Prepare for release v1.11.4

Signed-off-by: Joe Stringer <joe@cilium.io>

Author: joestringer

.github/maintainers-little-helper.yaml

@@ -1,4 +1,4 @@
-project: "https://github.com/cilium/cilium/projects/185"
+project: "https://github.com/cilium/cilium/projects/188"
 column: "In progress"
 auto-label:
   - "kind/backports"

.mailmap

@@ -56,8 +56,9 @@ Jonathan Davies <jpds@protonmail.com>
 Joshua Roppo <joshroppo@gmail.com>
 Jun Chen <answer1991.chen@gmail.com>
 Junli Ou <oujunli306@gmail.com>
-Kamil Lach <kamil.lach.rs@gmail.com> <kamil@thor.asgard.local>
 Kaito Ii <kaitoii1111@gmail.com>
+Kamil Lach <kamil.lach.rs@gmail.com> <kamil@thor.asgard.local>
+Kante Yin <kerthcet@gmail.com>
 Karl Heins <karlheins@northwesternmutual.com>
 Kevin Holditch <82885135+kevholditch-f3@users.noreply.github.com>
 Bokang Li <libokang.dev@gmail.com>
@@ -102,6 +103,7 @@ Vance Li <vanceli@tencent.com> <liyannois@gmail.com>
 Vance Li <vanceli@tencent.com> vanceli <vanceli@tencent.com>
 Ville Ojamo <bluikko@users.noreply.github.com> <14869000+bluikko@users.noreply.github.com>
 Vlad Ungureanu <vladu@palantir.com> <ungureanuvladvictor@gmail.com>
+Wang Dong <xdragon007@gmail.com>>
 Wayne Haber <whaber@gitlab.com> <41373231+whaber@users.noreply.github.com>
 Weilong Cui <cuiwl@google.com>
 Will Stewart <will@northflank.com>

AUTHORS

@@ -56,6 +56,7 @@ Calum MacRae                            hi@cmacr.ae
 Camilo Schoeningh                       camilo.schoeningh@dunnhumby.com
 Canh Ngo                                canhnt@gmail.com
 Carlos Castro                           carlos.castro@jumo.world
+Chance Zibolski                         chance.zibolski@gmail.com
 Changyu Wang                            changyuwang@tencent.com
 Charles-Edouard Brétéché                charled.breteche@gmail.com
 Charles-Henri Guérin                    charles-henri.guerin@zenika.com
@@ -179,6 +180,7 @@ Junli Ou                                oujunli306@gmail.com
 Jussi Maki                              jussi@isovalent.com
 Kaito Ii                                kaitoii1111@gmail.com
 Kamil Lach                              kamil.lach.rs@gmail.com
+Kante Yin                               kerthcet@gmail.com
 Karl Heins                              karlheins@northwesternmutual.com
 Katarzyna Borkmann                      kasia@iogearbox.net
 Kevin Burke                             kevin@burke.dev
@@ -272,6 +274,7 @@ Raghu Gyambavantha                      raghug@bld-ml-loan4.olympus.f5net.com
 Rahul Jadhav                            nyrahul@gmail.com
 Rajat Jindal                            rajatjindal83@gmail.com
 Raphael Campos                          raphael@accuknox.com
+Raphaël Pinson                          raphael@isovalent.com
 Ray Bejjani                             ray@isovalent.com
 Rei Shimizu                             Shikugawa@gmail.com
 Renat Tuktarov                          yandzeek@gmail.com
@@ -300,6 +303,7 @@ Sergey Generalov                        sergey@isovalent.com
 Sergey Monakhov                         monakhov@puzl.ee
 Sergio Ballesteros                      snaker@locolandia.net
 Shantanu Deshpande                      shantanud106@gmail.com
+Sigurd Spieckermann                     sigurd.spieckermann@gmail.com
 Simon Pasquier                          spasquier@mirantis.com
 Smaine Kahlouch                         smainklh@gmail.com
 Stephen Martin                          lockwood@opperline.com
@@ -346,6 +350,7 @@ Vlad Artamonov                          742047+vladdy@users.noreply.github.com
 Vlad Gorodetsky                         v@gor.io
 Vladimir Nachev                         vladimir.penkov.nachev@gmail.com
 Vlad Ungureanu                          vladu@palantir.com
+Wang Dong                               xdragon007@gmail.com
 Wang Li                                 wangli09@kuaishou.com
 Wayne Haber                             whaber@gitlab.com
 Wazir Ahmed                             wazir@accuknox.com
@@ -355,6 +360,7 @@ Will Deuschle                           wdeuschle@palantir.com
 Will Stewart                            will@northflank.com
 Xinyuan Zhang                           zhangxinyuan@google.com
 yanhongchang                            yanhongchang@100tal.com
+Ye Sijun                                junnplus@gmail.com
 Yiannis Yiakoumis                       yiannis@selfienetworks.com
 Yongkun Gui                             ygui@google.com
 Yosh de Vos                             yosh@elzorro.nl

