Prepare for release v1.15.3

Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
cilium · Mar 26, 2024 · 22dfbc5 · 22dfbc5
1 parent d0a8f78
commit 22dfbc5
Show file tree

Hide file tree

Showing 10 changed files with 131 additions and 48 deletions.
diff --git a/.github/maintainers-little-helper.yaml b/.github/maintainers-little-helper.yaml
@@ -1,4 +1,4 @@
-project: "https://github.com/cilium/cilium/projects/272"
+project: "https://github.com/cilium/cilium/projects/277"
 column: "In progress"
 auto-label:
   - "kind/backports"

diff --git a/AUTHORS b/AUTHORS
@@ -403,6 +403,7 @@ Li Yiheng                               lyhutopi@gmail.com
 Liz Rice                                liz@lizrice.com
 log1cb0mb                               nabeelnrana@gmail.com
 LongHui Li                              longhui.li@woqutech.com
+loomkoom                                29258685+loomkoom@users.noreply.github.com
 Lorenz Bauer                            lmb@isovalent.com
 Lorenzo Fundaró                         lorenzofundaro@gmail.com
 Louis DeLosSantos                       louis@isovalent.com
@@ -560,7 +561,7 @@ Priya Sharma                            Priya.Sharma6693@gmail.com
 Qasim Sarfraz                           qasim.sarfraz@esailors.de
 Qifeng Guo                              qifeng.guo@daocloud.io
 Qingchuan Hao                           qinhao@microsoft.com
-Quentin Monnet                          quentin@isovalent.com
+Quentin Monnet                          qmo@qmon.net
 Raam                                    ram29@bskyb.com
 Rachid Zarouali                         rachid.zarouali@sevensphere.io
 Rafael da Fonseca                       rafael.fonseca@wildlifestudios.com
@@ -588,7 +589,7 @@ Richard Lavoie                          richard.lavoie@logmein.com
 Richard Tweed                           RichardoC@users.noreply.github.com
 Ricky Ho                                horicky78@gmail.com
 Rio Kierkels                            riokierkels@gmail.com
-Robin Gögge                             r.goegge@isovalent.com
+Robin Gögge                             r.goegge@gmail.com
 Robin Hahling                           robin.hahling@gw-computing.net
 Rocky Chen                              40374064+rockc2020@users.noreply.github.com
 Rodrigo Chacon                          rochacon@gmail.com

