From 22dfbc58ad8e1f52a5cae1adc17d6f317bffd747 Mon Sep 17 00:00:00 2001 From: Jarno Rajahalme Date: Tue, 26 Mar 2024 11:45:10 +0100 Subject: [PATCH] Prepare for release v1.15.3 Signed-off-by: Jarno Rajahalme --- .github/maintainers-little-helper.yaml | 2 +- AUTHORS | 5 +- CHANGELOG.md | 76 +++++++++++++++++++ Documentation/helm-values.rst | 10 +-- .../kubernetes/compatibility-table.rst | 14 +++- VERSION | 2 +- install/kubernetes/Makefile.digests | 18 ++--- install/kubernetes/cilium/Chart.yaml | 4 +- install/kubernetes/cilium/README.md | 12 +-- install/kubernetes/cilium/values.yaml | 36 ++++----- 10 files changed, 131 insertions(+), 48 deletions(-) diff --git a/.github/maintainers-little-helper.yaml b/.github/maintainers-little-helper.yaml index 1c00a3d397d6..c699e614fb68 100644 --- a/.github/maintainers-little-helper.yaml +++ b/.github/maintainers-little-helper.yaml @@ -1,4 +1,4 @@ -project: "https://github.com/cilium/cilium/projects/272" +project: "https://github.com/cilium/cilium/projects/277" column: "In progress" auto-label: - "kind/backports" diff --git a/AUTHORS b/AUTHORS index ead8015ebc44..c4713d907382 100644 --- a/AUTHORS +++ b/AUTHORS @@ -403,6 +403,7 @@ Li Yiheng lyhutopi@gmail.com Liz Rice liz@lizrice.com log1cb0mb nabeelnrana@gmail.com LongHui Li longhui.li@woqutech.com +loomkoom 29258685+loomkoom@users.noreply.github.com Lorenz Bauer lmb@isovalent.com Lorenzo Fundaró lorenzofundaro@gmail.com Louis DeLosSantos louis@isovalent.com @@ -560,7 +561,7 @@ Priya Sharma Priya.Sharma6693@gmail.com Qasim Sarfraz qasim.sarfraz@esailors.de Qifeng Guo qifeng.guo@daocloud.io Qingchuan Hao qinhao@microsoft.com -Quentin Monnet quentin@isovalent.com +Quentin Monnet qmo@qmon.net Raam ram29@bskyb.com Rachid Zarouali rachid.zarouali@sevensphere.io Rafael da Fonseca rafael.fonseca@wildlifestudios.com @@ -588,7 +589,7 @@ Richard Lavoie richard.lavoie@logmein.com Richard Tweed RichardoC@users.noreply.github.com Ricky Ho horicky78@gmail.com Rio Kierkels riokierkels@gmail.com -Robin Gögge r.goegge@isovalent.com +Robin Gögge r.goegge@gmail.com Robin Hahling robin.hahling@gw-computing.net Rocky Chen 40374064+rockc2020@users.noreply.github.com Rodrigo Chacon rochacon@gmail.com diff --git a/CHANGELOG.md b/CHANGELOG.md index 47414fa16364..7b1479a5ea18 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,81 @@ # Changelog +## v1.15.3 + +Summary of Changes +------------------ + +**Minor Changes:** +* bgpv1: BGP Control Plane metrics (Backport PR #31568, Upstream PR #31469, @YutaroHayakawa) +* cni: use default logger with timestamps. (Backport PR #31342, Upstream PR #31014, @tommyp1ckles) +* Introduce `cilium-dbg encrypt flush --stale` flag to remove XFRM states and policies with stale node IDs. (Backport PR #31342, Upstream PR #31159, @pchaigno) + +**Bugfixes:** +* [v1.15 - Author backport] envoy: enable k8s secret watch even if only CEC is enabled (#31451, @mhofstetter) +* cni: Use batch endpoint deletion API in chaining plugin (Backport PR #31515, Upstream PR #31456, @sayboras) +* Fix a bug in the StateDB library that may have caused stale read after write. This may have potentially affected the L2 announcements feature and the node address selection. (Backport PR #31342, Upstream PR #31164, @joamaki) +* Fix a bug where pod label updates are not reflected in endpoint labels in presence of filtered labels. (Backport PR #31473, Upstream PR #31395, @tklauser) +* Fixed issue with assigning 0 nodeID when corresponding bpf map run out of space. Potentially it could have impacted connectivity in large clusters (>4k nodes) with IPSec or Mutual Auth enabled. Otherwise, it was merely generating unnecessary error log messages. (Backport PR #31490, Upstream PR #31380, @marseel) +* gateway-api: Retrieve LB service from same namespace (Backport PR #31490, Upstream PR #31271, @sayboras) +* Handle InvalidParameterValue as well for PD fallback (Backport PR #31490, Upstream PR #31016, @hemanthmalla) +* helm: Update pod affinity for