Revision 470b3207efe07c66126db88e682aced94df450f5 authored by Nicolas Busseneau on 26 April 2023, 17:13:46 UTC, committed by Nicolas Busseneau on 26 April 2023, 17:13:46 UTC
Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
1 parent b016532
CHANGELOG.md
# Changelog
## v1.12.9
Summary of Changes
------------------
**Minor Changes:**
* envoy: Bump envoy to v1.23.8 (#24910, @sayboras)
* envoy: Bump envoy version to v1.23.7 (#24747, @sayboras)
**Bugfixes:**
* Add missing xfrm-no-track rules for IPv6 IPSec. This fixes a connectivity issue for IPv6 IPSec with externalTrafficPolicy=local. (Backport PR #24605, Upstream PR #24557, @jschwinger233)
* bpf: policy: fix handling of ICMPv6 packet with extension headers (Backport PR #24822, Upstream PR #24797, @julianwiedmann)
* endpoint: fix k8sNamespace log field when ep gets deleted (Backport PR #24709, Upstream PR #24575, @mhofstetter)
* Fix bug in BGP CP where changing the route-id of an existing router would cause announcements to disappear (Backport PR #24462, Upstream PR #24304, @dylandreimerink)
* Fix Cilium Operator from crashing when encountering empty node pools on Azure (Backport PR #24462, Upstream PR #24189, @forgems)
* Fix for disabled cloud provider rate limiting (Backport PR #24462, Upstream PR #24413, @hemanthmalla)
* Fix missing delete events on informer re-lists to ensure all delete events are correctly emitted and using the latest known object state, so that all event handlers and stores always reflect the actual apiserver state as best as possible (#24871, @aanm)
* Fixed bug where L7 rules would be incorrectly merged between rules for the same (remote) endpoint. This bug could have caused L7 rules to be bypassed via a wildcard header rule being improperly appended to the set of HTTP rules when both a policy with HTTP header rules applying to multiple endpoints and an allow-all rule for only one of those endpoints are specified. (Backport PR #24851, Upstream PR #24788, @jrajahalme)
* Handle leaked service backends that may lead to filling up of `lb4_backends` map and thereby connectivity issues. (Backport PR #24761, Upstream PR #24681, @aditighag)
* helm: mandate issuer configuration when using cert-manager to generate certificates (Backport PR #24822, Upstream PR #24666, @giorio94)
* ipsec: Clean up stale XFRM policies and states (Backport PR #24822, Upstream PR #24773, @pchaigno)
* Solve control-plane deadlock issues leading to outages. A typical log line indicative of this issue is `probe=l7-proxy msg="No response from probe within 15 seconds"` (Backport PR #24669, Upstream PR #24672, @bimmlerd)
**CI Changes:**
* Fix race conditions when deleting CNP / CCNP in e2e tests (Backport PR #24709, Upstream PR #24484, @jschwinger233)
* renovate: Fix Hubble release digest regex (Backport PR #24605, Upstream PR #24477, @gandro)
* tests: add exceptions for lease errors due to etcd (Backport PR #24761, Upstream PR #24723, @jibi)
**Misc Changes:**
* Avoid clearing objects in CiliumEndpoint conversion funcs (Backport PR #24930, Upstream PR #24928, @aanm)
* Avoid clearing objects in conversion funcs (Backport PR #24930, Upstream PR #24241, @odinuge)
* bpf: Remove fib_redirect's BPF_FIB_LOOKUP_DIRECT (Backport PR #24462, Upstream PR #24271, @borkmann)
* checker: Fix incorrect checker for ExportedEqual() (Backport PR #24462, Upstream PR #24373, @christarazi)
* chore(deps): update dependency cilium/hubble to v0.11.3 (v1.12) (#24819, @renovate[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.16.5 (v1.12) (#24640, @renovate[bot])
* chore(deps): update docker.io/library/alpine:3.16.4 docker digest to 2cf17aa (v1.12) (#24479, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 24a0df4 (v1.12) (#24480, @renovate[bot])
* chore(deps): update quay.io/cilium/hubble docker tag to v0.11.3 (v1.12) (#24492, @renovate[bot])
* doc: Fixed CiliumNode CRD fields for cluster-pool doc (Backport PR #24605, Upstream PR #24428, @PhilipSchmid)
* docs: add note that there are two Cilium CLIs (Backport PR #24605, Upstream PR #24435, @lizrice)
* docs: fix typo in operations/troubleshooting.rst (Backport PR #24605, Upstream PR #24460, @NikAleksandrov)
* docs: Fix upgradeCompatibility references (Backport PR #24761, Upstream PR #24711, @joestringer)
* docs: Update Cluster Mesh requirements to mention node InternalIP explicitly (Backport PR #24462, Upstream PR #24164, @jspaleta)
* docs: Update the documentation for the `--conntrack-gc-interval` flag (Backport PR #24462, Upstream PR #24400, @pchaigno)
* Expose bpf-lb-sock-hostns-only in cilium status (Backport PR #24761, Upstream PR #24570, @romanspb80)
* Fix duplicated logs for test-output.log (Backport PR #24462, Upstream PR #24171, @romanspb80)
* hubble-ui: allow ingress from non root `/` urls (Backport PR #24605, Upstream PR #23631, @geakstr)
* loader: Don't compile `.asm` files by default (Backport PR #24822, Upstream PR #24769, @pchaigno)
* pkg/bandwidth: add error for bandwidth manager not being enabled (Backport PR #24761, Upstream PR #24715, @aanm)
* pkg/service: Extend unit test cases (Backport PR #24822, Upstream PR #24742, @aditighag)
* proxylib: Downgrade noisy log msg to debug level (Backport PR #24462, Upstream PR #22848, @christarazi)
**Other Changes:**
* Add IPSec remark for upgrade to v1.12.8 (#24630, @darox)
* Add note about fixed regression in ConfigMap values that were being prioritized over flags in Cilium agent (#24744, @aanm)
* install: Update image digests for v1.12.8 (#24426, @nebril)
* Prepare for release v1.12.9 (#24879, @michi-covalent)
* v1.12: docs: Fix mitigation for IPsec upgrade issue (#24702, @pchaigno)
## v1.12.8
Summary of Changes
------------------
**Minor Changes:**
* envoy: Bump envoy to 1.23.4 (Backport PR #23957, Upstream PR #23800, @sayboras)
* helm: Add pod and container security context (Backport PR #24083, Upstream PR #23443, @sayboras)
* helm: Add SA automount configuration (Backport PR #24083, Upstream PR #23441, @sayboras)
* helm: Add support of annotations in hubble ui service (Backport PR #23779, Upstream PR #23709, @brnck)
**Bugfixes:**
* [EKS] Fix deadlock causing network connectivity outages when kube-apiservers scale down (Backport PR #23957, Upstream PR #23836, @christarazi)
* Add the option to preserve CNI configuration file on agent shutdown. This can help prevent issues where pods can no longer be deleted. This may cause some transient error messages to be displayed if a pod is scheduled while Cilium is being upgraded. (Backport PR #24197, Upstream PR #24009, @squeed)
* agent: fix incorrect deletion of veth host interfaces on bootstrap (Backport PR #23957, Upstream PR #23787, @giorio94)
* Avoid k8s CiliumNode initialization problems when Cilium connects to the KVStore (Backport PR #24197, Upstream PR #24156, @aanm)
* cilium-health status: fix endpoint reachability in succinct view (Backport PR #23779, Upstream PR #23506, @giorio94)
* clustermesh: fix services cache bloat due to incorrect deletion (Backport PR #24083, Upstream PR #23947, @giorio94)
* daemon: fix panic when running with etcd with endpoint crd disabled (Backport PR #24386, Upstream PR #24085, @tommyp1ckles)
* envoy: Avoid empty typeURL for all resources (Backport PR #23861, Upstream PR #23763, @sayboras)
* Fix connectivity issue upon agent restart in case of ipv6 + direct routing + KPR replacement (Backport PR #23957, Upstream PR #23857, @giorio94)
* Fix deadlock in cilium-operator when using CiliumEndpointSlices (Backport PR #24369, Upstream PR #24343, @alan-kut)
* Fix enable-stale-cilium-endpoint-cleanup flag not actually disabling the cleanup init set when set to false. This provides a workaround for an existing panic that can occur when running using etcd kvstore. (Backport PR #24310, Upstream PR #23874, @sjdot)
* Fix IPv6 policy enforcement for SNATed traffic from the Host (Backport PR #24369, Upstream PR #24132, @ysksuzuki)
* Fix operator crash race condition for CES identity map concurrent read/write (Backport PR #24197, Upstream PR #23605, @dlapcevic)
* init.sh: fix cgroup program detachment and detach multiple progs with retry (Backport PR #24183, Upstream PR #24118, @ti-mo)
* ipam/crd: Fix panic due to concurrent map read and map write (Backport PR #23779, Upstream PR #23713, @gandro)
* node: require ipv4 address when wireguard is enabled (Backport PR #24039, Upstream PR #23552, @giorio94)
* watchers: endpointsync can manage already owned CiliumEndpoints. (Backport PR #24083, Upstream PR #23499, @tommyp1ckles)
**CI Changes:**
* bpf/Makefile: Cover VTEP in compile tests (Backport PR #24197, Upstream PR #24106, @pchaigno)
* ci: Update docs-builder image for documentation workflow (Backport PR #24067, Upstream PR #21040, @qmonnet)
* egressgw: test: switch to WaitForEgressPolicyEntries (Backport PR #24155, Upstream PR #24097, @jibi)
* test: Update policy for hairpin flow validation (Backport PR #23779, Upstream PR #23480, @aditighag)
* workflows: Bump timeout of ConformanceKind workflow (Backport PR #23957, Upstream PR #22072, @pchaigno)
**Misc Changes:**
* .github: remove stable tags (#23830, @aanm)
* Add leader requirement to watch from Etcd. (Backport PR #24083, Upstream PR #23590, @marseel)
* bpf: Fix usage of tunnel map structs (Backport PR #24083, Upstream PR #23469, @pchaigno)
* bugtool: Add ingress/egress tc filter dump (Backport PR #24197, Upstream PR #24057, @joestringer)
* bugtool: Dump envoy metrics for troubleshooting (Backport PR #23779, Upstream PR #22797, @sayboras)
* chore(deps): update actions/checkout action to v3.3.0 (v1.12) (#23994, @renovate[bot])
* chore(deps): update all github action dependencies (v1.12) (patch) (#23993, @renovate[bot])
* chore(deps): update dependency cilium/hubble to v0.11.2 (v1.12) (#23909, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 4a45212 (v1.12) (#23693, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 9fa30fc (v1.12) (#24137, @renovate[bot])
* chore(deps): update quay.io/cilium/hubble docker tag to v0.11.2 (v1.12) (#23923, @renovate[bot])
* clustermesh, kvstore: consistently pass controller context to kvstore operations (Backport PR #23779, Upstream PR #23333, @tklauser)
* docs: correct Prometheus port (Backport PR #23779, Upstream PR #23404, @lizrice)
* docs: Document CONFIG_PERF_EVENTS requirement (Backport PR #24197, Upstream PR #24055, @joestringer)
* docs: Drop sphinxcontrib-openapi fork, switch back to upstream (Backport PR #23779, Upstream PR #23118, @qmonnet)
* docs: Fix the dead link to Mellanox performance tuning guide (Backport PR #24083, Upstream PR #24012, @gentoo-root)
* docs: Mark Git repository as safe, at runtime, if in a container (Backport PR #24067, Upstream PR #21069, @qmonnet)
* docs: replace usage of api.twitter.com (Backport PR #23779, Upstream PR #23669, @kaworu)
* Enable Google Analytics 4 (Backport PR #24067, Upstream PR #22220, @chalin)
* fix(deps): update module golang.org/x/net to v0.7.0 [security] (master) (Backport PR #23957, Upstream PR #23904, @renovate[bot])
* Fixed link to broken anchor in RKE doc (Backport PR #23779, Upstream PR #23706, @raphink)
* init.sh: clean up cgroup bpf_links created by newer versions of Cilium (Backport PR #24183, Upstream PR #23537, @ti-mo)
* Introduce node IDs in the datapath and the agent, so datapath can later use them to identify remote nodes (Backport PR #23779, Upstream PR #23202, @pchaigno)
* IPsec: Remove `IP_POOLS` logic (Backport PR #24083, Upstream PR #24030, @pchaigno)
* Node ID restoration (Backport PR #23779, Upstream PR #23578, @pchaigno)
* Remove / in RKE doc link as it causes redirect bug (Backport PR #23779, Upstream PR #23728, @raphink)
* workflow: fixes LLVM, Clang cache and install path (Backport PR #23779, Upstream PR #23740, @brlbil)
**Other Changes:**
* agent: dump stack on stale probes [backport-1.12] (#24213, @squeed)
* docs: Add note for operator.extraEnv (#23843, @sayboras)
* install: Update image digests for v1.12.7 (#23738, @joestringer)
* Revert "Pick up etcd v3.5.7" (#23788, @michi-covalent)
* update images 1.12 (#24303, @nebril)
* v1.12 - Backport initContainer change (#24332, @ferozsalam)
## v1.12.7
Summary of Changes
------------------
**Minor Changes:**
* envoy: Bump envoy version to 1.22.7 (Backport PR #23632, Upstream PR #23502, @sayboras)
**Bugfixes:**
* Avoid deprecation warnings for CiliumEgressNATPolicy when the resource isn't used. (#23226, @pchaigno)
* clustermesh: make global and shared service annotations behavior uniform (Backport PR #23515, Upstream PR #23298, @giorio94)
* egressgw: ensure stale IP routes/rules are deleted (Backport PR #23465, Upstream PR #23286, @jibi)
* etcd kvstore: rate limit watch retries on list errors (Backport PR #23515, Upstream PR #23467, @giorio94)
* Fix masquerading bug that caused kube-proxy to pick the wrong IPv4 address in case of tunneling with endpoint routes. (Backport PR #23465, Upstream PR #23241, @pchaigno)
* proxy: Fix deadlock in error path of CreateOrUpdateRedirect (Backport PR #23465, Upstream PR #23377, @gandro)
**CI Changes:**
* .github: set do not use provenance from docker buildx (Backport PR #23465, Upstream PR #23431, @aanm)
* certloader flake fixes (Backport PR #23465, Upstream PR #22995, @kaworu)
* test: print log messages that need to be investigated (Backport PR #23465, Upstream PR #23338, @aanm)
* tests: add exception for etcd error (Backport PR #23465, Upstream PR #23334, @aanm)
**Misc Changes:**
* .github/workflows: add version number in GH action (#23623, @aanm)
* .github/workflows: fix external contribution detection (Backport PR #23465, Upstream PR #23406, @aanm)
* .github/workflows: fix typo in organization parameter (Backport PR #23465, Upstream PR #23424, @aanm)
* .github/workflows: PR labeler fix GH workflow if expression (Backport PR #23515, Upstream PR #23482, @aanm)
* .github/workflows: set right secret name (Backport PR #23465, Upstream PR #23437, @aanm)
* build(deps): bump actions/cache from 3.2.3 to 3.2.4 (#23457, @dependabot[bot])
* build(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#23418, @dependabot[bot])
