Prepare for release v1.12.12

Signed-off-by: Maxim Mikityanskiy <maxim@isovalent.com>
cilium · Jul 26, 2023 · 9a5da0b · 9a5da0b
1 parent 99f386a
commit 9a5da0b
Show file tree

Hide file tree

Showing 10 changed files with 108 additions and 42 deletions.
diff --git a/.github/maintainers-little-helper.yaml b/.github/maintainers-little-helper.yaml
@@ -1,4 +1,4 @@
-project: "https://github.com/cilium/cilium/projects/237"
+project: "https://github.com/cilium/cilium/projects/243"
 column: "In progress"
 auto-label:
   - "kind/backports"

diff --git a/AUTHORS b/AUTHORS
@@ -23,6 +23,7 @@ Alex Katsman                            alexkats@google.com
 Alex Romanov                            alex@romanov.ws
 Alex Szakaly                            alex.szakaly@gmail.com
 Amey Bhide                              amey@covalent.io
+amitmavgupta                            115551423+amitmavgupta@users.noreply.github.com
 Amol Ambekar                            ambekara@google.com
 Amre Shakimov                           amre@covalent.io
 Anderson, David L                       david.l.anderson@intel.com
@@ -347,6 +348,7 @@ Neil Seward                             neil.seward@elasticpath.com
 Neil Wilson                             neil@aldur.co.uk
 Nick M                                  4718+rkage@users.noreply.github.com
 Nicolas Busseneau                       nicolas@isovalent.com
+Nicolas Sterchele                       nicolas@sterchelen.net
 Nico Vibert                             nicolas.vibert@isovalent.com
 Nikhil Jha                              hi@nikhiljha.com
 Nikhil Sharma                           nikhilsharma230303@gmail.com
@@ -370,6 +372,7 @@ Paul Chaignon                           paul.chaignon@gmail.com
 Pavel Pavlov                            40396270+PavelPavlov46@users.noreply.github.com
 Paweł Prażak                            pawelprazak@users.noreply.github.com
 Peiqi Shi                               uestc.shi@gmail.com
+Peter Jausovec                          peter.jausovec@solo.io
 Peter Slovak                            slovak.peto@gmail.com
 Philippe Lafoucrière                    philippe.lafoucriere@gmail.com
 Philipp Gniewosz                        philipp.gniewosz@cegeka.de

