Prepare for release v1.14.2

Signed-off-by: Michi Mutsuzaki <michi@isovalent.com>
cilium · Sep 11, 2023 · a674894 · a674894
1 parent 56480f4
commit a674894
Show file tree

Hide file tree

Showing 11 changed files with 177 additions and 50 deletions.
diff --git a/.github/maintainers-little-helper.yaml b/.github/maintainers-little-helper.yaml
@@ -1,4 +1,4 @@
-project: "https://github.com/cilium/cilium/projects/247"
+project: "https://github.com/cilium/cilium/projects/249"
 column: "In progress"
 auto-label:
   - "kind/backports"

diff --git a/AUTHORS b/AUTHORS
@@ -28,6 +28,7 @@ Alexey Grevtsev                         alexey.grevtcev@gmail.com
 Alex Katsman                            alexkats@google.com
 Alex Romanov                            alex@romanov.ws
 Alex Szakaly                            alex.szakaly@gmail.com
+Alex Waring                             alex.waring@starlingbank.com
 Alok Kumar Singh                        alokaks601@gmail.com
 Amey Bhide                              amey@covalent.io
 amitmavgupta                            115551423+amitmavgupta@users.noreply.github.com
@@ -36,6 +37,7 @@ Amre Shakimov                           amre@covalent.io
 Anderson, David L                       david.l.anderson@intel.com
 Andor Nemeth                            andor_nemeth@swissre.com
 Andree Klattenhoff                      mail@andr.ee
+Andrei Kvapil                           kvapss@gmail.com
 André Martins                           andre@cilium.io
 Andrew Bulford                          andrew.bulford@form3.tech
 Andrew Holt                             andrew.holt@utmost.co
@@ -44,6 +46,7 @@ Andrew Sy Kim                           kim.andrewsy@gmail.com
 Andrey Devyatkin                        andrey.devyatkin@fivexl.io
 Andrey Klimentyev                       andrey.klimentyev@flant.com
 Andrey Voronkov                         voronkovaa@gmail.com
+Andrii Iuspin                           yuspin@gmail.com
 Andrzej Mamak                           nqaegg@gmail.com
 Andy Allred                             andy@punasusi.com
 Aniruddha Amit Dutta                    duttaaniruddha31@gmail.com
@@ -107,6 +110,7 @@ Changyu Wang                            changyuwang@tencent.com
 Charles-Edouard Brétéché                charled.breteche@gmail.com
 Charles-Henri Guérin                    charles-henri.guerin@zenika.com
 Chen Kang                               kongchen28@gmail.com
+chentanjun                              tanjunchen20@gmail.com
 chenyahui                               chenyahui9@jd.com
 Chen Yaqi                               chenyaqi01@baidu.com
 chenyuezhou                             zcy.chenyue.zhou@gmail.com
@@ -260,6 +264,7 @@ Ian Vernon                              ian@cilium.io
 Ifeanyi Ubah                            ify1992@yahoo.com
 Ilya Dmitrichenko                       errordeveloper@gmail.com
 Ilya Shaisultanov                       ilya.shaisultanov@gmail.com
+ishuar                                  ishansharma887@gmail.com
 Ivan Makarychev                         i.makarychev@tinkoff.ru
 Ivar Lazzaro                            ivarlazzaro@gmail.com
 Jack-R-lantern                          tjdfkr2421@gmail.com
@@ -270,6 +275,7 @@ James Brookes                           jbrookes@confluent.io
 James Laverack                          james@isovalent.com
 James McShane                           james.mcshane@superorbital.io
 Jan-Erik Rediger                        janerik@fnordig.de
+Jan Jansen                              jan.jansen@gdata.de
 Jan Mraz                                strudelpi@pm.me
 Jarno Rajahalme                         jarno@isovalent.com
 Jean Raby                               jean@raby.sh
@@ -353,7 +359,7 @@ Lorenzo Fundaró                         lorenzofundaro@gmail.com
 Louis DeLosSantos                       louis@isovalent.com
 lou-lan                                 loulan@loulan.me
 lucming                                 2876757716@qq.com
-Maartje Eyskens                         maartje@eyskens.me
+Maartje Eyskens                         maartje.eyskens@isovalent.com
 Maciej Fijalkowski                      maciej.fijalkowski@intel.com
 Maciej Kwiek                            maciej@isovalent.com
 Maciej Skrocki                          maciejskrocki@google.com
@@ -466,6 +472,7 @@ Parth Patel                             parth.psu@gmail.com
 Patrice Chalin                          chalin@cncf.io
 Patrice Peterson                        patrice.peterson@mailbox.org
 Patrick Mahoney                         pmahoney@greenkeytech.com
+Patrick Reich                           patrick@neodyme.io
 Pat Riehecky                            riehecky@fnal.gov
 Patrik Cyvoct                           patrik@ptrk.io
 Paul Chaignon                           paul.chaignon@gmail.com
@@ -507,6 +514,8 @@ Rémy Léone                              rleone@scaleway.com
 Renat Tuktarov                          yandzeek@gmail.com
 Rene Luria                              rene@luria.ch
 Rene Zbinden                            rene.zbinden@postfinance.ch
+Richard Lavoie                          richard.lavoie@logmein.com
+Richard Tweed                           RichardoC@users.noreply.github.com
 Ricky Ho                                horicky78@gmail.com
 Rio Kierkels                            riokierkels@gmail.com
 Robin Gögge                             r.goegge@isovalent.com
@@ -545,6 +554,7 @@ Sergey Generalov                        sergey@isovalent.com
 Sergey Monakhov                         monakhov@puzl.ee
 Sergey Shevchenko                       sergeyshevchdevelop@gmail.com
 Sergio Ballesteros                      snaker@locolandia.net
+sh2                                     shawnhxh@outlook.com
 Shane Utt                               shaneutt@linux.com
 Shantanu Deshpande                      shantanud106@gmail.com
 Shunpoco                                tkngsnsk313320@gmail.com
@@ -605,6 +615,7 @@ Trevor Roberts Jr                       Trevor.Roberts.Jr@gmail.com
 Trevor Tao                              trevor.tao@arm.com
 Umesh Keerthy B S                       umesh.freelance@gmail.com
 Vadim Ponomarev                         velizarx@gmail.com
+vakr                                    vakr@microsoft.com
 Valas Valancius                         valas@google.com
 Vance Li                                vanceli@tencent.com
 Vigneshwaren Sunder                     vickymailed@gmail.com

