, @ungureanuvladvictor)
master/v1.11 CI: Pick up the latest cilium-cli (#19873, @michi-covalent)
mlh: swap net-next kernel from K8s 1.16 to 1.23 (#18178, @nbusseneau)
mlh: update Jenkins jobs following 1.24 support (#19904, @nbusseneau)
mlh: update Jenkins jobs following net-next fix for K8s 1.24 (#20220, @nbusseneau)
Partially revert ".github: enable cilium-cli helm based installation" (#19554, @aanm)
prog_test: Fix build breakage (#18659, @joestringer)
Provide only 2 VTEP endpoints in default node_config.h (#18778, @ti-mo)
Revert "ci: use CLI 0.11.8 for AKS workflow" (#20272, @tklauser)
Revert "test/Services: Quarantine 'Tests with direct routing'" (#18312, @gandro)
Revert "workflows: Reenable IPsec test in EKS workflow" (#19078, @pchaigno)
set base-version in 1.10 workflows (#18262, @nebril)
Support running K8sVerifier tests on kind (#18549, @joestringer)
test/helpers: Fix variadic expansion related panic (Backport PR #20519, Upstream PR #20332, @christarazi)
test/k8s/manifests: bump test-verifier image to latest version (Backport PR #20519, Upstream PR #20461, @tklauser)
test/K8sUpdates: Bump stable branch for v1.12 development (#18251, @pchaigno)
test/nat46x64: Fix out-of-bounds index error (#19466, @pchaigno)
test/runtime: remove disabled memcache test (Backport PR #20401, Upstream PR #20132, @tklauser)
test/Runtime: Skip pre/post-checks during build (#18954, @pchaigno)
test/RuntimePrivilegedUnitTests: Fix always-passing test (#19231, @pchaigno)
test/RuntimePrivilegedUnitTests: Log timestamps (#19129, @pchaigno)
test: add git safe directory in test VMs (#19860, @tklauser)
test: Add info which L4LB request fails (#19714, @brb)
test: Add TS to each bash dbg output in L4LB (#20094, @brb)
test: Also delete hubble-peer when cleaning up old tests. (#19979, @DolceTriade)
test: Bump L4LB timeout from 30min to 45min (#20151, @brb)
test: Clarify performance test names (#18142, @joestringer)
test: Collect logs from init containers (#18254, @pchaigno)
test: Do not completely quarantine E/W svc suite (#19960, @brb)
test: Do not redeploy Cilium in Egress GW suite (#18181, @brb)
test: Do not start cilium monitor in K8sServicesTest (Backport PR #20534, Upstream PR #20499, @brb)
test: Fix bpffs mount on kind (#18695, @joestringer)
test: Fix directory name for source archive (#19635, @michi-covalent)
test: Fix failing net-next tests after changing to k8s 1.23 (#18184, @brb)
test: Fix make target for e2e tests (#18356, @pchaigno)
test: Get rid of external_ips.go (#18765, @brb)
test: Pin eksctl version (#19631, @michi-covalent)
test: remove nightly test leftovers (Backport PR #20534, Upstream PR #20526, @tklauser)
test: Remove sockops test cases (Backport PR #20534, Upstream PR #20500, @brb)
test: Remove unused Nightly suites (#20128, @brb)
test: Remove workaround for old issue #12141 (#18722, @pchaigno)
test: Run ip r l if ip r a fails (#18171, @brb)
test: Runtime check that container create succeeds (#19184, @jrajahalme)
test: temporary increase Hubble buffer size to 64k (#18058, @jibi)
test: Use more explicit key for k8s3's taint (#19951, @pchaigno)
tests-l4lb: Use Helm chart from local branch (#19953, @michi-covalent)
Update 5.4 VM image (#19842, @pchaigno)
update bpf_ct_tests.c to use node_config.h (#20177, @sahid)
Update cilium-iproute2 (Backport PR #20534, Upstream PR #20549, @pchaigno)
vagrant, test: Enable IPv6 connectivity to the outside world (#18714, @pchaigno)
vagrant: Bump 4.19 VM image (#20185, @pchaigno)
vagrant: Bump all Vagrant box versions (#19168, @pchaigno)
vagrant: Bump all Vagrant box versions except net-next (#19507, @pchaigno)
vagrant: Bump net-next Vagrant box version (#19915, @pchaigno)
vagrant: Don't recreate natnetworks (#19523, @pchaigno)
vagrant: Fix IPv6 NAT setup (#19997, @pchaigno)
vagrant: update 4.19 and net-next VM images (#18496, @nbusseneau)
vagrant: Update 4.9 and 5.4 VM images (#18473, @pchaigno)
vagrant: Update all VM images (#17761, @pchaigno)
vagrant: Update all VM images (#18774, @pchaigno)
vagrant: Update the net-next VM image (#19607, @pchaigno)
workflow CI image bug (#19327, @weizhoublue)
workflow: aws-cni-v1.10: use helm chart from PR (#19952, @jibi)
workflow: checkout correct ref in v1.10 and v1.11 l4lb workflows (#19898, @jibi)
workflow: l4lb: pass correct path for PR checkout (#20007, @jibi)
workflow: Reenable IPsec testing on AKS (#18974, @pchaigno)
workflow: Reenable IPsec testing on EKS (#19030, @pchaigno)
workflow: use correct bwm helm option for v1.11 AWS CNI test (#19895, @jibi)
workflow: Wait for AKS nodes to be ready (#19025, @pchaigno)
workflows: conformance v1.10: fix native-routing-cidr flag (#18656, @jibi)
workflows: disable rollback on CLI install (#18140, @nbusseneau)
workflows: Downgrade to helm v3.8.2 to fix AWS CNI runs for v1.10 (#20073, @joamaki)
workflows: Fix concurrency groups (#18193, @pchaigno)
workflows: Fix the fix to concurrency groups (#18201, @nbusseneau)
workflows: Increase timeout for AKS workflow (#19020, @pchaigno)
workflows: pin Cyclonus image to its SHA (#19026, @nbusseneau)
workflows: Pin the kubectl version used with EKS workflows (#19716, @joamaki)
workflows: Remove unnecessary code in AWS-CNI workflow (#18156, @pchaigno)
workflows: Update call to Quay API in external workloads (#19230, @jibi)
workflows: update v1.10 workflows to v0.10.7 cilium CLI (#20020, @jibi)
workflows: Wait for first AKS systempool to be deleted (#19097, @pchaigno)

Misc Changes:

.github/workflows: fix hubble-relay cilium-cli installation (#19579, @aanm)
.github: add dependabot for docker images (#19390, @aanm)
.github: add failing_test_jenkins_template form for filing CI bugs (#18223, @qmonnet)
.github: Fix 1.11.1 project link for MLH (#18395, @joestringer)
