Update chart cilium to 1.16.4 #887

Merged
jahanson merged 1 commit from renovate/patch-cilium into main 2024-12-09 21:07:24 -06:00
Collaborator

This PR contains the following updates:

Package Update Change
cilium (source) patch 1.16.3 -> 1.16.4

Release Notes

cilium/cilium (cilium)

v1.16.4: 1.16.4

Compare Source

Security Advisories

This release addresses https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67.

Summary of Changes

Minor Changes:

  • Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR #​35908, Upstream PR #​35809, @​jrajahalme)
  • clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR #​35543, Upstream PR #​35349, @​giorio94)
  • helm: Lower default hubble.tls.auto.certValidityDuration to 365 days (Backport PR #​35781, Upstream PR #​35630, @​chancez)
  • helm: New socketLB.tracing flag (Backport PR #​35781, Upstream PR #​35747, @​pchaigno)
  • hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR #​35781, Upstream PR #​35632, @​chancez)
  • netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR #​35543, Upstream PR #​35306, @​jrife)

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests
cilium

quay.io/cilium/cilium:v1.16.4@​sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.4@​sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2
quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2

docker-plugin

quay.io/cilium/docker-plugin:v1.16.4@​sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e
quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e

hubble-relay

quay.io/cilium/hubble-relay:v1.16.4@​sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2
quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.4@​sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686
quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686

operator-aws

quay.io/cilium/operator-aws:v1.16.4@​sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be
quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be

operator-azure

quay.io/cilium/operator-azure:v1.16.4@​sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de
quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de

operator-generic

quay.io/cilium/operator-generic:v1.16.4@​sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5
quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5