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,115 @@
 # Changelog
 
+## v1.14.2
+
+Summary of Changes
+------------------
+
+**Minor Changes:**
+* Add SPIRE connection to `cilium status` (Backport PR #27649, Upstream PR #26896, @meyskens)
+* Fix: Affinity in cilium-pre-flight-check daemonset. (Backport PR #27629, Upstream PR #27475, @ishuar)
+* gateway-api: Support all the extended features (Backport PR #27655, Upstream PR #27472, @sayboras)
+
+**Bugfixes:**
+* bpf: nodeport: add RevDNAT-based FIB lookup for reply traffic (Backport PR #27381, Upstream PR #26638, @julianwiedmann)
+* cgroups: Fix race to load cgroup.hostRoot option (Backport PR #27629, Upstream PR #27561, @kvaps)
+* Do mutual authentication handshake again if mismatch between bpf map and cached map happens (Backport PR #27739, Upstream PR #27241, @meyskens)
+* envoy: fix panic writing accesslog without L7 tags (Backport PR #27629, Upstream PR #27453, @mhofstetter)
+* Fix a bug that could cause an incorrect max. sequence number to be reported by `cilium encrypt status` when IPsec is enabled. (Backport PR #27917, Upstream PR #27656, @pchaigno)
+* Fix a bug where cilium host IP is not read from k8s node annotations (Backport PR #27679, Upstream PR #27590, @hemanthmalla)
+* Fix behavior where SPIRE doesn't work when kubelet does not listen on 127.0.0.1 (Backport PR #27679, Upstream PR #27583, @weizhoublue)
+* Fix bug that could cause packet drops of type XfrmOutPolBlock while rotating the IPsec key. (Backport PR #27586, Upstream PR #27319, @jrfastab)
+* Fix connectivity issues caused by missing conntrack entry when service pod connects to itself via clusterIP. (Backport PR #27920, Upstream PR #27602, @julianwiedmann)
+* Fix deletion of tunnel map entries when node has non-zero cluster ID. (Backport PR #27629, Upstream PR #27353, @giorio94)
+* Fix Gateway managed services not exposing all ports (Backport PR #27917, Upstream PR #27695, @Managarmrr)
+* Fix global service incompatibility when v1.14 agents connect to a v1.13 cluster (#27882, @giorio94)
+* Fix issue which caused the map reconciliation process to never complete successfully if the error resolved automatically (Backport PR #27629, Upstream PR #26742, @giorio94)
+* Fix missing packet trace after `from-container` for reply traffic to the proxy. (Backport PR #27917, Upstream PR #27872, @pchaigno)
+* Fix potential cross-node connectivity issue when IPsec is enabled with ENI or Azure IPAM modes. (Backport PR #27924, Upstream PR #26663, @gandro)
+* Fix propagation of namespace labels to CEP labels (Backport PR #27917, Upstream PR #27831, @tklauser)
+* Fix several paths in the North-South load-balancer where the TTL / hop-limit field of a forwarded packet was not updated. (Backport PR #27379, Upstream PR #27299, @julianwiedmann)
+* Fixes a issue that IPsec key rotation can't be triggered. (Backport PR #27739, Upstream PR #27694, @jschwinger233)
+* gateway-api: Filter routes based on Section Name and port (Backport PR #27629, Upstream PR #27309, @sayboras)
+* gateway-api: Merge externally annotations and labels for kubernetes types (Backport PR #27629, Upstream PR #27251, @farodin91)
+* helm: fix envoy daemonset loglevel with multiple verbose debug groups (Backport PR #27917, Upstream PR #27698, @mhofstetter)
+* ingress: fix panic on ingress rule without HTTPIngressRule (Backport PR #27917, Upstream PR #27818, @mhofstetter)
+* ipam: when a CiliumNode is removed, delete node label from metrics. (Backport PR #27917, Upstream PR #27713, @tommyp1ckles)
+* IPSec fix for race on init resulting in Xfrm*In* errors and dropped packets (Backport PR #28021, Upstream PR #28012, @jrfastab)
