From cf6e022edbedc39c35237330ab85c158ff17f207 Mon Sep 17 00:00:00 2001 From: Tim Horner Date: Wed, 13 Mar 2024 12:23:35 -0400 Subject: [PATCH] Prepare for release v1.14.8 Signed-off-by: Tim Horner --- .github/maintainers-little-helper.yaml | 2 +- AUTHORS | 7 +- CHANGELOG.md | 78 +++++++++++++++++++ Documentation/helm-values.rst | 12 +-- .../kubernetes/compatibility-table.rst | 8 +- VERSION | 2 +- install/kubernetes/Makefile.digests | 20 ++--- install/kubernetes/cilium/Chart.yaml | 4 +- install/kubernetes/cilium/README.md | 14 ++-- install/kubernetes/cilium/values.yaml | 42 +++++----- 10 files changed, 138 insertions(+), 51 deletions(-) diff --git a/.github/maintainers-little-helper.yaml b/.github/maintainers-little-helper.yaml index 1957ee1fa38f..8fbd2843e947 100644 --- a/.github/maintainers-little-helper.yaml +++ b/.github/maintainers-little-helper.yaml @@ -1,4 +1,4 @@ -project: "https://github.com/cilium/cilium/projects/268" +project: "https://github.com/cilium/cilium/projects/276" column: "In progress" auto-label: - "kind/backports" diff --git a/AUTHORS b/AUTHORS index 454ec0c89325..0cc5467e2807 100644 --- a/AUTHORS +++ b/AUTHORS @@ -43,6 +43,7 @@ Andrew Bulford andrew.bulford@form3.tech Andrew Holt andrew.holt@utmost.co Andrew Sauber 2046750+asauber@users.noreply.github.com Andrew Sy Kim kim.andrewsy@gmail.com +Andrew Titmuss iandrewt@icloud.com Andrey Devyatkin andrey.devyatkin@fivexl.io Andrey Klimentyev andrey.klimentyev@flant.com Andrey Voronkov voronkovaa@gmail.com @@ -64,6 +65,7 @@ Anurag Aggarwal anurag.aggarwal@flipkart.com Archana Shinde archana.m.shinde@intel.com Arika Chen eaglesora@gmail.com Arnaud Meukam ameukam@gmail.com +Arseniy Belorukov a.belorukov@team.bumble.com Arthur Chiao arthurchiao@hotmail.com ArthurChiao arthurchiao@hotmail.com Arthur Evstifeev mail@ap4y.me @@ -87,7 +89,7 @@ Benoît Sauvère benoit.sauvere@backmarket.com Bill Mulligan billmulligan516@gmail.com Bingshen Wang bingshen.wbs@alibaba-inc.com Bingwu Yang detailyang@gmail.com -Birol Bilgin birolbilgin@gmail.com +Birol Bilgin birol@cilium.io Bob Bouteillier bob.bouteillier@datadoghq.com Bokang Li libokang.dev@gmail.com Bolun Zhao blzhao@google.com @@ -168,6 +170,7 @@ David Korczynski david@adalogics.com David Schlosnagle davids@palantir.com David Wolffberg 1350533+wolffberg@users.noreply.github.com Dawn lx1960753013@gmail.com +Dean 22192242+saintdle@users.noreply.github.com Deepesha Burse deepesha.3007@gmail.com Deepesh Pathak deepshpathak@gmail.com Denis Khachyan khachyanda.gmail.com @@ -529,7 +532,7 @@ Richard Lavoie richard.lavoie@logmein.com Richard Tweed RichardoC@users.noreply.github.com Ricky Ho horicky78@gmail.com Rio Kierkels riokierkels@gmail.com -Robin Gögge r.goegge@isovalent.com +Robin Gögge r.goegge@gmail.com Robin Hahling robin.hahling@gw-computing.net Rocky Chen 40374064+rockc2020@users.noreply.github.com Rodrigo Chacon rochacon@gmail.com diff --git a/CHANGELOG.md b/CHANGELOG.md index a44af80fba2b..b6e1e5024c6b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,83 @@ # Changelog +## v1.14.8 + +Summary of Changes +------------------ + +**Minor Changes:** +* Enhance trace events from the outbound SNAT path, to report the pre-SNAT IP address and the interface index of the egress interface. (Backport PR #30835, Upstream PR #28723, @julianwiedmann) +* Fixes a bug where ToFQDN IPs may be garbage collected too early, disrupting existing connections. (Backport PR #31337, Upstream PR #31205, @squeed) + +**Bugfixes:** +* endpoint: fix inability to create endpoint with labels in a single API call (Backport PR #31000, Upstream PR #30170, @oblazek) +* Fix bug prevented endpoints from sending or receiving network traffic due to the 'reserved:init' label persisting after initialization. (Backport