.github: fix conditions for running CODEOWNERS checks (#18981, @qmonnet)
.github: Fix external workloads workflow for master (#19483, @jrajahalme)
.github: Remove release template (#19166, @joestringer)
[docs] Add training and support information to Getting Help (Backport PR #20333, Upstream PR #20194, @lizrice)
[users] Add Mux Inc entry. (#19419, @dilyevsky)
Add APPUiO by VSHN to Cilium Users (#18880, @tobru)
Add cilium cli to aws cni conformance tests (#19555, @aanm)
Add Civo (#18745, @saiyam1814)
Add consistency checks for the CODEOWNERS file (#18260, @qmonnet)
Add Deckhouse to users (#19804, @konstantin-axenov)
Add Elastic Path to USERS.md (#19622, @sealneaward)
Add ENI limits for i4i and x2i instance types (#19627, @hemanthmalla)
Add ESP to firewall requirements in documentation for IPSec enabled C… (Backport PR #20333, Upstream PR #20314, @Kikiodazie)
add gsod application form to docs (#19512, @xmulligan)
Add Infomaniak to Cilium users (#19354, @reneluria)
Add JUMO to active Cilium users (#18626, @thehunt33r)
Add kOps as cilium user (#18848, @olemarkus)
Add Kube-OVN to USERS (#19605, @oilbeater)
Add Kubermatic to USERS (#18611, @rastislavs)
add KubeSphere/KubeKey to the USERS list (#18937, @FeynmanZhou)
Add link to CFP template doc (#19380, @lizrice)
Add Meltwater to users file (#18192, @recollir)
Add metric to track terminating endpoint events (Backport PR #20519, Upstream PR #20404, @aditighag)
Add missing error reporting in replaceNetworkDatapath (#18715, @YutaroHayakawa)
Add MyFitnessPal to Users list (#19345, @audip)
Add Peer Service to Cilium DS Port List (Backport PR #20519, Upstream PR #20296, @nathanjsweet)
Add Rancher Labs to Cilium users (#19292, @divya-mohan0209)
add roadmap section and fix governance link (#19615, @xmulligan)
Add Scaleway to the list of users (#18807, @remyleone)
Add T-Systems International to Cilium users list (#18984, @ManuStoessel)
Add Typhoon (Poseidon Labs) to Cilium users (#18822, @dghubble)
add website contributing link (#18940, @xmulligan)
added a CLOMonitor exception file for Slack (#19235, @xmulligan)
added a link to the DCO page to show people how to amend a commit (#19294, @xmulligan)
Added ByteDance to users.md (#19823, @Jiang1155)
added Google Season of Docs Project proposal page (#19215, @xmulligan)
added NYT to the Cilium Users list (#19382, @prune998)
Adding IKEA IT AB to the USERS.md (#20099, @knfoo)
Adding Liquid Reply to Users (#19342, @mkorbi)
Adding Overstock to the USERS.md (#19762, @ntaylor1781)
alibabacloud: Fix missing instance due to incomplete subnet list (#19155, @jaffcheng)
alignchecker: fix LLVM 15 build by removing an unused variable (#19368, @aspsk)
Allocate Ingress IPs for new reserved:ingress identity (#19764, @jrajahalme)
api/v1: regenerate to update copyright year (#18403, @tklauser)
api: generate markdown documentation for gRPC APIs (#18799, @rolinh)
api: re-sync bpf drop reasons (Backport PR #20401, Upstream PR #20149, @julianwiedmann)
avoid calling OnFlowDelivery with nil (#18605, @kaworu)
azure/api: remove TestRateLimit (#18481, @tklauser)
Badges for CLOMonitor and Artifacthub were added to the README (#19105, @xmulligan)
BGP Control Plane Followups: Conditionally load CRDs, tune back relist interval for shared informers, server side filter nodes. (#19417, @ldelossa)
bgp,testing: fix race condition in checking fencer map (#18884, @ldelossa)
bgp: Add support for ClusterPool pod CIDRs (#17899, @gandro)
bgp: Fixed broken bgp speaker unit tests (Backport PR #20519, Upstream PR #20521, @dylandreimerink)
bpf, hubble: explicitly mark trace reason as "unknown" when relevant (#19226, @qmonnet)
bpf/sock: Use renamed field (#19532, @jrajahalme)
bpf: Add trace reason for TRACE_TO_PROXY (#19189, @borkmann)
bpf: Clean up license and copyright notices for Linux UAPI headers (#18870, @qmonnet)
bpf: do not pass 0 as a trace reason for send_trace_notify() (#19424, @qmonnet)
bpf: Don't hardcode cb CB_ENCRYPT_DST index (#20105, @pchaigno)
bpf: Dual-license code as GPL 2.0 and 2-Clause BSD (#18858, @qmonnet)
bpf: egressgw: don't redirect to tunnel dev if EP is running on gateway node (#19629, @jibi)
bpf: Fix implicit cast for BPF TPROXY debug message (#18429, @pchaigno)
bpf: fix native local build (#19218, @aanm)
bpf: Forbid implicit int conversions (#18501, @pchaigno)
bpf: Handle tuple collisions for inactive backends (Backport PR #20519, Upstream PR #20407, @borkmann)
bpf: Quieten mock targets (#17992, @joestringer)
bpf: Remove duplicate conntrack code (#18631, @pchaigno)
bpf: Rename tail call targets (#19807, @pchaigno)
bpf: Simplify ipv6_hdrlen's prototype (#18703, @pchaigno)
bpf: specify handle_lxc_traffic return type to fix -Wimplicit-int error (#19891, @tklauser)
bpf: Split bpf_lxc CT lookups to their own tail calls (#19818, @pchaigno)
bpf: switch egress gateway logic to identity_is_cluster() (Backport PR #20519, Upstream PR #20209, @jibi)
build(deps): bump 8398a7/action-slack from 3.11.0 to 3.12.0 (#17965, @dependabot[bot])
build(deps): bump 8398a7/action-slack from 3.12.0 to 3.13.0 (#18423, @dependabot[bot])
build(deps): bump actions/cache from 2.1.6 to 2.1.7 (#17972, @dependabot[bot])
build(deps): bump actions/cache from 2.1.7 to 3 (#19208, @dependabot[bot])
build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19271, @dependabot[bot])
build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19391, @dependabot[bot])
build(deps): bump actions/cache from 3.0.2 to 3.0.3 (#20029, @dependabot[bot])
build(deps): bump actions/cache from 3.0.3 to 3.0.4 (#20093, @dependabot[bot])
build(deps): bump actions/cache from 3.0.4 to 3.0.5 (#20494, @dependabot[bot])
build(deps): bump actions/checkout from 2.4.0 to 3 (#18990, @dependabot[bot])