+* k8s: Restrict configuring reserved:init policy via CNP (Backport PR #28038, Upstream PR #28007, @joestringer)
+* Prioritization of which DNS mappings to keep was suboptimal, leading to evictions of mappings related to alive connections, worsening performance of fqdn policies and causing spurious logging. (Backport PR #27917, Upstream PR #27572, @bimmlerd)
+* proxy: Ignore visibility annotation if proxy is disabled (Backport PR #27679, Upstream PR #27597, @sayboras)
+* Read FQDNRejectResponseCode from config (Backport PR #27739, Upstream PR #27362, @ayuspin)
+
+**CI Changes:**
+* .github/workflows: unify time to wait for images to become available (Backport PR #27917, Upstream PR #27706, @tklauser)
+* Add missing ariane trigger phrases (Backport PR #27917, Upstream PR #27822, @tklauser)
+* Add secondary iface to KIND network (Backport PR #27679, Upstream PR #26338, @ysksuzuki)
+* bpf: complexity-tests: set -DHAVE_LARGE_INSN_LIMIT=1 for new kernels (Backport PR #27701, Upstream PR #27490, @julianwiedmann)
+* ci-e2e: Add secondary network NodePort tests (Backport PR #27917, Upstream PR #27738, @brb)
+* ci-ipsec-upgrade: Bump CLI to v0.15.5 (Backport PR #27629, Upstream PR #27230, @brb)
+* ci-ipsec-upgrade: Skip upon test/Documentation changes (Backport PR #27679, Upstream PR #27644, @brb)
+* ci: remove unavailable K8s 1.22 from GKE config (Backport PR #27629, Upstream PR #27365, @mhofstetter)
+* CI: Rename workflow names (Backport PR #27739, Upstream PR #27391, @brlbil)
+* CI: Update tested k8s version for aks (Backport PR #27629, Upstream PR #27457, @brlbil)
+* Disable the images digest when pushing the development helm chart (Backport PR #27739, Upstream PR #27646, @giorio94)
+* gh/actions: Customize cilium-config (Backport PR #27917, Upstream PR #27416, @brb)
+* gh/workflows: Use cilium-config action in ci-ipsec-upgrade (Backport PR #27917, Upstream PR #27359, @brb)
+* gha: fix waiting for images in conformance-gingko (Backport PR #27629, Upstream PR #27397, @giorio94)
+* Set kvstoremesh image when pushing the development helm chart (Backport PR #27679, Upstream PR #27645, @giorio94)
+* test: print logical instruction count per program (Backport PR #27629, Upstream PR #26641, @ti-mo)
+
+**Misc Changes:**
+* [v1.14] cilium: Fix 16bit ifindex limitation (#27880, @borkmann)
+* Add WireGuard to the firewall rules documentation (Backport PR #27917, Upstream PR #27170, @joestringer)
+* bpf: egressgw: set trace reason for reply traffic (Backport PR #27524, Upstream PR #27218, @julianwiedmann)
+* bpf: nat: enable CT-driven trace aggregation (Backport PR #27524, Upstream PR #27178, @julianwiedmann)
+* bpf: nat: let caller determine whether SNATed connection needs CT (Backport PR #27524, Upstream PR #27079, @julianwiedmann)
+* bpf: nodeport: consolidate packet rewrite in RevDNAT path (Backport PR #27381, Upstream PR #26852, @julianwiedmann)
+* bpf: split complexity configurations into separate files (Backport PR #27701, Upstream PR #26925, @lmb)
+* chore(deps): update all kind-images main (v1.14) (#27746, @renovate[bot])
+* chore(deps): update all kind-images main (v1.14) (patch) (#27772, @renovate[bot])
+* chore(deps): update all lvh-images main (v1.14) (patch) (#27422, @renovate[bot])
+* chore(deps): update all lvh-images main (v1.14) (patch) (#27773, @renovate[bot])
+* chore(deps): update aws-actions/configure-aws-credentials action to v3 (v1.14) (#27777, @renovate[bot])
+* chore(deps): update dependency cilium/cilium-cli to v0.15.6 (v1.14) (#27769, @renovate[bot])