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,64 @@
 # Changelog
 
+## v1.12.12
+
+Summary of Changes
+------------------
+
+**Minor Changes:**
+* daemon: don't allow egress gateway with KV store identity allocation (Backport PR #26420, Upstream PR #26189, @jibi)
+
+**Bugfixes:**
+* bgpv1: Unconditionally select node when empty nodeSelector is given (Backport PR #26746, Upstream PR #26590, @YutaroHayakawa)
+* client, health/client: set dummy host header on unix:// local communication (Backport PR #26916, Upstream PR #26800, @tklauser)
+* Fix bug that caused transient IPsec packet drops on upgrades when tunneling is enabled. (Backport PR #26859, Upstream PR #26708, @pchaigno)
+* Fix bug where CNI gets installed even if cni.install=false (Backport PR #26420, Upstream PR #26278, @joestringer)
+* Fix path asymmetry when using pod-to-pod encryption with IPsec and tunnel mode. (Backport PR #26859, Upstream PR #25440, @pchaigno)
+* Fixed Cilium agent crash when policy refers to a non-existing Envoy listener. (Backport PR #26420, Upstream PR #25969, @jrajahalme)
+* Fixed proxy redirect policy implementation when any deny rule prevents them. (Backport PR #26750, Upstream PR #26344, @jrajahalme)
+* ingress: Delay secret sync if not available (Backport PR #26994, Upstream PR #26988, @sayboras)
+* ipsec: Split removeStaleXFRMOnce to fix deprioritization issue (Backport PR #26420, Upstream PR #26113, @jschwinger233)
+
+**CI Changes:**
+* ariane: don't skip verifier and l4lb tests on vendor/ changes (Backport PR #26738, Upstream PR #26715, @tklauser)
+* v1.12: ci: use Ariane to trigger workflows (#26579, @nbusseneau)
+
+**Misc Changes:**
+* Add cilium bpf nodeid list to bugtool and print nodeid in hex in ipcache dump (Backport PR #26420, Upstream PR #26130, @brb)
+* Adding an AWS architecture diagram for AWS FTR review (Backport PR #26420, Upstream PR #26016, @amitmavgupta)
+* Calling out support for Single-Region, Multi-Region, Multi-AZ for EKS (Backport PR #26420, Upstream PR #26015, @amitmavgupta)
+* chore(deps): update actions/setup-go action to v4 (v1.12) (#26447, @renovate[bot])
+* chore(deps): update all github action dependencies (v1.12) (minor) (#26446, @renovate[bot])
+* chore(deps): update all github action dependencies (v1.12) (patch) (#26443, @renovate[bot])
+* chore(deps): update docker.io/library/alpine docker tag to v3.16.6 (v1.12) (#26444, @renovate[bot])
+* chore(deps): update docker.io/library/alpine docker tag to v3.16.6 (v1.12) (#26445, @renovate[bot])
+* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to c9820a4 (v1.12) (#26705, @renovate[bot])
+* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to f8f6584 (v1.12) (#26442, @renovate[bot])
+* chore(deps): update docker/setup-buildx-action action to v2.9.1 (v1.12) (#26829, @renovate[bot])
+* chore(deps): update hubble cli to v0.12.0 (v1.12) (minor) (#26766, @renovate[bot])
+* doc: Documented incompatibility of EgressGW and kvstore (Backport PR #26659, Upstream PR #26139, @PhilipSchmid)
+* docker: Detect default "desktop-linux" builder (Backport PR #26420, Upstream PR #25908, @jrajahalme)
+* docs/ipsec: Clarify limitation on number of nodes (Backport PR #26859, Upstream PR #26810, @pchaigno)
+* docs: Bump Sphinx and sphinx-tabs version. (Backport PR #27059, Upstream PR #20997, @qmonnet)
+* docs: clarify that L3 DNS policies require L7 proxy enabled (Backport PR #26420, Upstream PR #26180, @wedaly)
+* docs: fixed search for every page (Backport PR #27059, Upstream PR #26892, @geakstr)
+* docs: Ignore Helm values, update spelling list (Backport PR #27059, Upstream PR #26759, @qmonnet)
+* docs: Pick up PyYAML 6.0.1 (Backport PR #26916, Upstream PR #26883, @michi-covalent)
+* docs: Revert Python version in docs-builder image to 3.7.9, downgrade sphinxcontrib-applehelp, to fix builds on Read The Docs (Backport PR #27059, Upstream PR #24099, @qmonnet)
+* docs: reword incorrect L7 policy description (Backport PR #26420, Upstream PR #26092, @peterj)
+* docs: Rework requirements.txt: Generate from minimal list (Backport PR #27059, Upstream PR #20978, @qmonnet)
+* docs: Update dependencies for documentation build system (Sphinx, add-ons etc.) (Backport PR #27059, Upstream PR #24014, @qmonnet)
+* Documentation: enable parallel builds (Backport PR #27059, Upstream PR #23752, @squeed)
+* Fix "make -C Documentation builder-image" (Backport PR #26916, Upstream PR #26874, @michi-covalent)
+
+**Other Changes:**
+* envoy: Bump envoy to v1.24.9 (#26806, @sayboras)
+* envoy: Bump envoy version to v1.24.10 (#27068, @sayboras)
+* envoy: Bump minor version to v1.24.x (#26328, @sayboras)
+* install: Update image digests for v1.12.11 (#26270, @qmonnet)
+* service: Handle backend with initial state set to Terminating (#25863, @sterchelen)
+* v1.12 docs: Use stable-v0.14.txt for cilium-cli version (#26466, @michi-covalent)
+
 ## v1.12.11
 