build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19448, @dependabot[bot])
build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#19535, @dependabot[bot])
build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#18163, @dependabot[bot])
build(deps): bump actions/download-artifact from 2.1.0 to 3 (#19013, @dependabot[bot])
build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#18322, @dependabot[bot])
build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18752, @dependabot[bot])
build(deps): bump actions/setup-go from 2.2.0 to 3 (#18960, @dependabot[bot])
build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#19801, @dependabot[bot])
build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#20466, @dependabot[bot])
build(deps): bump actions/stale from 4.1.0 to 5 (#18991, @dependabot[bot])
build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#18165, @dependabot[bot])
build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#18263, @dependabot[bot])
build(deps): bump actions/upload-artifact from 2.3.1 to 3 (#19027, @dependabot[bot])
build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#19899, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.5.11 to 1.6.0 (#17998, @dependabot[bot])
build(deps): bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 (#18528, @dependabot[bot])
build(deps): bump azure/login from 1.4.1 to 1.4.2 (#18154, @dependabot[bot])
build(deps): bump azure/login from 1.4.2 to 1.4.3 (#18550, @dependabot[bot])
build(deps): bump azure/login from 1.4.3 to 1.4.4 (#19670, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.10.0 to 3 (#19725, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#18516, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18687, @dependabot[bot])
build(deps): bump docker/build-push-action from 2.9.0 to 2.10.0 (#19144, @dependabot[bot])
build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#18307, @dependabot[bot])
build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18842, @dependabot[bot])
build(deps): bump docker/login-action from 1.13.0 to 1.14.0 (#18962, @dependabot[bot])
build(deps): bump docker/login-action from 1.14.0 to 1.14.1 (#18992, @dependabot[bot])
build(deps): bump docker/login-action from 1.14.1 to 2 (#19727, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19612, @dependabot[bot])
build(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#19728, @dependabot[bot])
build(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#19722, @dependabot[bot])
build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1334 to 1.61.1340 (#17979, @dependabot[bot])
build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1340 to 1.61.1357 (#18039, @dependabot[bot])
build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.10.0 to 1.10.3 (#18065, @dependabot[bot])
build(deps): bump github.com/Azure/azure-sdk-for-go from 59.3.0+incompatible to 59.4.0+incompatible (#18020, @dependabot[bot])
build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0 (#18578, @dependabot[bot])
build(deps): bump github.com/cilium/ebpf from 0.8.1 to 0.9.0 (#19972, @dependabot[bot])
build(deps): bump github.com/cilium/workerpool from 1.1.1 to 1.1.2 (#19300, @dependabot[bot])
build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 (#19620, @dependabot[bot])
build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 (#20058, @dependabot[bot])
build(deps): bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0 (#19043, @dependabot[bot])
build(deps): bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1 (#19293, @dependabot[bot])
build(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible (#18288, @dependabot[bot])
build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.14+incompatible (#19285, @dependabot[bot])
build(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.16+incompatible (#19811, @dependabot[bot])
build(deps): bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible (#20136, @dependabot[bot])
build(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 (#19596, @dependabot[bot])
build(deps): bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#18599, @dependabot[bot])
build(deps): bump github.com/go-openapi/loads from 0.21.0 to 0.21.1 (#18771, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.21.0 to 0.23.1 (#18908, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.23.1 to 0.23.3 (#19302, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#19636, @dependabot[bot])
build(deps): bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#19736, @dependabot[bot])
build(deps): bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#19397, @dependabot[bot])
build(deps): bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#19668, @dependabot[bot])
build(deps): bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#18001, @dependabot[bot])
build(deps): bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 (#20119, @dependabot[bot])
build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#19595, @dependabot[bot])
build(deps): bump github.com/google/gops from 0.3.22 to 0.3.23 (#19737, @dependabot[bot])
build(deps): bump github.com/hashicorp/consul/api from 1.11.0 to 1.12.0 (#18291, @dependabot[bot])
build(deps): bump github.com/hashicorp/consul/api from 1.12.0 to 1.13.0 (#20121, @dependabot[bot])
build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.19.0 (#19234, @dependabot[bot])
build(deps): bump github.com/osrg/gobgp/v3 from 3.1.0 to 3.2.0 (#19667, @dependabot[bot])
build(deps): bump github.com/osrg/gobgp/v3 from 3.2.0 to 3.3.0 (#20071, @dependabot[bot])
build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#18674, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 (#18354, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.2 (#19001, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 (#19328, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 (#19669, @dependabot[bot])
build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#20044, @dependabot[bot])
build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0 (#19780, @dependabot[bot])
build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#18290, @dependabot[bot])
build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#19329, @dependabot[bot])
build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#19430, @dependabot[bot])
build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#19988, @dependabot[bot])
build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.1 (#18289, @dependabot[bot])
build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#19156, @dependabot[bot])
build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#20120, @dependabot[bot])
build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3 (#20253, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.23 to 1.0.24 (#17977, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.24 to 1.0.25 (#18145, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.25 to 1.0.26 (#18245, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.26 to 1.0.27 (#18451, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.27 to 1.0.28 (#18532, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.28 to 1.0.29 (#18577, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.29 to 1.0.30 (#18598, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.30 to 1.0.31 (#18686, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.31 to 1.0.32 (#18735, @dependabot[bot])
build(deps): bump github/codeql-action from 1.0.32 to 1.1.0 (#18785, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.0 to 1.1.1 (#18840, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.1 to 1.1.2 (#18854, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 (#19084, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 (#19160, @dependabot[bot])
build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 (#19269, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#20057, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#20274, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#20294, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#20345, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#20506, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.6 to 2.1.7 (#19335, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.7 to 2.1.8 (#19371, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#19599, @dependabot[bot])
build(deps): bump github/codeql-action from 2.1.9 to 2.1.11 (#19853, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.2 to 3.5.3 (#19442, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.3 to 3.5.4 (#19559, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.2 to 3.5.3 (#19443, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.3 to 3.5.4 (#19557, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.1 to 3.5.2 (#19054, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.3 (#19444, @dependabot[bot])
build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.3 to 3.5.4 (#19558, @dependabot[bot])
build(deps): bump go.uber.org/multierr from 1.7.0 to 1.8.0 (#19114, @dependabot[bot])
build(deps): bump golang.org/x/tools from 0.1.10 to 0.1.11 (#20159, @dependabot[bot])
build(deps): bump golang.org/x/tools from 0.1.7 to 0.1.8 (#18134, @dependabot[bot])
build(deps): bump golang.org/x/tools from 0.1.8 to 0.1.10 (#19157, @dependabot[bot])
build(deps): bump golangci/golangci-lint-action from 2.5.2 to 3 (#18943, @dependabot[bot])
build(deps): bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 (#18965, @dependabot[bot])
build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#19779, @dependabot[bot])
build(deps): bump google-github-actions/setup-gcloud from 0.2.1 to 0.3 (#18144, @dependabot[bot])
build(deps): bump google-github-actions/setup-gcloud from 0.3.0 to 0.4.0 (#18594, @dependabot[bot])
build(deps): bump google-github-actions/setup-gcloud from 0.4.0 to 0.5.1 (#18841, @dependabot[bot])
build(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 (#19094, @dependabot[bot])
build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#18292, @dependabot[bot])
build(deps): bump google.golang.org/grpc from 1.43.0 to 1.45.0 (#19301, @dependabot[bot])
build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#19560, @dependabot[bot])
build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#19835, @dependabot[bot])
build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#20045, @dependabot[bot])
build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#19284, @dependabot[bot])
build(deps): bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#18064, @dependabot[bot])
build(deps): bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#18103, @dependabot[bot])
build(deps): bump gopkg.in/ini.v1 from 1.66.2 to 1.66.4 (#18767, @dependabot[bot])
build(deps): bump gopkg.in/ini.v1 from 1.66.4 to 1.66.6 (#20021, @dependabot[bot])
build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#20198, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.5.0 to 1.5.1 (#18944, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19322, @dependabot[bot])
build(deps): bump KyleMayes/install-llvm-action from 1.5.2 to 1.5.3 (#19865, @dependabot[bot])
build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19413, @dependabot[bot])
build(deps): bump library/alpine from 3.15.4 to 3.16.0 in /images/cache (#19943, @dependabot[bot])
build(deps): bump nick-invision/retry from 2.5.1 to 2.6.0 (#18226, @dependabot[bot])
build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0 (#19577, @dependabot[bot])