CHANGELOG.md

@@ -1,5 +1,68 @@
 # Changelog
 
+## v1.11.4
+
+Summary of Changes
+------------------
+
+**Minor Changes:**
+* k8s: keep CiliumNode labels synced with Node object (Backport PR #19277, Upstream PR #18609, @jibi)
+* Locally allocated identities are now restored during restart, helping avoid transient drops due to identity changes in policies. (Backport PR #19403, Upstream PR #19360, @jrajahalme)
+
+**Bugfixes:**
+* bpf: Fix maglev hash with hostServices.hostNamespaceOnly (Backport PR #19277, Upstream PR #18336, @ysksuzuki)
+* clustermesh: Correct shared service annotation behaviour (Backport PR #19277, Upstream PR #19042, @sayboras)
+* cmd: Fix issue where a ConfigMap value of `{}` was parsed as `map["{}":""]`. (Backport PR #19277, Upstream PR #19172, @gandro)
+* Fix a bug where a backend pod can be selected by a local redirect policy deployed in a different namespace if the local redirect policy was deployed first. (Backport PR #19277, Upstream PR #19193, @aditighag)
+* Fix bug that would cause some pod traffic to leave through the wrong interface if --aws-release-excess-ips is used and masquerading disabled. (Backport PR #19277, Upstream PR #19162, @pchaigno)
+* Fix bug where the 'ipcache-inject-labels' controller constantly fails in non-Kubernetes environments (Backport PR #19277, Upstream PR #19165, @christarazi)
+* Fix bug where the Cilium DNS proxy slows down significantly (and even OOMs) due to lock contention from spawning many goroutines when handling bursty DNS traffic (Backport PR #19418, Upstream PR #19336, @nebril)
+* Fix log rotation of compressed logs (Backport PR #19277, Upstream PR #19152, @chancez)
+* Fixed node init in RKE (Backport PR #19418, Upstream PR #19286, @raphink)
+* helm: Update Clustermesh-APIServer RBAC permissions for platforms (like Openshift) that have the OwnerReferencesPermissionEnforcement admission controller enabled. (Backport PR #19277, Upstream PR #19071, @nathanjsweet)
+* Improve endpoint and DNS proxy lock contention during bursty DNS traffic (Backport PR #19418, Upstream PR #19347, @christarazi)
+* Improve reliably of faulty connections for kube-apiservers behind a LB. Reduce the number of connections to kube-apiserver by 6 for each cilium-agent. (Backport PR #19330, Upstream PR #19259, @aanm)
+* install/kubernetes: fix hubble-ui with TLS (Backport PR #19418, Upstream PR #19338, @aanm)
+* metallb: fix SIGSEGV error when Service resource is deleted. (Backport PR #19277, Upstream PR #19249, @Inode1)
+* Update the 'refresh period' formatting in readme and doc (Backport PR #19418, Upstream PR #19205, @dongwangdw)
+* wireguard: Reject duplicate public keys (Backport PR #19418, Upstream PR #19344, @gandro)
+
+**CI Changes:**
+* jenkinsfiles: Update calls to Quay API (Backport PR #19277, Upstream PR #19229, @pchaigno)
+* test: Don't redeploy in AfterAll of K8sServices test case (Backport PR #19277, Upstream PR #18869, @brb)
+* test: Flush CT tables after L7 proxy tests in K8sServices (Backport PR #19277, Upstream PR #18857, @brb)
+* Use docker manifest inspect to wait for images instead of using quay API (Backport PR #19330, Upstream PR #19307, @YutaroHayakawa)
+* workflows: Update call to Quay API (Backport PR #19277, Upstream PR #19228, @pchaigno)
+
+**Misc Changes:**
+* add 'refreshPeriod' to spelling wordlist (Backport PR #19418, Upstream PR #19394, @aanm)
+* Add a 'Limitations' section to 'External Workloads'. (Backport PR #19418, Upstream PR #19366, @bmcustodio)
+* add context when return errors during datapath initialization (Backport PR #19277, Upstream PR #18011, @kerthcet)
+* Bpf fix conditional compilation (Backport PR #19277, Upstream PR #19104, @jrajahalme)
+* build(deps): bump actions/cache from 3.0.0 to 3.0.1 (#19268, @dependabot[bot])
+* build(deps): bump actions/cache from 3.0.1 to 3.0.2 (#19389, @dependabot[bot])
+* build(deps): bump actions/checkout from 3.0.0 to 3.0.1 (#19447, @dependabot[bot])
+* build(deps): bump github/codeql-action from 1.1.5 to 2.1.6 (#19270, @dependabot[bot])
+* build(deps): bump github/codeql-action from 2.1.6 to 2.1.7 (#19343, @dependabot[bot])
+* build(deps): bump github/codeql-action from 2.1.7 to 2.1.8 (#19374, @dependabot[bot])
+* build(deps): bump KyleMayes/install-llvm-action from 1.5.1 to 1.5.2 (#19325, @dependabot[bot])
+* build(deps): bump library/alpine from 3.12.7 to 3.15.4 in /images/cache (#19414, @dependabot[bot])
+* ci: Pin down image for the documentation workflow (Backport PR #19418, Upstream PR #19356, @qmonnet)
+* docs: Clarify use of the `eni.subnetTagsFilter` option (Backport PR #19330, Upstream PR #19276, @gandro)
+* docs: Update shared service annotation docs (Backport PR #19418, Upstream PR #19313, @sayboras)
+* envoy: Limit accesslog socket permissions (Backport PR #19418, Upstream PR #19190, @jrajahalme)
+* ipcache: Add test asserting out-of-order Kubernetes events (Backport PR #19330, Upstream PR #19258, @christarazi)
+* k8s: Use kubelet's logic to close all idle connections (Backport PR #19330, Upstream PR #19290, @christarazi)
+* logo: fix position of central polygon (Backport PR #19277, Upstream PR #19216, @sisp)
+* Test runtime cilium in container (take two) (Backport PR #19403, Upstream PR #19310, @jrajahalme)
+* test: Fix whitespace in docker-run-cilium (Backport PR #19403, Upstream PR #19358, @jrajahalme)
+* v1.11: Update Go to 1.17.9 (#19445, @tklauser)
+* vendor: pull in the latest changes from github.com/vishvananda/netlink (Backport PR #19403, Upstream PR #18618, @aditighag)
+* wireguard: Fix invalid bits when agent init (Backport PR #19277, Upstream PR #19118, @Junnplus)
+
+**Other Changes:**
+* install: Update image digests for v1.11.3 (#19240, @aanm)
+
 ## v1.11.3
 