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,81 @@
 # Changelog
 
+## v1.15.3
+
+Summary of Changes
+------------------
+
+**Minor Changes:**
+* bgpv1: BGP Control Plane metrics (Backport PR #31568, Upstream PR #31469, @YutaroHayakawa)
+* cni: use default logger with timestamps. (Backport PR #31342, Upstream PR #31014, @tommyp1ckles)
+* Introduce `cilium-dbg encrypt flush --stale` flag to remove XFRM states and policies with stale node IDs. (Backport PR #31342, Upstream PR #31159, @pchaigno)
+
+**Bugfixes:**
+* [v1.15 - Author backport] envoy: enable k8s secret watch even if only CEC is enabled (#31451, @mhofstetter)
+* cni: Use batch endpoint deletion API in chaining plugin (Backport PR #31515, Upstream PR #31456, @sayboras)
+* Fix a bug in the StateDB library that may have caused stale read after write. This may have potentially affected the L2 announcements feature and the node address selection. (Backport PR #31342, Upstream PR #31164, @joamaki)
+* Fix a bug where pod label updates are not reflected in endpoint labels in presence of filtered labels. (Backport PR #31473, Upstream PR #31395, @tklauser)
+* Fixed issue with assigning 0 nodeID when corresponding bpf map run out of space.  Potentially it could have impacted connectivity in large clusters (>4k nodes) with IPSec or Mutual Auth enabled. Otherwise, it was merely generating unnecessary error log messages. (Backport PR #31490, Upstream PR #31380, @marseel)
+* gateway-api: Retrieve LB service from same namespace (Backport PR #31490, Upstream PR #31271, @sayboras)
+* Handle InvalidParameterValue as well for PD fallback (Backport PR #31490, Upstream PR #31016, @hemanthmalla)
+* helm: Update pod affinity for cilium-envoy (Backport PR #31490, Upstream PR #31150, @sayboras)
+* hubble/relay: Fix certificate reloading in PeerManager (Backport PR #31568, Upstream PR #31376, @glrf)
+* Hubble: fix traffic direction and is reply when IPSec is enabled (Backport PR #31568, Upstream PR #31211, @kaworu)
+* k8s/utils: correctly filter out labels in StripPodSpecialLabels (Backport PR #31473, Upstream PR #31421, @tklauser)
+* metrics: Disable prometheus metrics by default (Backport PR #31342, Upstream PR #31144, @joestringer)
+* operator: fix errors/warnings metric. (Backport PR #31490, Upstream PR #31214, @tommyp1ckles)
+
+**CI Changes:**
+* [v1.15] test: Remove duplicate Cilium deployments in some datapath config tests (#31520, @qmonnet)
+* Additionally test host firewall + KPR disabled in E2E tests (Backport PR #31342, Upstream PR #30914, @giorio94)
+* AKS: avoid overlapping pod and service CIDRs (Backport PR #31568, Upstream PR #31504, @bimmlerd)
+* bgpv1: avoid object tracker vs informer race (Backport PR #31490, Upstream PR #31010, @bimmlerd)
+* bgpv1: fix Test_PodIPPoolAdvert flakiness (Backport PR #31490, Upstream PR #31365, @rastislavs)
+* bpf: fix go testdata check in ci (Backport PR #31554, Upstream PR #31419, @mhofstetter)
+* Centralize configuration of kind version/image in GitHub Action workflows (Backport PR #31191, Upstream PR #30916, @giorio94)
+* Checkout the target branch, instead of the default one, on pull_request based GHA test workflows (Backport PR #31191, Upstream PR #31198, @giorio94)
+* ci-e2e: Add matrix for bpf.tproxy and ingress-controller (Backport PR #31490, Upstream PR #31272, @sayboras)
+* ci: Bump lvh-kind ssh-startup-wait-retries (Backport PR #31490, Upstream PR #31387, @YutaroHayakawa)
+* controlplane: fix mechanism for ensuring watchers (Backport PR #31490, Upstream PR #31030, @bimmlerd)
+* Fix bug preventing consistent symbols between ELF and BTF for eBPF unit tests. (Backport PR #31342, Upstream PR #30610, @learnitall)
+* gateway-api: Enable GRPCRoute conformance tests (Backport PR #31342, Upstream PR #31055, @sayboras)
+* gha: disable fail-fast on integration tests (Backport PR #31490, Upstream PR #31420, @giorio94)
+* gha: drop unused check_url environment variable (Backport PR #31191, Upstream PR #30928, @giorio94)
+* introduce ARM github workflows (Backport PR #31342, Upstream PR #31196, @aanm)
+* ipam: deepcopy interface resource correctly. (Backport PR #31490, Upstream PR #26998, @tommyp1ckles)
+* k8s_install.sh: specify the CNI version (Backport PR #31342, Upstream PR #31182, @aanm)
+* loader: fix issue where errors cancelled compile cause error logs. (Backport PR #31342, Upstream PR #30988, @tommyp1ckles)
+* Reduce flakiness of controlplane tests (Backport PR #31490, Upstream PR #30906, @bimmlerd)
+* slices: don't modify missed input slice in test (Backport PR #31490, Upstream PR #31119, @bimmlerd)
+
+**Misc Changes:**
+* Add monitor aggregation for all events related to packets ingressing to the network-facing device. (Backport PR #31342, Upstream PR #31015, @learnitall)
+* Address race condition in TestGetIdentity (Backport PR #31541, Upstream PR #30885, @bimmlerd)
+* bgpv1: Adjust ConnectionRetryTimeSeconds to 1 in component tests (Backport PR #31342, Upstream PR #31218, @YutaroHayakawa)
+* chore(deps): update all github action dependencies (v1.15) (#31480, @renovate[bot])
+* chore(deps): update all github action dependencies (v1.15) (#31582, @renovate[bot])
+* chore(deps): update dependency cilium/cilium-cli to v0.16.3 (v1.15) (#31464, @renovate[bot])
+* chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.15) (#31450, @renovate[bot])
+* chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 55c6361 (v1.15) (#31453, @renovate[bot])
+* chore: update json-mock image source in examples (Backport PR #31568, Upstream PR #31373, @loomkoom)
+* cilium-dbg: listing load-balancing configurations displays L7LB proxy port (Backport PR #31568, Upstream PR #31503, @mhofstetter)
+* datapath, bpf: Remove unnecessary IPsec code (Backport PR #31490, Upstream PR #31344, @pchaigno)
+* doc: Clarified GwAPI KPR prerequisites (Backport PR #31490, Upstream PR #31366, @PhilipSchmid)
+* docs: Warn on key rotations during upgrades (Backport PR #31490, Upstream PR #31437, @pchaigno)
+* Don't emit an error message on namespace termination due to Ingress reconciliation (Backport PR #31342, Upstream PR #30808, @giorio94)
+* Downgrade L2 Neighbor Discovery failure log to Debug (Backport PR #31342, Upstream PR #31179, @YutaroHayakawa)
+* endpointmanager: Improve health reporter messages when stopped (Backport PR #31342, Upstream PR #31231, @christarazi)
+* hive/cell/health: don't warn when reporting on stopped reporter. (Backport PR #31490, Upstream PR #31262, @tommyp1ckles)
+* ingress: Update docs with network policy example (Backport PR #31342, Upstream PR #31060, @sayboras)
+* job: avoid a race condition in TestTimer_ExitOnCloseFnCtx (Backport PR #31490, Upstream PR #30929, @bimmlerd)
+* loader: add message if error is ENOTSUP (Backport PR #31490, Upstream PR #31413, @kkourt)
+* policy: Fix missing labels from SelectorCache selectors (Backport PR #31490, Upstream PR #31358, @christarazi)
+* Replaced `declare_tailcall_if` with logic in the loader (Backport PR #31554, Upstream PR #30467, @dylandreimerink)
+
+**Other Changes:**
+* install: Update image digests for v1.15.2 (#31378, @jrajahalme)
+* v1.15: IPsec Fixes (#31610, @pchaigno)
+
 ## v1.15.2
 