build: Fix compilation issue for non-linux platform (#19662, @sayboras)
build: Fix cross compiling for amd64 on arm64 (#19175, @jrajahalme)
Capital One added to Users doc (#20084, @bradwhitfield)
ci: Replace prbot-stale with actions/stale (#18503, @twpayne)
ci: Update Cilium CLI to v0.11.3 (#19602, @nathanjsweet)
cilium, lbmap: Use silent delete in deleteBackendLocked for now (#19352, @borkmann)
cilium: Add knob for local address to be considered host id in ipcache (#19513, @borkmann)
cilium: make tcp rebalance grace period configurable (#19800, @borkmann)
cilium: nat46/64 ci codeowner & monitor drop reason (#19298, @borkmann)
Clean up UpdateIPCacheVTEPMapping() (#19510, @vincentmli)
cni: Add log file for CNI executions (#18353, @sayboras)
Code of conduct email updated to conduct@cilium.io (#19511, @xmulligan)
CODEOWNERS: Add clustermesh entries (#19316, @pchaigno)
CODEOWNERS: Assign clustermesh-apiserver code to @cilium/sig-clustermesh (#18972, @kaworu)
CODEOWNERS: clean-up entries for deleted files (#18000, @qmonnet)
CODEOWNERS: Do not assign reviewers for Documentation/helm-values.rst (#18651, @qmonnet)
CODEOWNERS: Extend proxy group to pkg/fqdn (#19874, @christarazi)
CODEOWNERS: janitors renamed to tophat (#18360, @pchaigno)
contrib/backporting: Include golang in the image (#18664, @glibsm)
contrib/scripts: Support env vars for kind script (#20035, @christarazi)
contrib: Improve version matching in readme bump (#18548, @joestringer)
contrib: Make KIND cluster ipFamily configurable (#19068, @brb)
contrib: Support contrib/scripts/kind.sh on macOS (#20096, @sayboras)
Crane joins Cilium as a user (#19065, @slzcc)
ctmap: Do not use nil locks (Backport PR #20401, Upstream PR #20388, @jrajahalme)
daemon, install/kubernetes: fix typo in DNS policy rule unload flag/value doc (#18982, @tklauser)
daemon, option: consistently hard-code host device (#18467, @tklauser)
daemon, option: remove deprecated native-routing-cidr option (#19677, @tklauser)
daemon, option: remove deprecated prefilter-* options (#19913, @julianwiedmann)
daemon: deprecate --endpoint-interface-name-prefix option (#18558, @tklauser)
daemon: Deprecate --host-reachable-services-protos (#19083, @brb)
daemon: Deprecate KPR=probe (Backport PR #20401, Upstream PR #20328, @brb)
daemon: Don't ignore sockops failures (#19080, @pchaigno)
daemon: don't mark deprecated flags as hidden twice (#19086, @tklauser)
daemon: Fix build after VTEP routes conflict (#20077, @joestringer)
daemon: Removed unused method (#18729, @aditighag)
datapath/link: Initialize link monitor explicitly (#18565, @joestringer)
datapath: Improve sysctl warning for bpf_jit_enable (#20018, @joamaki)
datapath: Improved BPF testing framework (#20017, @dylandreimerink)
datapath: Use FROM_NETDEV instead of FROM_LXC in nodeport.h (#19986, @brb)
dependabot: disable all AWS package updates (#18102, @tklauser)
dependabot: disable cloud provider SDK updates (#18067, @tklauser)
dependabot: Unignore prometheus/client_golang (#20075, @ti-mo)
dev-tool: Add cfssl and cfssljson tool check (#18337, @sayboras)
development: add kind cluster shell helpers (#19069, @ldelossa)
dnsproxy: update dnsproxy benchmark memory calculation (Backport PR #20519, Upstream PR #20305, @odinuge)
doc: add note about checkpatch during dev workflow (#19879, @sahid)
doc: update doc to inform about SERVER_BOX/VERSION (#19749, @sahid)
doc: VTEP redirection and L7 policy partially incompatible (#19700, @vincentmli)
docs(bpf): fix minor grammar errors in struct padding section (Backport PR #20534, Upstream PR #20249, @maxbrunet)
docs(MAINTAINERS): fix link to commit_access.rst (#20081, @raphink)
docs(masquerading): add missing "address" (Backport PR #20563, Upstream PR #20538, @raphink)
docs(policy): add notes on DNS/L7 policies & Cilium agent availability (Backport PR #20333, Upstream PR #20289, @raphink)
docs(README): add logo option for dark theme (#19920, @raphink)
docs, ci, test/l4lb: use latest cilium-cli release according to stable.txt (#20203, @tklauser)
docs,ci: updates to ci docs (#19174, @ldelossa)
docs: Add CLI installation for ServiceMesh (Backport PR #20519, Upstream PR #20406, @sayboras)
docs: Add cluster install/prep guide for AKS-to-AKS clustermesh (Backport PR #20534, Upstream PR #20439, @dylandreimerink)
docs: Add default conntrack gc interval (#19977, @aditighag)
docs: Add developers guide page about BPF testing framework (#20165, @dylandreimerink)
docs: Add example how to config ipmasq via ConfigMap (Backport PR #20519, Upstream PR #20239, @brb)
docs: Add Getting Started docs for clustermesh service affinity (Backport PR #20333, Upstream PR #20228, @sayboras)
docs: Add getting started docs for Ingress (#19760, @sayboras)
docs: Add interactive help for make targets (Documentation/Makefile) (#20012, @qmonnet)
docs: Add limitation document for bandwidth-manager + nested network namespace (#18400, @YutaroHayakawa)
docs: add missing ingress special identity (#20060, @kaworu)
docs: Add more envoy supported extensions (Backport PR #20401, Upstream PR #20241, @sayboras)
Docs: add project roadmap (#19540, @lizrice)
docs: Add read:user scope for github token (#19063, @sayboras)
docs: Add requirement for ginkgo version (#19248, @sayboras)
docs: add robots.txt in a static directory (#19564, @aanm)
docs: add Talos to adopters list (#18879, @frezbo)
docs: Add troubleshooting docs for Ingress (Backport PR #20519, Upstream PR #20428, @sayboras)
docs: added GSoD technical writers (#19799, @xmulligan)
docs: adding Accuknox to USERS (#19103, @nyrahul)
docs: adding Nexxiot to USERS (#19332, @alex-berger)
docs: adding Snapp to USERS (#19128, @m-yosefpor)
docs: builder,runtime images (#18576, @kkourt)