PR #31048, Upstream PR #30909, @aanm) +* Fixes an IPv6 issue that cilium doesn't respond to Neighbor Solicitation targeting the pods on same node. (Backport PR #31186, Upstream PR #30837, @jschwinger233) +* Fixes an L7 proxy issue by re-introducing 2005 route table. (Backport PR #31160, Upstream PR #29530, @jschwinger233) +* Fixes proxy issues by opting out from SNAT for L7 + Tunnel. (Backport PR #31160, Upstream PR #29594, @jschwinger233) +* Fixes proxy issues in egress direction (Backport PR #31160, Upstream PR #30095, @jschwinger233) +* helm: Probe Envoy DaemonSet localhost IP directly (Backport PR #31000, Upstream PR #30970, @iandrewt) +* Policy revert used in rare error cases has been corrected. (Backport PR #30882, Upstream PR #29162, @jrajahalme) +* srv6: Fix packet drop with GSO type mismatch (Backport PR #30800, Upstream PR #30732, @YutaroHayakawa) +* xds: Avoid xds timeout due to agent restart in envoy DS mode (Backport PR #31156, Upstream PR #31061, @sayboras) + +**CI Changes:** +* Align again conformance clustermesh matrix entries with main as the interoperability issue has been fixed (#30912, @giorio94) +* ci-e2e: restore 6.1 kernels (#30862, @lmb) +* ci/ipsec: Fix downgrade version retrieval (Backport PR #31048, Upstream PR #30742, @qmonnet) +* ci: Enhance test execution security by restricting permissions to the 'organization-members' team (Backport PR #30864, Upstream PR #30790, @brlbil) +* CI: Update tested K8S versions across all cloud providers (Backport PR #30864, Upstream PR #30795, @brlbil) +* Fix datapath mode in Network Performance CI test (Backport PR #30864, Upstream PR #30756, @marseel) +* workflows: Clean IPsec test output (Backport PR #30800, Upstream PR #30759, @pchaigno) + +**Misc Changes:** +* bgpv1: Remove disruptive error handling from BGPRouterManager (#30765, @YutaroHayakawa) +* bgpv1: Remove or downgrade noisy logs (Backport PR #31000, Upstream PR #30868, @YutaroHayakawa) +* bitlpm: Factor out common code (Backport PR #31156, Upstream PR #31026, @jrajahalme) +* bpf: host: optimize from-host's ICMPv6 path (Backport PR #31186, Upstream PR #31127, @julianwiedmann) +* bpf: host: skip from-proxy handling in from-netdev (Backport PR #31160, Upstream PR #29962, @julianwiedmann) +* bpf: l3: restore MARK_MAGIC_PROXY_INGRESS for from-proxy traffic (Backport PR #31160, Upstream PR #29721, @julianwiedmann) +* bpf: minor ICMPv6 improvements (Backport PR #31186, Upstream PR #26563, @julianwiedmann) +* bugtool: Capture memory fragmentation info from /proc (Backport PR #31156, Upstream PR #30966, @pchaigno) +* Bump google.golang.org/protobuf (v1.14) (#31314, @ferozsalam) +* chore(deps): update actions/download-artifact action to v4.1.3 (v1.14) (#30989, @renovate[bot]) +* chore(deps): update all github action dependencies (v1.14) (#30954, @renovate[bot]) +* chore(deps): update all github action dependencies (v1.14) (#31114, @renovate[bot]) +* chore(deps): update all github action dependencies (v1.14) (#31294, @renovate[bot]) +* chore(deps): update all github action dependencies (v1.14) (patch) (#31136, @renovate[bot]) +* chore(deps): update all github action dependencies to v4 (v1.14) (major) (#30782, @renovate[bot]) +* chore(deps): update all-dependencies (v1.14) (#30952, @renovate[bot]) +* chore(deps): update dependency cilium/cilium-cli to v0.15.23 (v1.14) (#30861, @renovate[bot]) +* chore(deps): update dependency cilium/cilium-cli to v0.16.0 (v1.14) (#31173, @renovate[bot]) +* chore(deps): update docker.io/library/ubuntu:22.04 docker digest to 77906da (v1.14) (#31291, @renovate[bot]) +* chore(deps): update docker.io/library/ubuntu:22.04 docker digest to e9569c2 (v1.14) (#30739, @renovate[bot]) +* chore(deps): update go to v1.21.7 (v1.14) (#30953, @renovate[bot]) +* chore(deps): update go to v1.21.8 (v1.14) (#31184, @renovate[bot]) +* chore(deps): update hubble cli to v0.13.2 (v1.14) (#31339, @renovate[bot]) +* chore(deps): update quay.io/lvh-images/kind docker tag to v6.6-20240221.111541 (v1.14) (#30979, @renovate[bot]) +* chore(deps): update stable lvh-images (v1.14) (patch) (#30653, @renovate[bot]) +* chore(deps): update stable lvh-images (v1.14) (patch) (#31137, @renovate[bot]) +* chore(deps): update stable lvh-images (v1.14) (patch) (#31293, @renovate[bot]) +* container/bitlpm: Add Lookup Boolean Return Value (Backport PR #31156, Upstream PR #31037, @nathanjsweet) +* docs: Document XfrmInStateInvalid errors (Backport PR #30800, Upstream PR #30151, @pchaigno) +* docs: Fix 'kubectl exec' invocations (quotes, double dash separator) in example script kafka-sw-gen-traffic.sh (Backport PR #31156, Upstream PR #30462, @saintdle) +* identity/cache: only call SortedList for release (Backport PR #30864, Upstream PR #27796, @bimmlerd) +* images: bump cni plugins to v1.4.1 (#31349, @aanm) +* lbipam: copy slice before modification in (*LBIPAM).handlePoolModified (Backport PR #31000, Upstream PR #30859, @tklauser) +* loader: also populate NATIVE_DEV_IFINDEX for cilium_overlay (Backport PR #31156, Upstream PR #31025, @julianwiedmann) +* pkg: Add Bitwise LPM Trie Library (Backport PR #30864, Upstream PR #29717, @nathanjsweet) +* pkg: proxy: only install from-proxy rules/routes for native routing (Backport PR #31160, Upstream PR #29761, @julianwiedmann) +* slices: don't modify input slices in test (Backport PR #31000, Upstream PR #30677, @tklauser) + +**Other Changes:** +* [v1.14] bpf: nodeport: add missing ifindex in NAT trace event (#31022, @julianwiedmann) +* [v1.14] envoy: Bump golang version to 1.21.8 (#31222, @sayboras) +* [v1.14] iptables: Read CNI chaining mode from CNI config manager (#31265, @pippolo84) +* cli: Replace --cluster-name with --helm-set cluster.name (#31177, @michi-covalent) +* install: Update image digests for v1.14.7 (#30752, @michi-covalent) +* Upgrade GoBGP to v3.23.0 and backport #28293 (#30793, @YutaroHayakawa) +* v1.14: WG L7 (#31267, @brb) + ## v1.14.7 Summary of Changes diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst index d8506b9b1eb4..6ab5eaa20ac6 100644 --- a/Documentation/helm-values.rst +++ b/Documentation/helm-values.rst @@ -423,7 +423,7 @@ * - :spelling:ignore:`clustermesh.apiserver.image` - Clustermesh API server image. - object - - ``{"digest":"sha256:28f3ffe53365ca79831af600f09a95c0b3e9959f5f891b416dab8cedd90c263d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.7","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`clustermesh.apiserver.kvstoremesh.enabled` - Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. - bool @@ -443,7 +443,7 @@ * - :spelling:ignore:`clustermesh.apiserver.kvstoremesh.image` - KVStoreMesh image. - object - - ``{"digest":"sha256:4386d522bce35ce55650d4bd100d9458bf5b99d6ebbb709016aec25bf50e7b8d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.7","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`clustermesh.apiserver.kvstoremesh.resources` - Resource requests and limits for the KVStoreMesh container - object @@ -1479,7 +1479,7 @@ * - :spelling:ignore:`hubble.relay.image` - Hubble-relay container image. - object - - ``{"digest":"sha256:46762393daf4a0aaef76b106614c2615942f98f10aeacd435ea3fb1a0bdf69e4","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.7","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`hubble.relay.listenHost` - Host to listen to. Specify an empty string to bind to all the interfaces. - string @@ -1847,7 +1847,7 @@ * - :spelling:ignore:`image` - Agent container image. - object - - ``{"digest":"sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.7","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`imagePullSecrets` - Configure image pull secrets for pulling container images - string @@ -2279,7 +2279,7 @@ * - :spelling:ignore:`operator.image` - cilium-operator image. - object - - ``{"alibabacloudDigest":"sha256:93e8a51655ee167a9eef42269e1f10fc2f74bdf4377299687fe4266dd07b534a","awsDigest":"sha256:161dde3302b259ebca4964b7ee3f995ddbc02dd52deb5d411cbd9b7db66e223d","azureDigest":"sha256:7a7faaa0aa981a2819ba74b7e3615c638e1e186bb91efbddf4b0c78a4774477e","genericDigest":"sha256:37ef0bd85c27c765c637cd58c3ff4a559f8734ae39f9d1839a3ac7803de7b952","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.7","useDigest":true}`` + - ``{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`operator.nodeGCInterval` - Interval for cilium node garbage collection. - string @@ -2467,7 +2467,7 @@ * - :spelling:ignore:`preflight.image` - Cilium pre-flight image. - object - - ``{"digest":"sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.7","useDigest":true}`` + - ``{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.8","useDigest":false}`` * - :spelling:ignore:`preflight.nodeSelector` - Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector - object diff --git a/Documentation/network/kubernetes/compatibility-table.rst b/Documentation/network/kubernetes/compatibility-table.rst index c86740087245..9b68a90c8ed4 100644 --- a/Documentation/network/kubernetes/compatibility-table.rst +++ b/Documentation/network/kubernetes/compatibility-table.rst @@ -48,6 +48,8 @@ +--------------------+----------------+ | v1.12.18 | 1.25.7 | +--------------------+----------------+ +| v1.12.19 | 1.25.7 | ++--------------------+----------------+ | v1.12 | 1.25.7 | +--------------------+----------------+ | v1.13.0-rc0 | 1.26.0 | @@ -86,6 +88,8 @@ +--------------------+----------------+ | v1.13.11 | 1.26.7 | +--------------------+----------------+ +| v1.13.12 | 1.26.7 | ++--------------------+----------------+ | v1.13 | 1.26.7 | +--------------------+----------------+ | v1.14.0-pre.2 | 1.26.8 | @@ -122,7 +126,9 @@ +--------------------+----------------+ | v1.14.6 | 1.27.0 | +--------------------+----------------+ +| v1.14.7 | 1.27.0 | ++--------------------+----------------+ | v1.14 | 1.27.0 | +--------------------+----------------+ -| latest / main | 1.29.1 | +| latest / main | 1.29.3 | +--------------------+----------------+ diff --git a/VERSION b/VERSION index 52e779f28fa8..9be784672237 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -1.14.7 +1.14.8 diff --git a/install/kubernetes/Makefile.digests b/install/kubernetes/Makefile.digests index b11c5c2f0094..e278eb2871dd 100644 --- a/install/kubernetes/Makefile.digests +++ b/install/kubernetes/Makefile.digests @@ -2,13 +2,13 @@ # Copyright 2024 Authors of Cilium # SPDX-License-Identifier: Apache-2.0 -export CILIUM_DIGEST := "sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32" -export CLUSTERMESH_APISERVER_DIGEST := "sha256:28f3ffe53365ca79831af600f09a95c0b3e9959f5f891b416dab8cedd90c263d" -export DOCKER_PLUGIN_DIGEST := "sha256:929111c0edb3b857d21eb385e6fd5c4de30b7b45a2aceeec0bb6ca87ec8968c4" -export HUBBLE_RELAY_DIGEST := "sha256:46762393daf4a0aaef76b106614c2615942f98f10aeacd435ea3fb1a0bdf69e4" -export KVSTOREMESH_DIGEST := "sha256:4386d522bce35ce55650d4bd100d9458bf5b99d6ebbb709016aec25bf50e7b8d" -export OPERATOR_ALIBABACLOUD_DIGEST := "sha256:93e8a51655ee167a9eef42269e1f10fc2f74bdf4377299687fe4266dd07b534a" -export OPERATOR_AWS_DIGEST := "sha256:161dde3302b259ebca4964b7ee3f995ddbc02dd52deb5d411cbd9b7db66e223d" -export OPERATOR_AZURE_DIGEST := "sha256:7a7faaa0aa981a2819ba74b7e3615c638e1e186bb91efbddf4b0c78a4774477e" -export OPERATOR_GENERIC_DIGEST := "sha256:37ef0bd85c27c765c637cd58c3ff4a559f8734ae39f9d1839a3ac7803de7b952" -export OPERATOR_DIGEST := "sha256:4524a0b3a64ab05dc2f58c6f8aa1244096858cb3af908f73c78d8a0e669ce364" +export CILIUM_DIGEST := "" +export CLUSTERMESH_APISERVER_DIGEST := "" +export DOCKER_PLUGIN_DIGEST := "" +export HUBBLE_RELAY_DIGEST := "" +export KVSTOREMESH_DIGEST := "" +export OPERATOR_ALIBABACLOUD_DIGEST := "" +export OPERATOR_AWS_DIGEST := "" +export OPERATOR_AZURE_DIGEST := "" +export OPERATOR_GENERIC_DIGEST := "" +export OPERATOR_DIGEST := "" diff --git a/install/kubernetes/cilium/Chart.yaml b/install/kubernetes/cilium/Chart.yaml index 5c07748d486c..099e6a153065 100644 --- a/install/kubernetes/cilium/Chart.yaml +++ b/install/kubernetes/cilium/Chart.yaml @@ -2,8 +2,8 @@ apiVersion: v2 name: cilium displayName: Cilium home: https://cilium.io/ -version: 1.14.7 -appVersion: 1.14.7 +version: 1.14.8 +appVersion: 1.14.8 kubeVersion: ">= 1.16.0-0" icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.14/Documentation/images/logo-solo.svg description: eBPF-based Networking, Security, and Observability diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md index 178edf26b224..5978214e21b6 100644 --- a/install/kubernetes/cilium/README.md +++ b/install/kubernetes/cilium/README.md @@ -1,6 +1,6 @@ # cilium -![Version: 1.14.7](https://img.shields.io/badge/Version-1.14.7-informational?style=flat-square) ![AppVersion: 1.14.7](https://img.shields.io/badge/AppVersion-1.14.7-informational?style=flat-square) +![Version: 1.14.8](https://img.shields.io/badge/Version-1.14.8-informational?style=flat-square) ![AppVersion: 1.14.8](https://img.shields.io/badge/AppVersion-1.14.8-informational?style=flat-square) Cilium is open source software for providing and transparently securing network connectivity and loadbalancing between application workloads such as @@ -155,12 +155,12 @@ contributors across the globe, there is almost always someone available to help. | clustermesh.apiserver.extraEnv | list | `[]` | Additional clustermesh-apiserver environment variables. | | clustermesh.apiserver.extraVolumeMounts | list | `[]` | Additional clustermesh-apiserver volumeMounts. | | clustermesh.apiserver.extraVolumes | list | `[]` | Additional clustermesh-apiserver volumes. | -| clustermesh.apiserver.image | object | `{"digest":"sha256:28f3ffe53365ca79831af600f09a95c0b3e9959f5f891b416dab8cedd90c263d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.7","useDigest":true}` | Clustermesh API server image. | +| clustermesh.apiserver.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/clustermesh-apiserver","tag":"v1.14.8","useDigest":false}` | Clustermesh API server image. | | clustermesh.apiserver.kvstoremesh.enabled | bool | `false` | Enable KVStoreMesh. KVStoreMesh caches the information retrieved from the remote clusters in the local etcd instance. | | clustermesh.apiserver.kvstoremesh.extraArgs | list | `[]` | Additional KVStoreMesh arguments. | | clustermesh.apiserver.kvstoremesh.extraEnv | list | `[]` | Additional KVStoreMesh environment variables. | | clustermesh.apiserver.kvstoremesh.extraVolumeMounts | list | `[]` | Additional KVStoreMesh volumeMounts. | -| clustermesh.apiserver.kvstoremesh.image | object | `{"digest":"sha256:4386d522bce35ce55650d4bd100d9458bf5b99d6ebbb709016aec25bf50e7b8d","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.7","useDigest":true}` | KVStoreMesh image. | +| clustermesh.apiserver.kvstoremesh.