* build(deps): bump actions/github-script from 6.3.3 to 6.4.0 (#23512, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.3.0 to 4.0.0 (#23492, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 2.2.1 to 2.4.0 (#23458, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 2.4.0 to 2.4.1 (#23595, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.39 to 2.2.1 (#23417, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.2.1 to 2.2.2 (#23612, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.6.1 to 1.7.0 (#23391, @dependabot[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.16.4 (v1.12) (#23683, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to b33325a (v1.12) (#23472, @renovate[bot])
* cilium: Fix missing error log dump from compilation (Backport PR #23465, Upstream PR #23339, @borkmann)
* docs: Disable exclusive lock when chaining with aws-cni (Backport PR #23465, Upstream PR #23159, @jaygridley)
* fqdn/dnsproxy: move init LRU cache call out of StartDNSProxy. (Backport PR #23515, Upstream PR #23429, @tommyp1ckles)
* images/runtime: bump iptables package to 1.8.8 (Backport PR #23384, Upstream PR #23163, @jibi)
* iptables: add support for iptables >= 1.8.7 (Backport PR #23384, Upstream PR #21096, @jibi)
* Pick up etcd v3.5.7 (Backport PR #23515, Upstream PR #23463, @michi-covalent)
* support reset backoff period (Backport PR #23515, Upstream PR #21937, @wu0407)
**Other Changes:**
* [v1.12] renovate: Replace update-hubble-version.sh with Renovate Bot (#23530, @gandro)
* gha: Replace deprecated set-output commands (#23363, @sayboras)
* install: Update image digests for v1.12.6 (#23402, @qmonnet)
## v1.12.6
Summary of Changes
------------------
**Minor Changes:**
* Bugtool: add flag to exclude object for endpoints (Backport PR #23003, Upstream PR #22370, @tbalthazar)
* Fix crash of CES queue delay metric when CESTracker is nil (Backport PR #23260, Upstream PR #22884, @dlapcevic)
**Bugfixes:**
* Added Agent init check that removes all CiliumEndpoints referencing local Node that are not managed. This fixes issues where sometimes CiliumEndpoints referencing still running Pods can become unmanaged during Cilium restart. (Backport PR #23096, Upstream PR #20350, @tommyp1ckles)
* bpf: add drop notification for missed L7 LB tailcall in to-netdev (Backport PR #23003, Upstream PR #22679, @julianwiedmann)
* bpf: lb: catch write error in lb6_xlate() (Backport PR #23301, Upstream PR #23075, @julianwiedmann)
* bpf: nat: fix snat_v4_can_skip() for egress gateway (Backport PR #23331, Upstream PR #23274, @jibi)
* bpf: nodeport: fix drop notification in IPv6 revNAT (Backport PR #23003, Upstream PR #22543, @julianwiedmann)
* bpf: nodeport: fix tracing for handle_nat_fwd() (Backport PR #23260, Upstream PR #22678, @julianwiedmann)
* bpf: nodeport: wire up trace aggregation for rev_nodeport_lb6() (Backport PR #23260, Upstream PR #22794, @julianwiedmann)
* clustermesh: Add missing brackets of IPv6 address for etcd option (Backport PR #23260, Upstream PR #22962, @YutaroHayakawa)
* daemon: Do not remove PERM L2 entries in L4LB (Backport PR #23003, Upstream PR #22676, @brb)
* datapath: Fix L7 ingress with XDP (Backport PR #23260, Upstream PR #22985, @brb)
* envoy: Fix lock leak in config validation failure (Backport PR #23301, Upstream PR #23077, @joestringer)
* Fix a data race in dnsproxy which could lead to DNS requests drops. (Backport PR #23003, Upstream PR #22619, @aspsk)
* Fix bugs where ciliumendpoints for statefulset pods where being incorrectly overwritten/deleted (Backport PR #23096, Upstream PR #21768, @tommyp1ckles)
* Fix missing node neigh metric for counting arping requests (Backport PR #23260, Upstream PR #22930, @christarazi)
* Fix packet drops when service pod connects to itself via clusterIP, and selected by an ingress policy. (Backport PR #23260, Upstream PR #22972, @aditighag)
* Fixes `semaphore_rejected_total` metric and adds new `scope` to `proxy_upstream_reply_seconds` metric. (Backport PR #23260, Upstream PR #21267, @rahulkjoshi)
* helm: Delete validations for certManagerIssuerRef (Backport PR #23301, Upstream PR #22921, @Shunpoco)
* ipsec: Fix packet mark for FWD XFRM policy (Backport PR #23301, Upstream PR #23254, @pchaigno)
* Reduce the risk of packet fragmentation on IPv6 when using KPR with DSR mode. (Backport PR #23301, Upstream PR #23235, @julianwiedmann)
**CI Changes:**
* .github: Pin docker buildx version to v0.9.1 (v2) (Backport PR #23260, Upstream PR #23220, @joestringer)
* [v1.12] ci: update cilium-cli to v0.12.12 in v1.12 workflows (#23130, @tklauser)
* bpf: test: fix xdp_lb4_forward_to_other_node test (Backport PR #23260, Upstream PR #23018, @julianwiedmann)
* ctmap: fix-up host_local flag in the DSR NAT entry for GC test (Backport PR #23260, Upstream PR #23037, @julianwiedmann)
* daemon/cmd: improve stale cilium endpoint error handling. (Backport PR #23096, Upstream PR #22600, @tommyp1ckles)
* test/helpers: Fix retry condition for CiliumExecContext (Backport PR #23003, Upstream PR #22726, @christarazi)
* test/k8s: remove l7_demos test (Backport PR #23260, Upstream PR #20619, @tklauser)
* test: net_policies: delete custom IP routes after test completion (Backport PR #23260, Upstream PR #21857, @julianwiedmann)
* test: service: fix formatting of error msg in doFragmentedRequest() (Backport PR #23003, Upstream PR #22772, @julianwiedmann)
**Misc Changes:**
* .github/workflows: use right event type for auto labeler (Backport PR #23003, Upstream PR #22508, @aanm)
* .github: add PR labeler for external contributions (Backport PR #23003, Upstream PR #22461, @aanm)
* Add sphinxcontrib-googleanalytics to doc requirements (Backport PR #23260, Upstream PR #22821, @chalin)
* backporting: leave `backport/author` PRs alone (Backport PR #23003, Upstream PR #22654, @bimmlerd)
* build(deps): bump actions/cache from 3.0.11 to 3.2.3 (#22989, @dependabot[bot])
* build(deps): bump actions/download-artifact from 3.0.1 to 3.0.2 (#22959, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2 (#22990, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.2.0 to 3.3.0 (#23115, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.36 to 2.1.37 (#22735, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.37 to 2.1.38 (#23072, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.38 to 2.1.39 (#23189, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.3.1 to 3.4.0 (#23252, @dependabot[bot])
* build(deps): update package dependencies (Backport PR #23301, Upstream PR #23140, @fengshunli)
* chore(deps): update base-images (v1.12) (#22567, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.9 docker digest to 00d6368 (v1.12) (#22827, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.9 docker digest to 00d6368 (v1.12) (#23142, @renovate[bot])
* ci, github: Fix IPv6 conformance test (Backport PR #23003, Upstream PR #22774, @borkmann)
* contrib: Update PR template for backport (Backport PR #23301, Upstream PR #23058, @sayboras)
* daemon: Do not fail CI runs for already deleted CEP (Backport PR #23306, Upstream PR #22474, @jrajahalme)
* docs: Fix inconsistent node label in egress gateway guide (Backport PR #23301, Upstream PR #23225, @pchaigno)
* docs: Improve IPsec guide (Backport PR #23301, Upstream PR #23135, @pchaigno)
* docs: Improve wording for deny policies limitation (Backport PR #23301, Upstream PR #23095, @joestringer)
* docs: update committer security requirements (Backport PR #23301, Upstream PR #23134, @xmulligan)
* gh: fix indentation bug in ingress workflows (Backport PR #23301, Upstream PR #23195, @julianwiedmann)
* gha: Bump k8s version in kind conformance tests (Backport PR #23054, Upstream PR #22325, @sayboras)
* Improve fqdn events logging management (Backport PR #23260, Upstream PR #22745, @pippolo84)
* IPsec: Refactor `ipSecReplaceState{In,Out}` functions (Backport PR #23301, Upstream PR #23158, @pchaigno)
* iptables: skip reverse IP lookup (Backport PR #23260, Upstream PR #22977, @jibi)
* Make cilium pprof listen address configurable (Backport PR #23094, Upstream PR #22768, @chancez)
* Rate limit "hubble events queue is full" logs (Backport PR #23301, Upstream PR #22864, @lambdanis)
* refactoring of fetching cilium manifests in OKD installation (Backport PR #23301, Upstream PR #22695, @zisisli)
* Update Cilium install guide about EKS aws-node DaemonSet potential connectivity problem on uninstall (Backport PR #23260, Upstream PR #22620, @NikAleksandrov)
* Update CNI to 1.2.0 (#23320, @michi-covalent)
* Update Layer 7 Protocol Visibility Document. (Backport PR #23260, Upstream PR #22807, @obaranov1)
**Other Changes:**
* [v1.12] images: Bump Hubble CLI to v0.11.1 (#23300, @gandro)
* [v1.12] install/kubernetes: make securityContext SELinux options configurable (#23038, @tklauser)
* gha: Pin minikube version used in CI (#23364, @sayboras)
* install: Update image digests for v1.12.5 (#22819, @joestringer)
* update golang to 1.18.10 (#23160, @aanm)
* Upgrade github.com/emicklei/go-restful to v2.16.0 (#23308, @michi-covalent)
* v1.12 backport for Service with no backends (#23034, @julianwiedmann)
* v1.12 backports 2023-01-06 (#22964, @gentoo-root)
## v1.12.5
Summary of Changes
------------------
**Minor Changes:**
* bpf: Implement downgrading path from v3 to v2 backend map (#22416, @YutaroHayakawa)
**Bugfixes:**
* Clear stale CNP status nodes if updates have been disabled (Backport PR #22500, Upstream PR #20366, @pippolo84)
* docs: Update Cilium Sphinx RTD Theme reference (Backport PR #22500, Upstream PR #22321, @kimstacy)
* Fail validate-cnp preflight check if a CiliumClusterwideNetworkPolicy is using an empty toEndpoints/fromEndpoints selector (Backport PR #22500, Upstream PR #21990, @thorn3r)
* Fix bug that could lead to inconsistent pod IP information between agents, sometimes leading to a failure to decrypt IPsec traffic. (Backport PR #22308, Upstream PR #22127, @aanm)
* Fix bug where configuring the API rate limiter options could fail when providing multiple options (Backport PR #22696, Upstream PR #22299, @thorn3r)
* Fix Cilium fatal "Could not create or update CiliumNode resource, despite retries" on environments with `enable-ipv4-egress-gateway` (Backport PR #22308, Upstream PR #22298, @aanm)
* Fix forwarding of the security identity by the DNS proxy which could cause random policy denials (Backport PR #22407, Upstream PR #22361, @aspsk)
* Fix GC of CEPs that were not GCed by kube-apiserver (Backport PR #22308, Upstream PR #22213, @aanm)
* fix: some tofqdn flags not being parsed (Backport PR #22500, Upstream PR #22346, @carloscastrojumo)
* helm: Add relabelings config to ServiceMonitors and re-introduce node label on cilium/hubble metrics (Backport PR #22506, Upstream PR #22297, @chancez)
* Improve garbage collection for FQDNs particularly with high-churn IP names such as Amazon S3. (Backport PR #22730, Upstream PR #22510, @joestringer)
* Prevent cilium operator crash in AWS region with IPv6-only ENIs without subnet filters. (Backport PR #22308, Upstream PR #22075, @bimmlerd)
**CI Changes:**
* .github: Explicitly set build-commits job runner image version and install libtinfo5 (Backport PR #22328, Upstream PR #22315, @chancez)
* .github: fix bpf-checks on ubuntu-latest runner (Backport PR #22328, Upstream PR #22322, @julianwiedmann)
* Fix CODEOWNERS (#22292, @michi-covalent)
**Misc Changes:**
* .github/workflows: split the image tag update in two steps (Backport PR #22260, Upstream PR #22268, @aanm)
* Add automatic creation of Cilium base images (Backport PR #22260, Upstream PR #22179, @aanm)
* bpf: Remove FIB lookup for IPsec (Backport PR #22308, Upstream PR #22069, @pchaigno)
* build(deps): bump actions/setup-go from 3.3.1 to 3.4.0 (#22486, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.4.0 to 3.5.0 (#22715, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1 (#22271, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.32 to 2.1.35 (#22497, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.35 to 2.1.36 (#22632, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.4.0 to 1.5.0 (#22716, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.6.0 to 1.6.1 (#22595, @dependabot[bot])
* chore(deps): update base-images (v1.12) (#22167, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.8 docker digest to 0936e74 (v1.12) (#22198, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.9 docker digest to c492f6b (v1.12) (#22728, @renovate[bot])
* daemon/cmd: Fix error handling for getting proxy port (Backport PR #22500, Upstream PR #22296, @christarazi)
* doc: add section to show how to customize cilium-agent metrics (Backport PR #22308, Upstream PR #22178, @ArthurChiao)
* docs: add instructions to build the base images from external forks (Backport PR #22500, Upstream PR #22304, @aanm)
* docs: clarifications about CNCF maintainer status (Backport PR #22500, Upstream PR #22351, @lizrice)
* docs: Clarify wildcards and subdomains in FQDN policies (Backport PR #22308, Upstream PR #22206, @felfa01)
* docs: describe Cilium Feature Proposals (Backport PR #22500, Upstream PR #22443, @lizrice)
* docs: Fix `kubectl create` output in docs after some deployments have moved from K8s "extensions" to "apps". (Backport PR #22500, Upstream PR #22002, @cleverhu)
* docs: update roadmap for graduation application (Backport PR #22500, Upstream PR #22422, @xmulligan)
* fix 'egressIP' field indentation (Backport PR #22500, Upstream PR #22303, @yulng)
* gha: Pin ubuntu-20.04 for conformance-test-ipv6 (Backport PR #22328, Upstream PR #22324, @sayboras)
* Google Season of Docs is now over so it is removed from the docs (Backport PR #22500, Upstream PR #22442, @xmulligan)
* Include DeleteNetworkInterface in ENI Required Privileges Docs (Backport PR #22500, Upstream PR #20472, @espringsteen)
* k8s: don't consider 4xx a successful interaction (Backport PR #22500, Upstream PR #22393, @bimmlerd)
* mtu, node: fix build on all non-linux platforms (Backport PR #22308, Upstream PR #22232, @tklauser)