cilium-envoy (Backport PR #31490, Upstream PR #31150, @sayboras) +* hubble/relay: Fix certificate reloading in PeerManager (Backport PR #31568, Upstream PR #31376, @glrf) +* Hubble: fix traffic direction and is reply when IPSec is enabled (Backport PR #31568, Upstream PR #31211, @kaworu) +* k8s/utils: correctly filter out labels in StripPodSpecialLabels (Backport PR #31473, Upstream PR #31421, @tklauser) +* metrics: Disable prometheus metrics by default (Backport PR #31342, Upstream PR #31144, @joestringer) +* operator: fix errors/warnings metric. (Backport PR #31490, Upstream PR #31214, @tommyp1ckles) + +**CI Changes:** +* [v1.15] test: Remove duplicate Cilium deployments in some datapath config tests (#31520, @qmonnet) +* Additionally test host firewall + KPR disabled in E2E tests (Backport PR #31342, Upstream PR #30914, @giorio94) +* AKS: avoid overlapping pod and service CIDRs (Backport PR #31568, Upstream PR #31504, @bimmlerd) +* bgpv1: avoid object tracker vs informer race (Backport PR #31490, Upstream PR #31010, @bimmlerd) +* bgpv1: fix Test_PodIPPoolAdvert flakiness (Backport PR #31490, Upstream PR #31365, @rastislavs) +* bpf: fix go testdata check in ci (Backport PR #31554, Upstream PR #31419, @mhofstetter) +* Centralize configuration of kind version/image in GitHub Action workflows (Backport PR #31191, Upstream PR #30916, @giorio94) +* Checkout the target branch, instead of the default one, on pull_request based GHA test workflows (Backport PR #31191, Upstream PR #31198, @giorio94) +* ci-e2e: Add matrix for bpf.tproxy and ingress-controller (Backport PR #31490, Upstream PR #31272, @sayboras) +* ci: Bump lvh-kind ssh-startup-wait-retries (Backport PR #31490, Upstream PR #31387, @YutaroHayakawa) +* controlplane: fix mechanism for ensuring watchers (Backport PR #31490, Upstream PR #31030, @bimmlerd) +* Fix bug preventing consistent symbols between ELF and BTF for eBPF unit tests. (Backport PR #31342, Upstream PR #30610, @learnitall) +* gateway-api: Enable GRPCRoute conformance tests (Backport PR #31342, Upstream PR #31055, @sayboras) +* gha: disable fail-fast on integration tests (Backport PR #31490, Upstream PR #31420, @giorio94) +* gha: drop unused check_url environment variable (Backport PR #31191, Upstream PR #30928, @giorio94) +* introduce ARM github workflows (Backport PR #31342, Upstream PR #31196, @aanm) +* ipam: deepcopy interface resource correctly. (Backport PR #31490, Upstream PR #26998, @tommyp1ckles) +* k8s_install.sh: specify the CNI version (Backport PR #31342, Upstream PR #31182, @aanm) +* loader: fix issue where errors cancelled compile cause error logs. (Backport PR #31342, Upstream PR #30988, @tommyp1ckles) +* Reduce flakiness of controlplane tests (Backport PR #31490, Upstream PR #30906, @bimmlerd) +* slices: don't modify missed input slice in test (Backport PR #31490, Upstream PR #31119, @bimmlerd) + +**Misc Changes:** +* Add monitor aggregation for all events related to packets ingressing to the network-facing device. (Backport PR #31342, Upstream PR #31015, @learnitall) +* Address race condition in TestGetIdentity (Backport PR #31541, Upstream PR #30885, @bimmlerd) +* bgpv1: Adjust ConnectionRetryTimeSeconds to 1 in component tests (Backport PR #31342, Upstream PR #31218, @YutaroHayakawa) +* chore(deps): update all github action dependencies (v1.15) (#31480, @renovate[bot]) +* chore(deps): update all github action dependencies (v1.15) (#31582, @renovate[bot]) +* chore(deps): update dependency cilium/cilium-cli to v0.16.3 (v1.15) (#31464, @renovate[bot]) +* chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.15) (#31450, @renovate[bot]) +* chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 55c6361 (v1.15) (#31453, @renovate[bot]) +* chore: update json-mock image source in examples (Backport PR #31568, Upstream PR #31373, @loomkoom) +* cilium-dbg: listing load-balancing configurations displays L7LB proxy port (Backport PR #31568, Upstream PR #31503, @mhofstetter) +* datapath, bpf: Remove unnecessary IPsec code (Backport PR #31490, Upstream PR #31344, @pchaigno) +* doc: Clarified GwAPI KPR prerequisites (Backport PR #31490, Upstream PR #31366, @PhilipSchmid) +* docs: Warn on key rotations during upgrades (Backport PR #31490, Upstream PR #31437, @pchaigno) +* Don't emit an error message on namespace termination due to Ingress reconciliation (Backport PR #31342, Upstream PR #30808, @giorio94) +* Downgrade L2 Neighbor Discovery failure log to Debug (Backport PR #31342, Upstream PR #31179, @YutaroHayakawa) +* endpointmanager: Improve health reporter messages when stopped (Backport PR #31342, Upstream PR #31231, @christarazi) +* hive/cell/health: don't warn when reporting on stopped reporter. (Backport PR #31490, Upstream PR #31262, @tommyp1ckles) +* ingress: Update docs with network policy example (Backport PR #31342, Upstream PR #31060, @sayboras) +* job: avoid a race condition in TestTimer_ExitOnCloseFnCtx (Backport PR #31490, Upstream PR #30929, @bimmlerd) +* loader: add message if error is ENOTSUP (Backport PR #31490, Upstream PR #31413, @kkourt) +* policy: Fix missing labels from SelectorCache selectors (Backport PR #31490, Upstream PR #31358, @christarazi) +* Replaced `declare_tailcall_if` with logic in the loader (Backport PR #31554, Upstream PR #30467, @dylandreimerink) + +**Other Changes:** +* install: Update image digests for v1.15.2 (#31378, @jrajahalme) +* v1.15: IPsec Fixes (#31610, @pchaigno) + ## v1.15.2 Summary of Changes diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst index 48051e374f52..0b2aa3974db4 100644 --- a/Documentation/helm-values.rst +++ b/Documentation/helm-values.rst @@ -483,7 +483,7 @@ * - :spelling:ignore:`clustermesh.apiserver.image` - Clustermesh API server image. - object - - ``{"digest":"sha256:478c77371f34d6fe5251427ff90c3912567c69b2bdc87d72377e42a42054f1c2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.2","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.3","useDigest":false}`` * - :spelling:ignore:`clustermesh.apiserver.kvstoremesh.enabled` - Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. - bool @@ -1635,7 +1635,7 @@ * - :spelling:ignore:`hubble.relay.image` - Hubble-relay container image. - object - - ``{"digest":"sha256:48480053930e884adaeb4141259ff1893a22eb59707906c6d38de2fe01916cb0","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.2","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.3","useDigest":false}`` * - :spelling:ignore:`hubble.relay.listenHost` - Host to listen to. Specify an empty string to bind to all the interfaces. - string @@ -2015,7 +2015,7 @@ * - :spelling:ignore:`image` - Agent container image. - object - - ``{"digest":"sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.2","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.3","useDigest":false}`` * - :spelling:ignore:`imagePullSecrets` - Configure image pull secrets for pulling container images - string @@ -2467,7 +2467,7 @@ * - :spelling:ignore:`operator.image` - cilium-operator image. - object - - ``{"alibabacloudDigest":"sha256:e2dafa4c04ab05392a28561ab003c2894ec1fcc3214a4dfe2efd6b7d58a66650","awsDigest":"sha256:3f459999b753bfd8626f8effdf66720a996b2c15c70f4e418011d00de33552eb","azureDigest":"sha256:568293cebc27c01a39a9341b1b2578ebf445228df437f8b318adbbb2c4db842a","genericDigest":"sha256:4dd8f67630f45fcaf58145eb81780b677ef62d57632d7e4442905ad3226a9088","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.2","useDigest":true}`` + - ``{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.3","useDigest":false}`` * - :spelling:ignore:`operator.nodeGCInterval` - Interval for cilium node garbage collection. - string @@ -2667,7 +2667,7 @@ * - :spelling:ignore:`preflight.image` - Cilium pre-flight image. - object - - ``{"digest":"sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.2","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.3","useDigest":false}`` * - :spelling:ignore:`preflight.nodeSelector` - Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - object diff --git a/Documentation/network/kubernetes/compatibility-table.rst b/Documentation/network/kubernetes/compatibility-table.rst index 979f69f7c6ad..a9499b4f7188 100644 --- a/Documentation/network/kubernetes/compatibility-table.rst +++ b/Documentation/network/kubernetes/compatibility-table.rst @@ -40,7 +40,9 @@ +--------------------+----------------+ | v1.13.12 | 1.26.7 | +--------------------+----------------+ -| v1.13 | 1.26.7 | +| v1.13.13 | 1.26.7 | ++--------------------+----------------+ +| v1.13 | 1.26.8 | +--------------------+----------------+ | v1.14.0-pre.2 | 1.26.8 | +--------------------+----------------+ @@ -78,7 +80,9 @@ +--------------------+----------------+ | v1.14.7 | 1.27.0 | +--------------------+----------------+ -| v1.14 | 1.27.0 | +| v1.14.8 | 1.27.0 | ++--------------------+----------------+ +| v1.14 | 1.27.1 | +--------------------+----------------+ | v1.15.0-pre.0 | 1.26.9 | +--------------------+----------------+ @@ -96,7 +100,9 @@ +--------------------+----------------+ | v1.15.1 | 1.28.1 | +--------------------+----------------+ -| v1.15 | 1.28.1 | +| v1.15.2 | 1.28.1 | ++--------------------+----------------+ +| v1.15 | 1.28.2 | +--------------------+----------------+ -| latest / main | 1.29.3 | +| latest / main | 1.29.4 | +--------------------+----------------+ diff --git a/VERSION b/VERSION index 42cf0675c566..f2380cc7aefe 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.15.2 +1.15.3 diff --git a/install/kubernetes/Makefile.digests b/install/kubernetes/Makefile.digests index 0897df2c1907..7933852e3fb4 100644 --- a/install/kubernetes/Makefile.digests +++ b/install/kubernetes/Makefile.digests @@ -2,12 +2,12 @@ # Copyright 2024 Authors of Cilium # SPDX-License-Identifier: Apache-2.0 -export CILIUM_DIGEST := "sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746" -export CLUSTERMESH_APISERVER_DIGEST := "sha256:478c77371f34d6fe5251427ff90c3912567c69b2bdc87d72377e42a42054f1c2" -export DOCKER_PLUGIN_DIGEST := "sha256:ba4df0d63b48ba6181b6f3df3b747e15f5dfba06ff9ee83f34dd0143c1a9a98c" -export HUBBLE_RELAY_DIGEST := "sha256:48480053930e884adaeb4141259ff1893a22eb59707906c6d38de2fe01916cb0" -export OPERATOR_ALIBABACLOUD_DIGEST := "sha256:e2dafa4c04ab05392a28561ab003c2894ec1fcc3214a4dfe2efd6b7d58a66650" -export OPERATOR_AWS_DIGEST := "sha256:3f459999b753bfd8626f8effdf66720a996b2c15c70f4e418011d00de33552eb" -export OPERATOR_AZURE_DIGEST := "sha256:568293cebc27c01a39a9341b1b2578ebf445228df437f8b318adbbb2c4db842a" -export OPERATOR_GENERIC_DIGEST := "sha256:4dd8f67630f45fcaf58145eb81780b677ef62d57632d7e4442905ad3226a9088" -export OPERATOR_DIGEST := "sha256:e592ceba377985eb4225b0da9121d0f8c68a564ea38e5732bd6d59005eb87c08" +export CILIUM_DIGEST := "" +export CLUSTERMESH_APISERVER_DIGEST := "" +export DOCKER_PLUGIN_DIGEST := "" +export HUBBLE_RELAY_DIGEST := "" +export OPERATOR_ALIBABACLOUD_DIGEST := "" +export OPERATOR_AWS_DIGEST := "" +export OPERATOR_AZURE_DIGEST := "" +export OPERATOR_GENERIC_DIGEST := "" +export OPERATOR_DIGEST := "" diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml index 3c71c0dc3772..63c3ac906815 100644 --- a/install/kubernetes/cilium/Chart.yaml +++ b/install/kubernetes/cilium/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: cilium displayName: Cilium home: https://cilium.io/ -version: 1.15.2 -appVersion: 1.15.2 +version: 1.15.3 +appVersion: 1.15.3 kubeVersion: ">= 1.16.0-0" icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.15/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md index e9a60b14f9fa..46f2017c4afa 100644 --- a/install/kubernetes/cilium/README.md +++ b/install/kubernetes/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.15.2](https://img.shields.io/badge/Version-1.15.2-informational?style=flat-square) ![AppVersion: 1.15.2](https://img.shields.io/badge/AppVersion-1.15.2-informational?style=flat-square) +![Version: 1.15.3](https://img.shields.io/badge/Version-1.15.3-informational?style=flat-square) ![AppVersion: 