1.8.0-rc2

Changelog

v1.8.0-rc2

Note: The summary of changes represent the diff between v1.8.0-rc1 and v1.8.0-rc2

Summary of Changes

Major Changes:

• bpf: getpeername hook implementation for socket lb (#11617, @borkmann)

Minor Changes:

• Accessing a NodePort service via cilium_host IP addr is no longer recommended. (#11692, @brb)
• Add "--iptables-lock-timeout" to configure iptables --wait parameter (#11701, @joestringer)
• datapath: Enable session affinity for older kernels (#11678, @brb)
• doc: Update LLVM/Clang requirement to 10.0 (#11686, @pchaigno)
• Expose BPF kernel memory usage as a prometheus metric (#11682, @aanm)
• operator: Ship slimmer binaries (#10972, @errordeveloper)
• Remove netstat from cilium-bugtool and replace with ss tool (#11667, @soumynathan)
• Updated grafana dashboard (#11744, @aanm)

Bugfixes:

• Allow enabling ServiceMonitor without Prometheus installed. (#11261, @diversario)
• azure: fix excess/off-by-one addresses allocation (#11669, @bpineau)
• cilium-cni: Only start gops in debug mode (#11711, @aanm)
• datapath: Fix back-edge in bpf_sock for older kernels (#11739, @brb)
• etcd: Increase status check timeout to 10 seconds (#11750, @tgraf)
• Fix Cilium blocking its initialization for nodes where the hostname was different that the Kubernetes node name. (#11717, @aanm)
• Fix issue where Cilium-agent fails to start on nodes without a default gateway (#11632, @soumynathan)
• Fix issue where traffic from a pod could be dropped despite allow policy when DNS L7 rules are used (#11764, @joestringer)
• hubble/parser/threefour: handle IPv6 CIDR labels (#11719, @rolinh)
• Hubble: fix unknown identities for some CIDR (#11703, @rolinh)
• operator: fix panic for non existing CEPs (#11749, @aanm)
• Protect ENI and Azure IPAM from misbehaving cloud APIs (#11231, @tgraf)
• proxy: Do not decrement proxy port reference count when reverting. (#11753, @jrajahalme)
• proxy: Keep DNS port allocated (#11661, @jrajahalme)

CI Changes:

• ci/K8sHubble: Retry failed requests on hubble-relay (#11708, @gandro)
• ci: Check whether pod is being terminated before deleting it (#11655, @nebril)
• ci: Fix focus handling in ginkgo-ext (#11534, @nebril)
• ci: fix gke cluster lock (#11712, @nebril)
• ci: outer vm boot timeout was smaller than inner (#11758, @nebril)
• ci: remove nightly image build (#11674, @nebril)
• Correct prometheus template in integration test (#11611, @sayboras)
• helpers: Remove hubble-relay service in cleanup (#11721, @gandro)
• Run precheck make target in Travis CI (#11740, @tklauser)
• test(helm): Correct invalid input in kind-action (#11704, @sayboras)
• test/k8s: Migrate L7 visibility tests to hubble (#11622, @glibsm)
• test/k8sHubble: Clean up hubble-cli and hubble-relay pods (#11687, @gandro)
• test/K8sServices: redeploy Cilium before fragment tracking tests (#11663, @qmonnet)
• test: Add externalIPs tests to K8sServicesTest and disable K8sKubeProxyFreeMatrix (#11696, @brb)
• test: Aid flake debugging (#11520, @errordeveloper)
• test: disable "Tests NodePort with L7 Policy" (#11710, @nebril)
• test: Fix issue with unmanaged pod deletions hitting the timeout (#11654, @errordeveloper)
• test: force restarting of Cilium pods (#11613, @nebril)
• test: Improve K8sServicesTest naming and expectation offsets (#11675, @brb)
• test: increase timeout for getting pod list for logs (#11747, @nebril)
• test: Mend gingko-ext (#11553, @errordeveloper)
• test: parallelize log gathering (#11748, @nebril)
• test: retry fqdn requests, increase curl timeout (#11775, @nebril)
• test: use pkg/lock instead of stdlib sync (#11729, @tklauser)
• test: Wait for IPCache entries in testSessionAffinity (#11771, @brb)
• travis: fix arm64 build (#11774, @tklauser)

Misc Changes:

• Allow to create docker images with unstripped binaries (#11689, @tklauser)
• bpf: fix test/bpf/unit-test segfault due to memcmp looping (#11709, @borkmann)
• bpf: optimized memmove for XDP + DSR (#11676, @borkmann)
• bump k8s dependencies and test to v1.18.3 (#11679, @aanm)
• CI: Increase timeouts and retries when accessing external destinations (#11770, @tgraf)
• Cilium has added support for "named ports". Updating docs to reflect this (#11754, @jedsalazar)
• cilium: improve bpf dp signal upon ct insertion error (#11684, @borkmann)
• CODEOWNERS: add helm as codeowner of install/kubernetes (#11723, @aanm)
• Correct cidr input in linuxRouting.NewRoutingInfo (#11569, @sayboras)
• datapath: Fix panic on direct routing config (#11756, @pchaigno)
• delete pkg/hubble/ipcache and GetIPIdentity func from ipcache (#11652, @rolinh)
• doc: Fix require-ipv4-pod-cidr value for ENI and Azure mode (#11725, @tgraf)
• Doc: Update the unit test section for privileged tests (#11433, @soumynathan)
• doc: Use a personal registry for dev images (#11658, @michi-covalent)
• docker: update cilium-{runtime,builder} images (#11734, @borkmann)
• Dockerfile: Run apt-get update before apt-get install (#11665, @michi-covalent)
• docs: add missing dependency to use docs live-preview (#11761, @aanm)
• docs: add table for test-focus (#11752, @nebril)
• docs: Update debugging section for data races and deadlocks (#11700, @christarazi)
• Fix makefile and a small interface change (#11736, @anfernee)
• Fix various data races in pkg/aws/eni and pkg/ipam (#11685, @christarazi)
• helm: correct lint error in preflight template (#11671, @sayboras)
• hubble-relay: Add node status message (#11589, @gandro)
• hubble: delete parser/endpoint package and move Endpoint struct to testutils (#11769, @rolinh)
• install: Fix erroneous comment (#11603, @joestringer)
• ipcache: Better logging for conflicting named ports (#11702, @jrajahalme)
• k8s,node: Reuse retrieveNodeInformation to retrieve node labels (#11659, @pchaigno)
• k8s: Fix CCNP for host policies (#11638, @pchaigno)
• loader: Fix missing dot in assembly output files (#11716, @pchaigno)
• loader: Move direct routing config. to node_config.h (#11594, @pchaigno)
• Make used version of some docker images consistent (#11728, @tklauser)
• Makefile: Fix build when RACE is provided (#11735, @christarazi)
• Makefile: Pass lockdebug tag to tests (#11657, @christarazi)
• monitor: Fix ipcache lookup debug msg (#11745, @pchaigno)
• policy/api: Rework Rule.MarshalJSON() to ease maintainability (#11651, @pchaigno)
• proxy: release redir.mutex on early exit, update a comment on mutex use (#11666, @qmonnet)
• Retry on conflicts when creating/updating CiliumNode objects on agent startup (#11673, @ashrayjain)
• Small bpf cleanups (#11688, @tklauser)
• Small scalability improvements (#11683, @aanm)
• test: Disable flaky etcd test (#11772, @pchaigno)
• test: Increase timeout for privileged unit tests (#11677, @pchaigno)
• test: Only restart KubeDNS if required (#11207, @tgraf)
• Use watcher to track unmanaged kube-dns pods in Cilium Operator (#11470, @aanm)
• vagrant: bump all vagrant box versions (#11695, @tklauser)
• vbox: update net-next box and runtime/builder images (#11649, @borkmann)