You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
New simplified encapsulation mode. No longer requires any network
configuration, the IP of the VM/host is automatically used as tunnel
endpoint across the mesh. There is no longer a need to configure any routes
for the container prefixes in the cloud network or the underlying fabric.
The node prefix to node ip mapping is automatically derived from the
Kubernetes PodCIDR (#1020, #1013, #1039)
When accessing external networks, outgoing traffic is automatically
masqueraded without requiring to install a masquerade rule manually.
This behaviour can be disabled with --masquerade=false (#1020)
Support to handle arbitrary IPv4 cluster prefix sizes. This was previously
required to be a /8 prefix. It can now be specified with
--ipv4-cluster-cidr-mask-size (#1094)
Cilium monitor has been enabled with a neat one-liner mode which is on by
default. It is similar to tcpdump but provides high level metadata such as
container IDs, endpoint IDs, security identities (#1112)
The agent policy repository now includes a revision which is returned after each
change of the policy. A new command cilium policy wait and be used to wait
until all endpoints have been updated to enforce the new policy revision
(#1115)
cilium endpoint get now supports get -l <set of labels> and get <endpointID | pod-name:namespace:k8s-pod | container-name:name> (#1139)
Improve label source concept. Users can now match the source of a
particular label (e.g. k8s:app=foo, container:app=foo) or match on any
source (e.g. app=foo, any:app=foo) (#905)
Drop support for extensions/v1beta1/NetworkPolicy and support
networking.k8s.io/v1/NetworkPolicy (#1150)
Allow fine grained inter namespace policy control. It is now possible to
specify policy rules which allow individual pods from another namespace to
access a pod (#1103)
The CiliumNetworkPolicy ThirdPartyResource now supports carrying a list of
rules to update atomically (#1055)
The example DaemonSet now schedules Cilium pods onto nodes which are not
ready to allow deploying Cilium on a cluster with a non functional CNI
configuration. The Cilium pod will automatically configure CNI properly.
(#1075)
Automatically derive node address prefix from Kubernetes (PodCIDR) (#1026)
Automatically install CNI loopback driver if required (#860)
Do not overwrite existing 10-cilium.conf CNI configuration if it already
exists (#871)