docs: Document clustermesh datapath configuration for non-tunneled modes (Backport PR #20519, Upstream PR #16499, @jrajahalme)
docs: Document monitor aggregation levels (#19349, @michi-covalent)
docs: Document unsupported focused tests for runtime suite (#19173, @aditighag)
docs: fix a Links documentation style guide error (Backport PR #20534, Upstream PR #20460, @Kikiodazie)
docs: Fix and clean-up the build framework for the documentation (#19969, @qmonnet)
docs: Fix build after etcd v3.5.4 version bump (#20171, @joestringer)
docs: Fix display of misspelled words (#19542, @qmonnet)
docs: fix flags for 1.12 branch (Backport PR #20519, Upstream PR #20408, @aanm)
docs: Fix update-spelling_wordlist.sh to run command on spelling errors (Backport PR #20519, Upstream PR #20481, @qmonnet)
docs: fix version warning banner (#19611, @aanm)
docs: Fixed service list command in clustermesh affinity guide (Backport PR #20519, Upstream PR #20442, @dylandreimerink)
docs: Improve kubeproxy replacement and OKD GSG guide. (Backport PR #20534, Upstream PR #20447, @tommyp1ckles)
docs: Improve policy troubleshooting guide (Backport PR #20401, Upstream PR #20399, @joestringer)
docs: ipsec: remove node-to-node encryption (Backport PR #20519, Upstream PR #20422, @NikAleksandrov)
docs: L7 traffic management getting started guide (Backport PR #20519, Upstream PR #20421, @sayboras)
docs: Mark Git repo as safe in Docker build-docs container (#19861, @qmonnet)
docs: Mention how to build images for local CI testing (#17984, @brb)
docs: Mention KPR in DR mode sec ID limitation (#19113, @brb)
docs: minor fixes (#20218, @julianwiedmann)
docs: Nit changes to steps for image building (#20153, @pchaigno)
docs: prevent search engines from indexing old branches (#18111, @aanm)
docs: Regenerate doc for Helm values (#18953, @pchaigno)
docs: remove gobpf, mention cilium/ebpf (#18657, @ti-mo)
docs: Remove manual installation instruction for kind clustermesh (#18075, @aditighag)
docs: set robots.txt in the right directory (#18243, @aanm)
docs: update CODEOWNERS feature release instructions (#18252, @nbusseneau)
docs: Update company name in MAINTAINERS.md (#19431, @sayboras)
docs: Update contributing guide pages (#18346, @sayboras)
docs: update copybutton.css following the docutils update (#19498, @qmonnet)
docs: Update docs with minimum helm version (Backport PR #20519, Upstream PR #20403, @aditighag)
docs: update egress gateway documentation and mark the feature stable (#19862, @jibi)
docs: update k8s instructions on how to update k8s libraries (#18040, @aanm)
docs: Update Sphinx to v4.5.0 (#19348, @qmonnet)
docs: Update stable release versions (#18222, @borkmann)
docs: Use kubectl exec daemonset/cilium where possible (#18723, @pchaigno)
Document installing Cilium on Rancher Desktop (#19049, @chancez)
Documentation for adding CRDs into Cilium (#19275, @ldelossa)
Documentation/gettingstarted: disable curl progress meter (#18698, @tklauser)
Documentation: Improve cilium-cli and hubble cli installation instructions (Backport PR #20534, Upstream PR #20415, @chancez)
Documentation: Only install 1 replica of operator on k3s (Backport PR #20519, Upstream PR #20416, @chancez)
Documentation: Restart cilium-operator and cilium after enabling Service Mesh (Backport PR #20519, Upstream PR #20417, @chancez)
Drop years and copyright symbol from copyright notices (#18813, @qmonnet)
Dynamic Cluster Pool follow-ups (#19777, @gandro)
elf: Don't assume data symbols are 4-bytes long (#18518, @pchaigno)
elf: Move functions only used in tests (#18383, @twpayne)
elf: skip TestWrite if ELF file wasn't built (#18046, @gandro)
Enable cilium-cli helm based installation (#18898, @aanm)
endpoint: Print error for regeneration timeout (#19333, @pchaigno)
endpointmanager: Add extra check for out-of-range endpoint IDs (Backport PR #20519, Upstream PR #20363, @twpayne)
eni: Fix broken build due to unit test (#19278, @gandro)
Envoy update for service mesh (#19101, @jrajahalme)
Exclude interface's primary address from IP pool by default in Azure (Backport PR #20333, Upstream PR #19743, @hemanthmalla)
Expose hubble-ui security context in helm chart hubble.ui.securityContext (#19441, @hemslo)
feat(command): allow to dump as YAML (#19480, @raphink)
Feat: add ingressClassName to hubble ingress spec (#18044, @cyril-corbon)
Fix a function comment typo (#18231, @hangyan)
Fix a typo in the documentation (#18411, @gjkim42)
fix CODEOWNERS (#18980, @kaworu)
Fix comment for EndpointCreated function (#19465, @Jiang1155)
Fix Makefile.docker not to specify --load and --push flags at once (#18316, @YutaroHayakawa)
Fix missing capabilities when not running Cilium on containerd-based Kubernetes (#19903, @AtkinsChang)
Fix running documentation make targets on MacOS (#19900, @chancez)
Fix smoke tests by filtering out go_* metrics from metrics linting (#19399, @chancez)
Fix the typo in Fatalf message of printConfigurations (#18413, @21kyu)
Fixed warnings generated by "make -C test/bpf/ nat-test" due to improper castings (#18015, @cdelzotti)
Fixes:Added the declaration of license (#19834, @yulng)
fqdn/dnsproxy: fix test build (Backport PR #20534, Upstream PR #20537, @tklauser)
fqdn: Use read-write mutex inside NameManager (#19486, @christarazi)
gha: Add ingress conformance test (#19742, @sayboras)
gha: Add retry options for ingress sanity check (#19825, @sayboras)
gha: Bump cilum cli version to v0.11.6 (#19828, @sayboras)
git: Ignore local emacs config (#18939, @jrajahalme)
github: Backport DNS fix for external workloads 1.10 and 1.11 tests (#19516, @jrajahalme)
go.mod, vendor: update cloud provider SDK Go modules (#18983, @tklauser)
go.mod, vendor: update cloud provider SDK Go modules (#19409, @tklauser)
go.mod, vendor: update cloud provider SDK Go modules (#19664, @tklauser)