 Summary of Changes

diff --git a/Documentation/concepts/kubernetes/compatibility-table.rst b/Documentation/concepts/kubernetes/compatibility-table.rst
@@ -96,6 +96,8 @@
 +-----------------+----------------+
 | v1.11.17        | 1.24.4         |
 +-----------------+----------------+
+| v1.11.18        | 1.24.4         |
++-----------------+----------------+
 | v1.11           | 1.24.4         |
 +-----------------+----------------+
 | v1.12.0-rc0     | 1.25.1         |
@@ -128,6 +130,8 @@
 +-----------------+----------------+
 | v1.12.10        | 1.25.7         |
 +-----------------+----------------+
+| v1.12.11        | 1.25.7         |
++-----------------+----------------+
 | v1.12           | 1.25.7         |
 +-----------------+----------------+
 | latest / master | 1.26.9         |

diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
diff --git a/VERSION b/VERSION
@@ -1 +1 @@
-1.12.11
+1.12.12
diff --git a/install/kubernetes/Makefile.digests b/install/kubernetes/Makefile.digests
@@ -2,12 +2,12 @@
 # Copyright 2023 Authors of Cilium
 # SPDX-License-Identifier: Apache-2.0
 
-export CILIUM_DIGEST := "sha256:3fd8d9a6130783c245d90658ca379a7db88f249ec69464450fb53490cfbd7c55"
-export CLUSTERMESH_APISERVER_DIGEST := "sha256:f52391e0b74ac019a1ba22a19c0f4c979aa00f582332a3162af2a1fca3206371"
-export DOCKER_PLUGIN_DIGEST := "sha256:bbfb63b99655e0f3f2fc63ef4b49161d7454fdf127d62347162b4ee577a273fb"
-export HUBBLE_RELAY_DIGEST := "sha256:f52db09b652fd60d9d2bbebafd3befa9be0abecac923dd21d0f7052cd585270e"
-export OPERATOR_ALIBABACLOUD_DIGEST := "sha256:66ad7b1f2a39f336aade25b688e5b05da7df345b33c50a92f3e21dc949281507"
-export OPERATOR_AWS_DIGEST := "sha256:30dfe79131766c7ba992c9e5abe6dcb0d2d8e2021514dc56a4b89321dde45472"
-export OPERATOR_AZURE_DIGEST := "sha256:7753588ef3c038af47576feabeffd8a8a04f1a0911009c9752ee303658152d2d"
-export OPERATOR_GENERIC_DIGEST := "sha256:8fad1da87c9f308c21ad54784c91c0fc92dc620e2781561473e2c8e4f871eb29"
-export OPERATOR_DIGEST := "sha256:966056e8a05eca5fb2f9eb6c099e5a465e048d1351fbabf88406c53f2425990c"
+export CILIUM_DIGEST := ""
+export CLUSTERMESH_APISERVER_DIGEST := ""
+export DOCKER_PLUGIN_DIGEST := ""
+export HUBBLE_RELAY_DIGEST := ""
+export OPERATOR_ALIBABACLOUD_DIGEST := ""
+export OPERATOR_AWS_DIGEST := ""
+export OPERATOR_AZURE_DIGEST := ""
+export OPERATOR_GENERIC_DIGEST := ""
+export OPERATOR_DIGEST := ""
diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml
@@ -2,8 +2,8 @@ apiVersion: v2
 name: cilium
 displayName: Cilium
 home: https://cilium.io/
-version: 1.12.11
-appVersion: 1.12.11
+version: 1.12.12
+appVersion: 1.12.12
 kubeVersion: ">= 1.16.0-0"
 icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.12/Documentation/images/logo-solo.svg
 description: eBPF-based Networking, Security, and Observability

diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md
@@ -1,6 +1,6 @@
 # cilium
 
-![Version: 1.12.11](https://img.shields.io/badge/Version-1.12.11-informational?style=flat-square) ![AppVersion: 1.12.11](https://img.shields.io/badge/AppVersion-1.12.11-informational?style=flat-square)
+![Version: 1.12.12](https://img.shields.io/badge/Version-1.12.12-informational?style=flat-square) ![AppVersion: 1.12.12](https://img.shields.io/badge/AppVersion-1.12.12-informational?style=flat-square)
 
