1.13.6
We are pleased to release Cilium v1.13.6. This release comes with many docs updates, health check bug fixes, an IPsec fix and many other changes!
Remaining issues on the IPSec stack may cause interrupted connections during key rotations. Users may upgrade to this release only if this is considered acceptable.
Summary of Changes
Minor Changes:
- Prevent Cilium from running with Delegated IPAM at the same time as Ingress (Backport PR #27239, Upstream PR #26744, @rickysumho)
Bugfixes:
- Fix a bug that affected the health-check feature in Stand-alone L4LB mode. For certain configurations (eg if both IPv4 and IPv6 support is enabled) health-check traffic would not get IPIP-encapsulated. (Backport PR #27154, Upstream PR #27015, @julianwiedmann)
- Fix a bug that could cause packet drops of type XfrmOutPolBlock when IPsec is enabled and node are recycled.
Fix a bug that could cause IPsec-encrypted packets to be sent to the wrong destination node when node churn is high. (Backport PR #27107, Upstream PR #27029, @pchaigno) - operator: Adjust CiliumEndpoint gc to account for kvstore mode (Backport PR #27154, Upstream PR #25324, @learnitall)
CI Changes:
- Add BPF unit tests for IPsec (Backport PR #27107, Upstream PR #25699, @jschwinger233)
- Add renovate tags for automatic updates of kernel version in v1.13 (#27387, @aanm)
- Fix verifier issues in IPv6 BPF tests (Backport PR #27107, Upstream PR #25191, @dylandreimerink)
- Trigger required workflows using Ariane (Backport PR #27095, Upstream PR #27002, @michi-covalent)
Misc Changes:
- Add note for changing IPAM settings (Backport PR #27239, Upstream PR #27090, @darox)
- bpf: test: Fix the byte order in the IPV4 macro (Backport PR #27107, Upstream PR #25114, @gentoo-root)
- chore(deps): update all github action dependencies (v1.13) (patch) (#27290, @renovate[bot])
- chore(deps): update docker.io/library/golang docker tag to v1.19.12 (v1.13) (#26825, @renovate[bot])
- chore(deps): update docker/setup-buildx-action action to v2.9.1 (v1.13) (#26827, @renovate[bot])
- chore(deps): update helm/kind-action action to v1.8.0 (v1.13) (#26828, @renovate[bot])
- docs: Fix gRPC API generation for online docs (Backport PR #27095, Upstream PR #27014, @qmonnet)
- docs: fixed search for every page (Backport PR #26906, Upstream PR #26892, @geakstr)
- docs: Ignore Helm values, update spelling list (Backport PR #26906, Upstream PR #26759, @qmonnet)
- docs: Replace non-portable "sed -i" in Makefile (Backport PR #27239, Upstream PR #27122, @qmonnet)
- docs: Revert Python version in docs-builder image to 3.7.9, downgrade sphinxcontrib-applehelp, to fix builds on Read The Docs (Backport PR #26906, Upstream PR #24099, @qmonnet)
- docs: Simplify clustermesh example (Backport PR #27239, Upstream PR #27172, @joestringer)
- docs: Update dependencies for documentation build system (Sphinx, add-ons etc.) (Backport PR #26906, Upstream PR #24014, @qmonnet)
- Documentation: enable parallel builds (Backport PR #26906, Upstream PR #23752, @squeed)
- Documentation: fix the broken links/dead links (Backport PR #27154, Upstream PR #26880, @vipul-21)
- endpoint: don't hold the endpoint lock while generating policy (Backport PR #26735, Upstream PR #26242, @squeed)
- Update Service Mesh docs to fix a number of issues (#27333, @youngnick)
Other Changes:
- backport v1.13: IPsec upgrade tests (#27174, @brb)
- install: Update image digests for v1.13.5 (#27120, @nathanjsweet)
- k8s: fix incorrect EndpointSlice API version (#27277, @ysksuzuki)
- remove stable tag from image build (#27076, @aanm)
- v1.13 backport: gh/workflows: Reusable workflow for ci-e2e and misc changes (#27374, @brb)
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.6@sha256:994b8b3b26d8a1ef74b51a163daa1ac02aceb9b16f794f8120f15a12011739dc
quay.io/cilium/cilium:v1.13.6@sha256:994b8b3b26d8a1ef74b51a163daa1ac02aceb9b16f794f8120f15a12011739dc
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.6@sha256:9b4f3f849c3d994adc42f30900ce99e39f01aeb370e33e10403f0ffe8edf28a2
quay.io/cilium/clustermesh-apiserver:v1.13.6@sha256:9b4f3f849c3d994adc42f30900ce99e39f01aeb370e33e10403f0ffe8edf28a2
docker-plugin
docker.io/cilium/docker-plugin:v1.13.6@sha256:06d3be87c59f5bdf34e26ab6e236896bb76d84a0182ddaf46bd78b0a785d7ed2
quay.io/cilium/docker-plugin:v1.13.6@sha256:06d3be87c59f5bdf34e26ab6e236896bb76d84a0182ddaf46bd78b0a785d7ed2
hubble-relay
docker.io/cilium/hubble-relay:v1.13.6@sha256:da96840b638d3e9705cfc48af2bddfe92d17eb4f5a776b075bef9ac50efbb042
quay.io/cilium/hubble-relay:v1.13.6@sha256:da96840b638d3e9705cfc48af2bddfe92d17eb4f5a776b075bef9ac50efbb042
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.6@sha256:e9ab58faf4e4fec9519474c18d166ba8cc144de85035c93b73b7dd40b6cf308b
quay.io/cilium/operator-alibabacloud:v1.13.6@sha256:e9ab58faf4e4fec9519474c18d166ba8cc144de85035c93b73b7dd40b6cf308b
operator-aws
docker.io/cilium/operator-aws:v1.13.6@sha256:f49f26454b4406c8f6438ca25de0a4f4b5392036ee6a4620d38353d94a2466d7
quay.io/cilium/operator-aws:v1.13.6@sha256:f49f26454b4406c8f6438ca25de0a4f4b5392036ee6a4620d38353d94a2466d7
operator-azure
docker.io/cilium/operator-azure:v1.13.6@sha256:028fe39733a64b36bb043e7d67d8aa6f2e3f0b46b5ab08865db5afdcae1133fb
quay.io/cilium/operator-azure:v1.13.6@sha256:028fe39733a64b36bb043e7d67d8aa6f2e3f0b46b5ab08865db5afdcae1133fb
operator-generic
docker.io/cilium/operator-generic:v1.13.6@sha256:753c1d0549032da83ec45333feec6f4b283331618a1f7fed2f7e2d36efbd4bc9
quay.io/cilium/operator-generic:v1.13.6@sha256:753c1d0549032da83ec45333feec6f4b283331618a1f7fed2f7e2d36efbd4bc9
operator
docker.io/cilium/operator:v1.13.6@sha256:d2196d141384d325b343c2e9bd7cdecbe4f2384e2ce95a3184c1cfff21475279
quay.io/cilium/operator:v1.13.6@sha256:d2196d141384d325b343c2e9bd7cdecbe4f2384e2ce95a3184c1cfff21475279