go.mod, vendor: update cloud provider SDK Go modules for July 2022 (Backport PR #20401, Upstream PR #20371, @tklauser)
go.mod, vendor: update cloud provider SDK Go modules for June 2022 (#20126, @tklauser)
go.mod, vendor: update cloud SDK modules (#18355, @tklauser)
go.mod: update kevinburke/ssh_config dependency (#19289, @kevinburke)
Helm Chart loop monitor sidecar (#19363, @yuriydzobak)
helm: Bump cilium/startup-script image tag (#19263, @gandro)
helm: Enable ingress controller in smoke tests (ipv4 + ipv6) (#19644, @sayboras)
helm: Expose agent DNS proxy parameters as chart values (#19967, @joaoubaldo)
helm: Fix syntax error in Hubble UI className (#20056, @gandro)
helm: Make DNS policy for cilium-agent and cilium-operator pods configurable (Backport PR #20519, Upstream PR #20082, @michi-covalent)
highlight values.yaml.tmpl as yaml (#20250, @kaworu)
hubble/filters: add a unit test for TCP flows without flags (#18971, @kaworu)
hubble/filters: strict number check for full HTTP status code (#19429, @kaworu)
hubble: Improve performance of identity getter (#20005, @gandro)
hubble: read proxy port from trace event (#18510, @zhanghe9702)
hubble: remove unused local observer field (#19962, @kaworu)
images, contrib/coccinelle: update alpine image to 3.16.0 (Backport PR #20519, Upstream PR #20378, @tklauser)
images,test: Remove noop SKIP_DOCS (#18955, @pchaigno)
images/runtime: update CNI plugins to 1.1.1 (#19690, @tklauser)
images: Bump Hubble CLI to v0.10.0 (Backport PR #20401, Upstream PR #20286, @gandro)
images: Fix build on arm64 (#18795, @jrajahalme)
images: Remove copyright years from copyright notices (#19359, @qmonnet)
images: Update bpftool (#19046, @pchaigno)
images: Update cilium-bpftool (#20197, @NikAleksandrov)
images: Update cilium-iproute2 (#18784, @pchaigno)
Improve dev-doctor hints (#18562, @jtaleric)
Improve Egress Gateway Getting Started Guide (Backport PR #20519, Upstream PR #20471, @pippolo84)
Improve Egress Gateway Getting Started Guide (Backport PR #20563, Upstream PR #20531, @pippolo84)
Improve the efficiency of the k8s-unmanaged.sh script (#19471, @gavinmcnair)
ingress: Couple of cleanup and TODOs (#19647, @sayboras)
install/cilium-operator: fix clusterrole rules (#19686, @aanm)
install/kubernetes: bump etcd to v3.5.4 (#20134, @aanm)
install/kubernetes: do not initialize variable twice (Backport PR #20519, Upstream PR #20430, @aanm)
install/kubernetes: expose DNS policy rule unload agent flag as helm value (#18809, @tklauser)
install/kubernetes: Remove deprecated cluster roles (#18168, @christarazi)
install: Fix typos of cilium (#20113, @twpayne)
ipam: Shutdown retry trigger on node deletion (#20140, @christarazi)
ipcache: Make SupportsDelete() more robust by using a separate map (#19641, @joamaki)
ipcache: Use incremental policy updates (#18996, @joestringer)
ipsec: Rewrite parser for IPsec secret (#19824, @pchaigno)
k8s-conformance: Improve skipped tests format/links (#19628, @joestringer)
k8s: Move CiliumEnvoyConfig to v2 (#19688, @jrajahalme)
labels/cidr: use netip types to improve GetCIDRLabels and IPStringToLabel performace (Backport PR #20401, Upstream PR #20316, @tklauser)
List Simple Life as Cilium user (#19377, @sergeyshevch)
loader: Use new eBPF ISA feature probes (#19170, @pchaigno)
localdev: fix kind helm install shell function (#19149, @ldelossa)
maglev: fix TestPermutations backend generation (#19663, @kaworu)
maglev: use github.com/cilium/workerpool (#19940, @kaworu)
MAINTAINERS: adding myself to committers list (#18781, @lizrice)
MAINTAINERS: update committers (#20014, @tklauser)
Make API ratelimit logs less noisy by default (#18934, @panchm)
Make k8s-cilium-exec.sh friendlier to read (#17997, @weizhoublue)
make: fix Makefile docker pull command to cause an error when using podman (#19748, @koba1t)
make: grep for new go:build tags in PRIV_TEST_PKGS_EVAL (#19415, @tklauser)
make: remove deprecated test targets (#19436, @tklauser)
Makefile: Add 'make kind-image' to 'make help' (#19963, @joestringer)
Makefile: Measure unit test coverage by package (#20038, @joestringer)
maps/lbmap: fix maglev test suite build (#19435, @tklauser)
Misc Makefile improvements for quiet mode V=0 (#20031, @joestringer)
Misc. testing cleanups (#18238, @christarazi)
Move Equinix to the correct place in the alphabet (#19527, @xmulligan)
Moved Azure secrets to secret resource (#18010, @wolffberg)
neigh: Support multi device neighbor discovery (Backport PR #20333, Upstream PR #20092, @ysksuzuki)
New config hubble.relay.securityContext in Helm values. (#18242, @ooraini)
node: don't set write-only NodeAddressingElement.AddressType property (#19044, @tklauser)
None (#19280, @pacoxu)
operator: start the event queue in a dedicated go routine (Backport PR #20519, Upstream PR #20353, @aanm)
pkg/bpf: Include BPF map names during map creation (#20091, @christarazi)
pkg/daemon: Log error when node port init fails (#18475, @aditighag)
pkg/datapath/linux: Simplify logical conditions for IPsec node encryption (#18915, @christarazi)
pkg/datapath: Remove transitive dependency on netlink (#18619, @aditighag)
pkg/elf: Mark tests as integration tests (#18326, @twpayne)
pkg/endpoint: fix data race in endpoint logger (#18769, @aanm)
pkg/k8s: do not wait for endpointslice cache sync in k8s >= 1.17 (Backport PR #20570, Upstream PR #20569, @aanm)
pkg/mac refactor for common code use (#18793, @vincentmli)
pkg/metrics: Remove source node label (Backport PR #20519, Upstream PR #20433, @aditighag)
pkg/policy/api: Optimize Decision MarshalJSON() (#19704, @MikeLing)
pkg/policy/policy: Optimize SearchContext String() (#19661, @MikeLing)
pkg/policy/rule: Optimize rule String() (#19822, @MikeLing)