* pkg/datapath: return specific error message (Backport PR #22308, Upstream PR #22137, @aanm)
* Update documentation related to metrics; fix incorrect FQDN metrics reference (Backport PR #22308, Upstream PR #22300, @christarazi)
* v1.12: Update Go to 1.18.9 (#22599, @tklauser)
**Other Changes:**
* install: Update image digests for v1.12.4 (#22238, @michi-covalent)
* v1.12: Update k8s versions in tests and vendored libraries (#22581, @tklauser)
## v1.12.4
Summary of Changes
------------------
**Minor Changes:**
* ctmap: add support for GC of DSR orphaned entries (Backport PR #21809, Upstream PR #21626, @jibi)
**Bugfixes:**
* Add missing inner IP header in ICMP error-reply packet (Backport PR #22028, Upstream PR #21234, @nnbu)
* bpf: always track egress gateway connections (Backport PR #21639, Upstream PR #21499, @jibi)
* Fix overlapping/duplicate PodCIDR allocation when nodes are added while operator is down (Backport PR #22028, Upstream PR #21526, @dylandreimerink)
* Fixed CCNP garbage collection (Backport PR #21809, Upstream PR #21394, @zuzzas)
* Fixes a deadlock that can be exposed in high-churn clusters when Pods are deleted rapidly. (Backport PR #21809, Upstream PR #21771, @squeed)
* nodeinit: Move kubelet version check to expected branch (Backport PR #22028, Upstream PR #21772, @dctrwatson)
**Misc Changes:**
* Add a section with distro-specific considerations (Backport PR #22028, Upstream PR #21064, @bmcustodio)
* build(deps): bump actions/cache from 3.0.10 to 3.0.11 (#21723, @dependabot[bot])
* build(deps): bump actions/download-artifact from 3.0.0 to 3.0.1 (#21842, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.3.0 to 3.3.1 (#21789, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.1.0 to 3.1.1 (#21850, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.1.1 to 3.2.0 (#21703, @dependabot[bot])
* build(deps): bump docker/login-action from 2.0.0 to 2.1.0 (#21706, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 2.0.0 to 2.1.0 (#21704, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 2.1.0 to 2.2.1 (#21788, @dependabot[bot])
* build(deps): bump docker/setup-qemu-action from 2.0.0 to 2.1.0 (#21705, @dependabot[bot])
* build(deps): bump dorny/paths-filter from 2.10.2 to 2.11.0 (#21707, @dependabot[bot])
* build(deps): bump dorny/paths-filter from 2.11.0 to 2.11.1 (#21724, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.27 to 2.1.28 (#21790, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.28 to 2.1.29 (#21893, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.29 to 2.1.30 (#21974, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.30 to 2.1.31 (#22050, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.31 to 2.1.32 (#22166, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.2.0 to 3.3.0 (#21843, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 (#22136, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.5 to 1.6.0 (#21868, @dependabot[bot])
* build(deps): bump library/alpine from `bc41182` to `65a2763` in /images/cache (#22113, @dependabot[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.16.2 (v1.12) (#22105, @renovate[bot])
* chore(deps): update docker.io/library/alpine docker tag to v3.16.3 (v1.12) (#22142, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.7 docker digest to 1542419 (v1.12) (#22102, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.8 docker digest to 1cbe009 (v1.12) (#22189, @renovate[bot])
* chore(deps): update docker.io/library/golang:1.18.8 docker digest to 6e3764d (v1.12) (#22169, @renovate[bot])
* chore(deps): update docker.io/library/ubuntu:20.04 docker digest to 450e066 (v1.12) (#22104, @renovate[bot])
* chore(deps): update module go to 1.18 (v1.12) (#22122, @renovate[bot])
* Clarify in documentation that Azure CNI chaining is different from Azure CNI powered by Cilium. (Backport PR #22028, Upstream PR #21897, @wedaly)
* docs: Fix 'interface' field indentation (Backport PR #21809, Upstream PR #21798, @lou-lan)
* docs: Remove `autoDirectNodeRoutes` where not needed (Backport PR #22028, Upstream PR #21831, @pchaigno)
* Docs: Remove `RUNTIME=docker` option in dev_setup, given that K8s 1.24+ no longer supports it (options: containerd (default), crio). (Backport PR #22028, Upstream PR #21940, @Shunpoco)
* docs: Update k8s NetworkPolicy descriptions (Backport PR #21809, Upstream PR #21670, @joestringer)
* Fix incorrect env var name used in docs for Helm installation on Rancher Desktop (Backport PR #22028, Upstream PR #21835, @ehausig)
* k8s: optimize API calls made to kube-apiserver (Backport PR #21809, Upstream PR #21088, @aanm)
* Remove unused sections for bpf_lxc from nodeport.h (Backport PR #22028, Upstream PR #21505, @alexkats)
* v1.12: Update Go to 1.18.7 (#21592, @tklauser)
* v1.12: Update Go to 1.18.8 (#22026, @tklauser)
**Other Changes:**
* bpf: nat: fix indentation (#21807, @jibi)
* images: update cilium-{runtime,builder} (#22194, @michi-covalent)
* install: Update image digests for v1.12.3 (#21767, @qmonnet)
## v1.12.3
Summary of Changes
------------------
**Minor Changes:**
* bpf: Add missing identity to `TRACE_TO_STACK` packet traces (Backport PR #21466, Upstream PR #21403, @pchaigno)
**Bugfixes:**
* bugtool: Fix pprof default ports (Backport PR #21631, Upstream PR #21497, @pippolo84)
* daemon: avoid nil pointer dereference on invalid endpoint state (Backport PR #21466, Upstream PR #21449, @tklauser)
* daemon: Fix a nil dereference on cleanup when DNS proxy is not enabled (Backport PR #21466, Upstream PR #21365, @joamaki)
* Fix agent deadlock caused by frequent kube-apiserver IP recycling (Backport PR #21637, Upstream PR #21629, @joestringer)
* Fix bug that can cause some traffic covered by an L7 policy to be dropped when IPsec is enabled on EKS. (Backport PR #21646, Upstream PR #21595, @pchaigno)
* Fixes cilium startup on certain AWS-VPC clusters. (Backport PR #21631, Upstream PR #21444, @squeed)
* ipcache: Fix metadata access from CIDR allocation (Backport PR #21637, Upstream PR #21565, @joestringer)
* Remove no more available dockershim flags in kubelet wrapper (Backport PR #21466, Upstream PR #21311, @pippolo84)
**CI Changes:**
* Remove Slack notifications (Backport PR #21466, Upstream PR #21239, @michi-covalent)
* test: fix up the number of pods in DemoDaemonSet (Backport PR #21631, Upstream PR #21588, @julianwiedmann)
**Misc Changes:**
* alibabacloud: fix incorrect instance-type reported by cilium-agent (Backport PR #21631, Upstream PR #21495, @ArthurChiao)
* bugtool: Dump envoy config for troubleshooting (Backport PR #21466, Upstream PR #21348, @sayboras)
* build(deps): bump 8398a7/action-slack from 3.13.2 to 3.14.0 (#21443, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.8 to 3.0.10 (#21558, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.2 to 3.1.0 (#21574, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.22 to 2.1.24 (#21342, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.24 to 2.1.25 (#21398, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.25 to 2.1.26 (#21514, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.26 to 2.1.27 (#21625, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.3.0 to 1.4.0 (#21428, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.4 to 1.5.5 (#21427, @dependabot[bot])
* cmd/bpf: Log if no policy maps found (Backport PR #21466, Upstream PR #21429, @aditighag)
* contrib: avoid reviews from non-collaborators (Backport PR #21631, Upstream PR #21577, @bimmlerd)
* docs: Clarify KPR requirements for Kind (Backport PR #21466, Upstream PR #20749, @brb)
* Fix a typo in the comment example (Backport PR #21466, Upstream PR #21402, @farcaller)
* Fix grpc-ingress.yaml path in Service Mesh docs (Backport PR #21646, Upstream PR #21601, @pippolo84)
* helm: Fix post-start and pre-stop hooks for cilium-nodeinit on Ubuntu EKS images (Backport PR #21466, Upstream PR #20979, @dctrwatson)
* helm: Quote all the image fields. (Backport PR #21631, Upstream PR #21463, @michi-covalent)
* images: update cilium-{runtime,builder} (#21666, @qmonnet)
* ipcache: Release metadata mutex in loop error condition (Backport PR #21637, Upstream PR #21653, @joestringer)
* ipcache: Remove unsafe ipc.metadata.get (Backport PR #21646, Upstream PR #21608, @gandro)
* ipsec: Fix slightly incorrect assumption in XFRM IN policies (Backport PR #21646, Upstream PR #21621, @pchaigno)
* ipsec: Refactoring around `UpsertIPsecEndpoint` (Backport PR #21631, Upstream PR #21461, @pchaigno)
* ipsec: Simplify XFRM FWD policies (Backport PR #21646, Upstream PR #21602, @pchaigno)
* ipsec: Simplify XFRM IN policies (Backport PR #21466, Upstream PR #21370, @pchaigno)
* makefile: use versioned Go container when formatting after api generate. (Backport PR #21466, Upstream PR #21254, @tommyp1ckles)
* Reference datapath metrics in feature and troubleshooting guides (Backport PR #21631, Upstream PR #20520, @aditighag)
* Remove references to node encryption (Backport PR #21466, Upstream PR #21333, @pchaigno)
**Other Changes:**
* Aspsk/backports to v1.12 (#21474, @aspsk)
* install: Update image digests for v1.12.2 (#21310, @nebril)
* remove duplication of eCHO episodes (#21587, @kranurag7)
* test: node: use Eventually() to check CiliumNode labels (#21353, @jibi)
## v1.12.2
Summary of Changes
------------------
**Minor Changes:**
* Added `hubble.ui.frontend.server.ipv6.enabled` helm flag to control nginx server ipv6 listener (Backport PR #21225, Upstream PR #21127, @geakstr)
* dnsproxy: stop serving DNS traffic before agent shutdown (Backport PR #21225, Upstream PR #20795, @nebril)
* ingress: Propagate required annotations from Ingress to LB Service (Backport PR #21227, Upstream PR #20860, @NikhilSharmaWe)
* ingress: Rename LB annotation to annotation prefixes (Backport PR #21227, Upstream PR #21222, @sayboras)
* install: add TerminationMessagePolicy to cilium pods (Backport PR #21292, Upstream PR #21012, @squeed)
* put stderr of iptables command into error instead of merging into stdout (Backport PR #21053, Upstream PR #20895, @liuyuan10)
* Support configuring metricsRelabelings on ServiceMonitors (Backport PR #21225, Upstream PR #21051, @chancez)
**Bugfixes:**
* Cilium-envoy now sets option to allow (source) port reuse when binding to a source address of a pod for upstream connections. (Backport PR #21292, Upstream PR #20996, @jrajahalme)
* clustermesh-apiserver: fix key name for delete during k8s->kvstore sync (Backport PR #21122, Upstream PR #21078, @tklauser)
* datapath: allow local NodePort traffic for `eni+` container interfaces with CNI chaining (Backport PR #21225, Upstream PR #21126, @ti-mo)
* Do not enable health checks if only Terminating backends are present on a Node which is selected by a Service with `externalTrafficPolicy: Local` Service (Backport PR #21122, Upstream PR #21062, @zuzzas)
* Ensure that the DNS proxy picks a new port if the previously-used port is unavailable. (Backport PR #21225, Upstream PR #20896, @NikhilSharmaWe)
* Fix conflicting routes for multiple ENIs in IPAM mode (Backport PR #21225, Upstream PR #20112, @recollir)
* Fix identity garbage collection in clustermesh environments (#20932, @aanm)
* Fix node label synchronization in the KVStore when IPSec configuration changes (Backport PR #21122, Upstream PR #21087, @aanm)
* Fix panic during Cilium initialization when a NetworkPolicy with a named-port selected an pod running on that node. (Backport PR #21053, Upstream PR #20911, @aanm)
* Fix Wireguard connectivity issues when using kvstore mode (Backport PR #21225, Upstream PR #21080, @aanm)
* Fixes typos in enabling fqdn_semaphore_rejected_total metric (Backport PR #20940, Upstream PR #20893, @rahulkjoshi)
* For configurations with Egress Gateway and Direct-Routing, avoid recreating the cilium_vxlan interface on every restart. (Backport PR #21122, Upstream PR #20780, @julianwiedmann)
* helm: Add check for apparmor annotations (Backport PR #21122, Upstream PR #21008, @sayboras)
* ipsec: Fix incorrect parsing of SPI from mark (Backport PR #20940, Upstream PR #20900, @pchaigno)
* k8s/watchers: fix panic in CiliumEndpoint labels update (Backport PR #21053, Upstream PR #20865, @jaffcheng)
* kvstore/allocator: fix panic on receiving invalid identity entries (Backport PR #21292, Upstream PR #21213, @ArthurChiao)
* metrics: fix ts_events API timestamp only emitting zero and unbounded scope label cardinality issue. (Backport PR #21053, Upstream PR #20977, @tommyp1ckles)
* operator: do not GC kvstore nodes if CiliumNodes are not available (Backport PR #21225, Upstream PR #21133, @aanm)
* operator: update CiliumNode in kvstore without lease (Backport PR #21225, Upstream PR #21202, @tklauser)
* pkg/k8s/watcher: fix deadlock crash that occurs when handling endpoint and service updates. (Backport PR #21225, Upstream PR #21093, @tommyp1ckles)
* v1.12: operator: fix key name for delete during k8s->kvstore sync (#20984, @tklauser)
* When systemd-sysctl sets the rp_filter sysctl, tolerate missing lxc_* / cilium_* interfaces. (Backport PR #21225, Upstream PR #21146, @julianwiedmann)
**CI Changes:**
* [v1.12] vagrant: Bump 4.9 Vagrant box (Linux 4.9.326, to fix a kernel bug) (#21260, @tklauser)
* backport v1.12: test: Switch Kind image (#20918, @brb)
* gh/workflows: stop using ubuntu-18.04 runner (Backport PR #21053, Upstream PR #21015, @julianwiedmann)
* k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (Backport PR #21225, Upstream PR #21220, @tommyp1ckles)
* k8s: fix test flake in TestGenerateToCIDRFromEndpoint. (Backport PR #21292, Upstream PR #21220, @tommyp1ckles)
* Update wrk2 repository (#21157, @michi-covalent)
**Misc Changes:**
* Add ArgoCD issues notes in the official documentation (Backport PR #21053, Upstream PR #20313, @Kikiodazie)
* add kvstore TTL flag in cilium-operator (Backport PR #21122, Upstream PR #21006, @NikhilSharmaWe)
