jahanson/valinor
Archived
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions

Update Helm release cilium to v1.14.4 #135

Merged
jahanson merged 1 commit from renovate/patch-cilium into main 2023-11-27 22:40:36 -06:00
Conversation 0 Commits 1 Files changed 2 +2 -2
smeagol-help commented 2023-11-27 21:00:43 -06:00
Contributor
Copy link

This PR contains the following updates:

Package Type Update Change
cilium (source) HelmChart patch 1.14.3 -> 1.14.4
cilium (source) patch 1.14.3 -> 1.14.4

Release Notes

cilium/cilium (cilium)

v1.14.4: 1.14.4

Compare Source

We are pleased to release Cilium v1.14.4. This release includes several network policy performance improvements, improvements and fixes for IPSec, and numerous bug fixes and architectural improvements.

Summary of Changes

Minor Changes:

  • certmanager: solve CannotRegenerateKey (Backport PR #​29030, Upstream PR #​28787, @​universam1)
  • Cilium DNS proxy now uses the original pod's address as the source address towards the DNS servers. (Backport PR #​29086, Upstream PR #​28928, @​jrajahalme)
  • Cilium now properly deletes stale (deleted) nodes from the node_connectivity_status and node_connectivity_latency_seconds metrics, reducing metric cardinality. (Backport PR #​28980, Upstream PR #​28382, @​derailed)
  • Display interfaces used for IPsec decryption in cilium encrypt status. (Backport PR #​28759, Upstream PR #​28640, @​pchaigno)
  • helm: delete AWS iptables in all deployments aside from AWS CNI chaining environments (Backport PR #​28870, Upstream PR #​28697, @​nebril)
  • ipsec: New Prometheus metrics for XFRM configs (Backport PR #​28759, Upstream PR #​28400, @​pchaigno)
  • policy: Cilium will not process or enforce network policies with port ranges or Kubernetes network policies that use "EndPort". (Backport PR #​29030, Upstream PR #​28704, @​nathanjsweet)
  • policy: Fixed a bug that incorrectly omitted port-protocol policy rules that omitted the "protocol" field. An omitted "protocol" field now, correctly, is the same as using the "ANY" protocol. (Backport PR #​28759, Upstream PR #​28703, @​nathanjsweet)
  • v1.14: WG tunneling (#​28917, @​brb)