+* chore(deps): update dependency cilium/cilium-cli to v0.15.7 (v1.14) (#27919, @renovate[bot])
+* chore(deps): update dependency google/gops to v0.3.28 (v1.14) (#27413, @renovate[bot])
+* chore(deps): update dependency kubernetes/kubernetes to v1.27.5 (v1.14) (#27774, @renovate[bot])
+* chore(deps): update dependency ubuntu to v22 (v1.14) (#27778, @renovate[bot])
+* chore(deps): update docker.io/library/alpine docker tag to v3.18.3 (v1.14) (#27775, @renovate[bot])
+* chore(deps): update docker.io/library/golang:1.20.7 docker digest to 741d6f9 (v1.14) (#27768, @renovate[bot])
+* chore(deps): update docker.io/library/golang:1.20.8 docker digest to 700d726 (v1.14) (#28049, @renovate[bot])
+* chore(deps): update docker.io/library/ubuntu:22.04 docker digest to ec050c3 (v1.14) (#27546, @renovate[bot])
+* chore(deps): update go to v1.20.8 (v1.14) (patch) (#27990, @renovate[bot])
+* chore: fixing blank k8sPodName in endpoint logger (Backport PR #27629, Upstream PR #26964, @vakalapa)
+* cilium, docs: Add a note about KPR and nfs dependencies (Backport PR #27739, Upstream PR #27678, @borkmann)
+* clean-up: remove check for permissive CCNPs (Backport PR #27739, Upstream PR #27690, @shawnh2)
+* contrib/scripts/kind.sh: specify IPv4 prefix and range on secondary network (Backport PR #27679, Upstream PR #27573, @tklauser)
+* Correct cni path in k3s installation documentation for rancher desktop (Backport PR #27739, Upstream PR #27702, @RichardoC)
+* docs: Clean up prerequisites for the Ingress Controller (Backport PR #27629, Upstream PR #27222, @qmonnet)
+* docs: Clean up references to deprecated modes "strict" and "partial" for kube-proxy replacement feature flag (Backport PR #27679, Upstream PR #27314, @qmonnet)
+* docs: Correct comment on toFQDN API definition (Backport PR #27629, Upstream PR #27496, @Alex-Waring)
+* docs: Fix config option for spelling filters (Backport PR #27629, Upstream PR #27537, @qmonnet)
+* docs: Fix Documentation Makefile to make Helm reference updates compatible with macOS (Backport PR #27629, Upstream PR #27495, @ishuar)
+* docs: Harmonise references to Cilium Slack (Backport PR #27629, Upstream PR #27346, @qmonnet)
+* docs: Improve wording for labels and services policies (Backport PR #27917, Upstream PR #27171, @joestringer)
+* docs: Remove proxylib limitation in observability section (Backport PR #27629, Upstream PR #27306, @darkrift)
+* docs: update L7 traffic CiliumClusterwideEnvoyConfig example (Backport PR #27629, Upstream PR #27409, @tanjunchen)
+* docs: Update the microservices-demo link (Backport PR #27917, Upstream PR #27814, @haiyuewa)
+* docs: Update the mutual authentication key format (Backport PR #27679, Upstream PR #27640, @haiyuewa)
+* egressgw: small test fixes (Backport PR #27701, Upstream PR #27574, @lmb)
+* Gatewap API: Implement generic route checks (Backport PR #27655, Upstream PR #25885, @meyskens)
+* renovate: Don't exclude github.com/{cilium,vishvananda}/netlink anymore (Backport PR #27629, Upstream PR #27342, @lambdanis)
+* typo: the clustermesh secret name (Backport PR #27739, Upstream PR #27658, @weizhoublue)
+* Update Cilium certgen from v0.1.8 to v0.1.9 (Backport PR #27629, Upstream PR #27511, @rolinh)
+
+**Other Changes:**
+* [1.14] test: add namespace name in pod metadata test (#28032, @nebril)
+* backport v1.14: gh/workflows: Reusable workflow for ci-e2e and misc changes (#27375, @brb)
+* doc: Migrate to .readthedocs.yaml configuration file v2 (#27571, @doniacld)
+* envoy: Update envoy image with newer proxylib builder (#27650, @sayboras)
+* install: Update image digests for v1.14.1 (#27505, @nebril)
+
 ## v1.14.1
 
 Summary of Changes