operator

quay.io/cilium/operator:v1.16.4@​sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff
quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | patch | `1.16.3` -> `1.16.4` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.16.4`](https://github.com/cilium/cilium/releases/tag/v1.16.4): 1.16.4 [Compare Source](https://github.com/cilium/cilium/compare/1.16.3...1.16.4) ## Security Advisories This release addresses https://github.com/cilium/cilium/security/advisories/GHSA-xg58-75qf-9r67. ## Summary of Changes **Minor Changes:** - Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35809](https://github.com/cilium/cilium/issues/35809), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;35349](https://github.com/cilium/cilium/issues/35349), [@&#8203;giorio94](https://github.com/giorio94)) - helm: Lower default `hubble.tls.auto.certValidityDuration` to 365 days (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35630](https://github.com/cilium/cilium/issues/35630), [@&#8203;chancez](https://github.com/chancez)) - helm: New socketLB.tracing flag (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35747](https://github.com/cilium/cilium/issues/35747), [@&#8203;pchaigno](https://github.com/pchaigno)) - hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35632](https://github.com/cilium/cilium/issues/35632), [@&#8203;chancez](https://github.com/chancez)) - netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;35306](https://github.com/cilium/cilium/issues/35306), [@&#8203;jrife](https://github.com/jrife)) **Bugfixes:** - Avoid duplicate errors in health status for node-neighbor-link-updater (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35179](https://github.com/cilium/cilium/issues/35179), [@&#8203;wedaly](https://github.com/wedaly)) - bgpv1: fix reconciliation of services with shared VIPs (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35333](https://github.com/cilium/cilium/issues/35333), [@&#8203;rastislavs](https://github.com/rastislavs)) - bgpv2,operator: Fix the race condition in the nodeSelector conflict detection logic (Backport PR [#&#8203;35863](https://github.com/cilium/cilium/issues/35863), Upstream PR [#&#8203;35690](https://github.com/cilium/cilium/issues/35690), [@&#8203;YutaroHayakawa](https://github.com/YutaroHayakawa)) - bgpv2: set local peering address when specified (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35552](https://github.com/cilium/cilium/issues/35552), [@&#8203;harsimran-pabla](https://github.com/harsimran-pabla)) - Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. (Backport PR [#&#8203;35603](https://github.com/cilium/cilium/issues/35603), Upstream PR [#&#8203;35150](https://github.com/cilium/cilium/issues/35150), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an `timeout waiting for response` error is encountered. (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35589](https://github.com/cilium/cilium/issues/35589), [@&#8203;bimmlerd](https://github.com/bimmlerd)) - config: Remove superfluous warning on native routing CIDR (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35738](https://github.com/cilium/cilium/issues/35738), [@&#8203;gandro](https://github.com/gandro)) - Fix missing flowlabel hash on SRv6 traffic. (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35498](https://github.com/cilium/cilium/issues/35498), [@&#8203;akaliwod](https://github.com/akaliwod)) - Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;35173](https://github.com/cilium/cilium/issues/35173), [@&#8203;smagnani96](https://github.com/smagnani96)) - Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35673](https://github.com/cilium/cilium/issues/35673), [@&#8203;giorio94](https://github.com/giorio94)) - Fix redirect from L3 device to remote endpoint via overlay network. (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35165](https://github.com/cilium/cilium/issues/35165), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Fixed a bug where replies for pod-originating connections came into scope of HostFW Ingress Network policy. Applicable to configurations that use iptables for Masquerading. (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35694](https://github.com/cilium/cilium/issues/35694), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35599](https://github.com/cilium/cilium/issues/35599), [@&#8203;squeed](https://github.com/squeed)) - Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;35293](https://github.com/cilium/cilium/issues/35293), [@&#8203;squeed](https://github.com/squeed)) - Fixes a potential deadlock when restarting cilium agent with pods with DNS interception configured (Backport PR [#&#8203;35906](https://github.com/cilium/cilium/issues/35906), Upstream PR [#&#8203;35890](https://github.com/cilium/cilium/issues/35890), [@&#8203;squeed](https://github.com/squeed)) - Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure" and "alibabacloud". ([#&#8203;35611](https://github.com/cilium/cilium/issues/35611), [@&#8203;pippolo84](https://github.com/pippolo84)) - helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries (Backport PR [#&#8203;35319](https://github.com/cilium/cilium/issues/35319), Upstream PR [#&#8203;35301](https://github.com/cilium/cilium/issues/35301), [@&#8203;hox](https://github.com/hox)) - helm: fix duplicate configmap key for `bpf-lb-sock-terminate-pod-connections` (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35703](https://github.com/cilium/cilium/issues/35703), [@&#8203;solidDoWant](https://github.com/solidDoWant)) - helm: set automountServiceAccountToken to false for hubble-relay sa (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35674](https://github.com/cilium/cilium/issues/35674), [@&#8203;ayuspin](https://github.com/ayuspin)) - hubble: fix endpoint cluster name (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35415](https://github.com/cilium/cilium/issues/35415), [@&#8203;kaworu](https://github.com/kaworu)) - hubble: Lock exporters while gathering metrics (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35860](https://github.com/cilium/cilium/issues/35860), [@&#8203;joestringer](https://github.com/joestringer)) - Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35143](https://github.com/cilium/cilium/issues/35143), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - ipam: Validate CiliumNode resource in ENI mode (Backport PR [#&#8203;35792](https://github.com/cilium/cilium/issues/35792), Upstream PR [#&#8203;35784](https://github.com/cilium/cilium/issues/35784), [@&#8203;sayboras](https://github.com/sayboras)) - l7lb: fix registration of flag loadbalancer-l7 (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35623](https://github.com/cilium/cilium/issues/35623), [@&#8203;mhofstetter](https://github.com/mhofstetter)) - Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout (Backport PR [#&#8203;35319](https://github.com/cilium/cilium/issues/35319), Upstream PR [#&#8203;35069](https://github.com/cilium/cilium/issues/35069), [@&#8203;chancez](https://github.com/chancez)) - option: Reduce log level for WG strict mode + IPv6 (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35763](https://github.com/cilium/cilium/issues/35763), [@&#8203;pchaigno](https://github.com/pchaigno)) - Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35381](https://github.com/cilium/cilium/issues/35381), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - treewide: Add wrapper for `netlink` functions that may fail with `ErrDumpInterrupted` (Backport PR [#&#8203;35654](https://github.com/cilium/cilium/issues/35654), Upstream PR [#&#8203;35614](https://github.com/cilium/cilium/issues/35614), [@&#8203;gandro](https://github.com/gandro)) - wireguard: Fix connectivity issues following node reboots. (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35750](https://github.com/cilium/cilium/issues/35750), [@&#8203;jrife](https://github.com/jrife)) **CI Changes:** - .github/conformance-ginkgo: replace deprecated jq flag (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35399](https://github.com/cilium/cilium/issues/35399), [@&#8203;aanm](https://github.com/aanm)) - .github: extend timeout for tests-ipsec-upgrade workflow (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35657](https://github.com/cilium/cilium/issues/35657), [@&#8203;rastislavs](https://github.com/rastislavs)) - .github: remove libncurses5 from integration tests (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35408](https://github.com/cilium/cilium/issues/35408), [@&#8203;aanm](https://github.com/aanm)) - \[v1.16] gh: e2e-upgrade: restart LRP backend pod after upgrade ([#&#8203;35329](https://github.com/cilium/cilium/issues/35329), [@&#8203;ysksuzuki](https://github.com/ysksuzuki)) - \[v1.16] github: update rhel8 LVH image to rhel8.6 ([#&#8203;35733](https://github.com/cilium/cilium/issues/35733), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Additionally test KVStore mode in E2E/IPSec workflows (Backport PR [#&#8203;35905](https://github.com/cilium/cilium/issues/35905), Upstream PR [#&#8203;35679](https://github.com/cilium/cilium/issues/35679), [@&#8203;giorio94](https://github.com/giorio94)) - ci: conformance-kind: re-enable flaky Aggregator test (Backport PR [#&#8203;35582](https://github.com/cilium/cilium/issues/35582), Upstream PR [#&#8203;35286](https://github.com/cilium/cilium/issues/35286), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - ci: datapath-verifier: bump lvh images (Backport PR [#&#8203;35648](https://github.com/cilium/cilium/issues/35648), Upstream PR [#&#8203;35456](https://github.com/cilium/cilium/issues/35456), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - gha: Update chmod command (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35400](https://github.com/cilium/cilium/issues/35400), [@&#8203;sayboras](https://github.com/sayboras)) - github: Pass the workflow step timeout to go test (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35814](https://github.com/cilium/cilium/issues/35814), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR [#&#8203;35319](https://github.com/cilium/cilium/issues/35319), Upstream PR [#&#8203;35267](https://github.com/cilium/cilium/issues/35267), [@&#8203;aanm](https://github.com/aanm)) - workflows/gateway-api: Cover IPsec with GatewayAPI (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35584](https://github.com/cilium/cilium/issues/35584), [@&#8203;pchaigno](https://github.com/pchaigno)) - workflows/ingress: Run basic checks (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35683](https://github.com/cilium/cilium/issues/35683), [@&#8203;pchaigno](https://github.com/pchaigno)) - workflows/ipsec: Cover Ingress (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35476](https://github.com/cilium/cilium/issues/35476), [@&#8203;pchaigno](https://github.com/pchaigno)) - workflows: Extend IPsec tests to cover egress gateway (Backport PR [#&#8203;35540](https://github.com/cilium/cilium/issues/35540), Upstream PR [#&#8203;35323](https://github.com/cilium/cilium/issues/35323), [@&#8203;pchaigno](https://github.com/pchaigno)) **Misc Changes:** - .github/build-images-base: checkout base branch to get scripts (Backport PR [#&#8203;35319](https://github.com/cilium/cilium/issues/35319), Upstream