v1.9.11
We are pleased to release Cilium v1.9.11. This release bumps Istio integration to v1.10.4, fixes some reported bugs and updates the underlying base images for the latest library dependencies. For more details, see the full release notes below.
Summary of Changes
Minor Changes:
- Add metrics for identity garbage collection in cilium-operator (Backport PR #17399, Upstream PR #14254, @ArthurChiao)
- agent: Silence some useless warnings (Backport PR #17532, Upstream PR #15450, @tgraf)
- Cilium Istio integration is updated to Istio release 1.10.4 (Backport PR #17390, Upstream PRs #14621, #14704, #17275, @jrajahalme)
Bugfixes:
- Fix bug where timers used for retries sometimes fired immediately (Backport PR #17398, Upstream PR #16955, @gandro)
- Fix transient policy deny during agent restart (Backport PR #17390, Upstream PR #17115, @jaffcheng)
- node: Skip ipcache for remote node IPs if IPsec is enabled (Backport PR #17728, Upstream PR #17511, @pchaigno)
- Remove CiliumNode deletion logic from CiliumNode watcher and guarantee CiliumNode's OwnerReference is always set (Backport PR #17396, Upstream PR #17329, @christarazi)
- Set right User Agent in Kubernetes client for all Cilium components. (Backport PR #17532, Upstream PR #17417, @aanm)
CI Changes:
- [v1.9] fix MLH config trigger (#17422, @nbusseneau)
- bpf/Makefile: Enable setting complexity options (Backport PR #17626, Upstream PR #17364, @pchaigno)
- test/runtime: Look into log errors after test start (Backport PR #17390, Upstream PR #17351, @joamaki)
- test: bump coredns version to 1.7.0 (Backport PR #17532, Upstream PR #17489, @aanm)
- test: Skip Istio test on k8s <1.17 (Backport PR #17390, Upstream PR #17445, @jrajahalme)
Misc Changes:
- build(deps): bump 8398a7/action-slack from 3.9.2 to 3.9.3 (#17384, @dependabot[bot])
- build(deps): bump 8398a7/action-slack from 3.9.3 to 3.10.0 (#17448, @dependabot[bot])
- build(deps): bump docker/setup-buildx-action from 1.5.1 to 1.6.0 (#17324, @dependabot[bot])
- build(deps): bump KyleMayes/install-llvm-action from 1.4.1 to 1.5.0 (#17748, @dependabot[bot])
- contrib/backporting: add environment variables to set ORG and REPO (Backport PR #17532, Upstream PR #17424, @aanm)
- contrib/backporting: Dockerize backporting scripts (Backport PR #17728, Upstream PR #17157, @aditighag)
- daemon, ipam, option: Introduce ability to bypass IP availability error (Backport PR #17493, Upstream PR #17492, @christarazi)
- docs: clarify language on libceph and kernel 5.8 in kubeproxy-free GSG (Backport PR #17532, Upstream PR #16969, @bluikko)
- docs: Fix command for overwriting iptables on kube-proxy replacement install (Backport PR #17532, Upstream PR #16264, @Stijn98s)
- docs: Fix helm value when deploying pure ipvlan l3 mode (Backport PR #17728, Upstream PR #17708, @chendotjs)
- ethtool: use ioctl wrapper from golang.org/x/sys/unix (Backport PR #17390, Upstream PR #17153, @tklauser)
- helm: set correct versions of docker images in Makefile (Backport PR #17567, Upstream PR #17477, @aanm)
- jenkinsfiles: Don't display nulls in current build display name (Backport PR #17390, Upstream PR #17258, @twpayne)
- operator: Improve identity GC efficiency (Backport PR #17398, Upstream PR #17359, @christarazi)
- refactor: Remove
time.After
from any Loops (Backport PR #17398, Upstream PR #14380, @nathanjsweet) - v1.9: Update Cilium base images (#17801, @joestringer)
- vendor: update mongo-driver to 1.5.1 to fix CVE-2021-20329 (Backport PR #17328, Upstream PR #17234, @aanm)
- verifier-test.sh: allow for empty FOO_PROGS (Backport PR #17626, Upstream PR #17408, @kkourt)
Other Changes:
- install: Update image digests for v1.9.10 (#17297, @joestringer)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.9.11@sha256:47f923325069a697d5baf5314c7fe936bdf34e7c8154666e6762a78be1ddc3ec
quay.io/cilium/cilium:v1.9.11@sha256:47f923325069a697d5baf5314c7fe936bdf34e7c8154666e6762a78be1ddc3ec
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.9.11@sha256:3cc472bbb288ece4d496674de048d01e5dd6c4c9044e392153a63e385ff864a5
quay.io/cilium/clustermesh-apiserver:v1.9.11@sha256:3cc472bbb288ece4d496674de048d01e5dd6c4c9044e392153a63e385ff864a5
docker-plugin
docker.io/cilium/docker-plugin:v1.9.11@sha256:ae0b0d4457250b226b291f52a8b99ec1064df256fe7f95276c8d6c6b9448953d
quay.io/cilium/docker-plugin:v1.9.11@sha256:ae0b0d4457250b226b291f52a8b99ec1064df256fe7f95276c8d6c6b9448953d
hubble-relay
docker.io/cilium/hubble-relay:v1.9.11@sha256:d3bd31dc823704a865c0f6091865c6876798e461e445e2f90f6e51f419a85257
quay.io/cilium/hubble-relay:v1.9.11@sha256:d3bd31dc823704a865c0f6091865c6876798e461e445e2f90f6e51f419a85257
operator-aws
docker.io/cilium/operator-aws:v1.9.11@sha256:48659c02c2de76a8af039ebe6e77aedc51a545bb6c94a861485b4182dde6a576
quay.io/cilium/operator-aws:v1.9.11@sha256:48659c02c2de76a8af039ebe6e77aedc51a545bb6c94a861485b4182dde6a576
operator-azure
docker.io/cilium/operator-azure:v1.9.11@sha256:32e052b3bebbecff0a7feb8b462141387628d2d78e0a67e9dd9a1c28fc2f60da
quay.io/cilium/operator-azure:v1.9.11@sha256:32e052b3bebbecff0a7feb8b462141387628d2d78e0a67e9dd9a1c28fc2f60da
operator-generic
docker.io/cilium/operator-generic:v1.9.11@sha256:63a01e508ada5a123942b5afe24105d738f98ce543381ff48b1f9f905c22845e
quay.io/cilium/operator-generic:v1.9.11@sha256:63a01e508ada5a123942b5afe24105d738f98ce543381ff48b1f9f905c22845e
operator
docker.io/cilium/operator:v1.9.11@sha256:dc59b2cc9441f9ea66e87be537baec28f5fa5cb47e4eb5079e8eeabdd11d2a8d
quay.io/cilium/operator:v1.9.11@sha256:dc59b2cc9441f9ea66e87be537baec28f5fa5cb47e4eb5079e8eeabdd11d2a8d