🎉 欢迎访问本站,如有问题欢迎 留言
Docs
Cncf
Project
Cilium
Cilium V1.19.0 Pre.2 Release Note

来源: https://github.com/cilium/cilium/releases/tag/v1.19.0-pre.2

cilium/cilium v1.19.0-pre.2 Release Notes

Published at: 2025-11-03T10:38:29Z

Summary of Changes

Major Changes:

  • Cilium’s Gateway API support now uses v1.4 of Gateway API. Cilium’s GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. (cilium/cilium#41936, @youngnick)
  • Operator prometheus support TLS/mTLS using existing secret (cilium/cilium#42077, @phuhung273)
  • Promote Multi-Pool IPAM feature from Beta to Stable (cilium/cilium#42191, @pippolo84)
  • Support BPF Host Routing with IPsec (cilium/cilium#41997, @pchaigno)

Minor Changes:

  • Add flag to allow clients of Cluster Mesh to revoke cached data about a remote cluster if connectivity to the remote cluster kvstore is lost. (cilium/cilium#41643, @adamwathieu)
  • add one-off CiliumEndpointSlice GC when CES is disabled (cilium/cilium#42161, @jshr-w)
  • Add Strict Mode support (enable-encryption-strict-mode) For Transparent Encryption with IPsec. (cilium/cilium#42115, @julianwiedmann)
  • Allow to attach Cilium’s XDP program on network interfaces that have jumbo MTU configured and support xdp.frags program type. (cilium/cilium#41967, @viktor-kurchenko)
  • Avoid conntrack for wireguard packets (cilium/cilium#41990, @bersoare)
  • Azure: add support for masquerading (cilium/cilium#42196, @antonipp)
  • bpf: add REASON_MTU_ERROR_MSG forwarded metric. (cilium/cilium#41715, @tommyp1ckles)
  • clustermesh: handle conflict/resolution of IPFamilies in MCS-API to better support dual stack clusters (cilium/cilium#42145, @MrFreezeex)
  • clustermesh: hubble: remove the needs to manually trigger the cert generation job for initial installation when using ArgoCD or helm with the “–wait” option and the cronjob method (cilium/cilium#42298, @MrFreezeex)
  • daemon: Fail agent startup on incompatible datapath mode (cilium/cilium#42482, @HadrienPatte)
  • devices: allow selection of devices with no IP set (cilium/cilium#41837, @oblazek)
  • Extend Hubble parsers to support VRRP and IGMP protocols. (cilium/cilium#41949, @kyounghunJang)
  • feat: Allow configuration of daemon hive.Run options (cilium/cilium#42357, @ILL1A)
  • Fix a complexity issue for the bpf_xdp program (cilium/cilium#42193, @aspsk)
  • fix indentation for certgen resources in helm templates (cilium/cilium#42412, @sdickhoven)
  • helm: Support extending cilium-operator securityContext helm templates (cilium/cilium#42041, @ysksuzuki)
  • hubble/metrics/icmp: fix icmp6 label to correctly be ipv6. (cilium/cilium#41427, @tommyp1ckles)
  • ipam: Support for public IP allocation in Azure (cilium/cilium#42219, @antonipp)
  • k8s: update heartbeat() to use readyz instead of healthz (cilium/cilium#41588, @HavenXia)
  • Keep unready Kubernetes endpoints in the backends BPF map to avoid disrupting existing connections when pod readiness probe is flapping. (cilium/cilium#42170, @joamaki)
  • metrics: fix cilium_errors_warnings_total metric to report all errors and warnings. Previously, logs without subsystem attribute were not reported. Now they are reported with unspecified value of subsystem label. (cilium/cilium#42329, @marseel)
  • Remove deprecated custom calls feature (cilium/cilium#42094, @tklauser)
  • Removed deprecated CiliumBGPPeeringPolicy CRD and its agent implementation. Use cilium.io/v2 CRDs (CiliumBGPClusterConfig, CiliumBGPPeerConfig, CiliumBGPAdvertisement, CiliumBGPNodeConfigOverride) for configuring BGP. (cilium/cilium#42278, @rastislavs)
  • Stop reporting the local cluster name and node name in metrics (cilium/cilium#41976, @MrFreezeex)
  • The endpoint_max_ifindex metric is no longer useful and has been removed. (cilium/cilium#42082, @julianwiedmann)
  • The egress interface for IPv6 traffic matched by an Egress Gateway policy is entirely determined by the egressGateway section in the policy, using either the selected interface or the interface with the default route. When an egressIP is specified, the interface continues to be selected according to the configured IP routing on the node. (cilium/cilium#38961, @julianwiedmann)
  • The previously deprecated --enable-ipv4-egress-gateway flag has been removed. To enable the corresponding features, users must set --enable-egress-gateway=true. (cilium/cilium#42238, @julianwiedmann)
  • Use numeric port instead of named port in cilium envoy svc (cilium/cilium#42232, @nezdolik)

Bugfixes:

  • bpf: Do not accidentally update IPcache in cluster-aware routing (cilium/cilium#42472, @brb)
  • cilium-dbg: show encryption status even if daemon is unresponsive (cilium/cilium#41827, @bersoare)
  • cilium-operator: ciliumendpoints are not garbage collected until a minimum age is reached (5m by default) (cilium/cilium#42413, @zhouhaibing089)
  • encrypt status: also check tcx attachment on interfaces (cilium/cilium#42328, @bersoare)
  • Fix a fatal error when accessing multicast map using cilium-dbg bpf multicast (cilium/cilium#42080, @tklauser)
  • Fix BGP operator crash when bgp-secrets-namespace not set. (cilium/cilium#42425, @rastislavs)
  • Fix cilium_operator_lbipam_conflicting_pools metric to report correct value. (cilium/cilium#41999, @hanapedia)
  • Fix failing node health check on dual stack cluster if NodeInternalIPs are not configured for both families. (cilium/cilium#41633, @Dennor)
  • Fix increase in memory usage when service names are looked up at high rate during Hubble flow creation (cilium/cilium#41965, @joamaki)
  • Fix operator CIDR allocations in multi-pool IPAM mode after a CiliumPodIPPool update or re-insertion (cilium/cilium#42126, @pippolo84)
  • Fix potential policy deadlock causing endpoint to use previous identity for policy calculation when endpoint changes identity (cilium/cilium#42420, @odinuge)
  • Fix the output of cilium lrp list command to show LRP selected backends. (cilium/cilium#42110, @Bigdelle)
  • fix: Panic during endpoint restore due to nil logger (cilium/cilium#42385, @pinaki-08)
  • Fixes a minor bug where cilium-operator would incorrectly claim ownership of the “CiliumNetworkPolicy.specs” field, causing server-side apply to break when using specs (cilium/cilium#42221, @squeed)
  • Fixes a rare bug where endpoints may have incomplete policies in large clusters. (cilium/cilium#42049, @squeed)
  • gatewayAPI: correctly handle reference to CGCC as cluster-scoped resource instead of namespaced one (cilium/cilium#42172, @oblazek)
  • operator/ciliumenvoyconfig: consistently propagate –http-stream-idle-timeout value (cilium/cilium#42495, @tklauser)
  • Preventing removal of existing tproxy iptables rules for other services when they share a name prefix. (cilium/cilium#42236, @dackroyd)
  • When using the Egress Strict Mode for Transparent Encryption with Wireguard, packets destined to the local host are no longer excluded from encryption enforcement (when leaving the node), and will be dropped. (cilium/cilium#42419, @julianwiedmann)

CI Changes:

  • .github/actions/e2e: define static job names (cilium/cilium#42332, @aanm)
  • .github/workflows: Add base-SHA input to ariane triggered workflows (cilium/cilium#42156, @dylandreimerink)
  • .github/workflows: correctly set status even if wait-for-images fails (cilium/cilium#42307, @aanm)
  • bgp: Extend BGP component tests (cilium/cilium#41969, @rastislavs)
  • bpf: test: add BPF Masq tests for unknown / handled protocols (cilium/cilium#42144, @julianwiedmann)
  • bpf: test: remove ipcache mock in remote-node MASQ tests (cilium/cilium#42515, @julianwiedmann)
  • check-encryption-leak: relax overlay protocol check to only dst port (cilium/cilium#41883, @smagnani96)
  • check-encryption-leaks: log tunnel header when present (cilium/cilium#42001, @smagnani96)
  • ci: Allow for alpine image overwrite within cache Dockerfile (cilium/cilium#42108, @jpayne3506)
  • ci: fix gathering sysdump in fqdn perf test (cilium/cilium#42336, @marseel)
  • ci: use eks nodegroup action in egw scale test (cilium/cilium#42005, @Artyop)
  • cli, ipsec: Fix bidirectional IPsec tunnel check (cilium/cilium#42047, @pchaigno)
  • cli: Fix unreliable tests due to error emitted in Cilium logs “retrieving device lxc*: Link not found” (cilium/cilium#42146, @fristonio)
  • Deflake TestNodeManagerAbortReleaseIPReassignment (cilium/cilium#42276, @lconnery)
  • Disable goswagger major and minor updates on stable release branches (cilium/cilium#42335, @thorn3r)
  • gh: ariane: add ignore-regex for ci-ipsec and ci-kpr (cilium/cilium#42083, @julianwiedmann)
  • gh: datapath-verifier: stop testing complexity on RHEL 8.6 (cilium/cilium#42296, @julianwiedmann)
  • gh: e2e-upgrade: extract WireGuard-specific configs and refactor names (cilium/cilium#41994, @smagnani96)
  • gh: fine-tune renovate config (cilium/cilium#42415, @julianwiedmann)
  • gh: ginkgo: reduce number of tested k8s versions in PRs (cilium/cilium#42465, @julianwiedmann)
  • gh: ginkgo: replace rhel8 with 5.10 kernel (cilium/cilium#42084, @julianwiedmann)
  • gh: scale-egw: run with L7 proxy enabled (cilium/cilium#39421, @julianwiedmann)
  • gh:conformance: fix parsing empty input-args for IPSEC (cilium/cilium#42197, @smagnani96)
  • gh:conformance:multi-pool: fix multi-pool test workflow config (cilium/cilium#42239, @smagnani96)
  • gha: fix upload of artifacts when scale-test-egw fails (cilium/cilium#42337, @giorio94)
  • ginkgo: add test ownership for ginkgo tests (cilium/cilium#41950, @aanm)
  • Inspecting Status Code Returned from Pktgen and Setup Programs (cilium/cilium#42147, @lconnery)
  • ipam/multipool: Fix TestOrphanCIDRsAfterRestart (cilium/cilium#42214, @pippolo84)
  • kind: allow for configuring more logs in containers (cilium/cilium#42283, @marseel)
  • renovate: Allow cilium-proxy 1.34.x for all stable branches (cilium/cilium#42097, @sayboras)
  • Revert “gh: renovate: remove reference to old ipsec config file” (cilium/cilium#42163, @smagnani96)
  • test: ginkgo: drop unnecessary test configs (cilium/cilium#42447, @julianwiedmann)
  • test: ginkgo: remove support for cloud environments (cilium/cilium#42424, @julianwiedmann)
  • Testing: Replace reflect.DeepEqual with assert.Equal in pkg/auth tests for better error messages (cilium/cilium#42185, @pillai-ashwin)
  • Testing: Replace reflect.DeepEqual with assert.Equal in pkg/driftchecker tests for better error messages (cilium/cilium#42323, @pillai-ashwin)
  • Testing: Replace reflect.DeepEqual with assert.Equal in pkg/hubble/filters tests for better error messages (cilium/cilium#42222, @pillai-ashwin)
  • workflows/aks: Don’t run tests twice when IPsec is enabled (cilium/cilium#42311, @pchaigno)
  • workflows/gateway-api: Don’t cleanup Gateway API resources (cilium/cilium#42209, @pchaigno)
  • workflows/ipsec: Improve LTS kernels coverage (cilium/cilium#41987, @pchaigno)
  • workflows/kpr: Fix dependencies for artifact collection (cilium/cilium#42309, @pchaigno)
  • workflows: fix GCP OIDC authentication’s project ID (cilium/cilium#42123, @nbusseneau)

Misc Changes:

  • .github/renovate: add missing search paths (cilium/cilium#42355, @aanm)
  • .github/renovate: separate quay.io/goswagger/swagger updates (cilium/cilium#42467, @aanm)
  • [cilium-envoy] Make affinity and updateStrategy extensible (cilium/cilium#42359, @nezdolik)
  • Add allocator and datapath plumbing for cookie-based policy logging (cilium/cilium#40023, @tklauser)
  • Add Eastern Switzerland University of Applied Sciences (OST) to USERS.md (cilium/cilium#42256, @Untersander)
  • Add initializer for per-endpoint routes in endpoint restorer (cilium/cilium#42155, @dylandreimerink)
  • Add reconciliation of routes (cilium/cilium#41528, @dylandreimerink)
  • Add Vietnam Post Cloud to USERS.md (cilium/cilium#42446, @chint-vnpost-vn)
  • Added multiple extension points for cilium envoy daemonset manifest. (cilium/cilium#42223, @nezdolik)
  • Adding bpf.monitorTraceIPOption flag to helm chart (cilium/cilium#41636, @Bigdelle)
  • bgp: Use AllWatch instead of Changes iterator for triggering BGP CP events (cilium/cilium#42376, @rastislavs)
  • bgp: Use changes iterator for triggering BGP CP events (cilium/cilium#42102, @rastislavs)
  • bpf/complexity-tests: Extend coverage (cilium/cilium#42523, @aditighag)
  • bpf: Clear tc_classid on all ingress code paths (cilium/cilium#42105, @pchaigno)
  • bpf: conntrack: don’t signal CT GC when inserting to CT map fails (cilium/cilium#42366, @julianwiedmann)
  • bpf: conntrack: let callers of ct_lookup6() provide fraginfo (cilium/cilium#42186, @julianwiedmann)
  • bpf: constify ipcache map access (cilium/cilium#42491, @tklauser)
  • bpf: constify map access (cilium/cilium#42474, @julianwiedmann)
  • bpf: don’t look up trace ID if packet tracing via IP options is disabled (cilium/cilium#42059, @tklauser)
  • bpf: egressgw: streamline the EGW policy & redirect code in to-netdev (cilium/cilium#41982, @julianwiedmann)
  • bpf: fib: cleanups (cilium/cilium#42157, @julianwiedmann)
  • bpf: fib: remove redundant ENABLE_SKIP_FIB checks (cilium/cilium#42208, @julianwiedmann)
  • bpf: fine-tune semantics for conditional tailcalls (cilium/cilium#42090, @julianwiedmann)
  • bpf: fine-tune work-around for bpf_redirect_neigh() from overlay programs (cilium/cilium#42052, @julianwiedmann)
  • bpf: host/wireguard: clarify security identities for proxy traffic (cilium/cilium#41869, @julianwiedmann)
  • bpf: host: remove stale code comment (cilium/cilium#42237, @julianwiedmann)
  • bpf: host: untangle resolve_srcid_ipv*() (cilium/cilium#42375, @julianwiedmann)
  • bpf: hostfw: have from-host always pass the ipcache-based src identity (cilium/cilium#42093, @julianwiedmann)
  • bpf: hostfw: share code for CT entry creation in egress policy path (cilium/cilium#41959, @julianwiedmann)
  • bpf: ipv6: optimize fraginfo handling (cilium/cilium#42224, @julianwiedmann)
  • bpf: lb: constify all lb-related map accesses (cilium/cilium#42521, @julianwiedmann)
  • bpf: Migrate VTEP_MASK to runtime config (cilium/cilium#42286, @viktor-kurchenko)
  • bpf: nat: rework egress path for ICMP error messages (cilium/cilium#41694, @julianwiedmann)
  • bpf: nodeport: don’t include EGW reply hook in bpf_wireguard (cilium/cilium#42187, @julianwiedmann)
  • bpf: nodeport: punt eTP=local requests from XDP to TC (cilium/cilium#42054, @julianwiedmann)
  • bpf: nodeport: simplify check for DSR dispatch-mode (cilium/cilium#42297, @julianwiedmann)
  • bpf: policy: expose policy map parameter for __policy_can_access() (cilium/cilium#42069, @julianwiedmann)
  • bpf: remove compat handling for some runtime configs (cilium/cilium#42349, @julianwiedmann)
  • bpf: Replace invoke_tailcall_if with C if-else (cilium/cilium#41860, @dylandreimerink)
  • bpf: use NULL instead of 0 to initialize pointers, constify (cilium/cilium#42490, @tklauser)
  • bpf: wireguard: set SKIP_SRV6_HANDLING and SKIP_ICMPV6_NS_HANDLING (cilium/cilium#42038, @julianwiedmann)
  • bpf:ipsec: cleanup ESP tracing in from_overlay (cilium/cilium#42242, @smagnani96)
  • build: Remove unused .dockerignore files (cilium/cilium#41629, @HadrienPatte)
  • certloader: Log initial TLS config load errors in FutureWatcher (cilium/cilium#42201, @devodev)
  • chore(deps): update all github action dependencies (main) (cilium/cilium#42025, @cilium-renovate[bot])
  • chore(deps): update all github action dependencies (main) (cilium/cilium#42134, @cilium-renovate[bot])
  • chore(deps): update all github action dependencies (main) (cilium/cilium#42394, @cilium-renovate[bot])
  • chore(deps): update all github action dependencies (main) (cilium/cilium#42537, @cilium-renovate[bot])
  • chore(deps): update all github action dependencies (main) (patch) (cilium/cilium#42021, @cilium-renovate[bot])
  • chore(deps): update all github action dependencies (main) (patch) (cilium/cilium#42389, @cilium-renovate[bot])
  • chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#42022, @cilium-renovate[bot])
  • chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#42131, @cilium-renovate[bot])
  • chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#42299, @cilium-renovate[bot])
  • chore(deps): update all lvh-images main (main) (patch) (cilium/cilium#42533, @cilium-renovate[bot])
  • chore(deps): update all-dependencies (main) (cilium/cilium#42018, @cilium-renovate[bot])
  • chore(deps): update all-dependencies (main) (cilium/cilium#42099, @cilium-renovate[bot])
  • chore(deps): update all-dependencies (main) (cilium/cilium#42454, @cilium-renovate[bot])
  • chore(deps): update all-dependencies (main) (cilium/cilium#42538, @cilium-renovate[bot])
  • chore(deps): update cilium/cilium-cli action to v0.18.8 (main) (cilium/cilium#42390, @cilium-renovate[bot])
  • chore(deps): update dependency cilium/little-vm-helper to v0.0.27 (main) (cilium/cilium#42258, @cilium-renovate[bot])
  • chore(deps): update dependency protocolbuffers/protobuf to v33 (main) (cilium/cilium#42262, @cilium-renovate[bot])
  • chore(deps): update docker.io/library/golang:1.25.1 docker digest to d709837 (main) (cilium/cilium#42019, @cilium-renovate[bot])
  • chore(deps): update docker.io/library/golang:1.25.3 docker digest to 6bac879 (main) (cilium/cilium#42532, @cilium-renovate[bot])
  • chore(deps): update docker.io/library/golang:1.25.3 docker digest to 6ea52a0 (main) (cilium/cilium#42252, @cilium-renovate[bot])
  • chore(deps): update docker.io/library/golang:1.25.3 docker digest to dd08f76 (main) (cilium/cilium#42387, @cilium-renovate[bot])
  • chore(deps): update github artifact actions (main) (cilium/cilium#42395, @cilium-renovate[bot])
  • chore(deps): update go to v1.25.3 (main) (cilium/cilium#42061, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.135.4 (main) (cilium/cilium#42024, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.135.5 (main) (cilium/cilium#42036, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.146.0 (main) (cilium/cilium#42132, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.152.5 (main) (cilium/cilium#42261, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.152.7 (main) (cilium/cilium#42272, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.152.9 (main) (cilium/cilium#42274, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.159.4 (main) (cilium/cilium#42392, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.168.5 (main) (cilium/cilium#42535, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.169.0 (main) (cilium/cilium#42552, @cilium-renovate[bot])
  • chore(deps): update renovate dependencies to v41.169.1 (main) (cilium/cilium#42553, @cilium-renovate[bot])
  • ci: add wildcard ton runtime image file (cilium/cilium#42058, @Artyop)
  • ci: Add workflow permissions for auto-approve and renovate (cilium/cilium#42281, @kyle-c-simmons)
  • ci: Fix call-backport-label-updater permissions (cilium/cilium#42510, @kyle-c-simmons)
  • ci: Update hubble test workflow permissions (cilium/cilium#41911, @kyle-c-simmons)
  • cilium, routes: Downgrade warning on direct-routing-skip-unreachable (cilium/cilium#42210, @borkmann)
  • cilium-dbg: Fix status indentation formatting (cilium/cilium#42199, @HadrienPatte)
  • cleanup:bpf:hubble: remove unused reason encrypted overlay (cilium/cilium#42229, @smagnani96)
  • clustermesh: fix race condition in TestClusterMeshMultipleAddRemove (cilium/cilium#41992, @MrFreezeex)
  • CODEOWNERS: let sig-policy own allocator and idpool packages (cilium/cilium#42292, @giorio94)
  • config: migrate two config options to their relevant cells (cilium/cilium#42326, @julianwiedmann)
  • contrib/containerlab: Remove BGPv1 labs (cilium/cilium#42373, @rastislavs)
  • contrib: Reduce verbosity of verifier_diff.py script (cilium/cilium#42421, @pchaigno)
  • contrib:verifier_diff.py: Account for minimal plot height (cilium/cilium#42360, @smagnani96)
  • daemon: extract endpoint restoration logic (cilium/cilium#42004, @mhofstetter)
  • daemon: extract infra IP allocation logic (cilium/cilium#42067, @mhofstetter)
  • daemon: extract KPR initialization logic (cilium/cilium#41988, @mhofstetter)
  • daemon: extract map sweeper lifecycle into hive cell (cilium/cilium#42488, @mhofstetter)
  • daemon: move removeOldRouterState to infraIPAllocator (cilium/cilium#42461, @mhofstetter)
  • daemon: remove ctx & controller manager from Daemon struct (cilium/cilium#41966, @mhofstetter)
  • daemon: remove struct Daemon and Promise[Daemon] (cilium/cilium#42071, @mhofstetter)
  • datapath, endpoint: allow to get endpoint properties on cached endpoints (cilium/cilium#42211, @tklauser)
  • datapath/linux/probes: Tolerate ErrRestrictedKernel (cilium/cilium#42361, @jrife)
  • datapath/tables: Only reconcile node addresses on changes (cilium/cilium#42291, @joamaki)
  • datapath/tables: Use Table[LocalNode] in NodeAddressController (cilium/cilium#41001, @joamaki)
  • datapath/utime: use hive jobs instead of controller for sync (cilium/cilium#42513, @mhofstetter)
  • datapath: remove cleanup code for old maps (cilium/cilium#42143, @julianwiedmann)
  • datapath: remove cleanup code for the tunnel map (cilium/cilium#42285, @julianwiedmann)
  • deps: bump CNI plugins version (cilium/cilium#42043, @ferozsalam)
  • docs: remove stale kernel requirements (cilium/cilium#42081, @julianwiedmann)
  • Docs: update fragmentation docs to reflect ipv6 (cilium/cilium#41748, @tommyp1ckles)
  • Enable configuration for verbose debug events for tagged packets. (cilium/cilium#41839, @Bigdelle)
  • eni: Lower severity of IMDS failure (cilium/cilium#42066, @gandro)
  • feat(chart): Add ability to configure emptyDir (sizeLimit/medium) (cilium/cilium#42384, @mkilchhofer)
  • feat(sdp): Updating DNS rules in Standalone DNS proxy (cilium/cilium#41609, @vipul-21)
  • Fix a regression in the new services control plane where loadBalancerSourceRanges was applied by default to all service types. (cilium/cilium#42351, @borkmann)
  • Fix invalid indentation for yaml include in cilium-envoy daemonset template. (cilium/cilium#42353, @nezdolik)
  • fix(bpf) Initialize cilium_percpu_trace_id map via Hive Start hook (cilium/cilium#41886, @Bigdelle)
  • fix(deps): update all go dependencies main (main) (cilium/cilium#42020, @cilium-renovate[bot])
  • fix(deps): update all go dependencies main (main) (cilium/cilium#42130, @cilium-renovate[bot])
  • fix(deps): update all go dependencies main (main) (cilium/cilium#42259, @cilium-renovate[bot])
  • fix(deps): update all go dependencies main (main) (cilium/cilium#42388, @cilium-renovate[bot])
  • fix(deps): update all go dependencies main (main) (cilium/cilium#42536, @cilium-renovate[bot])
  • fix(deps): update aws-sdk-go-v2 monorepo (main) (cilium/cilium#42260, @cilium-renovate[bot])
  • fix(deps): update aws-sdk-go-v2 monorepo (main) (cilium/cilium#42391, @cilium-renovate[bot])
  • fix(deps): update aws-sdk-go-v2 monorepo (main) (cilium/cilium#42534, @cilium-renovate[bot])
  • fix(deps): update azure-sdk-for-go monorepo (main) (cilium/cilium#42133, @cilium-renovate[bot])
  • fix(deps): update github.com/vishvananda/netlink digest to 19840db (main) (cilium/cilium#42037, @cilium-renovate[bot])
  • fix(deps): update module github.com/aws/aws-sdk-go-v2/config to v1.31.12 (main) (cilium/cilium#42023, @cilium-renovate[bot])
  • fix(deps): update module github.com/azure/azure-sdk-for-go/sdk/resourcemanager/network/armnetwork/v7 to v7.1.0 (main) (cilium/cilium#42393, @cilium-renovate[bot])
  • fix(deps): update module github.com/gopacket/gopacket to v1.5.0 (main) (cilium/cilium#42547, @cilium-renovate[bot])
  • fix(Dockerfile): set correct platform args for the debug-tools image (cilium/cilium#42152, @gyutaeb)
  • fix: run post-release and publish-helm workflows on cilium org (cilium/cilium#42279, @sekhar-isovalent)
  • fqdn/namemanager: remove restoring from v1.15 checkpoint file (cilium/cilium#42448, @tklauser)
  • gneigh: add interface name and hardware address accessor methods (cilium/cilium#42176, @tklauser)
  • health: cleanup at shutdown via Hive lifecycle (cilium/cilium#42489, @mhofstetter)
  • identity: extract local identity release logic into Hive cell (cilium/cilium#42442, @mhofstetter)
  • identity: Remove unused CIDRLabel field (cilium/cilium#42212, @gandro)
  • images: Only build gops for the relevant platform (cilium/cilium#41160, @HadrienPatte)
  • install/kubernetes: Allow multi-pool ipam for aksbyocni (cilium/cilium#42181, @aditighag)
  • Introduce experimental support for tuned buffer margins on netkit devices. (cilium/cilium#42006, @ajmmm)
  • ipam: better error message for postIpamFailure when out of IPs (cilium/cilium#42369, @antonipp)
  • ipam: Wait for ENI netlink interface before configuring routes (cilium/cilium#41954, @pippolo84)
  • ipcache: test cleanups: (cilium/cilium#41469, @squeed)
  • iptables: minor cleanups for installHostTrafficMarkRule() (cilium/cilium#41938, @julianwiedmann)
  • k8s/reflector: Add support for shared ListerWatcher (cilium/cilium#41995, @gandro)
  • kind: use explicit –context for all commands (cilium/cilium#42294, @antonipp)
  • L2 announce: fix mcast IPv6 neighbour solicitations filtered by some NICs #41678 (cilium/cilium#41952, @msune)
  • loadbalancer: fix up code comment (cilium/cilium#42273, @julianwiedmann)
  • loadbalancer: remove unused ExternalConfig from Writer (cilium/cilium#42519, @tklauser)
  • MAINTAINERS: Add Arthur Outhenin-Chalandre (cilium/cilium#42431, @giorio94)
  • MAINTAINERS: Correctly link Arthur’s GitHub profile (cilium/cilium#42492, @giorio94)
  • mispelling fixes detected by codespell. (cilium/cilium#42053, @fujitatomoya)
  • modularization:wireguard:ipsec inject C macros from cell (cilium/cilium#42368, @smagnani96)
  • operator: Fix interface conversion panic (cilium/cilium#42231, @HadrienPatte)
  • operator: Prevent panic when GCing identities (cilium/cilium#42217, @HadrienPatte)
  • pkg/nodediscover: Don’t log warnings for intermittent updates (cilium/cilium#42505, @aditighag)
  • plugins/cilium-cni: Busy wait for a bootstrapping agent (cilium/cilium#42074, @pippolo84)
  • Prepare for release v1.19.0-pre.1 (cilium/cilium#41973, @cilium-release-bot[bot])
  • proxy: fix panic in standalone cilium-agent with --enable-l7-proxy=false (cilium/cilium#42119, @tklauser)
  • README: Update for releases v1.18.3, v1.17.9, and v1.16.16 (cilium/cilium#42378, @thorn3r)
  • README: Update releases (cilium/cilium#41978, @joestringer)
  • Rebase netlink library to latest upstream commit in preparation for additional netkit functionality updates. (cilium/cilium#41941, @ajmmm)
  • Refactor policy engine to use PolicyEntry as the internal representation of policies, as described in CFP-39646. (cilium/cilium#40213, @TheBeeZee)
  • Remove NP and CNP permission in hubble UI’s ClusterRole (cilium/cilium#41743, @mkilchhofer)
  • Revert “kind: use explicit –context for all commands” (cilium/cilium#42430, @julianwiedmann)
  • shell: fix client flags when interacting with a shell (cilium/cilium#41985, @smagnani96)
  • srv6: Cleanup state map completely (cilium/cilium#42184, @YutaroHayakawa)
  • tools: add a plain input mode to testowners (cilium/cilium#42153, @asauber)
  • unbreak GKE workflows (cilium/cilium#42327, @julianwiedmann)
  • Update USERS.md University of Wisconsin (cilium/cilium#42075, @cccsss01)
  • vendor,hive: Bump to latest Hive and remove pkg/shell (cilium/cilium#42331, @joamaki)
  • vendor: Bump to StateDB v0.5.1 (cilium/cilium#42070, @joamaki)
  • Work-around a memory leak in the kernel networking stack, which occurs when redirecting packets inside a node that previously arrived via Cilium’s overlay interface. (cilium/cilium#42000, @julianwiedmann)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.19.0-pre.2@sha256:507852b22e347fc1c6c0d2f3bd68096e466cf9022524e5057a648b9505a5e35b

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.19.0-pre.2@sha256:77e27d2b410feb6b96551ada14d3e4cde13af18f29db97dea600b80ca9178f35

docker-plugin

quay.io/cilium/docker-plugin:v1.19.0-pre.2@sha256:0380dd387584cf535b5580107d6c988e1a99499d0c57ebded892643a8c4ed4ab

hubble-relay

quay.io/cilium/hubble-relay:v1.19.0-pre.2@sha256:cfebb1e03451c4152a9076e6661b57b458e4357a4395736970397f7cf1ab9f5b

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.19.0-pre.2@sha256:cee0d99c66d76611e1590544390f90f3b28b66c92a9a92640aeb2fb6dea3d896

operator-aws

quay.io/cilium/operator-aws:v1.19.0-pre.2@sha256:7ce663e21f4181de6022f8a052990009d48d8fea0604577a751ff0262d2934f9

operator-azure

quay.io/cilium/operator-azure:v1.19.0-pre.2@sha256:7d97e42b4a86ef2fb8532ec3377d54f8f0b2d32e072f97ab9d541325d81da811

operator-generic

quay.io/cilium/operator-generic:v1.19.0-pre.2@sha256:6da95faf2094a02fd8c0ca023adb3c2a0971f73ca4e365e9b72d005a514609b7

operator

quay.io/cilium/operator:v1.19.0-pre.2@sha256:d43ad31a63402ddd0a655c53e57ede33b14a1e36bb1b7c33dc45d80c91e1325f

Cilium V1.19.0 Pre.1 Release Note