PR [#&#8203;35236](https://github.com/cilium/cilium/issues/35236), [@&#8203;aanm](https://github.com/aanm)) - .github: remove retention days for image digests (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35457](https://github.com/cilium/cilium/issues/35457), [@&#8203;aanm](https://github.com/aanm)) - bpf: vxlan helper improvements (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;34755](https://github.com/cilium/cilium/issues/34755), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - chore(deps): update all github action dependencies (v1.16) ([#&#8203;35382](https://github.com/cilium/cilium/issues/35382), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#&#8203;35439](https://github.com/cilium/cilium/issues/35439), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#&#8203;35573](https://github.com/cilium/cilium/issues/35573), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#&#8203;35710](https://github.com/cilium/cilium/issues/35710), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#&#8203;35438](https://github.com/cilium/cilium/issues/35438), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.8 docker digest to [`0ca97f4`](https://github.com/cilium/cilium/commit/0ca97f4) (v1.16) ([#&#8203;35730](https://github.com/cilium/cilium/issues/35730), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.8 docker digest to [`b274ff1`](https://github.com/cilium/cilium/commit/b274ff1) (v1.16) ([#&#8203;35379](https://github.com/cilium/cilium/issues/35379), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.22.9 (v1.16) ([#&#8203;35854](https://github.com/cilium/cilium/issues/35854), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1729635771-fa4efeff33a344a45e14a4068c61dc438b3d2270 (v1.16) ([#&#8203;35491](https://github.com/cilium/cilium/issues/35491), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.16) (patch) ([#&#8203;35731](https://github.com/cilium/cilium/issues/35731), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - cilium, docs: Extend requirements for L7 proxy (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35669](https://github.com/cilium/cilium/issues/35669), [@&#8203;borkmann](https://github.com/borkmann)) - cilium: add probe for netkit for more user friendly error when not supported (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35551](https://github.com/cilium/cilium/issues/35551), [@&#8203;borkmann](https://github.com/borkmann)) - ctrl-runtime: lower severity of retryable reconcile errors (Backport PR [#&#8203;35592](https://github.com/cilium/cilium/issues/35592), Upstream PR [#&#8203;35364](https://github.com/cilium/cilium/issues/35364), [@&#8203;giorio94](https://github.com/giorio94)) - daemon: Reduce level of socket LB tracing warning (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35798](https://github.com/cilium/cilium/issues/35798), [@&#8203;pchaigno](https://github.com/pchaigno)) - datapath: move policy map value prefix length to flags (Backport PR [#&#8203;35603](https://github.com/cilium/cilium/issues/35603), Upstream PR [#&#8203;35534](https://github.com/cilium/cilium/issues/35534), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - dnsproxy: fix error when sessionUDPFactory fails (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;33998](https://github.com/cilium/cilium/issues/33998), [@&#8203;marseel](https://github.com/marseel)) - docs/ipsec: Remove KPR limitation (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35743](https://github.com/cilium/cilium/issues/35743), [@&#8203;pchaigno](https://github.com/pchaigno)) - docs/xfrm: Fix incorrect statement regarding XFRM IN policies (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35626](https://github.com/cilium/cilium/issues/35626), [@&#8203;pchaigno](https://github.com/pchaigno)) - docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation (Backport PR [#&#8203;35319](https://github.com/cilium/cilium/issues/35319), Upstream PR [#&#8203;35288](https://github.com/cilium/cilium/issues/35288), [@&#8203;oneumyvakin](https://github.com/oneumyvakin)) - docs: clean up stale kernel requirements (Backport PR [#&#8203;35582](https://github.com/cilium/cilium/issues/35582), Upstream PR [#&#8203;35575](https://github.com/cilium/cilium/issues/35575), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - docs: Fix incorrect link to RFC 4271 for BGP control plane timers. (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35725](https://github.com/cilium/cilium/issues/35725), [@&#8203;nvibert](https://github.com/nvibert)) - docs: kpr: update error message regarding SocketLB tracing (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35337](https://github.com/cilium/cilium/issues/35337), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - docs: tuning: XDP LB also supports tunnel routing (Backport PR [#&#8203;35582](https://github.com/cilium/cilium/issues/35582), Upstream PR [#&#8203;35574](https://github.com/cilium/cilium/issues/35574), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - docs: update 1.16 upgrade note for LRP ([#&#8203;35944](https://github.com/cilium/cilium/issues/35944), [@&#8203;ysksuzuki](https://github.com/ysksuzuki)) - docs: update default identity label filters (Backport PR [#&#8203;35468](https://github.com/cilium/cilium/issues/35468), Upstream PR [#&#8203;35422](https://github.com/cilium/cilium/issues/35422), [@&#8203;marseel](https://github.com/marseel)) - docs: XFRM reference guide for IPsec development (Backport PR [#&#8203;35582](https://github.com/cilium/cilium/issues/35582), Upstream PR [#&#8203;35322](https://github.com/cilium/cilium/issues/35322), [@&#8203;pchaigno](https://github.com/pchaigno)) - Envoy simplify listener setup (Backport PR [#&#8203;35764](https://github.com/cilium/cilium/issues/35764), Upstream PR [#&#8203;35642](https://github.com/cilium/cilium/issues/35642), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - envoy: Configure internal_address_config to avoid warning log (Backport PR [#&#8203;35471](https://github.com/cilium/cilium/issues/35471), Upstream PR [#&#8203;35090](https://github.com/cilium/cilium/issues/35090), [@&#8203;sayboras](https://github.com/sayboras)) - envoy: Limit started serving logging to the typeURL of the stream (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35736](https://github.com/cilium/cilium/issues/35736), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Fix wrongly spelled config option in error message (Backport PR [#&#8203;35543](https://github.com/cilium/cilium/issues/35543), Upstream PR [#&#8203;35390](https://github.com/cilium/cilium/issues/35390), [@&#8203;baurmatt](https://github.com/baurmatt)) - helm: clarify text for serviceNoBackendResponse (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35734](https://github.com/cilium/cilium/issues/35734), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - hubble: Add 'release' Make target (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35561](https://github.com/cilium/cilium/issues/35561), [@&#8203;michi-covalent](https://github.com/michi-covalent)) - image: Use cilium-builder instead of golang as operator builder image (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35351](https://github.com/cilium/cilium/issues/35351), [@&#8203;learnitall](https://github.com/learnitall)) - iptables: always warn about missing xt_socket module (Backport PR [#&#8203;35781](https://github.com/cilium/cilium/issues/35781), Upstream PR [#&#8203;35591](https://github.com/cilium/cilium/issues/35591), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - makefile: add target to install Cilium in kvstore mode (Backport PR [#&#8203;35905](https://github.com/cilium/cilium/issues/35905), Upstream PR [#&#8203;35646](https://github.com/cilium/cilium/issues/35646), [@&#8203;giorio94](https://github.com/giorio94)) - proxy: Ensure proxy ports are written on shutdown (Backport PR [#&#8203;35908](https://github.com/cilium/cilium/issues/35908), Upstream PR [#&#8203;35839](https://github.com/cilium/cilium/issues/35839), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Silence spurious clustermesh-related warnings (Backport PR [#&#8203;35850](https://github.com/cilium/cilium/issues/35850), Upstream PR [#&#8203;35867](https://github.com/cilium/cilium/issues/35867), [@&#8203;giorio94](https://github.com/giorio94)) **Other Changes:** - \[v1.16] envoy: Add configuration for OverloadManager ([#&#8203;35787](https://github.com/cilium/cilium/issues/35787), [@&#8203;sayboras](https://github.com/sayboras)) - \[v1.16] envoy: Bump envoy version from 1.29.x to 1.30.x ([#&#8203;35563](https://github.com/cilium/cilium/issues/35563), [@&#8203;sayboras](https://github.com/sayboras)) - \[v1.16] policy/correlation: Fix `PolicyMatch{L3Proto,L4Only}` case ([#&#8203;35681](https://github.com/cilium/cilium/issues/35681), [@&#8203;gandro](https://github.com/gandro)) - chore(deps): update cilium-envoy dependency ([#&#8203;35920](https://github.com/cilium/cilium/issues/35920), [@&#8203;sayboras](https://github.com/sayboras)) - install: Update image digests for v1.16.3 ([#&#8203;35361](https://github.com/cilium/cilium/issues/35361), [@&#8203;cilium-release-bot](https://github.com/cilium-release-bot)\[bot]) - Policy add deny rule test and benchmark ([#&#8203;35714](https://github.com/cilium/cilium/issues/35714), [@&#8203;jrajahalme](https://github.com/jrajahalme)) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.4@&#8203;sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf` `quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.4@&#8203;sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2` `quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.4@&#8203;sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e` `quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.4@&#8203;sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2` `quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.4@&#8203;sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686` `quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.4@&#8203;sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be` `quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.4@&#8203;sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de` `quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.4@&#8203;sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5` `quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5` ##### operator `quay.io/cilium/operator:v1.16.4@&#8203;sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff` `quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMC42IiwidXBkYXRlZEluVmVyIjoiMzkuMjguMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvcGF0Y2giXX0=-->
smeagol-help added 1 commit 2024-11-20 04:03:25 -06:00
smeagol-help force-pushed renovate/patch-cilium from 9c81835320 to 83112f875b 2024-12-01 23:04:23 -06:00 Compare
jahanson merged commit bd71761587 into main 2024-12-09 21:07:24 -06:00
jahanson deleted branch renovate/patch-cilium 2024-12-09 21:07:25 -06:00
jahanson referenced this pull request from a commit 2024-12-11 23:25:59 -06:00
Sign in to join this conversation.
No reviewers
No labels
No milestone
No project
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jahanson/theshire#887
No description provided.