* build(deps): bump 8398a7/action-slack from 3.13.0 to 3.13.2 (#21035, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.7 to 3.0.8 (#21029, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.2.1 to 3.3.0 (#21048, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.18 to 2.1.19 (#20989, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.19 to 2.1.20 (#21030, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.20 to 2.1.21 (#21092, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.21 to 2.1.22 (#21173, @dependabot[bot])
* Change message for the status of the policy enforcement in CEPs to be more accurate. (Backport PR #21122, Upstream PR #21003, @aanm)
* Coalesce of health endpoint CIDRs (Backport PR #21225, Upstream PR #20848, @dezmodue)
* docs(bandwidth-manager): add note on per-pod limits (Backport PR #20940, Upstream PR #20916, @raphink)
* docs: Add available options for Ingress Controller annotations (Backport PR #21053, Upstream PR #20973, @NikhilSharmaWe)
* docs: Added `Default` column in metrics details (Backport PR #20940, Upstream PR #20255, @kanurag94)
* docs: fix check-crd-compat-table script (Backport PR #21292, Upstream PR #21208, @aanm)
* docs: second set of video contents added (Backport PR #21053, Upstream PR #20623, @Kikiodazie)
* docs: Switch to our own fork of sphinxcontrib-openapi (Backport PR #20940, Upstream PR #20868, @qmonnet)
* docs: Update ToServices docs section (Backport PR #21122, Upstream PR #21052, @joestringer)
* Document existing FQDN metrics (Backport PR #20940, Upstream PR #20516, @christarazi)
* Document per-endpoint route requirement in aws-cni Helm snippet (Backport PR #21292, Upstream PR #21276, @ti-mo)
* EgressGW: make logging less verbose (Backport PR #21225, Upstream PR #21115, @julianwiedmann)
* Expand documentation around CODEOWNERS and review expectations (Backport PR #21292, Upstream PR #21057, @joestringer)
* filter out pod labels from synchronizing with cilium endpoint labels (Backport PR #21225, Upstream PR #21135, @NikhilSharmaWe)
* Highlight Non-Overlapping Functionality Between K8s and Cilium Network Policies (Backport PR #21122, Upstream PR #21001, @nathanjsweet)
* Improve CRD schema update automation during release process (Backport PR #20940, Upstream PR #20875, @joestringer)
* kubectl get cep returns empty columns of policies statuses (Backport PR #20940, Upstream PR #20548, @romanspb80)
* metallb: bump to latest metallb version (Backport PR #21225, Upstream PR #21131, @ldelossa)
* pkg/bgpv1/annotations: Optimize annotations Errors (Backport PR #21225, Upstream PR #20819, @MikeLing)
* pkg/nodediscovery: protect variable against concurrent access (Backport PR #21122, Upstream PR #21086, @aanm)
* Spring cleaning for the contributor guide (Backport PR #21122, Upstream PR #21056, @joestringer)
* test: update k8s versions to the latest patched releases (#21102, @aanm)
* Use pod Deployment name as workload name for flow workload field (Backport PR #21225, Upstream PR #21124, @chancez)
* v1.12: Update Go to 1.18.6 (#21228, @tklauser)
**Other Changes:**
* install: Update image digests for v1.12.1 (#20928, @joestringer)
## v1.12.1
Summary of Changes
------------------
**Minor Changes:**
* envoy: Bump envoy version to 1.21.5 (Backport PR #20851, Upstream PR #20771, @sayboras)
* fqdn/metrics: Fix ProxyUpstreamTime error=timeout (Backport PR #20851, Upstream PR #20752, @joestringer)
* ingress: add websockets configuration (Backport PR #20867, Upstream PR #20814, @nikhiljha)
* Remove check on intSlice type from config map validation (Backport PR #20851, Upstream PR #20638, @pippolo84)
* Remove IPVLAN support following the deprecation in v1.11. (Backport PR #20656, Upstream PR #20453, @pchaigno)
**Bugfixes:**
* Add EndpointSlice support for clustermesh-apiserver (Backport PR #20851, Upstream PR #20697, @YutaroHayakawa)
* bpf: Add send_trace_notify hook for redirect_direct_{v4,v6} (Backport PR #20851, Upstream PR #20479, @qmonnet)
* Ensure that Cilium CNI in delegated-plugin IPAM mode avoids leaking IPs even when the network namespace has been deleted. (Backport PR #20851, Upstream PR #20630, @wedaly)
* Fix bug where Cilium would crash on startup with an error about being unable to delete iptables rules. (Backport PR #20890, Upstream PR #20885, @jibi)
* Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #20851, Upstream PR #20721, @joestringer)
* Fix ineffective post-start hook in ENI mode (Backport PR #20851, Upstream PR #20741, @bmcustodio)
* fix k8s latency metrics label cardinality (Backport PR #20851, Upstream PR #20831, @aanm)
* Fix parsing of string map command line options when more than one separator is present. (Backport PR #20851, Upstream PR #20673, @tklauser)
* Fix regression with cilium-health-probe controller in IPv6-only clusters (Backport PR #20867, Upstream PR #20849, @aanm)
* helm: Guard apply sysctl init container (Backport PR #20851, Upstream PR #20643, @sayboras)
* helm: Set KPR default to "disabled" for >= 1.12 (Backport PR #20851, Upstream PR #20610, @brb)
* Helm: Use the correct operator.dnsPolicy value for the operator deployment template (Backport PR #20867, Upstream PR #20844, @michi-covalent)
* ipcache/kvstore: fix panic when processing ip=<nil> entries (Backport PR #20867, Upstream PR #20706, @ArthurChiao)
* iptables: handle case where kernel IPv6 support is disabled (Backport PR #20851, Upstream PR #20680, @jibi)
* Optimize Eni update latency after new eni created (Backport PR #20851, Upstream PR #20609, @wu0407)
**CI Changes:**
* CI: Enable IPv6 in the L4LB suite (Backport PR #20867, Upstream PR #20821, @brb)
* ci: fix code changes detection on `push` events (Backport PR #20851, Upstream PR #20685, @nbusseneau)
* ci: pick up cilium-cli v0.12.0 for master, v1.11 and v1.12 workflows (Backport PR #20851, Upstream PR #20617, @tklauser)
**Misc Changes:**
* build(deps): bump actions/cache from 3.0.5 to 3.0.6 (#20806, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.6 to 3.0.7 (#20873, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 (#20590, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#20804, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (#20710, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (#20785, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.3 to 1.5.4 (#20578, @dependabot[bot])
* build(deps): bump library/alpine from 3.16.0 to 3.16.1 in /images/cache (#20588, @dependabot[bot])
* build(deps): bump library/alpine from 3.16.1 to 3.16.2 in /images/cache (#20857, @dependabot[bot])
* CHANGELOG: fix v1.12.0 changelog (#20696, @aanm)
* cilium-cni: don't set interface link up twice (Backport PR #20851, Upstream PR #20674, @tklauser)
* clean up IPVLAN leftover code in setupBaseDevice() (Backport PR #20867, Upstream PR #20608, @vincentmli)
* Consider `$GO` environment variable `make precheck` checks (Backport PR #20851, Upstream PR #20750, @tklauser)
* contrib: Add CRD generation to release process (Backport PR #20656, Upstream PR #20564, @joestringer)
* daemon: Improve dnsproxy error when EP not found (Backport PR #20656, Upstream PR #20649, @joestringer)
* doc: clarify CentOS 7 third-part kernel upgrade and Cilium advance features kernel config requirements (Backport PR #20851, Upstream PR #20605, @vincentmli)
* docs: Add required ec2:DescribeInstances when instance-tags-filter is used (Backport PR #20851, Upstream PR #20703, @lht)
* docs: Clarify identity table for reserved identities (Backport PR #20867, Upstream PR #20832, @joestringer)
* docs: correct IPAM mode name in BGP control plane installation docs (Backport PR #20851, Upstream PR #20758, @tklauser)
* docs: Update clustermesh troubleshooting with more details (Backport PR #20851, Upstream PR #20260, @sayboras)
* docs: update etcd kvstore migration instructions (Backport PR #20656, Upstream PR #20624, @hhoover)
* docs: Update Helm values (Backport PR #20851, Upstream PR #20716, @qmonnet)
* docs: update the version specific notes table for v1.12 release (Backport PR #20851, Upstream PR #20669, @tklauser)
* Fix `subnet_id` label value being empty in IP allocation and interface creation in ENI IPAM metrics (Backport PR #20851, Upstream PR #20449, @wu0407)
* Fix complaint about nil IP address on restore of cilium_host (Backport PR #20867, Upstream PR #20734, @christarazi)
* hubble-ui: release v0.9.1 (Backport PR #20851, Upstream PR #20572, @geakstr)
* ipcache: Fix lock leak (Backport PR #20851, Upstream PR #20833, @joestringer)
* maglev: Don't populate v4 inner table upon nat46 service (Backport PR #20851, Upstream PR #20648, @borkmann)
* pkg/k8s: set the right IP addresses in log messages (Backport PR #20851, Upstream PR #20757, @aanm)
* Reduce the vtep route log noise and avoid cilium_vtep_map symbol substitution warning log (Backport PR #20656, Upstream PR #20532, @vincentmli)
* Remove completed items from Service Mesh Roadmap (Backport PR #20656, Upstream PR #20635, @margamanterola)
* Revert "Revert "doc: update the api spec for fqdn egress policies cod… (Backport PR #20851, Upstream PR #20744, @aanm)
* v1.12: Update Go to 1.18.5 (#20746, @tklauser)
* vtep skip symbol substituation cilium_vtep_map (Backport PR #20656, Upstream PR #20589, @vincentmli)
**Other Changes:**
* install: Update image digests for v1.12.0 (#20581, @aanm)
## v1.12.0
Summary of Changes
------------------
**Major Changes:**
* Add cilium ingress controller implementation (#18867, @sayboras)
* Add integration for external VXLAN Tunnel Endpoint devices (#17370, @vincentmli)
* Add support for CiliumEnvoyConfig CRD. (#18894, @michi-covalent)
* Add support for enabling BBR congestion control for Pods, and move bandwidth manager out of beta. (#19287, @borkmann)
* Add support for Kubernetes v1.24.0 (#19545, @aanm)
* Adding support for AWS ENI prefix delegation - IPv4 Only (#18463, @hemanthmalla)
* Cilium: initial NAT46/64 implementation (#18779, @borkmann)
* Delegated IPAM plugin (#19219, @wedaly)
* Enables ICMP network policy function by default (#20174, @chez-shanpu)
* Implementation of a GoBGP backed BGP control plane. (#18860, @ldelossa)
* Promote egress gateway to stable (#19320, @jibi)
* Support dynamic allocation of pod CIDRs in cluster pool v2 IPAM mode (#18887, @gandro)
* Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. (#18814, @aditighag)
**Minor Changes:**
* add an option to wait for kube-proxy (Backport PR #20563, Upstream PR #20517, @michi-covalent)
* Add emptyDir volume for frontend container of hubble-ui (#20027, @mkilchhofer)
* Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR #20534, Upstream PR #20491, @rahulkjoshi)
* Add Prometheus gRPC metrics for hubble and hubble-relay (Backport PR #20519, Upstream PR #20376, @chancez)
* Add source filter for the cilium fqdn cache list command (#19980, @ungureanuvladvictor)
* Add support for aws-cni chaining in IPv6 EKS clusters (#18522, @mKeRix)
* Add support for disabling ENI PD at node level (Backport PR #20401, Upstream PR #20308, @hemanthmalla)
* Add support for getting earliest events from Observer API (#19819, @chancez)
* Add support for L7 policies with VTEP integration (#19473, @vincentmli)
* Add support to opt-in for using ENI's primary IP for allocations (#20050, @hemanthmalla)
* Add unreachable route for pod IP on deletion (#18505, @lbernail)
* Align values.yaml with templates (#17243, @dungdm93)
* Allow unloading DNS policy rules on graceful shutdown (#18701, @tklauser)
* api,cli: add identity range in status response & cli output (#18152, @ArthurChiao)
* api: Add cni chaining status in status API. (#18345, @sayboras)
* AWS EC2 Instance tag filter (#19181, @prune998)
* aws: Add ability to mark ENIs as unmanaged (#19096, @gandro)
* bgp: Check the Condition.Ready field when adding ready endpoints (#20176, @ysksuzuki)
* bpf, Hubble: Add `is_reply` information (when available) at the `TO_OVERLAY` observability point (#19185, @qmonnet)
* CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key. (Backport PR #20534, Upstream PR #20458, @jrajahalme)
* Change default prometheus ports to new reserved Cilium ports (#20156, @knfoo)
* Cilium Istio integration is updated to Istio release 1.10.6 (Backport PR #20519, Upstream PR #18384, @jrajahalme)
* cli/metrics: Sort label in metrics list command (#18455, @sayboras)
* clustermesh: Add support for service-affinity (#19521, @sayboras)
* clustermesh: added new command-line options k8s-kubeconfig-path and clustermesh-health-port (#18803, @abocim)
* daemon: add support for IPv6 native routing CIDR (#17332, @jibi)
* daemon: Don't auto disable session affinity (Backport PR #20519, Upstream PR #16179, @brb)
* daemon: Rename host-reachable services to socket LB (Backport PR #20534, Upstream PR #20369, @brb)
* daemon: Split --bpf-lb-map-max into multiple options (#19326, @koncha99)
* daemon: Support the wildcard option for directRoutingDevice (#17930, @ysksuzuki)
* datapath: make tc filter priority configurable (#18896, @intel-dlanders)
* datapath: Remove !CONNTRACK (#18502, @brb)
* datapath: Remove !CONNTRACK (v2) (#18551, @brb)
* docs: Update alibabacloud RAM permission requirements (#19077, @jaffcheng)
* Dynamic Per Resource Timeouts (#19991, @tommyp1ckles)
* egressgw: emit a warning rather than a fatal error when L7 proxy is enabled (#19608, @jibi)
* Enable VTEP integration dynamic ARP resolution for Cilium-managed pod (#18758, @vincentmli)
* Envoy upstream connections no longer use the original source address for any destination associated with a CIDR or toFQDNs policy. (#19255, @jrajahalme)
* feat(helm): allow to set Hubble Relay and UI service type and nodePort (#19450, @raphink)
* Fix an issue where PodDisruptionBudgets were not created by the Helm chart (#18317, @lic17)
* helm: Add bpf-root configuration value in helms (#18335, @sayboras)
* helm: add description for some Helm values (#19658, @my-git9)
* helm: Create cilium IngressClass (#19524, @sayboras)
* helm: Move tls related helm option to 1.12 in upgrade docs (#19089, @sayboras)
* helm: Remove duplicated key hostAliases (Backport PR #20333, Upstream PR #20278, @sayboras)
* helm: Set Linux nodeSelector for nodeinit and preflight (Backport PR #20333, Upstream PR #20216, @gandro)
* helm: support lookup remote CA (#17434, @dungdm93)
* helm: Upgrade certgen to the latest version v0.1.8 (#18607, @sayboras)
* hubble: Add "flows-to-world" metric to monitor policy decisions on traffic that reaches outside the cluster. (#17790, @michi-covalent)
* Improve policy import performance, particularly with CIDR policies (#18433, @joestringer)
* Improve verbosity of drop notification messages. (Backport PR #20519, Upstream PR #20387, @aspsk)
* In the case of recovering the services, cilium will not fail directly on the first service recovery error but will try to recover other services. (#18422, @chowmean)
* ingress: Add SocketOptions configuration (#19549, @sayboras)
* ingress: Avoid plain text TLS secret in CEC (#19410, @sayboras)
* ingress: Fix conformance tests for host-rules and path-rule (#19321, @sayboras)
* ingress: Set max stream duration as 0 (#19550, @sayboras)
* install/kubernetes: Add CAP_IPC_LOCK for mmap (#19812, @sayboras)
* install: add tolerations for the certgen cronjob (#18019, @wolffberg)
* Introduce a new CRD (CiliumEgressGatewayPolicy) for Egress Gateway configuration. Deprecate the previous CRD (CiliumEgressNATPolicy). (#19561, @julianwiedmann)
* k8s/crds: Allow ingress entity in CNP (Backport PR #20563, Upstream PR #20536, @sayboras)
* Making operator aware of pending pod backlog on nodes for IP allocations (#19007, @hemanthmalla)
* Move the BGP Control Plane to utilize CiliumNode objects. This enable support for IPAM driven PodCIDR announcements. (#19872, @ldelossa)
* Prefers k8s node IP when picking masquerading IPs (#16849, @liuyuan10)
* proxy: Add proxy common http options arguments to agent (#19138, @jmcshane)
* Remove privileged mode in Cilium's DaemonSet (#14446, @aanm)
* Rename bpf.hostRouting to bpf.hostLegacyRouting in ciliumconfig (#19064, @chenk008)
* Runtime device detection (#17460, @joamaki)
* Update cilium agent Grafana dashboard to filter by pod (Backport PR #20333, Upstream PR #20307, @ungureanuvladvictor)
* Update to CNI spec version 1.0.0 (#19719, @tklauser)
* Use direct routing device only when tunneling is disabled and BPF Host Routing or NodePort are enabled. (#18815, @YutaroHayakawa)
* vtep: VTEP map implementation to improve VTEP integration feature (#18824, @vincentmli)
**Bugfixes:**
* `node-init` now takes `enableIPv4Masquerade` into account on GKE. (Backport PR #20519, Upstream PR #19533, @bmcustodio)
* Add/Fix traces for the packets received from the network in IPSec + native routing. (#18704, @YutaroHayakawa)
* Additional FQDN selector identity tracking fixes (Backport PR #17988, Upstream PR #17788, @joestringer)
* alibabacloud: Fix derived VPC CIDR block (#19056, @jaffcheng)
* allocator: fix out-of-valid-range identities being allocated (#18151, @ArthurChiao)
* bgpv1: Use IP address used for peering as a nexthop (#19402, @YutaroHayakawa)
* bpf: Don't emit policy verdict post-L7 (Backport PR #20401, Upstream PR #20245, @joestringer)
* bpf: Provision HostPort also for case of Maglev (Backport PR #20401, Upstream PR #20379, @borkmann)
* bug: Fixed a rare CiliumIdentity race deletion. (Backport PR #20333, Upstream PR #19936, @nathanjsweet)
* cilium: Fix node mismatch endpoint restoration bug when the CiliumEndPoint CRD is disabled. (#19040, @zhanghe9702)
* contrib: Fix passing ipFamily to kind.sh (#19707, @brb)
* daemon, option: Fix vlan bpf bypass ids loading (Backport PR #20401, Upstream PR #20282, @pippolo84)
* daemon: Fix issue where stale router IPs were not cleaned up (Backport PR #20519, Upstream PR #20389, @gandro)
* datapath: Fix IPv6 DSR (#18713, @brb)
* datapath: Fix missing monitor events for NodePort BPF traffic when monitor-aggregation set to > none (#18454, @brb)
* endpoint: Fix packets to host dropped with the chaining mode and host firewall (#19734, @ysksuzuki)
* Envoy version checking is now disabled whenever L7 proxy is disabled too (Backport PR #20519, Upstream PR #20440, @bmcustodio)
* Fix a bug where agent would log warnings such as "JoinEP: Failed to load program" in legitimate cases where endpoints are getting deleted. (#18216, @aditighag)
* Fix agent crash when IPv6 is partially disabled in the host kernel. (#18716, @pchaigno)
* Fix blackhole route error when cleanup (#20042, @soulseen)
* Fix config map options validation (Backport PR #20401, Upstream PR #20304, @pippolo84)
* Fix drop of large packets redirected through an egress gateway node when running in native routing mode. (Backport PR #20401, Upstream PR #20269, @pchaigno)
* Fix error propagation in bpf_lxc (#20144, @DolceTriade)
* fix identity gc to return correct max/min id (Backport PR #20401, Upstream PR #20361, @dkhachyan)
* Fix mtu setting for tunnel interface in init.sh (Backport PR #20563, Upstream PR #20552, @ChengyuanLiCY)
* Fix the bugs when empty CiliumEndpointSlices were created and leaked. (Backport PR #20519, Upstream PR #20251, @alan-kut)
* Fixed PodCIDR announcement being overwritten by SVC announcement (Backport PR #20519, Upstream PR #20413, @dylandreimerink)
* Fixed removal of stale bpf_netdev tc filters for interfaces with a dot in the name (#18344, @stek29)
* Fixes a bug in the BGP control plane which causes the wrong BGP virtual servers to be selected for reconciliation or removal (#19659, @ldelossa)
* helm: Fix cluster-id arguments in clustermesh deployment (Backport PR #20333, Upstream PR #20312, @sayboras)
* helm: Fix Hubble Service when ServiceMonitor is being used (#19220, @juissi-t)
* helm: Fix invalid type for Certificate spec.ipAddresses (#19211, @superbrothers)
* helm: Relax hubble ui image versions validation (#20039, @sayboras)
* hubble/parser/threefour: check (*Parser).linkGetter before accessing it (Backport PR #20519, Upstream PR #20446, @tklauser)
* ipsec: fix stale keys reclaim logic (Backport PR #20401, Upstream PR #19932, @jibi)
* ipsec: set interface ID different from 0 (#18789, @tormath1)
* makefile: fix unstripped docker images build (#18339, @zhanghe9702)
* nodediscovery: make LocalNode return a deep copy of localNode (Backport PR #20401, Upstream PR #20392, @jibi)
* Only apply XDP acceleration for IPv6 Nodeport when enabled (with --bpf-lb-acceleration=native). (#19534, @julianwiedmann)
* pkg/k8s/version: Also set EndpointSlice when forcing version (Backport PR #20534, Upstream PR #20383, @joamaki)
* Restore patch in ciliumnetworkpolicies/status ClusterRole (Backport PR #20401, Upstream PR #20373, @pippolo84)
* Revert "pkg/endpoint: Pass endpoint alive context to regeneration tasks" (#18253, @aditighag)
* Revert Prometheus client to fix 'cilium metrics list' (#19496, @ti-mo)
* vtep: fix pod src identity in send_trace_notify (Backport PR #20534, Upstream PR #19434, @vincentmli)
**CI Changes:**
* .github/workflow: revert cilium-cli changes in stable workflows (#19582, @aanm)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.5 (#19897, @tklauser)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.6 (#19935, @tklauser)
* .github/workflows: do not use pre-defined image digests (#19575, @aanm)
* .github/workflows: fix hubble installation using cilium-cli (#19568, @aanm)
* .github/workflows: install the right helm chart version for stable branches (#19609, @aanm)
* .github: Change cilium-cleanup order in workflows (#19163, @jtaleric)
* .github: Disable EKS encryption tests (#18090, @joestringer)
* .github: Exclude Runtime CI job from flake tracker (#19095, @pchaigno)
* .travis: Disable race build on master (#19773, @pchaigno)
* Add missing VTEP complexity tests (#19539, @vincentmli)
* Add support for tparse in go test targets (#20032, @joestringer)
* bpf/test: Fix incorrect macro definition (#18660, @pchaigno)
* bpf: Cover native routing CIDR check in compile tests (#18702, @pchaigno)
* bpf: Reenable features disabled because of complexity issues (#19938, @pchaigno)
* build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#19971, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.2 to 1.1.3 (#18930, @dependabot[bot])
* Change all IP address that are using Oranges IP range to RFC1918 address space (#17741, @duttaANI)
* checkpatch: Update image for "checkpatch" target, reuse target in CI (#19805, @qmonnet)
* checkpatch: update to lastest image to fix off-by-one index in commit list (#18270, @tklauser)
* ci, images: update all quay.io/cilium/* images (#18299, @tklauser)
* ci-l4lb: Check out stable branch (#19905, @michi-covalent)
* CI: add CIFuzz integration (#18034, @DavidKorczynski)
* ci: Bump cyclonus to v0.4.7 (#18747, @joamaki)
* ci: collect sysdump as a separate workflow in L4LB tests (#18380, @oblazek)
* ci: create a new subnetwork for each new GKE cluster (#18821, @nbusseneau)
* ci: disable failing test on net-next (#18520) (#18544, @nbusseneau)
* ci: disable WireGuard testing in multicluster workflow (#18700, @nbusseneau)
* CI: Enable IPv6 tests on KIND (#18845, @brb)
* ci: fix documentation workflow (#20025, @nbusseneau)
* ci: fix missing sysdump as separate workflow in L4LB tests for stable branches (#18428, @oblazek)
* ci: fix quotes in backport workflows (#18268, @nebril)
* ci: Increase retention for release image CI artifacts to 10 days (#20141, @michi-covalent)
* CI: merge NAT46x64 and L4LB GH actions (#19288, @brb)
* ci: pick up cilium-cli v0.11.10 for master, v1.11 and v1.12 workflows (Backport PR #20401, Upstream PR #20360, @tklauser)
* ci: pick up cilium-cli v0.11.11 for master, v1.11 and v1.12 workflows (Backport PR #20519, Upstream PR #20420, @tklauser)
* ci: pick up cilium-cli v0.11.9 for master/v1.11 workflows (#20234, @tklauser)
* CI: run K8sServices on KIND (#18812, @brb)
* ci: set Cilium base version to v1.10.12 in v1.10 conformance tests (#19946, @tklauser)
* ci: update cilium-cli to v0.10.0 (#18207, @tklauser)
* ci: update cilium-cli to v0.10.1 (#18575, @sayboras)
* ci: update cilium-cli to v0.10.3 (#18820, @tklauser)
* ci: update cilium-cli to v0.10.4 (#18933, @tklauser)
* ci: update master workflows to cilium-cli v0.11.4 (#19665, @tklauser)
* ci: Update Uninstall Command For Cilium CLI (#19679, @nathanjsweet)
* cilium/cmd, test/runtime: convert test loading invalid policy JSON to unit test (Backport PR #20534, Upstream PR #20512, @tklauser)
* cocci: New test to find missing `identity_is_{remote_,}node` (#18385, @pchaigno)
* config: Fix unit tests for native routing CIDR (Backport PR #20519, Upstream PR #20473, @pchaigno)
* connectivity-check: Use ports outside ephemeral range (#19337, @christarazi)
* docs: Bump up Netlify Python version to 3.8 (Backport PR #20519, Upstream PR #20486, @michi-covalent)
* fix aws-cni conformance test (#20049, @aanm)
* ipam/clusterpool_v2: Fix data race in unit test (#19024, @gandro)
* ipcache: Fix failing controller check from SupportsDelete (#19751, @joamaki)
* jenkinsfiles: fix docker manifest inspect commands in GKE pipeline (Backport PR #20333, Upstream PR #20325, @tklauser)
* Load the dev operator image into kind/microk8s as well (#19995, @ungureanuvladvictor)
* master/v1.11 CI: Pick up the latest cilium-cli (#19873, @michi-covalent)
* mlh: swap net-next kernel from K8s 1.16 to 1.23 (#18178, @nbusseneau)
* mlh: update Jenkins jobs following 1.24 support (#19904, @nbusseneau)
* mlh: update Jenkins jobs following net-next fix for K8s 1.24 (#20220, @nbusseneau)
* Partially revert ".github: enable cilium-cli helm based installation" (#19554, @aanm)
* prog_test: Fix build breakage (#18659, @joestringer)
* Provide only 2 VTEP endpoints in default node_config.h (#18778, @ti-mo)
* Revert "ci: use CLI 0.11.8 for AKS workflow" (#20272, @tklauser)
* Revert "test/Services: Quarantine 'Tests with direct routing'" (#18312, @gandro)
* Revert "workflows: Reenable IPsec test in EKS workflow" (#19078, @pchaigno)
* set base-version in 1.10 workflows (#18262, @nebril)
* Support running K8sVerifier tests on kind (#18549, @joestringer)
* test/helpers: Fix variadic expansion related panic (Backport PR #20519, Upstream PR #20332, @christarazi)
* test/k8s/manifests: bump test-verifier image to latest version (Backport PR #20519, Upstream PR #20461, @tklauser)
* test/K8sUpdates: Bump stable branch for v1.12 development (#18251, @pchaigno)
* test/nat46x64: Fix out-of-bounds index error (#19466, @pchaigno)
* test/runtime: remove disabled memcache test (Backport PR #20401, Upstream PR #20132, @tklauser)
* test/Runtime: Skip pre/post-checks during build (#18954, @pchaigno)
* test/RuntimePrivilegedUnitTests: Fix always-passing test (#19231, @pchaigno)
* test/RuntimePrivilegedUnitTests: Log timestamps (#19129, @pchaigno)
* test: add git safe directory in test VMs (#19860, @tklauser)
* test: Add info which L4LB request fails (#19714, @brb)
* test: Add TS to each bash dbg output in L4LB (#20094, @brb)
* test: Also delete hubble-peer when cleaning up old tests. (#19979, @DolceTriade)
* test: Bump L4LB timeout from 30min to 45min (#20151, @brb)
* test: Clarify performance test names (#18142, @joestringer)
* test: Collect logs from init containers (#18254, @pchaigno)
* test: Do not completely quarantine E/W svc suite (#19960, @brb)
* test: Do not redeploy Cilium in Egress GW suite (#18181, @brb)
* test: Do not start cilium monitor in K8sServicesTest (Backport PR #20534, Upstream PR #20499, @brb)
* test: Fix bpffs mount on kind (#18695, @joestringer)
* test: Fix directory name for source archive (#19635, @michi-covalent)
* test: Fix failing net-next tests after changing to k8s 1.23 (#18184, @brb)
* test: Fix make target for e2e tests (#18356, @pchaigno)
* test: Get rid of external_ips.go (#18765, @brb)
* test: Pin eksctl version (#19631, @michi-covalent)
* test: remove nightly test leftovers (Backport PR #20534, Upstream PR #20526, @tklauser)
* test: Remove sockops test cases (Backport PR #20534, Upstream PR #20500, @brb)
* test: Remove unused Nightly suites (#20128, @brb)
* test: Remove workaround for old issue #12141 (#18722, @pchaigno)
* test: Run ip r l if ip r a fails (#18171, @brb)
* test: Runtime check that container create succeeds (#19184, @jrajahalme)
* test: temporary increase Hubble buffer size to 64k (#18058, @jibi)
* test: Use more explicit key for k8s3's taint (#19951, @pchaigno)
* tests-l4lb: Use Helm chart from local branch (#19953, @michi-covalent)
* Update 5.4 VM image (#19842, @pchaigno)
* update bpf_ct_tests.c to use node_config.h (#20177, @sahid)
* Update cilium-iproute2 (Backport PR #20534, Upstream PR #20549, @pchaigno)
* vagrant, test: Enable IPv6 connectivity to the outside world (#18714, @pchaigno)
* vagrant: Bump 4.19 VM image (#20185, @pchaigno)
* vagrant: Bump all Vagrant box versions (#19168, @pchaigno)
* vagrant: Bump all Vagrant box versions except net-next (#19507, @pchaigno)
* vagrant: Bump net-next Vagrant box version (#19915, @pchaigno)
* vagrant: Don't recreate natnetworks (#19523, @pchaigno)
* vagrant: Fix IPv6 NAT setup (#19997, @pchaigno)
* vagrant: update 4.19 and net-next VM images (#18496, @nbusseneau)
* vagrant: Update 4.9 and 5.4 VM images (#18473, @pchaigno)
* vagrant: Update all VM images (#17761, @pchaigno)
* vagrant: Update all VM images (#18774, @pchaigno)
* vagrant: Update the net-next VM image (#19607, @pchaigno)
* workflow CI image bug (#19327, @weizhoublue)
* workflow: aws-cni-v1.10: use helm chart from PR (#19952, @jibi)
* workflow: checkout correct ref in v1.10 and v1.11 l4lb workflows (#19898, @jibi)
* workflow: l4lb: pass correct path for PR checkout (#20007, @jibi)
* workflow: Reenable IPsec testing on AKS (#18974, @pchaigno)
* workflow: Reenable IPsec testing on EKS (#19030, @pchaigno)
* workflow: use correct bwm helm option for v1.11 AWS CNI test (#19895, @jibi)
* workflow: Wait for AKS nodes to be ready (#19025, @pchaigno)
* workflows: conformance v1.10: fix native-routing-cidr flag (#18656, @jibi)
* workflows: disable rollback on CLI install (#18140, @nbusseneau)
* workflows: Downgrade to helm v3.8.2 to fix AWS CNI runs for v1.10 (#20073, @joamaki)
* workflows: Fix concurrency groups (#18193, @pchaigno)
* workflows: Fix the fix to concurrency groups (#18201, @nbusseneau)
* workflows: Increase timeout for AKS workflow (#19020, @pchaigno)
* workflows: pin Cyclonus image to its SHA (#19026, @nbusseneau)
* workflows: Pin the kubectl version used with EKS workflows (#19716, @joamaki)
* workflows: Remove unnecessary code in AWS-CNI workflow (#18156, @pchaigno)
* workflows: Update call to Quay API in external workloads (#19230, @jibi)
* workflows: update v1.10 workflows to v0.10.7 cilium CLI (#20020, @jibi)
* workflows: Wait for first AKS systempool to be deleted (#19097, @pchaigno)
**Misc Changes:**
* .github/workflows: fix hubble-relay cilium-cli installation (#19579, @aanm)
* .github: add dependabot for docker images (#19390, @aanm)
* .github: add failing_test_jenkins_template form for filing CI bugs (#18223, @qmonnet)
* .github: Fix 1.11.1 project link for MLH (#18395, @joestringer)
* .github: fix conditions for running CODEOWNERS checks (#18981, @qmonnet)
* .github: Fix external workloads workflow for master (#19483, @jrajahalme)
* .github: Remove release template (#19166, @joestringer)
* [docs] Add training and support information to Getting Help (Backport PR #20333, Upstream PR #20194, @lizrice)
* [users] Add Mux Inc entry. (#19419, @dilyevsky)
* Add APPUiO by VSHN to Cilium Users (#18880, @tobru)
* Add cilium cli to aws cni conformance tests (#19555, @aanm)
* Add Civo (#18745, @saiyam1814)
* Add consistency checks for the `CODEOWNERS` file (#18260, @qmonnet)
* Add Deckhouse to users (#19804, @konstantin-axenov)
* Add Elastic Path to USERS.md (#19622, @sealneaward)
* Add ENI limits for i4i and x2i instance types (#19627, @hemanthmalla)
* Add ESP to firewall requirements in documentation for IPSec enabled C… (Backport PR #20333, Upstream PR #20314, @Kikiodazie)
* add gsod application form to docs (#19512, @xmulligan)
* Add Infomaniak to Cilium users (#19354, @reneluria)
* Add JUMO to active Cilium users (#18626, @thehunt33r)
* Add kOps as cilium user (#18848, @olemarkus)
* Add Kube-OVN to USERS (#19605, @oilbeater)
* Add Kubermatic to USERS (#18611, @rastislavs)
* add KubeSphere/KubeKey to the USERS list (#18937, @FeynmanZhou)
* Add link to CFP template doc (#19380, @lizrice)
* Add Meltwater to users file (#18192, @recollir)
* Add metric to track terminating endpoint events (Backport PR #20519, Upstream PR #20404, @aditighag)
* Add missing error reporting in replaceNetworkDatapath (#18715, @YutaroHayakawa)
* Add MyFitnessPal to Users list (#19345, @audip)
* Add Peer Service to Cilium DS Port List (Backport PR #20519, Upstream PR #20296, @nathanjsweet)
* Add Rancher Labs to Cilium users (#19292, @divya-mohan0209)
* add roadmap section and fix governance link (#19615, @xmulligan)
* Add Scaleway to the list of users (#18807, @remyleone)
* Add T-Systems International to Cilium users list (#18984, @ManuStoessel)
* Add Typhoon (Poseidon Labs) to Cilium users (#18822, @dghubble)
* add website contributing link (#18940, @xmulligan)
* added a CLOMonitor exception file for Slack (#19235, @xmulligan)
* added a link to the DCO page to show people how to amend a commit (#19294, @xmulligan)
* Added ByteDance to users.md (#19823, @Jiang1155)
* added Google Season of Docs Project proposal page (#19215, @xmulligan)
* added NYT to the Cilium Users list (#19382, @prune998)
* Adding IKEA IT AB to the USERS.md (#20099, @knfoo)
* Adding Liquid Reply to Users (#19342, @mkorbi)
* Adding Overstock to the USERS.md (#19762, @ntaylor1781)
* alibabacloud: Fix missing instance due to incomplete subnet list (#19155, @jaffcheng)
* alignchecker: fix LLVM 15 build by removing an unused variable (#19368, @aspsk)
* Allocate Ingress IPs for new `reserved:ingress` identity (#19764, @jrajahalme)
* api/v1: regenerate to update copyright year (#18403, @tklauser)
* api: generate markdown documentation for gRPC APIs (#18799, @rolinh)
* api: re-sync bpf drop reasons (Backport PR #20401, Upstream PR #20149, @julianwiedmann)
* avoid calling OnFlowDelivery with nil (#18605, @kaworu)
* azure/api: remove TestRateLimit (#18481, @tklauser)
* Badges for CLOMonitor and Artifacthub were added to the README (#19105, @xmulligan)
* BGP Control Plane Followups: Conditionally load CRDs, tune back relist interval for shared informers, server side filter nodes. (#19417, @ldelossa)
* bgp,testing: fix race condition in checking fencer map (#18884, @ldelossa)
* bgp: Add support for ClusterPool pod CIDRs (#17899, @gandro)
* bgp: Fixed broken bgp speaker unit tests (Backport PR #20519, Upstream PR #20521, @dylandreimerink)
* bpf, hubble: explicitly mark trace reason as "unknown" when relevant (#19226, @qmonnet)
* bpf/sock: Use renamed field (#19532, @jrajahalme)
* bpf: Add trace reason for TRACE_TO_PROXY (#19189, @borkmann)
* bpf: Clean up license and copyright notices for Linux UAPI headers (#18870, @qmonnet)
* bpf: do not pass 0 as a trace reason for send_trace_notify() (#19424, @qmonnet)
* bpf: Don't hardcode `cb` `CB_ENCRYPT_DST` index (#20105, @pchaigno)
* bpf: Dual-license code as GPL 2.0 and 2-Clause BSD (#18858, @qmonnet)
* bpf: egressgw: don't redirect to tunnel dev if EP is running on gateway node (#19629, @jibi)
* bpf: Fix implicit cast for BPF TPROXY debug message (#18429, @pchaigno)
* bpf: fix native local build (#19218, @aanm)
* bpf: Forbid implicit int conversions (#18501, @pchaigno)
* bpf: Handle tuple collisions for inactive backends (Backport PR #20519, Upstream PR #20407, @borkmann)
* bpf: Quieten mock targets (#17992, @joestringer)
* bpf: Remove duplicate conntrack code (#18631, @pchaigno)
* bpf: Rename tail call targets (#19807, @pchaigno)
* bpf: Simplify `ipv6_hdrlen`'s prototype (#18703, @pchaigno)
* bpf: specify handle_lxc_traffic return type to fix -Wimplicit-int error (#19891, @tklauser)
* bpf: Split bpf_lxc CT lookups to their own tail calls (#19818, @pchaigno)
* bpf: switch egress gateway logic to identity_is_cluster() (Backport PR #20519, Upstream PR #20209, @jibi)
* build(deps): bump 8398a7/action-slack from 3.11.0 to 3.12.0 (#17965, @dependabot[bot])
* build(deps): bump 8398a7/action-slack from 3.12.0 to 3.13.0 (#18423, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.6 to 2.1.7 (#17972, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.7 to 3 (#19208, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19271, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19391, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.2 to 3.0.3 (#20029, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.3 to 3.0.4 (#20093, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.4 to 3.0.5 (#20494, @dependabot[bot])
* build(deps): bump actions/checkout from 2.4.0 to 3 (#18990, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19448, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#19535, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#18163, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (#19013, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#18322, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18752, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.2.0 to 3 (#18960, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#19801, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#20466, @dependabot[bot])
* build(deps): bump actions/stale from 4.1.0 to 5 (#18991, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#18165, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#18263, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (#19027, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#19899, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.5.11 to 1.6.0 (#17998, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 (#18528, @dependabot[bot])
* build(deps): bump azure/login from 1.4.1 to 1.4.2 (#18154, @dependabot[bot])
* build(deps): bump azure/login from 1.4.2 to 1.4.3 (#18550, @dependabot[bot])
* build(deps): bump azure/login from 1.4.3 to 1.4.4 (#19670, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.10.0 to 3 (#19725, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#18516, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18687, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.9.0 to 2.10.0 (#19144, @dependabot[bot])
* build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#18307, @dependabot[bot])
* build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18842, @dependabot[bot])
* build(deps): bump docker/login-action from 1.13.0 to 1.14.0 (#18962, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.0 to 1.14.1 (#18992, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.1 to 2 (#19727, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19612, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#19728, @dependabot[bot])
* build(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#19722, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1334 to 1.61.1340 (#17979, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1340 to 1.61.1357 (#18039, @dependabot[bot])
* build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.10.0 to 1.10.3 (#18065, @dependabot[bot])
* build(deps): bump github.com/Azure/azure-sdk-for-go from 59.3.0+incompatible to 59.4.0+incompatible (#18020, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0 (#18578, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.8.1 to 0.9.0 (#19972, @dependabot[bot])
* build(deps): bump github.com/cilium/workerpool from 1.1.1 to 1.1.2 (#19300, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 (#19620, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 (#20058, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0 (#19043, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1 (#19293, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible (#18288, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.14+incompatible (#19285, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.16+incompatible (#19811, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible (#20136, @dependabot[bot])
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 (#19596, @dependabot[bot])
* build(deps): bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#18599, @dependabot[bot])
* build(deps): bump github.com/go-openapi/loads from 0.21.0 to 0.21.1 (#18771, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.21.0 to 0.23.1 (#18908, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.1 to 0.23.3 (#19302, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#19636, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#19736, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#19397, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#19668, @dependabot[bot])
* build(deps): bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#18001, @dependabot[bot])
* build(deps): bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 (#20119, @dependabot[bot])
* build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#19595, @dependabot[bot])
* build(deps): bump github.com/google/gops from 0.3.22 to 0.3.23 (#19737, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.11.0 to 1.12.0 (#18291, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.12.0 to 1.13.0 (#20121, @dependabot[bot])
* build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.19.0 (#19234, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.1.0 to 3.2.0 (#19667, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.2.0 to 3.3.0 (#20071, @dependabot[bot])
* build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#18674, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 (#18354, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.2 (#19001, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 (#19328, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 (#19669, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#20044, @dependabot[bot])
* build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0 (#19780, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#18290, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#19329, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#19430, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#19988, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.1 (#18289, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#19156, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#20120, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3 (#20253, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.23 to 1.0.24 (#17977, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.24 to 1.0.25 (#18145, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.25 to 1.0.26 (#18245, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.26 to 1.0.27 (#18451, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.27 to 1.0.28 (#18532, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.28 to 1.0.29 (#18577, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.29 to 1.0.30 (#18598, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.30 to 1.0.31 (#18686, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.31 to 1.0.32 (#18735, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.32 to 1.1.0 (#18785, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.0 to 1.1.1 (#18840, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.1 to 1.1.2 (#18854, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 (#19084, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 (#19160, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 (#19269, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#20057, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#20274, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#20294, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#20345, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#20506, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.6 to 2.1.7 (#19335, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.7 to 2.1.8 (#19371, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#19599, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.9 to 2.1.11 (#19853, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.2 to 3.5.3 (#19442, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.3 to 3.5.4 (#19559, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.2 to 3.5.3 (#19443, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.3 to 3.5.4 (#19557, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.1 to 3.5.2 (#19054, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.3 (#19444, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.3 to 3.5.4 (#19558, @dependabot[bot])
* build(deps): bump go.uber.org/multierr from 1.7.0 to 1.8.0 (#19114, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.10 to 0.1.11 (#20159, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.7 to 0.1.8 (#18134, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.8 to 0.1.10 (#19157, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 2.5.2 to 3 (#18943, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 (#18965, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#19779, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.2.1 to 0.3 (#18144, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.3.0 to 0.4.0 (#18594, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.4.0 to 0.5.1 (#18841, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 (#19094, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#18292, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.43.0 to 1.45.0 (#19301, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#19560, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#19835, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#20045, @dependabot[bot])
* build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#19284, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#18064, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#18103, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.2 to 1.66.4 (#18767, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.4 to 1.66.6 (#20021, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#20198, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.0 to 1.5.1 (#18944, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19322, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.2 to 1.5.3 (#19865, @dependabot[bot])
* build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19413, @dependabot[bot])
* build(deps): bump library/alpine from 3.15.4 to 3.16.0 in /images/cache (#19943, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.5.1 to 2.6.0 (#18226, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0 (#19577, @dependabot[bot])
* build: Fix compilation issue for non-linux platform (#19662, @sayboras)
* build: Fix cross compiling for amd64 on arm64 (#19175, @jrajahalme)
* Capital One added to Users doc (#20084, @bradwhitfield)
* ci: Replace prbot-stale with actions/stale (#18503, @twpayne)
* ci: Update Cilium CLI to v0.11.3 (#19602, @nathanjsweet)
* cilium, lbmap: Use silent delete in deleteBackendLocked for now (#19352, @borkmann)
* cilium: Add knob for local address to be considered host id in ipcache (#19513, @borkmann)
* cilium: make tcp rebalance grace period configurable (#19800, @borkmann)
* cilium: nat46/64 ci codeowner & monitor drop reason (#19298, @borkmann)
* Clean up UpdateIPCacheVTEPMapping() (#19510, @vincentmli)
* cni: Add log file for CNI executions (#18353, @sayboras)
* Code of conduct email updated to conduct@cilium.io (#19511, @xmulligan)
* CODEOWNERS: Add clustermesh entries (#19316, @pchaigno)
* CODEOWNERS: Assign clustermesh-apiserver code to @cilium/sig-clustermesh (#18972, @kaworu)
* CODEOWNERS: clean-up entries for deleted files (#18000, @qmonnet)
* CODEOWNERS: Do not assign reviewers for Documentation/helm-values.rst (#18651, @qmonnet)
* CODEOWNERS: Extend proxy group to pkg/fqdn (#19874, @christarazi)
* CODEOWNERS: janitors renamed to tophat (#18360, @pchaigno)
* contrib/backporting: Include golang in the image (#18664, @glibsm)
* contrib/scripts: Support env vars for kind script (#20035, @christarazi)
* contrib: Improve version matching in readme bump (#18548, @joestringer)
* contrib: Make KIND cluster ipFamily configurable (#19068, @brb)
* contrib: Support contrib/scripts/kind.sh on macOS (#20096, @sayboras)
* Crane joins Cilium as a user (#19065, @slzcc)
* ctmap: Do not use nil locks (Backport PR #20401, Upstream PR #20388, @jrajahalme)
* daemon, install/kubernetes: fix typo in DNS policy rule unload flag/value doc (#18982, @tklauser)
* daemon, option: consistently hard-code host device (#18467, @tklauser)
* daemon, option: remove deprecated native-routing-cidr option (#19677, @tklauser)
* daemon, option: remove deprecated prefilter-* options (#19913, @julianwiedmann)
* daemon: deprecate --endpoint-interface-name-prefix option (#18558, @tklauser)
* daemon: Deprecate --host-reachable-services-protos (#19083, @brb)
* daemon: Deprecate KPR=probe (Backport PR #20401, Upstream PR #20328, @brb)
* daemon: Don't ignore sockops failures (#19080, @pchaigno)
* daemon: don't mark deprecated flags as hidden twice (#19086, @tklauser)
* daemon: Fix build after VTEP routes conflict (#20077, @joestringer)
* daemon: Removed unused method (#18729, @aditighag)
* datapath/link: Initialize link monitor explicitly (#18565, @joestringer)
* datapath: Improve sysctl warning for bpf_jit_enable (#20018, @joamaki)
* datapath: Improved BPF testing framework (#20017, @dylandreimerink)
* datapath: Use FROM_NETDEV instead of FROM_LXC in nodeport.h (#19986, @brb)
* dependabot: disable all AWS package updates (#18102, @tklauser)
* dependabot: disable cloud provider SDK updates (#18067, @tklauser)
* dependabot: Unignore prometheus/client_golang (#20075, @ti-mo)
* dev-tool: Add cfssl and cfssljson tool check (#18337, @sayboras)
* development: add kind cluster shell helpers (#19069, @ldelossa)
* dnsproxy: update dnsproxy benchmark memory calculation (Backport PR #20519, Upstream PR #20305, @odinuge)
* doc: add note about checkpatch during dev workflow (#19879, @sahid)
* doc: update doc to inform about SERVER_BOX/VERSION (#19749, @sahid)
* doc: VTEP redirection and L7 policy partially incompatible (#19700, @vincentmli)
* docs(bpf): fix minor grammar errors in struct padding section (Backport PR #20534, Upstream PR #20249, @maxbrunet)
* docs(MAINTAINERS): fix link to commit_access.rst (#20081, @raphink)
* docs(masquerading): add missing "address" (Backport PR #20563, Upstream PR #20538, @raphink)
* docs(policy): add notes on DNS/L7 policies & Cilium agent availability (Backport PR #20333, Upstream PR #20289, @raphink)
* docs(README): add logo option for dark theme (#19920, @raphink)
* docs, ci, test/l4lb: use latest cilium-cli release according to stable.txt (#20203, @tklauser)
* docs,ci: updates to ci docs (#19174, @ldelossa)
* docs: Add CLI installation for ServiceMesh (Backport PR #20519, Upstream PR #20406, @sayboras)
* docs: Add cluster install/prep guide for AKS-to-AKS clustermesh (Backport PR #20534, Upstream PR #20439, @dylandreimerink)
* docs: Add default conntrack gc interval (#19977, @aditighag)
* docs: Add developers guide page about BPF testing framework (#20165, @dylandreimerink)
* docs: Add example how to config ipmasq via ConfigMap (Backport PR #20519, Upstream PR #20239, @brb)
* docs: Add Getting Started docs for clustermesh service affinity (Backport PR #20333, Upstream PR #20228, @sayboras)
* docs: Add getting started docs for Ingress (#19760, @sayboras)
* docs: Add interactive help for `make` targets (Documentation/Makefile) (#20012, @qmonnet)
* docs: Add limitation document for bandwidth-manager + nested network namespace (#18400, @YutaroHayakawa)
* docs: add missing ingress special identity (#20060, @kaworu)
* docs: Add more envoy supported extensions (Backport PR #20401, Upstream PR #20241, @sayboras)
* Docs: add project roadmap (#19540, @lizrice)
* docs: Add read:user scope for github token (#19063, @sayboras)
* docs: Add requirement for ginkgo version (#19248, @sayboras)
* docs: add robots.txt in a static directory (#19564, @aanm)
* docs: add Talos to adopters list (#18879, @frezbo)
* docs: Add troubleshooting docs for Ingress (Backport PR #20519, Upstream PR #20428, @sayboras)
* docs: added GSoD technical writers (#19799, @xmulligan)
* docs: adding Accuknox to USERS (#19103, @nyrahul)
* docs: adding Nexxiot to USERS (#19332, @alex-berger)
* docs: adding Snapp to USERS (#19128, @m-yosefpor)
* docs: builder,runtime images (#18576, @kkourt)
* docs: Document clustermesh datapath configuration for non-tunneled modes (Backport PR #20519, Upstream PR #16499, @jrajahalme)
* docs: Document monitor aggregation levels (#19349, @michi-covalent)
* docs: Document unsupported focused tests for runtime suite (#19173, @aditighag)
* docs: fix a Links documentation style guide error (Backport PR #20534, Upstream PR #20460, @Kikiodazie)
* docs: Fix and clean-up the build framework for the documentation (#19969, @qmonnet)
* docs: Fix build after etcd v3.5.4 version bump (#20171, @joestringer)
* docs: Fix display of misspelled words (#19542, @qmonnet)
* docs: fix flags for 1.12 branch (Backport PR #20519, Upstream PR #20408, @aanm)
* docs: Fix update-spelling_wordlist.sh to run command on spelling errors (Backport PR #20519, Upstream PR #20481, @qmonnet)
* docs: fix version warning banner (#19611, @aanm)
* docs: Fixed service list command in clustermesh affinity guide (Backport PR #20519, Upstream PR #20442, @dylandreimerink)
* docs: Improve kubeproxy replacement and OKD GSG guide. (Backport PR #20534, Upstream PR #20447, @tommyp1ckles)
* docs: Improve policy troubleshooting guide (Backport PR #20401, Upstream PR #20399, @joestringer)
* docs: ipsec: remove node-to-node encryption (Backport PR #20519, Upstream PR #20422, @NikAleksandrov)
* docs: L7 traffic management getting started guide (Backport PR #20519, Upstream PR #20421, @sayboras)
* docs: Mark Git repo as safe in Docker build-docs container (#19861, @qmonnet)
* docs: Mention how to build images for local CI testing (#17984, @brb)
* docs: Mention KPR in DR mode sec ID limitation (#19113, @brb)
* docs: minor fixes (#20218, @julianwiedmann)
* docs: Nit changes to steps for image building (#20153, @pchaigno)
* docs: prevent search engines from indexing old branches (#18111, @aanm)
* docs: Regenerate doc for Helm values (#18953, @pchaigno)
* docs: remove gobpf, mention cilium/ebpf (#18657, @ti-mo)
* docs: Remove manual installation instruction for `kind` clustermesh (#18075, @aditighag)
* docs: set robots.txt in the right directory (#18243, @aanm)
* docs: update CODEOWNERS feature release instructions (#18252, @nbusseneau)
* docs: Update company name in MAINTAINERS.md (#19431, @sayboras)
* docs: Update contributing guide pages (#18346, @sayboras)
* docs: update copybutton.css following the docutils update (#19498, @qmonnet)
* docs: Update docs with minimum helm version (Backport PR #20519, Upstream PR #20403, @aditighag)
* docs: update egress gateway documentation and mark the feature stable (#19862, @jibi)
* docs: update k8s instructions on how to update k8s libraries (#18040, @aanm)
* docs: Update Sphinx to v4.5.0 (#19348, @qmonnet)
* docs: Update stable release versions (#18222, @borkmann)
* docs: Use `kubectl exec daemonset/cilium` where possible (#18723, @pchaigno)
* Document installing Cilium on Rancher Desktop (#19049, @chancez)
* Documentation for adding CRDs into Cilium (#19275, @ldelossa)
* Documentation/gettingstarted: disable curl progress meter (#18698, @tklauser)
* Documentation: Improve cilium-cli and hubble cli installation instructions (Backport PR #20534, Upstream PR #20415, @chancez)
* Documentation: Only install 1 replica of operator on k3s (Backport PR #20519, Upstream PR #20416, @chancez)
* Documentation: Restart cilium-operator and cilium after enabling Service Mesh (Backport PR #20519, Upstream PR #20417, @chancez)
* Drop years and copyright symbol from copyright notices (#18813, @qmonnet)
* Dynamic Cluster Pool follow-ups (#19777, @gandro)
* elf: Don't assume data symbols are 4-bytes long (#18518, @pchaigno)
* elf: Move functions only used in tests (#18383, @twpayne)
