Skip to content

1.0.0-rc4
Compare
Choose a tag to compare
@tgraf tgraf released this 16 Feb 16:24
· 25395 commits to main since this release
v1.0.0-rc4
3389456

Major Changes

  • api: Introduce & expose endpoint controller statuses (#2720, @tgraf)
  • More scalable kvstore interaction layer (#2708, @tgraf)
  • Add agent notifications & access log records to monitor (#2667, @tgraf)
  • Remove oxyproxy and make Envoy the default proxy (#2625, @jrajahalme)
  • New controller pattern for async operations that can fail (#2597, @tgraf)
  • Add cilium-health endpoints for datapath connectivity probing (#2315, @joestringer)

Bugfixes Changes

  • Avoid concurrent access of rand.Rand (#2823, @tgraf)
  • kafka: Use policy identity cache to lookup identity for L3 dependant rules (#2813, @manalibhutiyani)
  • envoy: Set source identity correctly in access log. (#2807, @jrajahalme)
  • replaced sysctl invocation with echo redirects (#2789, @aanm)
  • Set up the k8s watchers based on the kube-apiserver version 2731 (##2735, @aanm)
  • bpf: Use upper 16 bits of mark for identity (#2719, @tgraf)
  • bpf: Generate BPF header in order after generating policy (#2718, @tgraf)
  • Kubernetes NetworkPolicyPeer allows for PodSelector and NamespaceSelector fields to be optional. (#2699, @ianvernon)
    • Gracefully handle when these objects are nil when we are parsing NetworkPolicy.
  • Enforce policy update immediately on ongoing connections 2569 #2408 (##2684, @aanm)
  • envoy: fix rule regex matching by host (#2649, @aanm)
  • Kafka: Correctly check msgSize in ReadResp before discarding. (#2637, @manalibhutiyani)
  • Fix envoy deadlock after first crash (#2633, @aanm)
  • kafka: Reject requests on empty rule set (#2619, @tgraf)
  • CNP CRD schema versioning (#2614, @nebril)
  • Fix race while updating L7 proxy redirect in L4PolicyMap (#2607, @joestringer)
  • Don't allow API users to modify reserved labels for endpoints. (#2595, @joestringer)

Release binaries

Assets 2