 Summary of Changes

diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
diff --git a/Documentation/network/kubernetes/compatibility-table.rst b/Documentation/network/kubernetes/compatibility-table.rst
@@ -40,7 +40,9 @@
 +--------------------+----------------+
 | v1.13.12           | 1.26.7         |
 +--------------------+----------------+
-| v1.13              | 1.26.7         |
+| v1.13.13           | 1.26.7         |
++--------------------+----------------+
+| v1.13              | 1.26.8         |
 +--------------------+----------------+
 | v1.14.0-pre.2      | 1.26.8         |
 +--------------------+----------------+
@@ -78,7 +80,9 @@
 +--------------------+----------------+
 | v1.14.7            | 1.27.0         |
 +--------------------+----------------+
-| v1.14              | 1.27.0         |
+| v1.14.8            | 1.27.0         |
++--------------------+----------------+
+| v1.14              | 1.27.1         |
 +--------------------+----------------+
 | v1.15.0-pre.0      | 1.26.9         |
 +--------------------+----------------+
@@ -96,7 +100,9 @@
 +--------------------+----------------+
 | v1.15.1            | 1.28.1         |
 +--------------------+----------------+
-| v1.15              | 1.28.1         |
+| v1.15.2            | 1.28.1         |
++--------------------+----------------+
+| v1.15              | 1.28.2         |
 +--------------------+----------------+
-| latest / main      | 1.29.3         |
+| latest / main      | 1.29.4         |
 +--------------------+----------------+
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.15.2
+1.15.3
diff --git a/install/kubernetes/Makefile.digests b/install/kubernetes/Makefile.digests
@@ -2,12 +2,12 @@
 # Copyright 2024 Authors of Cilium
 # SPDX-License-Identifier: Apache-2.0
 
-export CILIUM_DIGEST := "sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746"
-export CLUSTERMESH_APISERVER_DIGEST := "sha256:478c77371f34d6fe5251427ff90c3912567c69b2bdc87d72377e42a42054f1c2"
-export DOCKER_PLUGIN_DIGEST := "sha256:ba4df0d63b48ba6181b6f3df3b747e15f5dfba06ff9ee83f34dd0143c1a9a98c"
-export HUBBLE_RELAY_DIGEST := "sha256:48480053930e884adaeb4141259ff1893a22eb59707906c6d38de2fe01916cb0"
-export OPERATOR_ALIBABACLOUD_DIGEST := "sha256:e2dafa4c04ab05392a28561ab003c2894ec1fcc3214a4dfe2efd6b7d58a66650"
-export OPERATOR_AWS_DIGEST := "sha256:3f459999b753bfd8626f8effdf66720a996b2c15c70f4e418011d00de33552eb"
-export OPERATOR_AZURE_DIGEST := "sha256:568293cebc27c01a39a9341b1b2578ebf445228df437f8b318adbbb2c4db842a"
-export OPERATOR_GENERIC_DIGEST := "sha256:4dd8f67630f45fcaf58145eb81780b677ef62d57632d7e4442905ad3226a9088"
-export OPERATOR_DIGEST := "sha256:e592ceba377985eb4225b0da9121d0f8c68a564ea38e5732bd6d59005eb87c08"
+export CILIUM_DIGEST := ""
+export CLUSTERMESH_APISERVER_DIGEST := ""
+export DOCKER_PLUGIN_DIGEST := ""
+export HUBBLE_RELAY_DIGEST := ""
+export OPERATOR_ALIBABACLOUD_DIGEST := ""
+export OPERATOR_AWS_DIGEST := ""
+export OPERATOR_AZURE_DIGEST := ""
+export OPERATOR_GENERIC_DIGEST := ""
+export OPERATOR_DIGEST := ""
diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: cilium
 displayName: Cilium
 home: https://cilium.io/
-version: 1.15.2
-appVersion: 1.15.2
+version: 1.15.3
+appVersion: 1.15.3
 kubeVersion: ">= 1.16.0-0"
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg
 description: eBPF-based Networking, Security, and Observability