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/kvstoremesh","tag":"v1.14.8","useDigest":false}` | KVStoreMesh image. | | clustermesh.apiserver.kvstoremesh.resources | object | `{}` | Resource requests and limits for the KVStoreMesh container | | clustermesh.apiserver.kvstoremesh.securityContext | object | `{"allowPrivilegeEscalation":false,"capabilities":{"drop":["ALL"]}}` | KVStoreMesh Security context | | clustermesh.apiserver.metrics.enabled | bool | `true` | Enables exporting apiserver metrics in OpenMetrics format. | @@ -419,7 +419,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.relay.extraVolumes | list | `[]` | Additional hubble-relay volumes. | | hubble.relay.gops.enabled | bool | `true` | Enable gops for hubble-relay | | hubble.relay.gops.port | int | `9893` | Configure gops listen port for hubble-relay | -| hubble.relay.image | object | `{"digest":"sha256:46762393daf4a0aaef76b106614c2615942f98f10aeacd435ea3fb1a0bdf69e4","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.7","useDigest":true}` | Hubble-relay container image. | +| hubble.relay.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/hubble-relay","tag":"v1.14.8","useDigest":false}` | Hubble-relay container image. | | hubble.relay.listenHost | string | `""` | Host to listen to. Specify an empty string to bind to all the interfaces. | | hubble.relay.listenPort | string | `"4245"` | Port to listen to. | | hubble.relay.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | @@ -511,7 +511,7 @@ contributors across the globe, there is almost always someone available to help. | hubble.ui.updateStrategy | object | `{"rollingUpdate":{"maxUnavailable":1},"type":"RollingUpdate"}` | hubble-ui update strategy. | | identityAllocationMode | string | `"crd"` | Method to use for identity allocation (`crd` or `kvstore`). | | identityChangeGracePeriod | string | `"5s"` | Time to wait before using new identity on endpoint identity change. | -| image | object | `{"digest":"sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.7","useDigest":true}` | Agent container image. | +| image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.8","useDigest":false}` | Agent container image. | | imagePullSecrets | string | `nil` | Configure image pull secrets for pulling container images | | ingressController.default | bool | `false` | Set cilium ingress controller to be the default ingress controller This will let cilium ingress controller route entries without ingress class set | | ingressController.defaultSecretName | string | `nil` | Default secret name for ingresses without .spec.tls[].secretName set. | @@ -619,7 +619,7 @@ contributors across the globe, there is almost always someone available to help. | operator.extraVolumes | list | `[]` | Additional cilium-operator volumes. | | operator.identityGCInterval | string | `"15m0s"` | Interval for identity garbage collection. | | operator.identityHeartbeatTimeout | string | `"30m0s"` | Timeout for identity heartbeats. | -| operator.image | object | `{"alibabacloudDigest":"sha256:93e8a51655ee167a9eef42269e1f10fc2f74bdf4377299687fe4266dd07b534a","awsDigest":"sha256:161dde3302b259ebca4964b7ee3f995ddbc02dd52deb5d411cbd9b7db66e223d","azureDigest":"sha256:7a7faaa0aa981a2819ba74b7e3615c638e1e186bb91efbddf4b0c78a4774477e","genericDigest":"sha256:37ef0bd85c27c765c637cd58c3ff4a559f8734ae39f9d1839a3ac7803de7b952","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.7","useDigest":true}` | cilium-operator image. | +| operator.image | object | `{"alibabacloudDigest":"","awsDigest":"","azureDigest":"","genericDigest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/operator","suffix":"","tag":"v1.14.8","useDigest":false}` | cilium-operator image. | | operator.nodeGCInterval | string | `"5m0s"` | Interval for cilium node garbage collection. | | operator.