policy: Reduce allocations during FQDN processing (#17959, @joestringer)
preallocate memory before looping over it (#19566, @florianl)
Prepare for 1.12.0 development (#17961, @aanm)
Prepare for release v1.12.0-rc0 (#19032, @aanm)
Prepare for release v1.12.0-rc1 (#19393, @aanm)
Prepare for release v1.12.0-rc2 (#19694, @aanm)
Prepare v1.12 stable branch (#20276, @aanm)
README.rst: Add subsections on Governance and Adopters to make the info more discoverable, and to satisfy CLOMonitor (#19037, @xmulligan)
README.rst: fix stable release table (#19517, @tklauser)
Reduce datapath from_lxc complexity (#17758, @jrajahalme)
reduce GC load (#18757, @florianl)
Refactor IPCache to remove static package-level globals (#19073, @joestringer)
Remove unused functionality in pkg/bpf (#18378, @tklauser)
replace hardcode "docker" command with $(CONTAINER_ENGINE) (#18009, @ArthurChiao)
Revert "allocator: fix out-of-valid-range identities being allocated" (#18808, @pchaigno)
Revert "build(deps): bump github.com/prometheus/client_golang" (#19398, @aanm)
Revert "build(deps): bump google.golang.org/protobuf from 1.27.1 to 1… (#19395, @aanm)
Revert "datapath: Remove !CONNTRACK" (#18545, @nbusseneau)
Revert "ipsec: set interface ID different from 0" (#19019, @pchaigno)
Revert "iptables: Don't use ip{,6}tables if unavailable" (#18768, @pchaigno)
Scripts: Update k8s-unmanaged script to only return pods where host networking is false (#18349, @thejosephstevens)
Select new backend if old connection from src port to cluster IP was closed (#19451, @amol-go)
Spell out the full term of the CRD acronym (#19381, @Kikiodazie)
Standardize testing directory filepath naming (#18621, @joestringer)
Support builder image on arm64 (#19768, @chancez)
Support for Cilium in Exoscale SKS (#20076, @retrack)
Tencent Cloud added as a user (#19183, @xmulligan)
test/bpf: Fix format of check-complexity.sh script (#19836, @pchaigno)
test/bpf: Fix mock dependencies (#19099, @joestringer)
test: Fix make target for k8s tests (Backport PR #20401, Upstream PR #20264, @ysksuzuki)
test: fix typo in log output (#19134, @julianwiedmann)
test: Revert sys-fs-bpf.mount rename (#19385, @jrajahalme)
test: Skip flaky K8sServices NodePort test (#18402, @twpayne)
test: Support multiple nodes without Cilium (#17954, @pchaigno)
testutils/mockmaps: Bring duplicate backend calls check back (#19544, @aditighag)
tooling: add kind-down script (#18721, @ldelossa)
treewide: Fix typos of Kubernetes (#20114, @twpayne)
treewide: Sort imports according to Go conventions (#18357, @twpayne)
treewide: Tidy up more imports (#18389, @twpayne)
trivial: Fix test step stutter 'to to' (#18188, @joestringer)
Unify the term points "Fast Redirect" on host to the "BPF Host Routing". (#18862, @chenk008)
Update AUTHORS and mailmap (#19488, @joestringer)
Update bpftool to get latest feature probes (#19422, @borkmann)
Update cli-download.rst (#20181, @nvibert)
Update CLOMonitor badge url (#19365, @cynthia-sg)
Update cloud provider modules (#18683, @tklauser)
Update Copyright header in identity_range.go (#19115, @ti-mo)
Update external docker images (#19384, @aanm)
Update Go to 1.17.4 (#18128, @tklauser)
Update Go to 1.17.5 (#18224, @tklauser)
Update Go to 1.17.6 (#18441, @tklauser)
Update Go to 1.17.7 (#18796, @tklauser)
Update Go to 1.17.8 (#19058, @tklauser)
Update Go to 1.18 (#19169, @tklauser)
Update Go to 1.18.1 (#19432, @tklauser)
Update Go to 1.18.2 (#19775, @tklauser)
Update Go to 1.18.3, golangci-lint to 1.46.2 (#20061, @tklauser)
Update Go to 1.18.4 (Backport PR #20534, Upstream PR #20501, @tklauser)
Update gops to v0.3.25 (Backport PR #20534, Upstream PR #20438, @tklauser)
update k8s library versions (#18590, @aanm)
update k8s versions to the latest releases (Backport PR #20519, Upstream PR #20507, @aanm)
Update native routing CIDR flags description (#18367, @jibi)
Update SAP adoption info in USERS.md (#18936, @ghost)
Update stable releases (#18236, @joestringer)
Update stable releases (#18547, @joestringer)
Update stable releases (#18929, @joestringer)
Update stable releases (#19242, @aanm)
Update stable releases (#19503, @tklauser)
Update stable releases (#19841, @joestringer)
Update stable releases (#20224, @joestringer)
Update USERS.md (#19837, @edude03)
Update USERS.md (#20002, @FaKod)
update USERS.md with Equinix info (#19504, @matoszz)
UPDATE users.md: Add CONNY (#19815, @ant31)
Update values.yaml.tmpl (Backport PR #20401, Upstream PR #20357, @michi-covalent)
Upgrade cilium/ebpf to version 0.8.1 (#18903, @ti-mo)
Upgrade to cilium/lumberjack v2.2.2 to Flush() gzip writer before Sync()ing (#19361, @chancez)
Use cilium/ebpf/rlimit for bumping memlock rlimits (#18640, @ti-mo)
Users page now includes platforms, products, and services (#19357, @xmulligan)
Vagrant cleanups (#19253, @julianwiedmann)
vagrant: add git exception in dev VMs for cilium repo for root user (#19855, @jibi)
vagrant: fix overlap of IPv6 Node/Pod CIDRs on dev-VM (#19303, @julianwiedmann)
vagrant: Generate kubeconfig correctly for netnext (#18498, @YutaroHayakawa)
Various cleanups around pkg/datapath (#20041, @tklauser)
vendor: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 (#18255, @rolinh)
WithDialer is deprecated and use WithContextDialer instead (#19281, @luckymrwang)

Other Changes:

.github: add unstripped image builds (#20315, @aanm)
[v1.12] gha: Add ingress conformance test (#20362, @sayboras)
Add Ayedo as users (#18863, @hrittikhere)
codeowners: update for v1.12 backports (#20342, @aanm)
Fix unstripped id for gh action (#20319, @jtaleric)
install: Update image digests for v1.12.0-rc3 (#20281, @aanm)
Prepare for release v1.12.0-rc3 (#20279, @aanm)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.12.0

Summary of Changes

Contributors