1.15.3](https://img.shields.io/badge/AppVersion-1.15.3-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -170,7 +170,7 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. | | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:478c77371f34d6fe5251427ff90c3912567c69b2bdc87d72377e42a42054f1c2","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.2","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.15.3","useDigest":false}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `false` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | @@ -458,7 +458,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:48480053930e884adaeb4141259ff1893a22eb59707906c6d38de2fe01916cb0","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.2","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.15.3","useDigest":false}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -553,7 +553,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.2","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.3","useDigest":false}` | Agent container image. | | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -666,7 +666,7 @@ contributors across the globe, there is almost always someone available to help. | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:e2dafa4c04ab05392a28561ab003c2894ec1fcc3214a4dfe2efd6b7d58a66650","awsDigest":"sha256:3f459999b753bfd8626f8effdf66720a996b2c15c70f4e418011d00de33552eb","azureDigest":"sha256:568293cebc27c01a39a9341b1b2578ebf445228df437f8b318adbbb2c4db842a","genericDigest":"sha256:4dd8f67630f45fcaf58145eb81780b677ef62d57632d7e4442905ad3226a9088","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.2","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.15.3","useDigest":false}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -716,7 +716,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.2","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.15.3","useDigest":false}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml index c91ea6f69477..a91e1195f704 100644 --- a/install/kubernetes/cilium/values.yaml +++ b/install/kubernetes/cilium/values.yaml @@ -146,11 +146,11 @@ rollOutCiliumPods: false image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.2" + tag: "v1.15.3" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746" - useDigest: true + digest: "" + useDigest: false # -- Affinity for cilium-agent. affinity: @@ -1224,10 +1224,10 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.15.2" + tag: "v1.15.3" # hubble-relay-digest - digest: "sha256:48480053930e884adaeb4141259ff1893a22eb59707906c6d38de2fe01916cb0" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -2485,16 +2485,16 @@ operator: image: override: ~ repository: "quay.io/cilium/operator" - tag: "v1.15.2" + tag: "v1.15.3" # operator-generic-digest - genericDigest: "sha256:4dd8f67630f45fcaf58145eb81780b677ef62d57632d7e4442905ad3226a9088" + genericDigest: "" # operator-azure-digest - azureDigest: "sha256:568293cebc27c01a39a9341b1b2578ebf445228df437f8b318adbbb2c4db842a" + azureDigest: "" # operator-aws-digest - awsDigest: "sha256:3f459999b753bfd8626f8effdf66720a996b2c15c70f4e418011d00de33552eb" + awsDigest: "" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:e2dafa4c04ab05392a28561ab003c2894ec1fcc3214a4dfe2efd6b7d58a66650" - useDigest: true + alibabacloudDigest: "" + useDigest: false pullPolicy: "IfNotPresent" suffix: "" @@ -2780,10 +2780,10 @@ preflight: image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.15.2" + tag: "v1.15.3" # cilium-digest - digest: "sha256:bfeb3f1034282444ae8c498dca94044df2b9c9c8e7ac678e0b43c849f0b31746" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -2942,10 +2942,10 @@ clustermesh: image: override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.15.2" + tag: "v1.15.3" # clustermesh-apiserver-digest - digest: "sha256:478c77371f34d6fe5251427ff90c3912567c69b2bdc87d72377e42a42054f1c2" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" etcd: