Revision - 4c9a630 - Prepare for release v1.12.1

Revision 4c9a6302c9423e821c00930ca00f8eb6a34e9313 authored by Joe Stringer on 15 August 2022, 23:29:39 UTC, committed by Joe Stringer on 16 August 2022, 00:11:16 UTC

Prepare for release v1.12.1

Signed-off-by: Joe Stringer <joe@cilium.io>

1 parent fe49b55

Files
Changes

Permalinks

CHANGELOG.md

# Changelog

## v1.12.1

Summary of Changes
------------------

**Minor Changes:**
* envoy: Bump envoy version to 1.21.5 (Backport PR #20851, Upstream PR #20771, @sayboras)
* fqdn/metrics: Fix ProxyUpstreamTime error=timeout (Backport PR #20851, Upstream PR #20752, @joestringer)
* ingress: add websockets configuration (Backport PR #20867, Upstream PR #20814, @nikhiljha)
* Remove check on intSlice type from config map validation (Backport PR #20851, Upstream PR #20638, @pippolo84)
* Remove IPVLAN support following the deprecation in v1.11. (Backport PR #20656, Upstream PR #20453, @pchaigno)

**Bugfixes:**
* Add EndpointSlice support for clustermesh-apiserver (Backport PR #20851, Upstream PR #20697, @YutaroHayakawa)
* bpf: Add send_trace_notify hook for redirect_direct_{v4,v6} (Backport PR #20851, Upstream PR #20479, @qmonnet)
* Ensure that Cilium CNI in delegated-plugin IPAM mode avoids leaking IPs even when the network namespace has been deleted. (Backport PR #20851, Upstream PR #20630, @wedaly)
* Fix bug where Cilium would crash on startup with an error about being unable to delete iptables rules. (Backport PR #20890, Upstream PR #20885, @jibi)
* Fix bug where traffic sent outside the cluster via ToFQDNs policy would be denied despite a policy that allows it (Backport PR #20851, Upstream PR #20721, @joestringer)
* Fix ineffective post-start hook in ENI mode (Backport PR #20851, Upstream PR #20741, @bmcustodio)
* fix k8s latency metrics label cardinality (Backport PR #20851, Upstream PR #20831, @aanm)
* Fix parsing of string map command line options when more than one separator is present. (Backport PR #20851, Upstream PR #20673, @tklauser)
* Fix regression with cilium-health-probe controller in IPv6-only clusters (Backport PR #20867, Upstream PR #20849, @aanm)
* helm: Guard apply sysctl init container (Backport PR #20851, Upstream PR #20643, @sayboras)
* helm: Set KPR default to "disabled" for >= 1.12 (Backport PR #20851, Upstream PR #20610, @brb)
* Helm: Use the correct operator.dnsPolicy value for the operator deployment template (Backport PR #20867, Upstream PR #20844, @michi-covalent)
* ipcache/kvstore: fix panic when processing ip=<nil> entries (Backport PR #20867, Upstream PR #20706, @ArthurChiao)
* iptables: handle case where kernel IPv6 support is disabled (Backport PR #20851, Upstream PR #20680, @jibi)
* Optimize Eni update latency after new eni created (Backport PR #20851, Upstream PR #20609, @wu0407)

**CI Changes:**
* CI: Enable IPv6 in the L4LB suite (Backport PR #20867, Upstream PR #20821, @brb)
* ci: fix code changes detection on `push` events (Backport PR #20851, Upstream PR #20685, @nbusseneau)
* ci: pick up cilium-cli v0.12.0 for master, v1.11 and v1.12 workflows (Backport PR #20851, Upstream PR #20617, @tklauser)

**Misc Changes:**
* build(deps): bump actions/cache from 3.0.5 to 3.0.6 (#20806, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.6 to 3.0.7 (#20873, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.0.0 to 3.1.0 (#20590, @dependabot[bot])
* build(deps): bump docker/build-push-action from 3.1.0 to 3.1.1 (#20804, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.16 to 2.1.17 (#20710, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.17 to 2.1.18 (#20785, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.3 to 1.5.4 (#20578, @dependabot[bot])
* build(deps): bump library/alpine from 3.16.0 to 3.16.1 in /images/cache (#20588, @dependabot[bot])
* build(deps): bump library/alpine from 3.16.1 to 3.16.2 in /images/cache (#20857, @dependabot[bot])
* CHANGELOG: fix v1.12.0 changelog (#20696, @aanm)
* cilium-cni: don't set interface link up twice (Backport PR #20851, Upstream PR #20674, @tklauser)
* clean up IPVLAN leftover code  in setupBaseDevice() (Backport PR #20867, Upstream PR #20608, @vincentmli)
* Consider `$GO` environment variable `make precheck` checks (Backport PR #20851, Upstream PR #20750, @tklauser)
* contrib: Add CRD generation to release process (Backport PR #20656, Upstream PR #20564, @joestringer)
* daemon: Improve dnsproxy error when EP not found (Backport PR #20656, Upstream PR #20649, @joestringer)
* doc: clarify CentOS 7 third-part kernel upgrade and Cilium advance features kernel config requirements (Backport PR #20851, Upstream PR #20605, @vincentmli)
* docs: Add required ec2:DescribeInstances when instance-tags-filter is used (Backport PR #20851, Upstream PR #20703, @lht)
* docs: Clarify identity table for reserved identities (Backport PR #20867, Upstream PR #20832, @joestringer)
* docs: correct IPAM mode name in BGP control plane installation docs (Backport PR #20851, Upstream PR #20758, @tklauser)
* docs: Update clustermesh troubleshooting with more details (Backport PR #20851, Upstream PR #20260, @sayboras)
* docs: update etcd kvstore migration instructions (Backport PR #20656, Upstream PR #20624, @hhoover)
* docs: Update Helm values (Backport PR #20851, Upstream PR #20716, @qmonnet)
* docs: update the version specific notes table for v1.12 release (Backport PR #20851, Upstream PR #20669, @tklauser)
* Fix `subnet_id` label value being empty in IP allocation and interface creation in ENI IPAM metrics (Backport PR #20851, Upstream PR #20449, @wu0407)
* Fix complaint about nil IP address on restore of cilium_host (Backport PR #20867, Upstream PR #20734, @christarazi)
* hubble-ui: release v0.9.1 (Backport PR #20851, Upstream PR #20572, @geakstr)
* ipcache: Fix lock leak (Backport PR #20851, Upstream PR #20833, @joestringer)
* maglev: Don't populate v4 inner table upon nat46 service (Backport PR #20851, Upstream PR #20648, @borkmann)
* pkg/k8s: set the right IP addresses in log messages (Backport PR #20851, Upstream PR #20757, @aanm)
* Reduce the vtep route log noise and avoid cilium_vtep_map symbol substitution warning log (Backport PR #20656, Upstream PR #20532, @vincentmli)
* Remove completed items from Service Mesh Roadmap (Backport PR #20656, Upstream PR #20635, @margamanterola)
* Revert "Revert "doc: update the api spec for fqdn egress policies cod… (Backport PR #20851, Upstream PR #20744, @aanm)
* v1.12: Update Go to 1.18.5 (#20746, @tklauser)
* vtep skip symbol substituation cilium_vtep_map (Backport PR #20656, Upstream PR #20589, @vincentmli)

**Other Changes:**
* install: Update image digests for v1.12.0 (#20581, @aanm)

## v1.12.0

Summary of Changes
------------------

**Major Changes:**
* Add cilium ingress controller implementation (#18867, @sayboras)
* Add integration for external VXLAN Tunnel Endpoint devices (#17370, @vincentmli)
* Add support for CiliumEnvoyConfig CRD. (#18894, @michi-covalent)
* Add support for enabling BBR congestion control for Pods, and move bandwidth manager out of beta. (#19287, @borkmann)
* Add support for Kubernetes v1.24.0 (#19545, @aanm)
* Adding support for AWS ENI prefix delegation - IPv4 Only (#18463, @hemanthmalla)
* Cilium: initial NAT46/64 implementation (#18779, @borkmann)
* Delegated IPAM plugin (#19219, @wedaly)
* Enables ICMP network policy function by default (#20174, @chez-shanpu)
* Implementation of a GoBGP backed BGP control plane. (#18860, @ldelossa)
* Promote egress gateway to stable (#19320, @jibi)
* Support dynamic allocation of pod CIDRs in cluster pool v2 IPAM mode (#18887, @gandro)
* Support setting service backend states such as quarantine, maintenance so that these backends are not selected for load-balancing service traffic. (#18814, @aditighag)

**Minor Changes:**
* add an option to wait for kube-proxy (Backport PR #20563, Upstream PR #20517, @michi-covalent)
* Add emptyDir volume for frontend container of hubble-ui (#20027, @mkilchhofer)
* Add metric on number of requests rejected by DNS Proxy semaphore (Backport PR #20534, Upstream PR #20491, @rahulkjoshi)
* Add Prometheus gRPC metrics for hubble and hubble-relay (Backport PR #20519, Upstream PR #20376, @chancez)
* Add source filter for the cilium fqdn cache list command (#19980, @ungureanuvladvictor)
* Add support for aws-cni chaining in IPv6 EKS clusters (#18522, @mKeRix)
* Add support for disabling ENI PD at node level (Backport PR #20401, Upstream PR #20308, @hemanthmalla)
* Add support for getting earliest events from Observer API (#19819, @chancez)
* Add support for L7 policies with VTEP integration (#19473, @vincentmli)
* Add support to opt-in for using ENI's primary IP for allocations (#20050, @hemanthmalla)
* Add unreachable route for pod IP on deletion (#18505, @lbernail)
* Align values.yaml with templates (#17243, @dungdm93)
* Allow unloading DNS policy rules on graceful shutdown (#18701, @tklauser)
* api,cli: add identity range in status response & cli output (#18152, @ArthurChiao)
* api: Add cni chaining status in status API. (#18345, @sayboras)
* AWS EC2 Instance tag filter (#19181, @prune998)
* aws: Add ability to mark ENIs as unmanaged (#19096, @gandro)
* bgp: Check the Condition.Ready field when adding ready endpoints (#20176, @ysksuzuki)
* bpf, Hubble: Add `is_reply` information (when available) at the `TO_OVERLAY` observability point (#19185, @qmonnet)
* CA certificates in Envoy TLS validation contexts are supported via k8s Secrets with 'ca.crt' key. (Backport PR #20534, Upstream PR #20458, @jrajahalme)
* Change default prometheus ports to new reserved Cilium ports (#20156, @knfoo)
* Cilium Istio integration is updated to Istio release 1.10.6 (Backport PR #20519, Upstream PR #18384, @jrajahalme)
* cli/metrics: Sort label in metrics list command (#18455, @sayboras)
* clustermesh: Add support for service-affinity (#19521, @sayboras)
* clustermesh: added new command-line options k8s-kubeconfig-path and clustermesh-health-port (#18803, @abocim)
* daemon: add support for IPv6 native routing CIDR (#17332, @jibi)
* daemon: Don't auto disable session affinity (Backport PR #20519, Upstream PR #16179, @brb)
* daemon: Rename host-reachable services to socket LB (Backport PR #20534, Upstream PR #20369, @brb)
* daemon: Split --bpf-lb-map-max into multiple options (#19326, @koncha99)
* daemon: Support the wildcard option for directRoutingDevice (#17930, @ysksuzuki)
* datapath: make tc filter priority configurable (#18896, @intel-dlanders)
* datapath: Remove !CONNTRACK (#18502, @brb)
* datapath: Remove !CONNTRACK (v2) (#18551, @brb)
* docs: Update alibabacloud RAM permission requirements (#19077, @jaffcheng)
* Dynamic Per Resource Timeouts (#19991, @tommyp1ckles)
* egressgw: emit a warning rather than a fatal error when L7 proxy is enabled (#19608, @jibi)
* Enable VTEP integration dynamic ARP resolution for Cilium-managed pod (#18758, @vincentmli)
* Envoy upstream connections no longer use the original source address for any destination associated with a CIDR or toFQDNs policy. (#19255, @jrajahalme)
* feat(helm): allow to set Hubble Relay and UI service type and nodePort (#19450, @raphink)
* Fix an issue where PodDisruptionBudgets were not created by the Helm chart (#18317, @lic17)
* helm: Add bpf-root configuration value in helms (#18335, @sayboras)
* helm: add description for some Helm values (#19658, @my-git9)
* helm: Create cilium IngressClass (#19524, @sayboras)
* helm: Move tls related helm option to 1.12 in upgrade docs (#19089, @sayboras)
* helm: Remove duplicated key hostAliases (Backport PR #20333, Upstream PR #20278, @sayboras)
* helm: Set Linux nodeSelector for nodeinit and preflight (Backport PR #20333, Upstream PR #20216, @gandro)
* helm: support lookup remote CA (#17434, @dungdm93)
* helm: Upgrade certgen to the latest version v0.1.8 (#18607, @sayboras)
* hubble: Add "flows-to-world" metric to monitor policy decisions on traffic that reaches outside the cluster. (#17790, @michi-covalent)
* Improve policy import performance, particularly with CIDR policies (#18433, @joestringer)
* Improve verbosity of drop notification messages. (Backport PR #20519, Upstream PR #20387, @aspsk)
* In the case of recovering the services, cilium will not fail directly on the first service recovery error but will try to recover other services. (#18422, @chowmean)
* ingress: Add SocketOptions configuration (#19549, @sayboras)
* ingress: Avoid plain text TLS secret in CEC (#19410, @sayboras)
* ingress: Fix conformance tests for host-rules and path-rule (#19321, @sayboras)
* ingress: Set max stream duration as 0 (#19550, @sayboras)
* install/kubernetes: Add CAP_IPC_LOCK for mmap (#19812, @sayboras)
* install: add tolerations for the certgen cronjob (#18019, @wolffberg)
* Introduce a new CRD (CiliumEgressGatewayPolicy) for Egress Gateway configuration. Deprecate the previous CRD (CiliumEgressNATPolicy). (#19561, @julianwiedmann)
* k8s/crds: Allow ingress entity in CNP (Backport PR #20563, Upstream PR #20536, @sayboras)
* Making operator aware of pending pod backlog on nodes for IP allocations (#19007, @hemanthmalla)
* Move the BGP Control Plane to utilize CiliumNode objects. This enable support for IPAM driven PodCIDR announcements. (#19872, @ldelossa)
* Prefers k8s node IP when picking masquerading IPs (#16849, @liuyuan10)
* proxy: Add proxy common http options arguments to agent (#19138, @jmcshane)
* Remove privileged mode in Cilium's DaemonSet (#14446, @aanm)
* Rename bpf.hostRouting to bpf.hostLegacyRouting in ciliumconfig (#19064, @chenk008)
* Runtime device detection (#17460, @joamaki)
* Update cilium agent Grafana dashboard to filter by pod (Backport PR #20333, Upstream PR #20307, @ungureanuvladvictor)
* Update to CNI spec version 1.0.0 (#19719, @tklauser)
* Use direct routing device only when tunneling is disabled and BPF Host Routing or NodePort are enabled. (#18815, @YutaroHayakawa)
* vtep: VTEP map implementation to improve VTEP integration feature (#18824, @vincentmli)

**Bugfixes:**
* `node-init` now takes `enableIPv4Masquerade` into account on GKE. (Backport PR #20519, Upstream PR #19533, @bmcustodio)
* Add/Fix traces for the packets received from the network in IPSec + native routing. (#18704, @YutaroHayakawa)
* Additional FQDN selector identity tracking fixes (Backport PR #17988, Upstream PR #17788, @joestringer)
* alibabacloud: Fix derived VPC CIDR block (#19056, @jaffcheng)
* allocator: fix out-of-valid-range identities being allocated (#18151, @ArthurChiao)
* bgpv1: Use IP address used for peering as a nexthop (#19402, @YutaroHayakawa)
* bpf: Don't emit policy verdict post-L7 (Backport PR #20401, Upstream PR #20245, @joestringer)
* bpf: Provision HostPort also for case of Maglev (Backport PR #20401, Upstream PR #20379, @borkmann)
* bug: Fixed a rare CiliumIdentity race deletion. (Backport PR #20333, Upstream PR #19936, @nathanjsweet)
* cilium: Fix node mismatch endpoint restoration bug when the CiliumEndPoint CRD is disabled. (#19040, @zhanghe9702)
* contrib: Fix passing ipFamily to kind.sh (#19707, @brb)
* daemon, option: Fix vlan bpf bypass ids loading (Backport PR #20401, Upstream PR #20282, @pippolo84)
* daemon: Fix issue where stale router IPs were not cleaned up (Backport PR #20519, Upstream PR #20389, @gandro)
* datapath: Fix IPv6 DSR (#18713, @brb)
* datapath: Fix missing monitor events for NodePort BPF traffic when monitor-aggregation set to > none (#18454, @brb)
* endpoint: Fix packets to host dropped with the chaining mode and host firewall (#19734, @ysksuzuki)
* Envoy version checking is now disabled whenever L7 proxy is disabled too (Backport PR #20519, Upstream PR #20440, @bmcustodio)
* Fix a bug where agent would log warnings such as "JoinEP: Failed to load program" in legitimate cases where endpoints are getting deleted. (#18216, @aditighag)
* Fix agent crash when IPv6 is partially disabled in the host kernel. (#18716, @pchaigno)
* Fix blackhole route error when cleanup (#20042, @soulseen)
* Fix config map options validation (Backport PR #20401, Upstream PR #20304, @pippolo84)
* Fix drop of large packets redirected through an egress gateway node when running in native routing mode. (Backport PR #20401, Upstream PR #20269, @pchaigno)
* Fix error propagation in bpf_lxc (#20144, @DolceTriade)
* fix identity gc  to return correct  max/min id (Backport PR #20401, Upstream PR #20361, @dkhachyan)
* Fix mtu setting for tunnel interface in init.sh (Backport PR #20563, Upstream PR #20552, @ChengyuanLiCY)
* Fix the bugs when empty CiliumEndpointSlices were created and leaked. (Backport PR #20519, Upstream PR #20251, @alan-kut)
* Fixed PodCIDR announcement being overwritten by SVC announcement (Backport PR #20519, Upstream PR #20413, @dylandreimerink)
* Fixed removal of stale bpf_netdev tc filters for interfaces with a dot in the name (#18344, @stek29)
* Fixes a bug in the BGP control plane which causes the wrong BGP virtual servers to be selected for reconciliation or removal (#19659, @ldelossa)
* helm: Fix cluster-id arguments in clustermesh deployment (Backport PR #20333, Upstream PR #20312, @sayboras)
* helm: Fix Hubble Service when ServiceMonitor is being used (#19220, @juissi-t)
* helm: Fix invalid type for Certificate spec.ipAddresses (#19211, @superbrothers)
* helm: Relax hubble ui image versions validation (#20039, @sayboras)
* hubble/parser/threefour: check (*Parser).linkGetter before accessing it (Backport PR #20519, Upstream PR #20446, @tklauser)
* ipsec: fix stale keys reclaim logic (Backport PR #20401, Upstream PR #19932, @jibi)
* ipsec: set interface ID different from 0 (#18789, @tormath1)
* makefile: fix unstripped docker images build (#18339, @zhanghe9702)
* nodediscovery: make LocalNode return a deep copy of localNode (Backport PR #20401, Upstream PR #20392, @jibi)
* Only apply XDP acceleration for IPv6 Nodeport when enabled (with --bpf-lb-acceleration=native). (#19534, @julianwiedmann)
* pkg/k8s/version: Also set EndpointSlice when forcing version (Backport PR #20534, Upstream PR #20383, @joamaki)
* Restore patch in ciliumnetworkpolicies/status ClusterRole (Backport PR #20401, Upstream PR #20373, @pippolo84)
* Revert "pkg/endpoint: Pass endpoint alive context to regeneration tasks" (#18253, @aditighag)
* Revert Prometheus client to fix 'cilium metrics list' (#19496, @ti-mo)
* vtep: fix pod src identity in send_trace_notify (Backport PR #20534, Upstream PR #19434, @vincentmli)

**CI Changes:**
* .github/workflow: revert cilium-cli changes in stable workflows (#19582, @aanm)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.5 (#19897, @tklauser)
* .github/workflows: bump v1.10 workflows to cilium-cli v0.10.6 (#19935, @tklauser)
* .github/workflows: do not use pre-defined image digests (#19575, @aanm)
* .github/workflows: fix hubble installation using cilium-cli (#19568, @aanm)
* .github/workflows: install the right helm chart version for stable branches (#19609, @aanm)
* .github: Change cilium-cleanup order in workflows (#19163, @jtaleric)
* .github: Disable EKS encryption tests (#18090, @joestringer)
* .github: Exclude Runtime CI job from flake tracker (#19095, @pchaigno)
* .travis: Disable race build on master (#19773, @pchaigno)
* Add missing VTEP complexity tests (#19539, @vincentmli)
* Add support for tparse in go test targets (#20032, @joestringer)
* bpf/test: Fix incorrect macro definition (#18660, @pchaigno)
* bpf: Cover native routing CIDR check in compile tests (#18702, @pchaigno)
* bpf: Reenable features disabled because of complexity issues (#19938, @pchaigno)
* build(deps): bump actions/setup-go from 3.1.0 to 3.2.0 (#19971, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.2 to 1.1.3 (#18930, @dependabot[bot])
* Change all IP address that are using Oranges IP range to RFC1918 address space (#17741, @duttaANI)
* checkpatch: Update image for "checkpatch" target, reuse target in CI (#19805, @qmonnet)
* checkpatch: update to lastest image to fix off-by-one index in commit list (#18270, @tklauser)
* ci, images: update all quay.io/cilium/* images (#18299, @tklauser)
* ci-l4lb: Check out stable branch (#19905, @michi-covalent)
* CI: add CIFuzz integration (#18034, @DavidKorczynski)
* ci: Bump cyclonus to v0.4.7 (#18747, @joamaki)
* ci: collect sysdump as a separate workflow in L4LB tests (#18380, @oblazek)
* ci: create a new subnetwork for each new GKE cluster (#18821, @nbusseneau)
* ci: disable failing test on net-next (#18520) (#18544, @nbusseneau)
* ci: disable WireGuard testing in multicluster workflow (#18700, @nbusseneau)
* CI: Enable IPv6 tests on KIND (#18845, @brb)
* ci: fix documentation workflow (#20025, @nbusseneau)
* ci: fix missing sysdump as separate workflow in L4LB tests for stable branches (#18428, @oblazek)
* ci: fix quotes in backport workflows (#18268, @nebril)
* ci: Increase retention for release image CI artifacts to 10 days (#20141, @michi-covalent)
* CI: merge NAT46x64 and L4LB GH actions (#19288, @brb)
* ci: pick up cilium-cli v0.11.10 for master, v1.11 and v1.12 workflows (Backport PR #20401, Upstream PR #20360, @tklauser)
* ci: pick up cilium-cli v0.11.11 for master, v1.11 and v1.12 workflows (Backport PR #20519, Upstream PR #20420, @tklauser)
* ci: pick up cilium-cli v0.11.9 for master/v1.11 workflows (#20234, @tklauser)
* CI: run K8sServices on KIND (#18812, @brb)
* ci: set Cilium base version to v1.10.12 in v1.10 conformance tests (#19946, @tklauser)
* ci: update cilium-cli to v0.10.0 (#18207, @tklauser)
* ci: update cilium-cli to v0.10.1 (#18575, @sayboras)
* ci: update cilium-cli to v0.10.3 (#18820, @tklauser)
* ci: update cilium-cli to v0.10.4 (#18933, @tklauser)
* ci: update master workflows to cilium-cli v0.11.4 (#19665, @tklauser)
* ci: Update Uninstall Command For Cilium CLI (#19679, @nathanjsweet)
* cilium/cmd, test/runtime: convert test loading invalid policy JSON to unit test (Backport PR #20534, Upstream PR #20512, @tklauser)
* cocci: New test to find missing `identity_is_{remote_,}node` (#18385, @pchaigno)
* config: Fix unit tests for native routing CIDR (Backport PR #20519, Upstream PR #20473, @pchaigno)
* connectivity-check: Use ports outside ephemeral range (#19337, @christarazi)
* docs: Bump up Netlify Python version to 3.8 (Backport PR #20519, Upstream PR #20486, @michi-covalent)
* fix aws-cni conformance test (#20049, @aanm)
* ipam/clusterpool_v2: Fix data race in unit test (#19024, @gandro)
* ipcache: Fix failing controller check from SupportsDelete (#19751, @joamaki)
* jenkinsfiles: fix docker manifest inspect commands in GKE pipeline (Backport PR #20333, Upstream PR #20325, @tklauser)
* Load the dev operator image into kind/microk8s as well (#19995, @ungureanuvladvictor)
* master/v1.11 CI: Pick up the latest cilium-cli (#19873, @michi-covalent)
* mlh: swap net-next kernel from K8s 1.16 to 1.23 (#18178, @nbusseneau)
* mlh: update Jenkins jobs following 1.24 support (#19904, @nbusseneau)
* mlh: update Jenkins jobs following net-next fix for K8s 1.24 (#20220, @nbusseneau)
* Partially revert ".github: enable cilium-cli helm based installation" (#19554, @aanm)
* prog_test: Fix build breakage (#18659, @joestringer)
* Provide only 2 VTEP endpoints in default node_config.h (#18778, @ti-mo)
* Revert "ci: use CLI 0.11.8 for AKS workflow" (#20272, @tklauser)
* Revert "test/Services: Quarantine 'Tests with direct routing'" (#18312, @gandro)
* Revert "workflows: Reenable IPsec test in EKS workflow" (#19078, @pchaigno)
* set base-version in 1.10 workflows (#18262, @nebril)
* Support running K8sVerifier tests on kind (#18549, @joestringer)
* test/helpers: Fix variadic expansion related panic (Backport PR #20519, Upstream PR #20332, @christarazi)
* test/k8s/manifests: bump test-verifier image to latest version (Backport PR #20519, Upstream PR #20461, @tklauser)
* test/K8sUpdates: Bump stable branch for v1.12 development (#18251, @pchaigno)
* test/nat46x64: Fix out-of-bounds index error (#19466, @pchaigno)
* test/runtime: remove disabled memcache test (Backport PR #20401, Upstream PR #20132, @tklauser)
* test/Runtime: Skip pre/post-checks during build (#18954, @pchaigno)
* test/RuntimePrivilegedUnitTests: Fix always-passing test (#19231, @pchaigno)
* test/RuntimePrivilegedUnitTests: Log timestamps (#19129, @pchaigno)
* test: add git safe directory in test VMs (#19860, @tklauser)
* test: Add info which L4LB request fails (#19714, @brb)
* test: Add TS to each bash dbg output in L4LB (#20094, @brb)
* test: Also delete hubble-peer when cleaning up old tests. (#19979, @DolceTriade)
* test: Bump L4LB timeout from 30min to 45min (#20151, @brb)
* test: Clarify performance test names (#18142, @joestringer)
* test: Collect logs from init containers (#18254, @pchaigno)
* test: Do not completely quarantine E/W svc suite (#19960, @brb)
* test: Do not redeploy Cilium in Egress GW suite (#18181, @brb)
* test: Do not start cilium monitor in K8sServicesTest (Backport PR #20534, Upstream PR #20499, @brb)
* test: Fix bpffs mount on kind (#18695, @joestringer)
* test: Fix directory name for source archive (#19635, @michi-covalent)
* test: Fix failing net-next tests after changing to k8s 1.23 (#18184, @brb)
* test: Fix make target for e2e tests (#18356, @pchaigno)
* test: Get rid of external_ips.go (#18765, @brb)
* test: Pin eksctl version (#19631, @michi-covalent)
* test: remove nightly test leftovers (Backport PR #20534, Upstream PR #20526, @tklauser)
* test: Remove sockops test cases (Backport PR #20534, Upstream PR #20500, @brb)
* test: Remove unused Nightly suites (#20128, @brb)
* test: Remove workaround for old issue #12141 (#18722, @pchaigno)
* test: Run ip r l if ip r a fails (#18171, @brb)
* test: Runtime check that container create succeeds (#19184, @jrajahalme)
* test: temporary increase Hubble buffer size to 64k (#18058, @jibi)
* test: Use more explicit key for k8s3's taint (#19951, @pchaigno)
* tests-l4lb: Use Helm chart from local branch (#19953, @michi-covalent)
* Update 5.4 VM image (#19842, @pchaigno)
* update bpf_ct_tests.c to use node_config.h (#20177, @sahid)
* Update cilium-iproute2 (Backport PR #20534, Upstream PR #20549, @pchaigno)
* vagrant, test: Enable IPv6 connectivity to the outside world (#18714, @pchaigno)
* vagrant: Bump 4.19 VM image (#20185, @pchaigno)
* vagrant: Bump all Vagrant box versions (#19168, @pchaigno)
* vagrant: Bump all Vagrant box versions except net-next (#19507, @pchaigno)
* vagrant: Bump net-next Vagrant box version (#19915, @pchaigno)
* vagrant: Don't recreate natnetworks (#19523, @pchaigno)
* vagrant: Fix IPv6 NAT setup (#19997, @pchaigno)
* vagrant: update 4.19 and net-next VM images (#18496, @nbusseneau)
* vagrant: Update 4.9 and 5.4 VM images (#18473, @pchaigno)
* vagrant: Update all VM images (#17761, @pchaigno)
* vagrant: Update all VM images (#18774, @pchaigno)
* vagrant: Update the net-next VM image (#19607, @pchaigno)
* workflow CI image bug (#19327, @weizhoublue)
* workflow: aws-cni-v1.10: use helm chart from PR (#19952, @jibi)
* workflow: checkout correct ref in v1.10 and v1.11 l4lb workflows (#19898, @jibi)
* workflow: l4lb: pass correct path for PR checkout (#20007, @jibi)
* workflow: Reenable IPsec testing on AKS (#18974, @pchaigno)
* workflow: Reenable IPsec testing on EKS (#19030, @pchaigno)
* workflow: use correct bwm helm option for v1.11 AWS CNI test (#19895, @jibi)
* workflow: Wait for AKS nodes to be ready (#19025, @pchaigno)
* workflows: conformance v1.10: fix native-routing-cidr flag (#18656, @jibi)
* workflows: disable rollback on CLI install (#18140, @nbusseneau)
* workflows: Downgrade to helm v3.8.2 to fix AWS CNI runs for v1.10 (#20073, @joamaki)
* workflows: Fix concurrency groups (#18193, @pchaigno)
* workflows: Fix the fix to concurrency groups (#18201, @nbusseneau)
* workflows: Increase timeout for AKS workflow (#19020, @pchaigno)
* workflows: pin Cyclonus image to its SHA (#19026, @nbusseneau)
* workflows: Pin the kubectl version used with EKS workflows (#19716, @joamaki)
* workflows: Remove unnecessary code in AWS-CNI workflow (#18156, @pchaigno)
* workflows: Update call to Quay API in external workloads (#19230, @jibi)
* workflows: update v1.10 workflows to v0.10.7 cilium CLI (#20020, @jibi)
* workflows: Wait for first AKS systempool to be deleted (#19097, @pchaigno)

**Misc Changes:**
* .github/workflows: fix hubble-relay cilium-cli installation (#19579, @aanm)
* .github: add dependabot for docker images (#19390, @aanm)
* .github: add failing_test_jenkins_template form for filing CI bugs (#18223, @qmonnet)
* .github: Fix 1.11.1 project link for MLH (#18395, @joestringer)
* .github: fix conditions for running CODEOWNERS checks (#18981, @qmonnet)
* .github: Fix external workloads workflow for master (#19483, @jrajahalme)
* .github: Remove release template (#19166, @joestringer)
* [docs] Add training and support information to Getting Help (Backport PR #20333, Upstream PR #20194, @lizrice)
* [users] Add Mux Inc entry. (#19419, @dilyevsky)
* Add APPUiO by VSHN to Cilium Users (#18880, @tobru)
* Add cilium cli to aws cni conformance tests (#19555, @aanm)
* Add Civo (#18745, @saiyam1814)
* Add consistency checks for the `CODEOWNERS` file (#18260, @qmonnet)
* Add Deckhouse to users (#19804, @konstantin-axenov)
* Add Elastic Path to USERS.md (#19622, @sealneaward)
* Add ENI limits for i4i and x2i instance types (#19627, @hemanthmalla)
* Add ESP to firewall requirements in documentation for IPSec enabled C… (Backport PR #20333, Upstream PR #20314, @Kikiodazie)
* add gsod application form to docs (#19512, @xmulligan)
* Add Infomaniak to Cilium users (#19354, @reneluria)
* Add JUMO to active Cilium users (#18626, @thehunt33r)
* Add kOps as cilium user (#18848, @olemarkus)
* Add Kube-OVN to USERS (#19605, @oilbeater)
* Add Kubermatic to USERS (#18611, @rastislavs)
* add KubeSphere/KubeKey to the USERS list (#18937, @FeynmanZhou)
* Add link to CFP template doc (#19380, @lizrice)
* Add Meltwater to users file (#18192, @recollir)
* Add metric to track terminating endpoint events (Backport PR #20519, Upstream PR #20404, @aditighag)
* Add missing error reporting in replaceNetworkDatapath (#18715, @YutaroHayakawa)
* Add MyFitnessPal to Users list (#19345, @audip)
* Add Peer Service to Cilium DS Port List (Backport PR #20519, Upstream PR #20296, @nathanjsweet)
* Add Rancher Labs to Cilium users (#19292, @divya-mohan0209)
* add roadmap section and fix governance link (#19615, @xmulligan)
* Add Scaleway to the list of users (#18807, @remyleone)
* Add T-Systems International to Cilium users list (#18984, @ManuStoessel)
* Add Typhoon (Poseidon Labs) to Cilium users (#18822, @dghubble)
* add website contributing link (#18940, @xmulligan)
* added a CLOMonitor exception file for Slack (#19235, @xmulligan)
* added a link to the DCO page to show people how to amend a commit (#19294, @xmulligan)
* Added ByteDance to users.md (#19823, @Jiang1155)
* added Google Season of Docs Project proposal page (#19215, @xmulligan)
* added NYT to the Cilium Users list (#19382, @prune998)
* Adding IKEA IT AB to the USERS.md (#20099, @knfoo)
* Adding Liquid Reply to Users (#19342, @mkorbi)
* Adding Overstock to the USERS.md (#19762, @ntaylor1781)
* alibabacloud: Fix missing instance due to incomplete subnet list (#19155, @jaffcheng)
* alignchecker: fix LLVM 15 build by removing an unused variable (#19368, @aspsk)
* Allocate Ingress IPs for new `reserved:ingress` identity (#19764, @jrajahalme)
* api/v1: regenerate to update copyright year (#18403, @tklauser)
* api: generate markdown documentation for gRPC APIs (#18799, @rolinh)
* api: re-sync bpf drop reasons (Backport PR #20401, Upstream PR #20149, @julianwiedmann)
* avoid calling OnFlowDelivery with nil (#18605, @kaworu)
* azure/api: remove TestRateLimit (#18481, @tklauser)
* Badges for CLOMonitor and Artifacthub were added to the README (#19105, @xmulligan)
* BGP Control Plane Followups: Conditionally load CRDs, tune back relist interval for shared informers, server side filter nodes. (#19417, @ldelossa)
* bgp,testing: fix race condition in checking fencer map (#18884, @ldelossa)
* bgp: Add support for ClusterPool pod CIDRs (#17899, @gandro)
* bgp: Fixed broken bgp speaker unit tests (Backport PR #20519, Upstream PR #20521, @dylandreimerink)
* bpf, hubble: explicitly mark trace reason as "unknown" when relevant (#19226, @qmonnet)
* bpf/sock: Use renamed field (#19532, @jrajahalme)
* bpf: Add trace reason for TRACE_TO_PROXY (#19189, @borkmann)
* bpf: Clean up license and copyright notices for Linux UAPI headers (#18870, @qmonnet)
* bpf: do not pass 0 as a trace reason for send_trace_notify() (#19424, @qmonnet)
* bpf: Don't hardcode `cb` `CB_ENCRYPT_DST` index (#20105, @pchaigno)
* bpf: Dual-license code as GPL 2.0 and 2-Clause BSD (#18858, @qmonnet)
* bpf: egressgw: don't redirect to tunnel dev if EP is running on gateway node (#19629, @jibi)
* bpf: Fix implicit cast for BPF TPROXY debug message (#18429, @pchaigno)
* bpf: fix native local build (#19218, @aanm)
* bpf: Forbid implicit int conversions (#18501, @pchaigno)
* bpf: Handle tuple collisions for inactive backends (Backport PR #20519, Upstream PR #20407, @borkmann)
* bpf: Quieten mock targets (#17992, @joestringer)
* bpf: Remove duplicate conntrack code (#18631, @pchaigno)
* bpf: Rename tail call targets (#19807, @pchaigno)
* bpf: Simplify `ipv6_hdrlen`'s prototype (#18703, @pchaigno)
* bpf: specify handle_lxc_traffic return type to fix -Wimplicit-int error (#19891, @tklauser)
* bpf: Split bpf_lxc CT lookups to their own tail calls (#19818, @pchaigno)
* bpf: switch egress gateway logic to identity_is_cluster() (Backport PR #20519, Upstream PR #20209, @jibi)
* build(deps): bump 8398a7/action-slack from 3.11.0 to 3.12.0 (#17965, @dependabot[bot])
* build(deps): bump 8398a7/action-slack from 3.12.0 to 3.13.0 (#18423, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.6 to 2.1.7 (#17972, @dependabot[bot])
* build(deps): bump actions/cache from 2.1.7 to 3 (#19208, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19271, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19391, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.2 to 3.0.3 (#20029, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.3 to 3.0.4 (#20093, @dependabot[bot])
* build(deps): bump actions/cache from 3.0.4 to 3.0.5 (#20494, @dependabot[bot])
* build(deps): bump actions/checkout from 2.4.0 to 3 (#18990, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19448, @dependabot[bot])
* build(deps): bump actions/checkout from 3.0.1 to 3.0.2 (#19535, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.0.10 to 2.1.0 (#18163, @dependabot[bot])
* build(deps): bump actions/download-artifact from 2.1.0 to 3 (#19013, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.4 to 2.1.5 (#18322, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.1.5 to 2.2.0 (#18752, @dependabot[bot])
* build(deps): bump actions/setup-go from 2.2.0 to 3 (#18960, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.0.0 to 3.1.0 (#19801, @dependabot[bot])
* build(deps): bump actions/setup-go from 3.2.0 to 3.2.1 (#20466, @dependabot[bot])
* build(deps): bump actions/stale from 4.1.0 to 5 (#18991, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.2.4 to 2.3.0 (#18165, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.0 to 2.3.1 (#18263, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 2.3.1 to 3 (#19027, @dependabot[bot])
* build(deps): bump actions/upload-artifact from 3.0.0 to 3.1.0 (#19899, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.5.11 to 1.6.0 (#17998, @dependabot[bot])
* build(deps): bump aws-actions/configure-aws-credentials from 1.6.0 to 1.6.1 (#18528, @dependabot[bot])
* build(deps): bump azure/login from 1.4.1 to 1.4.2 (#18154, @dependabot[bot])
* build(deps): bump azure/login from 1.4.2 to 1.4.3 (#18550, @dependabot[bot])
* build(deps): bump azure/login from 1.4.3 to 1.4.4 (#19670, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.10.0 to 3 (#19725, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.7.0 to 2.8.0 (#18516, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.8.0 to 2.9.0 (#18687, @dependabot[bot])
* build(deps): bump docker/build-push-action from 2.9.0 to 2.10.0 (#19144, @dependabot[bot])
* build(deps): bump docker/login-action from 1.10.0 to 1.12.0 (#18307, @dependabot[bot])
* build(deps): bump docker/login-action from 1.12.0 to 1.13.0 (#18842, @dependabot[bot])
* build(deps): bump docker/login-action from 1.13.0 to 1.14.0 (#18962, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.0 to 1.14.1 (#18992, @dependabot[bot])
* build(deps): bump docker/login-action from 1.14.1 to 2 (#19727, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.6.0 to 1.7.0 (#19612, @dependabot[bot])
* build(deps): bump docker/setup-buildx-action from 1.7.0 to 2 (#19728, @dependabot[bot])
* build(deps): bump docker/setup-qemu-action from 1.2.0 to 2 (#19722, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1334 to 1.61.1340 (#17979, @dependabot[bot])
* build(deps): bump github.com/aliyun/alibaba-cloud-sdk-go from 1.61.1340 to 1.61.1357 (#18039, @dependabot[bot])
* build(deps): bump github.com/aws/aws-sdk-go-v2/config from 1.10.0 to 1.10.3 (#18065, @dependabot[bot])
* build(deps): bump github.com/Azure/azure-sdk-for-go from 59.3.0+incompatible to 59.4.0+incompatible (#18020, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.7.0 to 0.8.0 (#18578, @dependabot[bot])
* build(deps): bump github.com/cilium/ebpf from 0.8.1 to 0.9.0 (#19972, @dependabot[bot])
* build(deps): bump github.com/cilium/workerpool from 1.1.1 to 1.1.2 (#19300, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.0.1 to 1.1.0 (#19620, @dependabot[bot])
* build(deps): bump github.com/containernetworking/cni from 1.1.0 to 1.1.1 (#20058, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.0.1 to 1.1.0 (#19043, @dependabot[bot])
* build(deps): bump github.com/containernetworking/plugins from 1.1.0 to 1.1.1 (#19293, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.11+incompatible to 20.10.12+incompatible (#18288, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.12+incompatible to 20.10.14+incompatible (#19285, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.14+incompatible to 20.10.16+incompatible (#19811, @dependabot[bot])
* build(deps): bump github.com/docker/docker from 20.10.16+incompatible to 20.10.17+incompatible (#20136, @dependabot[bot])
* build(deps): bump github.com/fsnotify/fsnotify from 1.5.1 to 1.5.4 (#19596, @dependabot[bot])
* build(deps): bump github.com/go-openapi/errors from 0.20.1 to 0.20.2 (#18599, @dependabot[bot])
* build(deps): bump github.com/go-openapi/loads from 0.21.0 to 0.21.1 (#18771, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.21.0 to 0.23.1 (#18908, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.1 to 0.23.3 (#19302, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 (#19636, @dependabot[bot])
* build(deps): bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 (#19736, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 (#19397, @dependabot[bot])
* build(deps): bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 (#19668, @dependabot[bot])
* build(deps): bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (#18001, @dependabot[bot])
* build(deps): bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 (#20119, @dependabot[bot])
* build(deps): bump github.com/google/go-cmp from 0.5.7 to 0.5.8 (#19595, @dependabot[bot])
* build(deps): bump github.com/google/gops from 0.3.22 to 0.3.23 (#19737, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.11.0 to 1.12.0 (#18291, @dependabot[bot])
* build(deps): bump github.com/hashicorp/consul/api from 1.12.0 to 1.13.0 (#20121, @dependabot[bot])
* build(deps): bump github.com/onsi/gomega from 1.17.0 to 1.19.0 (#19234, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.1.0 to 3.2.0 (#19667, @dependabot[bot])
* build(deps): bump github.com/osrg/gobgp/v3 from 3.2.0 to 3.3.0 (#20071, @dependabot[bot])
* build(deps): bump github.com/prometheus/client_golang from 1.11.0 to 1.12.1 (#18674, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.11 to 3.21.12 (#18354, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.21.12 to 3.22.2 (#19001, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.2 to 3.22.3 (#19328, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.3 to 3.22.4 (#19669, @dependabot[bot])
* build(deps): bump github.com/shirou/gopsutil/v3 from 3.22.4 to 3.22.5 (#20044, @dependabot[bot])
* build(deps): bump github.com/spf13/cast from 1.4.1 to 1.5.0 (#19780, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.2.1 to 1.3.0 (#18290, @dependabot[bot])
* build(deps): bump github.com/spf13/cobra from 1.3.0 to 1.4.0 (#19329, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.10.1 to 1.11.0 (#19430, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.11.0 to 1.12.0 (#19988, @dependabot[bot])
* build(deps): bump github.com/spf13/viper from 1.9.0 to 1.10.1 (#18289, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.0 to 1.7.1 (#19156, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.1 to 1.7.2 (#20120, @dependabot[bot])
* build(deps): bump github.com/stretchr/testify from 1.7.2 to 1.7.3 (#20253, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.23 to 1.0.24 (#17977, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.24 to 1.0.25 (#18145, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.25 to 1.0.26 (#18245, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.26 to 1.0.27 (#18451, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.27 to 1.0.28 (#18532, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.28 to 1.0.29 (#18577, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.29 to 1.0.30 (#18598, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.30 to 1.0.31 (#18686, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.31 to 1.0.32 (#18735, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.0.32 to 1.1.0 (#18785, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.0 to 1.1.1 (#18840, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.1 to 1.1.2 (#18854, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.3 to 1.1.4 (#19084, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.4 to 1.1.5 (#19160, @dependabot[bot])
* build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 (#19269, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.11 to 2.1.12 (#20057, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.12 to 2.1.13 (#20274, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.13 to 2.1.14 (#20294, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.14 to 2.1.15 (#20345, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.15 to 2.1.16 (#20506, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.6 to 2.1.7 (#19335, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.7 to 2.1.8 (#19371, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.8 to 2.1.9 (#19599, @dependabot[bot])
* build(deps): bump github/codeql-action from 2.1.9 to 2.1.11 (#19853, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.2 to 3.5.3 (#19442, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/api/v3 from 3.5.3 to 3.5.4 (#19559, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.2 to 3.5.3 (#19443, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/pkg/v3 from 3.5.3 to 3.5.4 (#19557, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.1 to 3.5.2 (#19054, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.2 to 3.5.3 (#19444, @dependabot[bot])
* build(deps): bump go.etcd.io/etcd/client/v3 from 3.5.3 to 3.5.4 (#19558, @dependabot[bot])
* build(deps): bump go.uber.org/multierr from 1.7.0 to 1.8.0 (#19114, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.10 to 0.1.11 (#20159, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.7 to 0.1.8 (#18134, @dependabot[bot])
* build(deps): bump golang.org/x/tools from 0.1.8 to 0.1.10 (#19157, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 2.5.2 to 3 (#18943, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 (#18965, @dependabot[bot])
* build(deps): bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 (#19779, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.2.1 to 0.3 (#18144, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.3.0 to 0.4.0 (#18594, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.4.0 to 0.5.1 (#18841, @dependabot[bot])
* build(deps): bump google-github-actions/setup-gcloud from 0.5.1 to 0.6.0 (#19094, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.42.0 to 1.43.0 (#18292, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.43.0 to 1.45.0 (#19301, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.45.0 to 1.46.0 (#19560, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.0 to 1.46.2 (#19835, @dependabot[bot])
* build(deps): bump google.golang.org/grpc from 1.46.2 to 1.47.0 (#20045, @dependabot[bot])
* build(deps): bump google.golang.org/protobuf from 1.27.1 to 1.28.0 (#19284, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (#18064, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (#18103, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.2 to 1.66.4 (#18767, @dependabot[bot])
* build(deps): bump gopkg.in/ini.v1 from 1.66.4 to 1.66.6 (#20021, @dependabot[bot])
* build(deps): bump helm/kind-action from 1.2.0 to 1.3.0 (#20198, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.0 to 1.5.1 (#18944, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19322, @dependabot[bot])
* build(deps): bump KyleMayes/install-llvm-action from 1.5.2 to 1.5.3 (#19865, @dependabot[bot])
* build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19413, @dependabot[bot])
* build(deps): bump library/alpine from 3.15.4 to 3.16.0 in /images/cache (#19943, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.5.1 to 2.6.0 (#18226, @dependabot[bot])
* build(deps): bump nick-invision/retry from 2.6.0 to 2.7.0 (#19577, @dependabot[bot])
* build: Fix compilation issue for non-linux platform (#19662, @sayboras)
* build: Fix cross compiling for amd64 on arm64 (#19175, @jrajahalme)
* Capital One added to Users doc (#20084, @bradwhitfield)
* ci: Replace prbot-stale with actions/stale (#18503, @twpayne)
* ci: Update Cilium CLI to v0.11.3 (#19602, @nathanjsweet)
* cilium, lbmap: Use silent delete in deleteBackendLocked for now (#19352, @borkmann)
* cilium: Add knob for local address to be considered host id in ipcache (#19513, @borkmann)
* cilium: make tcp rebalance grace period configurable (#19800, @borkmann)
* cilium: nat46/64 ci codeowner & monitor drop reason (#19298, @borkmann)
* Clean up UpdateIPCacheVTEPMapping() (#19510, @vincentmli)
* cni: Add log file for CNI executions (#18353, @sayboras)
* Code of conduct email updated to conduct@cilium.io (#19511, @xmulligan)
* CODEOWNERS: Add clustermesh entries (#19316, @pchaigno)
* CODEOWNERS: Assign clustermesh-apiserver code to @cilium/sig-clustermesh (#18972, @kaworu)
* CODEOWNERS: clean-up entries for deleted files (#18000, @qmonnet)
* CODEOWNERS: Do not assign reviewers for Documentation/helm-values.rst (#18651, @qmonnet)
* CODEOWNERS: Extend proxy group to pkg/fqdn (#19874, @christarazi)
* CODEOWNERS: janitors renamed to tophat (#18360, @pchaigno)
* contrib/backporting: Include golang in the image (#18664, @glibsm)
* contrib/scripts: Support env vars for kind script (#20035, @christarazi)
* contrib: Improve version matching in readme bump (#18548, @joestringer)
* contrib: Make KIND cluster ipFamily configurable (#19068, @brb)
* contrib: Support contrib/scripts/kind.sh on macOS (#20096, @sayboras)
* Crane joins Cilium as a user (#19065, @slzcc)
* ctmap: Do not use nil locks (Backport PR #20401, Upstream PR #20388, @jrajahalme)
* daemon, install/kubernetes: fix typo in DNS policy rule unload flag/value doc (#18982, @tklauser)
* daemon, option: consistently hard-code host device (#18467, @tklauser)
* daemon, option: remove deprecated native-routing-cidr option (#19677, @tklauser)
* daemon, option: remove deprecated prefilter-* options (#19913, @julianwiedmann)
* daemon: deprecate --endpoint-interface-name-prefix option (#18558, @tklauser)
* daemon: Deprecate --host-reachable-services-protos (#19083, @brb)
* daemon: Deprecate KPR=probe (Backport PR #20401, Upstream PR #20328, @brb)
* daemon: Don't ignore sockops failures (#19080, @pchaigno)
* daemon: don't mark deprecated flags as hidden twice (#19086, @tklauser)
* daemon: Fix build after VTEP routes conflict (#20077, @joestringer)
* daemon: Removed unused method (#18729, @aditighag)
* datapath/link: Initialize link monitor explicitly (#18565, @joestringer)
* datapath: Improve sysctl warning for bpf_jit_enable (#20018, @joamaki)
* datapath: Improved BPF testing framework (#20017, @dylandreimerink)
* datapath: Use FROM_NETDEV instead of FROM_LXC in nodeport.h (#19986, @brb)
* dependabot: disable all AWS package updates (#18102, @tklauser)
* dependabot: disable cloud provider SDK updates (#18067, @tklauser)
* dependabot: Unignore prometheus/client_golang (#20075, @ti-mo)
* dev-tool: Add cfssl and cfssljson tool check (#18337, @sayboras)
* development: add kind cluster shell helpers (#19069, @ldelossa)
* dnsproxy: update dnsproxy benchmark memory calculation (Backport PR #20519, Upstream PR #20305, @odinuge)
* doc: add note about checkpatch during dev workflow (#19879, @sahid)
* doc: update doc to inform about SERVER_BOX/VERSION (#19749, @sahid)
* doc: VTEP redirection and L7 policy partially incompatible (#19700, @vincentmli)
* docs(bpf): fix minor grammar errors in struct padding section (Backport PR #20534, Upstream PR #20249, @maxbrunet)
* docs(MAINTAINERS): fix link to commit_access.rst (#20081, @raphink)
* docs(masquerading): add missing "address" (Backport PR #20563, Upstream PR #20538, @raphink)
* docs(policy): add notes on DNS/L7 policies & Cilium agent availability (Backport PR #20333, Upstream PR #20289, @raphink)
* docs(README): add logo option for dark theme (#19920, @raphink)
* docs, ci, test/l4lb: use latest cilium-cli release according to stable.txt (#20203, @tklauser)
* docs,ci: updates to ci docs (#19174, @ldelossa)
* docs: Add CLI installation for ServiceMesh (Backport PR #20519, Upstream PR #20406, @sayboras)
* docs: Add cluster install/prep guide for AKS-to-AKS clustermesh (Backport PR #20534, Upstream PR #20439, @dylandreimerink)
* docs: Add default conntrack gc interval (#19977, @aditighag)
* docs: Add developers guide page about BPF testing framework (#20165, @dylandreimerink)
* docs: Add example how to config ipmasq via ConfigMap (Backport PR #20519, Upstream PR #20239, @brb)
* docs: Add Getting Started docs for clustermesh service affinity (Backport PR #20333, Upstream PR #20228, @sayboras)
* docs: Add getting started docs for Ingress (#19760, @sayboras)
* docs: Add interactive help for `make` targets (Documentation/Makefile) (#20012, @qmonnet)
* docs: Add limitation document for bandwidth-manager + nested network namespace (#18400, @YutaroHayakawa)
* docs: add missing ingress special identity (#20060, @kaworu)
* docs: Add more envoy supported extensions (Backport PR #20401, Upstream PR #20241, @sayboras)
* Docs: add project roadmap (#19540, @lizrice)
* docs: Add read:user scope for github token (#19063, @sayboras)
* docs: Add requirement for ginkgo version (#19248, @sayboras)
* docs: add robots.txt in a static directory (#19564, @aanm)
* docs: add Talos to adopters list (#18879, @frezbo)
* docs: Add troubleshooting docs for Ingress (Backport PR #20519, Upstream PR #20428, @sayboras)
* docs: added GSoD technical writers (#19799, @xmulligan)
* docs: adding Accuknox to USERS (#19103, @nyrahul)
* docs: adding Nexxiot to USERS (#19332, @alex-berger)
* docs: adding Snapp to USERS (#19128, @m-yosefpor)
* docs: builder,runtime images (#18576, @kkourt)
* docs: Document clustermesh datapath configuration for non-tunneled modes (Backport PR #20519, Upstream PR #16499, @jrajahalme)
* docs: Document monitor aggregation levels (#19349, @michi-covalent)
* docs: Document unsupported focused tests for runtime suite (#19173, @aditighag)
* docs: fix a Links documentation style guide error (Backport PR #20534, Upstream PR #20460, @Kikiodazie)
* docs: Fix and clean-up the build framework for the documentation (#19969, @qmonnet)
* docs: Fix build after etcd v3.5.4 version bump (#20171, @joestringer)
* docs: Fix display of misspelled words (#19542, @qmonnet)
* docs: fix flags for 1.12 branch (Backport PR #20519, Upstream PR #20408, @aanm)
* docs: Fix update-spelling_wordlist.sh to run command on spelling errors (Backport PR #20519, Upstream PR #20481, @qmonnet)
* docs: fix version warning banner (#19611, @aanm)
* docs: Fixed service list command in clustermesh affinity guide (Backport PR #20519, Upstream PR #20442, @dylandreimerink)
* docs: Improve kubeproxy replacement and OKD GSG guide. (Backport PR #20534, Upstream PR #20447, @tommyp1ckles)
* docs: Improve policy troubleshooting guide (Backport PR #20401, Upstream PR #20399, @joestringer)
* docs: ipsec: remove node-to-node encryption (Backport PR #20519, Upstream PR #20422, @NikAleksandrov)
* docs: L7 traffic management getting started guide (Backport PR #20519, Upstream PR #20421, @sayboras)
* docs: Mark Git repo as safe in Docker build-docs container (#19861, @qmonnet)
* docs: Mention how to build images for local CI testing (#17984, @brb)
* docs: Mention KPR in DR mode sec ID limitation (#19113, @brb)
* docs: minor fixes (#20218, @julianwiedmann)
* docs: Nit changes to steps for image building (#20153, @pchaigno)
* docs: prevent search engines from indexing old branches (#18111, @aanm)
* docs: Regenerate doc for Helm values (#18953, @pchaigno)
* docs: remove gobpf, mention cilium/ebpf (#18657, @ti-mo)
* docs: Remove manual installation instruction for `kind` clustermesh (#18075, @aditighag)
* docs: set robots.txt in the right directory (#18243, @aanm)
* docs: update CODEOWNERS feature release instructions (#18252, @nbusseneau)
* docs: Update company name in MAINTAINERS.md (#19431, @sayboras)
* docs: Update contributing guide pages (#18346, @sayboras)
* docs: update copybutton.css following the docutils update (#19498, @qmonnet)
* docs: Update docs with minimum helm version (Backport PR #20519, Upstream PR #20403, @aditighag)
* docs: update egress gateway documentation and mark the feature stable (#19862, @jibi)
* docs: update k8s instructions on how to update k8s libraries (#18040, @aanm)
* docs: Update Sphinx to v4.5.0 (#19348, @qmonnet)
* docs: Update stable release versions (#18222, @borkmann)
* docs: Use `kubectl exec daemonset/cilium` where possible (#18723, @pchaigno)
* Document installing Cilium on Rancher Desktop (#19049, @chancez)
* Documentation for adding CRDs into Cilium (#19275, @ldelossa)
* Documentation/gettingstarted: disable curl progress meter (#18698, @tklauser)
* Documentation: Improve cilium-cli and hubble cli installation instructions (Backport PR #20534, Upstream PR #20415, @chancez)
* Documentation: Only install 1 replica of operator on k3s (Backport PR #20519, Upstream PR #20416, @chancez)
* Documentation: Restart cilium-operator and cilium after enabling Service Mesh (Backport PR #20519, Upstream PR #20417, @chancez)
* Drop years and copyright symbol from copyright notices (#18813, @qmonnet)
* Dynamic Cluster Pool follow-ups (#19777, @gandro)
* elf: Don't assume data symbols are 4-bytes long (#18518, @pchaigno)
* elf: Move functions only used in tests (#18383, @twpayne)
* elf: skip TestWrite if ELF file wasn't built (#18046, @gandro)
* Enable cilium-cli helm based installation (#18898, @aanm)
* endpoint: Print error for regeneration timeout (#19333, @pchaigno)
* endpointmanager: Add extra check for out-of-range endpoint IDs (Backport PR #20519, Upstream PR #20363, @twpayne)
* eni: Fix broken build due to unit test (#19278, @gandro)
* Envoy update for service mesh (#19101, @jrajahalme)
* Exclude interface's primary address from IP pool by default in Azure (Backport PR #20333, Upstream PR #19743, @hemanthmalla)
* Expose hubble-ui security context in helm chart `hubble.ui.securityContext` (#19441, @hemslo)
* feat(command): allow to dump as YAML (#19480, @raphink)
* Feat: add ingressClassName to hubble ingress spec (#18044, @cyril-corbon)
* Fix a function comment typo (#18231, @hangyan)
* Fix a typo in the documentation (#18411, @gjkim42)
* fix CODEOWNERS (#18980, @kaworu)
* Fix comment for EndpointCreated function (#19465, @Jiang1155)
* Fix Makefile.docker not to specify --load and --push flags at once (#18316, @YutaroHayakawa)
* Fix missing capabilities when not running Cilium on containerd-based Kubernetes (#19903, @AtkinsChang)
* Fix running documentation make targets on MacOS (#19900, @chancez)
* Fix smoke tests by filtering out go_* metrics from metrics linting (#19399, @chancez)
* Fix the typo in Fatalf message of printConfigurations (#18413, @21kyu)
* Fixed warnings generated by "make -C test/bpf/ nat-test" due to improper castings (#18015, @cdelzotti)
* Fixes:Added the declaration of license (#19834, @yulng)
* fqdn/dnsproxy: fix test build (Backport PR #20534, Upstream PR #20537, @tklauser)
* fqdn: Use read-write mutex inside NameManager (#19486, @christarazi)
* gha: Add ingress conformance test (#19742, @sayboras)
* gha: Add retry options for ingress sanity check (#19825, @sayboras)
* gha: Bump cilum cli version to v0.11.6 (#19828, @sayboras)
* git: Ignore local emacs config (#18939, @jrajahalme)
* github: Backport DNS fix for external workloads 1.10 and 1.11 tests (#19516, @jrajahalme)
* go.mod, vendor: update cloud provider SDK Go modules (#18983, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19409, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules (#19664, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for July 2022 (Backport PR #20401, Upstream PR #20371, @tklauser)
* go.mod, vendor: update cloud provider SDK Go modules for June 2022 (#20126, @tklauser)
* go.mod, vendor: update cloud SDK modules (#18355, @tklauser)
* go.mod: update kevinburke/ssh_config dependency (#19289, @kevinburke)
* Helm Chart loop monitor sidecar (#19363, @yuriydzobak)
* helm: Bump cilium/startup-script image tag (#19263, @gandro)
* helm: Enable ingress controller in smoke tests (ipv4 + ipv6) (#19644, @sayboras)
* helm: Expose agent DNS proxy parameters as chart values (#19967, @joaoubaldo)
* helm: Fix syntax error in Hubble UI className (#20056, @gandro)
* helm: Make DNS policy for cilium-agent and cilium-operator pods configurable (Backport PR #20519, Upstream PR #20082, @michi-covalent)
* highlight `values.yaml.tmpl` as yaml (#20250, @kaworu)
* hubble/filters: add a unit test for TCP flows without flags (#18971, @kaworu)
* hubble/filters: strict number check for full HTTP status code (#19429, @kaworu)
* hubble: Improve performance of identity getter (#20005, @gandro)
* hubble: read proxy port from trace event (#18510, @zhanghe9702)
* hubble: remove unused local observer field (#19962, @kaworu)
* images, contrib/coccinelle: update alpine image to 3.16.0 (Backport PR #20519, Upstream PR #20378, @tklauser)
* images,test: Remove noop `SKIP_DOCS` (#18955, @pchaigno)
* images/runtime: update CNI plugins to 1.1.1 (#19690, @tklauser)
* images: Bump Hubble CLI to v0.10.0 (Backport PR #20401, Upstream PR #20286, @gandro)
* images: Fix build on arm64 (#18795, @jrajahalme)
* images: Remove copyright years from copyright notices (#19359, @qmonnet)
* images: Update bpftool (#19046, @pchaigno)
* images: Update cilium-bpftool (#20197, @NikAleksandrov)
* images: Update cilium-iproute2 (#18784, @pchaigno)
* Improve dev-doctor hints (#18562, @jtaleric)
* Improve Egress Gateway Getting Started Guide (Backport PR #20519, Upstream PR #20471, @pippolo84)
* Improve Egress Gateway Getting Started Guide (Backport PR #20563, Upstream PR #20531, @pippolo84)
* Improve the efficiency of the `k8s-unmanaged.sh` script (#19471, @gavinmcnair)
* ingress: Couple of cleanup and TODOs (#19647, @sayboras)
* install/cilium-operator: fix clusterrole rules (#19686, @aanm)
* install/kubernetes: bump etcd to v3.5.4 (#20134, @aanm)
* install/kubernetes: do not initialize variable twice (Backport PR #20519, Upstream PR #20430, @aanm)
* install/kubernetes: expose DNS policy rule unload agent flag as helm value (#18809, @tklauser)
* install/kubernetes: Remove deprecated cluster roles (#18168, @christarazi)
* install: Fix typos of cilium (#20113, @twpayne)
* ipam: Shutdown retry trigger on node deletion (#20140, @christarazi)
* ipcache: Make SupportsDelete() more robust by using a separate map (#19641, @joamaki)
* ipcache: Use incremental policy updates (#18996, @joestringer)
* ipsec: Rewrite parser for IPsec secret (#19824, @pchaigno)
* k8s-conformance: Improve skipped tests format/links (#19628, @joestringer)
* k8s: Move CiliumEnvoyConfig to v2 (#19688, @jrajahalme)
* labels/cidr: use netip types to improve GetCIDRLabels and IPStringToLabel performace (Backport PR #20401, Upstream PR #20316, @tklauser)
* List Simple Life as Cilium user (#19377, @sergeyshevch)
* loader: Use new eBPF ISA feature probes (#19170, @pchaigno)
* localdev: fix kind helm install shell function (#19149, @ldelossa)
* maglev: fix TestPermutations backend generation (#19663, @kaworu)
* maglev: use github.com/cilium/workerpool (#19940, @kaworu)
* MAINTAINERS: adding myself to committers list (#18781, @lizrice)
* MAINTAINERS: update committers (#20014, @tklauser)
* Make API ratelimit logs less noisy by default (#18934, @panchm)
* Make k8s-cilium-exec.sh friendlier to read (#17997, @weizhoublue)
* make: fix Makefile docker pull command to cause an error when using podman (#19748, @koba1t)
* make: grep for new go:build tags in PRIV_TEST_PKGS_EVAL (#19415, @tklauser)
* make: remove deprecated test targets (#19436, @tklauser)
* Makefile: Add 'make kind-image' to 'make help' (#19963, @joestringer)
* Makefile: Measure unit test coverage by package (#20038, @joestringer)
* maps/lbmap: fix maglev test suite build (#19435, @tklauser)
* Misc Makefile improvements for quiet mode V=0 (#20031, @joestringer)
* Misc. testing cleanups (#18238, @christarazi)
* Move Equinix to the correct place in the alphabet (#19527, @xmulligan)
* Moved Azure secrets to secret resource (#18010, @wolffberg)
* neigh: Support multi device neighbor discovery (Backport PR #20333, Upstream PR #20092, @ysksuzuki)
* New config `hubble.relay.securityContext` in Helm values. (#18242, @ooraini)
* node: don't set write-only NodeAddressingElement.AddressType property (#19044, @tklauser)
* None (#19280, @pacoxu)
* operator: start the event queue in a dedicated go routine (Backport PR #20519, Upstream PR #20353, @aanm)
* pkg/bpf: Include BPF map names during map creation (#20091, @christarazi)
* pkg/daemon: Log error when node port init fails (#18475, @aditighag)
* pkg/datapath/linux: Simplify logical conditions for IPsec node encryption (#18915, @christarazi)
* pkg/datapath: Remove transitive dependency on netlink (#18619, @aditighag)
* pkg/elf: Mark tests as integration tests (#18326, @twpayne)
* pkg/endpoint: fix data race in endpoint logger (#18769, @aanm)
* pkg/k8s: do not wait for endpointslice cache sync in k8s >= 1.17 (Backport PR #20570, Upstream PR #20569, @aanm)
* pkg/mac refactor for common code use (#18793, @vincentmli)
* pkg/metrics: Remove source node label (Backport PR #20519, Upstream PR #20433, @aditighag)
* pkg/policy/api: Optimize Decision MarshalJSON() (#19704, @MikeLing)
* pkg/policy/policy: Optimize SearchContext String() (#19661, @MikeLing)
* pkg/policy/rule: Optimize rule String() (#19822, @MikeLing)
* policy: Reduce allocations during FQDN processing (#17959, @joestringer)
* preallocate memory before looping over it (#19566, @florianl)
* Prepare for 1.12.0 development (#17961, @aanm)
* Prepare for release v1.12.0-rc0 (#19032, @aanm)
* Prepare for release v1.12.0-rc1 (#19393, @aanm)
* Prepare for release v1.12.0-rc2 (#19694, @aanm)
* Prepare v1.12 stable branch (#20276, @aanm)
* README.rst: Add subsections on Governance and Adopters to make the info more discoverable, and to satisfy CLOMonitor (#19037, @xmulligan)
* README.rst: fix stable release table (#19517, @tklauser)
* Reduce datapath from_lxc complexity (#17758, @jrajahalme)
* reduce GC load (#18757, @florianl)
* Refactor IPCache to remove static package-level globals (#19073, @joestringer)
* Remove unused functionality in pkg/bpf (#18378, @tklauser)
* replace hardcode "docker" command with $(CONTAINER_ENGINE) (#18009, @ArthurChiao)
* Revert "allocator: fix out-of-valid-range identities being allocated" (#18808, @pchaigno)
* Revert "build(deps): bump github.com/prometheus/client_golang" (#19398, @aanm)
* Revert "build(deps): bump google.golang.org/protobuf from 1.27.1 to 1… (#19395, @aanm)
* Revert "datapath: Remove !CONNTRACK" (#18545, @nbusseneau)
* Revert "ipsec: set interface ID different from 0" (#19019, @pchaigno)
* Revert "iptables: Don't use `ip{,6}tables` if unavailable" (#18768, @pchaigno)
* Scripts: Update k8s-unmanaged script to only return pods where host networking is false (#18349, @thejosephstevens)
* Select new backend if old connection from src port to cluster IP was closed (#19451, @amol-go)
* Spell out the full term of the CRD acronym (#19381, @Kikiodazie)
* Standardize testing directory filepath naming (#18621, @joestringer)
* Support builder image on arm64 (#19768, @chancez)
* Support for Cilium in Exoscale SKS (#20076, @retrack)
* Tencent Cloud added as a user (#19183, @xmulligan)
* test/bpf: Fix format of `check-complexity.sh` script (#19836, @pchaigno)
* test/bpf: Fix mock dependencies (#19099, @joestringer)
* test: Fix make target for k8s tests (Backport PR #20401, Upstream PR #20264, @ysksuzuki)
* test: fix typo in log output (#19134, @julianwiedmann)
* test: Revert sys-fs-bpf.mount rename (#19385, @jrajahalme)
* test: Skip flaky K8sServices NodePort test (#18402, @twpayne)
* test: Support multiple nodes without Cilium (#17954, @pchaigno)
* testutils/mockmaps: Bring duplicate backend calls check back (#19544, @aditighag)
* tooling: add kind-down script (#18721, @ldelossa)
* treewide: bump copyright year to 2022 in generated files (#18392, @tklauser)
* treewide: Fix typos of Kubernetes (#20114, @twpayne)
* treewide: Sort imports according to Go conventions (#18357, @twpayne)
* treewide: Tidy up more imports (#18389, @twpayne)
* trivial: Fix test step stutter 'to to' (#18188, @joestringer)
* Unify the term points "Fast Redirect" on host  to the "BPF Host Routing". (#18862, @chenk008)
* Update AUTHORS and mailmap (#19488, @joestringer)
* Update bpftool to get latest feature probes (#19422, @borkmann)
* Update cli-download.rst (#20181, @nvibert)
* Update CLOMonitor badge url (#19365, @cynthia-sg)
* Update cloud provider modules (#18683, @tklauser)
* Update Copyright header in identity_range.go (#19115, @ti-mo)
* Update external docker images (#19384, @aanm)
* Update Go to 1.17.4 (#18128, @tklauser)
* Update Go to 1.17.5 (#18224, @tklauser)
* Update Go to 1.17.6 (#18441, @tklauser)
* Update Go to 1.17.7 (#18796, @tklauser)
* Update Go to 1.17.8 (#19058, @tklauser)
* Update Go to 1.18 (#19169, @tklauser)
* Update Go to 1.18.1 (#19432, @tklauser)
* Update Go to 1.18.2 (#19775, @tklauser)
* Update Go to 1.18.3, golangci-lint to 1.46.2 (#20061, @tklauser)
* Update Go to 1.18.4 (Backport PR #20534, Upstream PR #20501, @tklauser)
* Update gops to v0.3.25 (Backport PR #20534, Upstream PR #20438, @tklauser)
* update k8s library versions (#18590, @aanm)
* update k8s versions to the latest releases (Backport PR #20519, Upstream PR #20507, @aanm)
* Update native routing CIDR flags description (#18367, @jibi)
* Update SAP adoption info in USERS.md (#18936, @ghost)
* Update stable releases (#18236, @joestringer)
* Update stable releases (#18547, @joestringer)
* Update stable releases (#18929, @joestringer)
* Update stable releases (#19242, @aanm)
* Update stable releases (#19503, @tklauser)
* Update stable releases (#19841, @joestringer)
* Update stable releases (#20224, @joestringer)
* Update USERS.md (#19837, @edude03)
* Update USERS.md (#20002, @FaKod)
* update USERS.md with Equinix info (#19504, @matoszz)
* UPDATE users.md: Add CONNY (#19815, @ant31)
* Update values.yaml.tmpl (Backport PR #20401, Upstream PR #20357, @michi-covalent)
* Upgrade cilium/ebpf to version 0.8.1 (#18903, @ti-mo)
* Upgrade to cilium/lumberjack v2.2.2 to Flush() gzip writer before Sync()ing (#19361, @chancez)
* Use `cilium/ebpf/rlimit` for bumping memlock rlimits (#18640, @ti-mo)
* Users page now includes platforms, products, and services (#19357, @xmulligan)
* Vagrant cleanups (#19253, @julianwiedmann)
* vagrant: add git exception in dev VMs for cilium repo for root user (#19855, @jibi)
* vagrant: fix overlap of IPv6 Node/Pod CIDRs on dev-VM (#19303, @julianwiedmann)
* vagrant: Generate kubeconfig correctly for netnext (#18498, @YutaroHayakawa)
* Various cleanups around pkg/datapath (#20041, @tklauser)
* vendor: bump github.com/shirou/gopsutil/v3 from 3.21.10 to 3.21.11 (#18255, @rolinh)
* WithDialer is deprecated and use WithContextDialer instead (#19281, @luckymrwang)

**Other Changes:**
* .github: add unstripped image builds (#20315, @aanm)
* [v1.12] gha: Add ingress conformance test (#20362, @sayboras)
* Add Ayedo as users (#18863, @hrittikhere)
* codeowners: update for v1.12 backports (#20342, @aanm)
* Fix unstripped id for gh action (#20319, @jtaleric)
* install: Update image digests for v1.12.0-rc3 (#20281, @aanm)
* Prepare for release v1.12.0-rc3 (#20279, @aanm)

Showing with 0 additions and 0 deletions (0 / 0 diffs computed)

Computing file changes ...