* elf: skip TestWrite if ELF file wasn't built (#18046, @gandro)
* Enable cilium-cli helm based installation (#18898, @aanm)
* endpoint: Print error for regeneration timeout (#19333, @pchaigno)
* endpointmanager: Add extra check for out-of-range endpoint IDs (Backport PR #20519, Upstream PR #20363, @twpayne)
* eni: Fix broken build due to unit test (#19278, @gandro)
* Envoy update for service mesh (#19101, @jrajahalme)
* Exclude interface's primary address from IP pool by default in Azure (Backport PR #20333, Upstream PR #19743, @hemanthmalla)
* Expose hubble-ui security context in helm chart `hubble.ui.securityContext` (#19441, @hemslo)
* feat(command): allow to dump as YAML (#19480, @raphink)
* Feat: add ingressClassName to hubble ingress spec (#18044, @cyril-corbon)
* Fix a function comment typo (#18231, @hangyan)
* Fix a typo in the documentation (#18411, @gjkim42)
* fix CODEOWNERS (#18980, @kaworu)
* Fix comment for EndpointCreated function (#19465, @Jiang1155)
* Fix Makefile.docker not to specify --load and --push flags at once (#18316, @YutaroHayakawa)
* Fix missing capabilities when not running Cilium on containerd-based Kubernetes (#19903, @AtkinsChang)
* Fix running documentation make targets on MacOS (#19900, @chancez)
* Fix smoke tests by filtering out go_* metrics from metrics linting (#19399, @chancez)
* Fix the typo in Fatalf message of printConfigurations (#18413, @21kyu)
* Fixed warnings generated by "make -C test/bpf/ nat-test" due to improper castings (#18015, @cdelzotti)
* Fixes:Added the declaration of license (#19834, @yulng)
* fqdn/dnsproxy: fix test build (Backport PR #20534, Upstream PR #20537, @tklauser)
* fqdn: Use read-write mutex inside NameManager (#19486, @christarazi)
* gha: Add ingress conformance test (#19742, @sayboras)
* gha: Add retry options for ingress sanity check (#19825, @sayboras)
* gha: Bump cilum cli version to v0.11.6 (#19828, @sayboras)
* git: Ignore local emacs config (#18939, @jrajahalme)
* github: Backport DNS fix for external workloads 1.10 and 1.11 tests (#19516, @jrajahalme)
* go.mod, vendor: update cloud provider SDK Go modules (#18983, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19409, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19664, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for July 2022 (Backport PR #20401, Upstream PR #20371, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for June 2022 (#20126, @tklauser)
* go.mod, vendor: update cloud SDK modules (#18355, @tklauser)
* go.mod: update kevinburke/ssh_config dependency (#19289, @kevinburke)
* Helm Chart loop monitor sidecar (#19363, @yuriydzobak)
* helm: Bump cilium/startup-script image tag (#19263, @gandro)
* helm: Enable ingress controller in smoke tests (ipv4 + ipv6) (#19644, @sayboras)
* helm: Expose agent DNS proxy parameters as chart values (#19967, @joaoubaldo)
* helm: Fix syntax error in Hubble UI className (#20056, @gandro)
* helm: Make DNS policy for cilium-agent and cilium-operator pods configurable (Backport PR #20519, Upstream PR #20082, @michi-covalent)
* highlight `values.yaml.tmpl` as yaml (#20250, @kaworu)
* hubble/filters: add a unit test for TCP flows without flags (#18971, @kaworu)
* hubble/filters: strict number check for full HTTP status code (#19429, @kaworu)
* hubble: Improve performance of identity getter (#20005, @gandro)
* hubble: read proxy port from trace event (#18510, @zhanghe9702)
* hubble: remove unused local observer field (#19962, @kaworu)
* images, contrib/coccinelle: update alpine image to 3.16.0 (Backport PR #20519, Upstream PR #20378, @tklauser)
* images,test: Remove noop `SKIP_DOCS` (#18955, @pchaigno)
* images/runtime: update CNI plugins to 1.1.1 (#19690, @tklauser)
* images: Bump Hubble CLI to v0.10.0 (Backport PR #20401, Upstream PR #20286, @gandro)
* images: Fix build on arm64 (#18795, @jrajahalme)
* images: Remove copyright years from copyright notices (#19359, @qmonnet)
* images: Update bpftool (#19046, @pchaigno)
* images: Update cilium-bpftool (#20197, @NikAleksandrov)
* images: Update cilium-iproute2 (#18784, @pchaigno)
* Improve dev-doctor hints (#18562, @jtaleric)
* Improve Egress Gateway Getting Started Guide (Backport PR #20519, Upstream PR #20471, @pippolo84)
* Improve Egress Gateway Getting Started Guide (Backport PR #20563, Upstream PR #20531, @pippolo84)
* Improve the efficiency of the `k8s-unmanaged.sh` script (#19471, @gavinmcnair)
* ingress: Couple of cleanup and TODOs (#19647, @sayboras)
* install/cilium-operator: fix clusterrole rules (#19686, @aanm)
* install/kubernetes: bump etcd to v3.5.4 (#20134, @aanm)
* install/kubernetes: do not initialize variable twice (Backport PR #20519, Upstream PR #20430, @aanm)
* install/kubernetes: expose DNS policy rule unload agent flag as helm value (#18809, @tklauser)
* install/kubernetes: Remove deprecated cluster roles (#18168, @christarazi)
* install: Fix typos of cilium (#20113, @twpayne)
* ipam: Shutdown retry trigger on node deletion (#20140, @christarazi)
* ipcache: Make SupportsDelete() more robust by using a separate map (#19641, @joamaki)
* ipcache: Use incremental policy updates (#18996, @joestringer)
* ipsec: Rewrite parser for IPsec secret (#19824, @pchaigno)
* k8s-conformance: Improve skipped tests format/links (#19628, @joestringer)
* k8s: Move CiliumEnvoyConfig to v2 (#19688, @jrajahalme)
* labels/cidr: use netip types to improve GetCIDRLabels and IPStringToLabel performace (Backport PR #20401, Upstream PR #20316, @tklauser)
* List Simple Life as Cilium user (#19377, @sergeyshevch)
* loader: Use new eBPF ISA feature probes (#19170, @pchaigno)
* localdev: fix kind helm install shell function (#19149, @ldelossa)
* maglev: fix TestPermutations backend generation (#19663, @kaworu)
* maglev: use github.com/cilium/workerpool (#19940, @kaworu)
* MAINTAINERS: adding myself to committers list (#18781, @lizrice)
* MAINTAINERS: update committers (#20014, @tklauser)
* Make API ratelimit logs less noisy by default (#18934, @panchm)
* Make k8s-cilium-exec.sh friendlier to read (#17997, @weizhoublue)
* make: fix Makefile docker pull command to cause an error when using podman (#19748, @koba1t)
* make: grep for new go:build tags in PRIV_TEST_PKGS_EVAL (#19415, @tklauser)
* make: remove deprecated test targets (#19436, @tklauser)
* Makefile: Add 'make kind-image' to 'make help' (#19963, @joestringer)
* Makefile: Measure unit test coverage by package (#20038, @joestringer)
* maps/lbmap: fix maglev test suite build (#19435, @tklauser)
* Misc Makefile improvements for quiet mode V=0 (#20031, @joestringer)
* Misc. testing cleanups (#18238, @christarazi)
* Move Equinix to the correct place in the alphabet (#19527, @xmulligan)
* Moved Azure secrets to secret resource (#18010, @wolffberg)
* neigh: Support multi device neighbor discovery (Backport PR #20333, Upstream PR #20092, @ysksuzuki)
* New config `hubble.relay.securityContext` in Helm values. (#18242, @ooraini)
* node: don't set write-only NodeAddressingElement.AddressType property (#19044, @tklauser)
* None (#19280, @pacoxu)
* operator: start the event queue in a dedicated go routine (Backport PR #20519, Upstream PR #20353, @aanm)
* pkg/bpf: Include BPF map names during map creation (#20091, @christarazi)
* pkg/daemon: Log error when node port init fails (#18475, @aditighag)
* pkg/datapath/linux: Simplify logical conditions for IPsec node encryption (#18915, @christarazi)
* pkg/datapath: Remove transitive dependency on netlink (#18619, @aditighag)
* pkg/elf: Mark tests as integration tests (#18326, @twpayne)
* pkg/endpoint: fix data race in endpoint logger (#18769, @aanm)
* pkg/k8s: do not wait for endpointslice cache sync in k8s >= 1.17 (Backport PR #20570, Upstream PR #20569, @aanm)
* pkg/mac refactor for common code use (#18793, @vincentmli)
* pkg/metrics: Remove source node label (Backport PR #20519, Upstream PR #20433, @aditighag)
* pkg/policy/api: Optimize Decision MarshalJSON() (#19704, @MikeLing)
* pkg/policy/policy: Optimize SearchContext String() (#19661, @MikeLing)
* pkg/policy/rule: Optimize rule String() (#19822, @MikeLing)
* policy: Reduce allocations during FQDN processing (#17959, @joestringer)
* preallocate memory before looping over it (#19566, @florianl)
* Prepare for 1.12.0 development (#17961, @aanm)
* Prepare for release v1.12.0-rc0 (#19032, @aanm)
* Prepare for release v1.12.0-rc1 (#19393, @aanm)
* Prepare for release v1.12.0-rc2 (#19694, @aanm)
* Prepare v1.12 stable branch (#20276, @aanm)
* README.rst: Add subsections on Governance and Adopters to make the info more discoverable, and to satisfy CLOMonitor (#19037, @xmulligan)
* README.rst: fix stable release table (#19517, @tklauser)
* Reduce datapath from_lxc complexity (#17758, @jrajahalme)
* reduce GC load (#18757, @florianl)
* Refactor IPCache to remove static package-level globals (#19073, @joestringer)
* Remove unused functionality in pkg/bpf (#18378, @tklauser)
* replace hardcode "docker" command with $(CONTAINER_ENGINE) (#18009, @ArthurChiao)
* Revert "allocator: fix out-of-valid-range identities being allocated" (#18808, @pchaigno)
* Revert "build(deps): bump github.com/prometheus/client_golang" (#19398, @aanm)
* Revert "build(deps): bump google.golang.org/protobuf from 1.27.1 to 1… (#19395, @aanm)
* Revert "datapath: Remove !CONNTRACK" (#18545, @nbusseneau)
* Revert "ipsec: set interface ID different from 0" (#19019, @pchaigno)
* Revert "iptables: Don't use `ip{,6}tables` if unavailable" (#18768, @pchaigno)
* Scripts: Update k8s-unmanaged script to only return pods where host networking is false (#18349, @thejosephstevens)
* Select new backend if old connection from src port to cluster IP was closed (#19451, @amol-go)
* Spell out the full term of the CRD acronym (#19381, @Kikiodazie)
* Standardize testing directory filepath naming (#18621, @joestringer)
* Support builder image on arm64 (#19768, @chancez)
* Support for Cilium in Exoscale SKS (#20076, @retrack)
* Tencent Cloud added as a user (#19183, @xmulligan)
* test/bpf: Fix format of `check-complexity.sh` script (#19836, @pchaigno)
* test/bpf: Fix mock dependencies (#19099, @joestringer)
* test: Fix make target for k8s tests (Backport PR #20401, Upstream PR #20264, @ysksuzuki)
* test: fix typo in log output (#19134, @julianwiedmann)
* test: Revert sys-fs-bpf.mount rename (#19385, @jrajahalme)
* test: Skip flaky K8sServices NodePort test (#18402, @twpayne)
* test: Support multiple nodes without Cilium (#17954, @pchaigno)
* testutils/mockmaps: Bring duplicate backend calls check back (#19544, @aditighag)
* tooling: add kind-down script (#18721, @ldelossa)
* treewide: bump copyright year to 2022 in generated files (#18392, @tklauser)
* treewide: Fix typos of Kubernetes (#20114, @twpayne)
* treewide: Sort imports according to Go conventions (#18357, @twpayne)
* treewide: Tidy up more imports (#18389, @twpayne)
* trivial: Fix test step stutter 'to to' (#18188, @joestringer)
* Unify the term points "Fast Redirect" on host to the "BPF Host Routing". (#18862, @chenk008)
* Update AUTHORS and mailmap (#19488, @joestringer)
* Update bpftool to get latest feature probes (#19422, @borkmann)
* Update cli-download.rst (#20181, @nvibert)
* Update CLOMonitor badge url (#19365, @cynthia-sg)
* Update cloud provider modules (#18683, @tklauser)
* Update Copyright header in identity_range.go (#19115, @ti-mo)
* Update external docker images (#19384, @aanm)
* Update Go to 1.17.4 (#18128, @tklauser)
* Update Go to 1.17.5 (#18224, @tklauser)
* Update Go to 1.17.6 (#18441, @tklauser)
* Update Go to 1.17.7 (#18796, @tklauser)
* Update Go to 1.17.8 (#19058, @tklauser)
* Update Go to 1.18 (#19169, @tklauser)
* Update Go to 1.18.1 (#19432, @tklauser)
* Update Go to 1.18.2 (#19775, @tklauser)
* Update Go to 1.18.3, golangci-lint to 1.46.2 (#20061, @tklauser)
* Update Go to 1.18.4 (Backport PR #20534, Upstream PR #20501, @tklauser)
* Update gops to v0.3.25 (Backport PR #20534, Upstream PR #20438, @tklauser)
* update k8s library versions (#18590, @aanm)
* update k8s versions to the latest releases (Backport PR #20519, Upstream PR #20507, @aanm)
* Update native routing CIDR flags description (#18367, @jibi)
* Update SAP adoption info in USERS.md (#18936, @ghost)
* Update stable releases (#18236, @joestringer)
* Update stable releases (#18547, @joestringer)
* Update stable releases (#18929, @joestringer)
* Update stable releases (#19242, @aanm)
* Update stable releases (#19503, @tklauser)
* Update stable releases (#19841, @joestringer)
* Update stable releases (#20224, @joestringer)
* Update USERS.md (#19837, @edude03)
* Update USERS.md (#20002, @FaKod)
* update USERS.md with Equinix info (#19504, @matoszz)
* UPDATE users.md: Add CONNY (#19815, @ant31)
* Update values.yaml.tmpl (Backport PR #20401, Upstream PR #20357, @michi-covalent)
* Upgrade cilium/ebpf to version 0.8.1 (#18903, @ti-mo)
* Upgrade to cilium/lumberjack v2.2.2 to Flush() gzip writer before Sync()ing (#19361, @chancez)
* Use `cilium/ebpf/rlimit` for bumping memlock rlimits (#18640, @ti-mo)
* Users page now includes platforms, products, and services (#19357, @xmulligan)
* Vagrant cleanups (#19253, @julianwiedmann)
* vagrant: add git exception in dev VMs for cilium repo for root user (#19855, @jibi)
* vagrant: fix overlap of IPv6 Node/Pod CIDRs on dev-VM (#19303, @julianwiedmann)
* vagrant: Generate kubeconfig correctly for netnext (#18498, @YutaroHayakawa)
* Various cleanups around pkg/datapath (#20041, @tklauser)
* vendor: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 (#18255, @rolinh)
* WithDialer is deprecated and use WithContextDialer instead (#19281, @luckymrwang)
**Other Changes:**
* .github: add unstripped image builds (#20315, @aanm)
* [v1.12] gha: Add ingress conformance test (#20362, @sayboras)
* Add Ayedo as users (#18863, @hrittikhere)
* codeowners: update for v1.12 backports (#20342, @aanm)
* Fix unstripped id for gh action (#20319, @jtaleric)
* install: Update image digests for v1.12.0-rc3 (#20281, @aanm)
* Prepare for release v1.12.0-rc3 (#20279, @aanm)
Computing file changes ...