 Cilium is open source software for providing and transparently securing
 network connectivity and loadbalancing between application workloads such as
@@ -98,7 +98,7 @@ contributors across the globe, there is almost always someone available to help.
 | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. |
 | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. |
 | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. |
-| clustermesh.apiserver.image | object | `{"digest":"sha256:f52391e0b74ac019a1ba22a19c0f4c979aa00f582332a3162af2a1fca3206371","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.12.11","useDigest":true}` | Clustermesh API server image. |
+| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.12.12","useDigest":false}` | Clustermesh API server image. |
 | clustermesh.apiserver.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
 | clustermesh.apiserver.podAnnotations | object | `{}` | Annotations to be added to clustermesh-apiserver pods |
 | clustermesh.apiserver.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |
@@ -253,7 +253,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.relay.dialTimeout | string | `nil` | Dial timeout to connect to the local hubble instance to receive peer information (e.g. "30s"). |
 | hubble.relay.enabled | bool | `false` | Enable Hubble Relay (requires hubble.enabled=true) |
 | hubble.relay.extraEnv | list | `[]` | Additional hubble-relay environment variables. |
-| hubble.relay.image | object | `{"digest":"sha256:f52db09b652fd60d9d2bbebafd3befa9be0abecac923dd21d0f7052cd585270e","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.12.11","useDigest":true}` | Hubble-relay container image. |
+| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.12.12","useDigest":false}` | Hubble-relay container image. |
 | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. |
 | hubble.relay.listenPort | string | `"4245"` | Port to listen to. |
 | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/ |
@@ -344,7 +344,7 @@ contributors across the globe, there is almost always someone available to help.
 | hubble.ui.tolerations | list | `[]` | Node tolerations for pod assignment on nodes with taints ref: https://kubernetes.io/docs/concepts/configuration/assign-pod-node/  |
 | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. |
 | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). |
-| image | object | `{"digest":"sha256:3fd8d9a6130783c245d90658ca379a7db88f249ec69464450fb53490cfbd7c55","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.12.11","useDigest":true}` | Agent container image. |
+| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.12.12","useDigest":false}` | Agent container image. |
 | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images |
 | ingressController.enabled | bool | `false` | Enable cilium ingress controller This will automatically set enable-envoy-config as well. |
 | ingressController.enforceHttps | bool | `true` | Enforce https for host having matching TLS host in Ingress. Incoming traffic to http listener will return 308 http error code with respective location in header. |
@@ -410,7 +410,7 @@ contributors across the globe, there is almost always someone available to help.
 | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. |
 | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. |
 | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. |
-| operator.image | object | `{"alibabacloudDigest":"sha256:66ad7b1f2a39f336aade25b688e5b05da7df345b33c50a92f3e21dc949281507","awsDigest":"sha256:30dfe79131766c7ba992c9e5abe6dcb0d2d8e2021514dc56a4b89321dde45472","azureDigest":"sha256:7753588ef3c038af47576feabeffd8a8a04f1a0911009c9752ee303658152d2d","genericDigest":"sha256:8fad1da87c9f308c21ad54784c91c0fc92dc620e2781561473e2c8e4f871eb29","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.12.11","useDigest":true}` | cilium-operator image. |
+| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.12.12","useDigest":false}` | cilium-operator image. |
 | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. |
 | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/  |
 | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods |
@@ -453,7 +453,7 @@ contributors across the globe, there is almost always someone available to help.
 | preflight.extraEnv | list | `[]` | Additional preflight environment variables. |
 | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. |
 | preflight.extraVolumes | list | `[]` | Additional preflight volumes. |
-| preflight.image | object | `{"digest":"sha256:3fd8d9a6130783c245d90658ca379a7db88f249ec69464450fb53490cfbd7c55","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.12.11","useDigest":true}` | Cilium pre-flight image. |
+| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.12.12","useDigest":false}` | Cilium pre-flight image. |
 | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/user-guide/node-selection/  |
 | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods |
 | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ |