All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.
- Move provider specific custom CNI configuration to subchart.
0.27.0 - 2024-08-20
- Upgrade Cilium to v1.16.1.
0.26.0 - 2024-08-08
- Upgrade Cilium to v1.16.0.
- Disable digest in all images.
- Improve security defaults for:
- Hubble UI
- Hubble Relay
- Cilium Operator
0.25.1 - 2024-06-26
- Fix regression setting Policy BPF Max map
policyMapMax
back to 65536 from 16384.
0.25.0 - 2024-06-19
- Upgrade cilium to v1.15.6.
0.24.0 - 2024-04-30
- Upgrade cilium to v1.15.4.
0.23.0 - 2024-04-24
-
Cilium ENI mode for CAPA becomes usable with these changes
- Add security group tag filter for pod network
- Select subnets from secondary VPC CIDRs
0.22.0 - 2024-03-27
- Add helm values schema.
- Add safe-to-evict annotations to Hubble Relay and UI pods.
- Enable deletion of extra network policies.
- Update team label to
cabbage
0.21.0 - 2024-02-29
- Support CAPA clusters for ENI mode
- Use SocketLB on host namespace only.
0.20.1 - 2024-02-27
- Revert replacing
null
values.
0.20.0 - 2024-02-26
- Upgrade cilium to
1.15.1
. - Replace
null
values invalues.yaml
with its actual defaults. Config values withnull
types in the values schema prevented users from changing its values.
0.19.2 - 2024-01-22
- Replace
ToServices
/ToPorts
combination in CiliumNetworkPolicy because of breakage in Cilium v1.14
0.19.1 - 2024-01-18
- Set container registry to
gsoci.azurecr.io
in values.yaml.
0.19.0 - 2024-01-17
- Upgrade cilium to
1.14.5
. - Set default image registry to
gsoci.azurecr.io
in values.yaml.
0.18.0 - 2023-11-20
- Upgrade cilium to
1.14.3
.
0.17.0 - 2023-11-08
- Generate cilium chart using our fork and
vendir
.
0.16.0 - 2023-10-25
- Disable uninstalling the CNI config files and binary when restarting the agent.
0.15.0 - 2023-10-24
- Add EKS support for cilium in ENI mode.
0.14.0 - 2023-10-18
- Replace condition for PSP CR installation.
0.13.0 - 2023-09-26
- Support removal of previously-deployed default policies by setting
defaultPolicies.enabled=false
anddefaultPolicies.remove=false
0.12.0 - 2023-09-05
- Support creating
CiliumNetworkPolicy
manifests that allow egress requests to DNS and proxy hosts
- Add missing conditional for PSP rendering of default-policies installer job
0.11.2 - 2023-09-04
- Reenable BPF metrics
0.11.1 - 2023-09-01
- Create custom CNI config depending on provider to allow bigger customization.
- Bump all manifests to upstream version 1.13.6.
0.11.0 - 2023-07-10
- Increased Policy BPF Max map to 65536 from 16384.
- Enabled cilium_bpf_map_pressure metric.
- Excluding PSS labels from cilium identities/policies.
- Excluding Flux labels from cilium identities/policies.
- Excluding Helm labels from cilium identities/policies.
- Excluding job specific labels from cilium identities/policies.
0.10.0 - 2023-05-16
- Enable PDB for
cilium-operator
.
0.9.3 - 2023-04-19
- Revert to NetworkPolicy to allow hubble and hubble-relay egress.
0.9.2 - 2023-04-13
- Change to CiliumNetworkPolicy to allow hubble and hubble-relay.
0.9.1 - 2023-04-13
- Add network policy to allow exposing hubble UI through ingress.
0.9.0 - 2023-03-20
- Use
image.registry
value as image registry for all containers in the chart.
0.8.0 - 2023-03-08
- Bump all manifests to upstream version 1.13.
- Enable Hubble
- Enable Monitoring for Agent, Operator and Hubble
0.7.0 - 2023-02-10
- Enable LocalRedirectPolicy for node-local-cache and kiam.
0.6.1 - 2022-11-22
- Align Helm chart ownership and CODEOWNERS file.
0.6.0 - 2022-11-07
- Allow
world
access for pods ingiantswarm
namespace in default policies. - Enable CiliumLocalRedirectPolicy
0.5.0 - 2022-10-18
- Updated all templates with changes from upstream release v1.11.9
0.4.2 - 2022-10-14
- Updated healthcheck port to match new detault introduced in v1.11.6
0.4.1 - 2022-10-14
- Bumped default version to v1.11.9
0.4.0 - 2022-10-13
- Enable prometheus exporters for
agent
,operator
by default.
0.3.1 - 2022-10-10
- Run
cleanup-kube-proxy-iptables
container in cilium agent in privileged mode. - Use iptables-nft binaries for
cleanup-kube-proxy-iptables
container.
0.3.0 - 2022-10-06
- Add init container that cleans up iptables rules before starting cilium agent.
0.2.6 - 2022-07-26
- Instead of allowing egress towards all endpoints, by default only allow access to the api server for all pods in
kube-system
andgiantswarm
namespaces.
0.2.5 - 2022-07-25
- Use retagged images instead of upstream ones.
- Run the default policies creation job in hostNetwork.
0.2.4 - 2022-06-29
- Added the
cilium-create-default-policies
Job as a post-upgrade hook
0.2.3 - 2022-06-21
- Typo in PSP
0.2.2 - 2022-06-21
- Added missing PSP property for hubble
0.2.1 - 2022-06-06
- Add NetworkPolicy to allow ingress traffic towards hubble proxy.
0.2.0 - 2022-05-02
- Add Job to create default ingress and egress policies.
- Add PSP for hubble-relay.
0.1.1 - 2022-04-07
- Fix the version in notes.
- PodSecurityPolicies