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for cilium-operator pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | operator.podAnnotations | object | `{}` | Annotations to be added to cilium-operator pods | @@ -666,7 +666,7 @@ contributors across the globe, there is almost always someone available to help. | preflight.extraEnv | list | `[]` | Additional preflight environment variables. | | preflight.extraVolumeMounts | list | `[]` | Additional preflight volumeMounts. | | preflight.extraVolumes | list | `[]` | Additional preflight volumes. | -| preflight.image | object | `{"digest":"sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.7","useDigest":true}` | Cilium pre-flight image. | +| preflight.image | object | `{"digest":"","override":null,"pullPolicy":"IfNotPresent","repository":"quay.io/cilium/cilium","tag":"v1.14.8","useDigest":false}` | Cilium pre-flight image. | | preflight.nodeSelector | object | `{"kubernetes.io/os":"linux"}` | Node labels for preflight pod assignment ref: https://kubernetes.io/docs/concepts/scheduling-eviction/assign-pod-node/#nodeselector | | preflight.podAnnotations | object | `{}` | Annotations to be added to preflight pods | | preflight.podDisruptionBudget.enabled | bool | `false` | enable PodDisruptionBudget ref: https://kubernetes.io/docs/concepts/workloads/pods/disruptions/ | diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml index 5be835660984..02ec7d776409 100644 --- a/install/kubernetes/cilium/values.yaml +++ b/install/kubernetes/cilium/values.yaml @@ -143,11 +143,11 @@ rollOutCiliumPods: false image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.14.7" + tag: "v1.14.8" pullPolicy: "IfNotPresent" # cilium-digest - digest: "sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32" - useDigest: true + digest: "" + useDigest: false # -- Affinity for cilium-agent. affinity: @@ -1113,10 +1113,10 @@ hubble: image: override: ~ repository: "quay.io/cilium/hubble-relay" - tag: "v1.14.7" + tag: "v1.14.8" # hubble-relay-digest - digest: "sha256:46762393daf4a0aaef76b106614c2615942f98f10aeacd435ea3fb1a0bdf69e4" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" # -- Specifies the resources for the hubble-relay pods @@ -2260,16 +2260,16 @@ operator: image: override: ~ repository: "quay.io/cilium/operator" - tag: "v1.14.7" + tag: "v1.14.8" # operator-generic-digest - genericDigest: "sha256:37ef0bd85c27c765c637cd58c3ff4a559f8734ae39f9d1839a3ac7803de7b952" + genericDigest: "" # operator-azure-digest - azureDigest: "sha256:7a7faaa0aa981a2819ba74b7e3615c638e1e186bb91efbddf4b0c78a4774477e" + azureDigest: "" # operator-aws-digest - awsDigest: "sha256:161dde3302b259ebca4964b7ee3f995ddbc02dd52deb5d411cbd9b7db66e223d" + awsDigest: "" # operator-alibabacloud-digest - alibabacloudDigest: "sha256:93e8a51655ee167a9eef42269e1f10fc2f74bdf4377299687fe4266dd07b534a" - useDigest: true + alibabacloudDigest: "" + useDigest: false pullPolicy: "IfNotPresent" suffix: "" @@ -2547,10 +2547,10 @@ preflight: image: override: ~ repository: "quay.io/cilium/cilium" - tag: "v1.14.7" + tag: "v1.14.8" # cilium-digest - digest: "sha256:45ce2b87696082ecf7d53ba1c64ceeb4217578033e5ef28ac479ec049a48bc32" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" # -- The priority class to use for the preflight pod. @@ -2697,10 +2697,10 @@ clustermesh: image: override: ~ repository: "quay.io/cilium/clustermesh-apiserver" - tag: "v1.14.7" + tag: "v1.14.8" # clustermesh-apiserver-digest - digest: "sha256:28f3ffe53365ca79831af600f09a95c0b3e9959f5f891b416dab8cedd90c263d" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" etcd: @@ -2744,10 +2744,10 @@ clustermesh: image: override: ~ repository: "quay.io/cilium/kvstoremesh" - tag: "v1.14.7" + tag: "v1.14.8" # kvstoremesh-digest - digest: "sha256:4386d522bce35ce55650d4bd100d9458bf5b99d6ebbb709016aec25bf50e7b8d" - useDigest: true + digest: "" + useDigest: false pullPolicy: "IfNotPresent" # -- Additional KVStoreMesh arguments.