 Summary of Changes

Documentation/concepts/kubernetes/compatibility-table.rst

@@ -38,6 +38,8 @@
 +-----------------+----------------+
 | v1.9.13         | 1.22.6         |
 +-----------------+----------------+
+| v1.9.14         | 1.22.6         |
++-----------------+----------------+
 | v1.9            | 1.22.6         |
 +-----------------+----------------+
 | v1.10.0-rc0     | 1.23.1         |
@@ -82,7 +84,10 @@
 +-----------------+----------------+
 | v1.11.2         | 1.24.3         |
 +-----------------+----------------+
+| v1.11.3         | 1.24.3         |
++-----------------+----------------+
 | v1.11           | 1.24.3         |
 +-----------------+----------------+
-| latest / master | 1.24.2         |
+| latest / master | 1.26.0         |
+| 1.25.1          |                |
 +-----------------+----------------+

Documentation/helm-values.rst

@@ -1 +1 @@
-1.11.3
+1.11.4

VERSION

@@ -2,12 +2,12 @@
 # Copyright 2022 Authors of Cilium
 # SPDX-License-Identifier: Apache-2.0
 
-CILIUM_DIGEST := "sha256:cb6aac121e348abd61a692c435a90a6e2ad3f25baa9915346be7b333de8a767f"
-CLUSTERMESH_APISERVER_DIGEST := "sha256:75c03de7756bb77ea7ac8aed8449a2fc9204a1c3384157d8cf41336976e6825d"
-DOCKER_PLUGIN_DIGEST := "sha256:f6b8eb92abb7f4a889418a5a7dbd76de87c0a33708ba2cc4c3c973e8452344e0"
-HUBBLE_RELAY_DIGEST := "sha256:7256ec111259a79b4f0e0f80ba4256ea23bd472e1fc3f0865975c2ed113ccb97"
-OPERATOR_ALIBABACLOUD_DIGEST := "sha256:b4a8723972a8a8e76a3accb509966e0913ec75ac7ec581db23d6cbac2d1b5b7f"
-OPERATOR_AWS_DIGEST := "sha256:8990d3fa078ce1562fe8cf4e1374b1b4c91c8ee3d481fc72f122cd530f5d89e5"
-OPERATOR_AZURE_DIGEST := "sha256:476b3ba9ad16f074181d77fcb939aed7f7d07a9dce73253efaf983cd72da7519"
-OPERATOR_GENERIC_DIGEST := "sha256:5b81db7a32cb7e2d00bb3cf332277ec2b3be239d9e94a8d979915f4e6648c787"
-OPERATOR_DIGEST := "sha256:d1243e7d149130f8283b3d3c305f6ca99566565ed51b60da3bfeb0d0005529a5"
+CILIUM_DIGEST := ""
+CLUSTERMESH_APISERVER_DIGEST := ""
+DOCKER_PLUGIN_DIGEST := ""
+HUBBLE_RELAY_DIGEST := ""
+OPERATOR_ALIBABACLOUD_DIGEST := ""
+OPERATOR_AWS_DIGEST := ""
+OPERATOR_AZURE_DIGEST := ""
+OPERATOR_GENERIC_DIGEST := ""
+OPERATOR_DIGEST := ""

install/kubernetes/Makefile.digests

@@ -2,10 +2,10 @@ apiVersion: v2
 name: cilium
 displayName: Cilium
 home: https://cilium.io/
-version: 1.11.3
-appVersion: 1.11.3
+version: 1.11.4
+appVersion: 1.11.4
 kubeVersion: ">= 1.16.0-0"
-icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.11.3/Documentation/images/logo-solo.svg
+icon: https://cdn.jsdelivr.net/gh/cilium/cilium@v1.11.4/Documentation/images/logo-solo.svg
 description: eBPF-based Networking, Security, and Observability
 keywords:
   - BPF