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | HelmChart | patch | `1.14.3` -> `1.14.4` | | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | | patch | `1.14.3` -> `1.14.4` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.14.4`](https://github.com/cilium/cilium/releases/tag/v1.14.4): 1.14.4 [Compare Source](https://github.com/cilium/cilium/compare/1.14.3...1.14.4) We are pleased to release Cilium v1.14.4. This release includes several network policy performance improvements, improvements and fixes for IPSec, and numerous bug fixes and architectural improvements. ## Summary of Changes **Minor Changes:** - certmanager: solve CannotRegenerateKey (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28787](https://github.com/cilium/cilium/issues/28787), [@&#8203;universam1](https://github.com/universam1)) - Cilium DNS proxy now uses the original pod's address as the source address towards the DNS servers. (Backport PR [#&#8203;29086](https://github.com/cilium/cilium/issues/29086), Upstream PR [#&#8203;28928](https://github.com/cilium/cilium/issues/28928), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Cilium now properly deletes stale (deleted) nodes from the node_connectivity_status and node_connectivity_latency_seconds metrics, reducing metric cardinality. (Backport PR [#&#8203;28980](https://github.com/cilium/cilium/issues/28980), Upstream PR [#&#8203;28382](https://github.com/cilium/cilium/issues/28382), [@&#8203;derailed](https://github.com/derailed)) - Display interfaces used for IPsec decryption in `cilium encrypt status`. (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28640](https://github.com/cilium/cilium/issues/28640), [@&#8203;pchaigno](https://github.com/pchaigno)) - helm: delete AWS iptables in all deployments aside from AWS CNI chaining environments (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28697](https://github.com/cilium/cilium/issues/28697), [@&#8203;nebril](https://github.com/nebril)) - ipsec: New Prometheus metrics for XFRM configs (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28400](https://github.com/cilium/cilium/issues/28400), [@&#8203;pchaigno](https://github.com/pchaigno)) - policy: Cilium will not process or enforce network policies with port ranges or Kubernetes network policies that use "EndPort". (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28704](https://github.com/cilium/cilium/issues/28704), [@&#8203;nathanjsweet](https://github.com/nathanjsweet)) - policy: Fixed a bug that incorrectly omitted port-protocol policy rules that omitted the "protocol" field. An omitted "protocol" field now, correctly, is the same as using the "ANY" protocol. (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28703](https://github.com/cilium/cilium/issues/28703), [@&#8203;nathanjsweet](https://github.com/nathanjsweet)) - v1.14: WG tunneling ([#&#8203;28917](https://github.com/cilium/cilium/issues/28917), [@&#8203;brb](https://github.com/brb)) **Bugfixes:** - bpf: Add TC_ACT_REDIRECT check for nodeport (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28927](https://github.com/cilium/cilium/issues/28927), [@&#8203;sayboras](https://github.com/sayboras)) - Don't bind a /64 address to cilium_host to avoid misrouting cross-node traffic (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28633](https://github.com/cilium/cilium/issues/28633), [@&#8203;CallMeFoxie](https://github.com/CallMeFoxie)) - envoy: fix lb backend endpoint calculation (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;27923](https://github.com/cilium/cilium/issues/27923), [@&#8203;mhofstetter](https://github.com/mhofstetter)) - Fix CIDR labels computation (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28788](https://github.com/cilium/cilium/issues/28788), [@&#8203;pippolo84](https://github.com/pippolo84)) - Fix concurrency issue when changing labels on pods started before Cilium setup their network. Cilium will now process pod labels modified while setting up the pod network. (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28789](https://github.com/cilium/cilium/issues/28789), [@&#8203;aanm](https://github.com/aanm)) - Fix false positives of 'Key allocation attempt failed' in CRD mode (Backport PR [#&#8203;29064](https://github.com/cilium/cilium/issues/29064), Upstream PR [#&#8203;28810](https://github.com/cilium/cilium/issues/28810), [@&#8203;aanm](https://github.com/aanm)) - Fix incorrect logic used by the Ingress Controller to sync Cilium's IngressClass on startup. (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28663](https://github.com/cilium/cilium/issues/28663), [@&#8203;learnitall](https://github.com/learnitall)) - Fix IPsec error logs to always have all information needed to identify the XFRM configuration on which the error happened. (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28642](https://github.com/cilium/cilium/issues/28642), [@&#8203;pchaigno](https://github.com/pchaigno)) - Fix issue causing KVStoreMesh metrics to be included in the dedicated Service/ServiceMonitor when KVStoreMesh is disabled (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28481](https://github.com/cilium/cilium/issues/28481), [@&#8203;giorio94](https://github.com/giorio94)) - fix: Correct spire labels identation in helm chart (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28610](https://github.com/cilium/cilium/issues/28610), [@&#8203;sayboras](https://github.com/sayboras)) - fixed cilium-operator delete CEC cilium-ingress when other ingressclass resources are created (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28638](https://github.com/cilium/cilium/issues/28638), [@&#8203;chaunceyjiang](https://github.com/chaunceyjiang)) - Improved event handling for pod events by removing an unnecessary early return, allowing unrelated components to execute correctly, while enhancing ipcache error logging. (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28840](https://github.com/cilium/cilium/issues/28840), [@&#8203;aanm](https://github.com/aanm)) - ingress: cleanup resources on changed ingress class field (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28886](https://github.com/cilium/cilium/issues/28886), [@&#8203;mhofstetter](https://github.com/mhofstetter)) - Print full labelset for all identities in 'cilium ip list' output (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28425](https://github.com/cilium/cilium/issues/28425), [@&#8203;joestringer](https://github.com/joestringer)) - Remove AWS-CONNMARK-CHAIN iptable rules when running in ENI mode. (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28676](https://github.com/cilium/cilium/issues/28676), [@&#8203;nebril](https://github.com/nebril)) - spire: add scheduling configurations to helm-chart (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;27229](https://github.com/cilium/cilium/issues/27229), [@&#8203;tvonhacht-apple](https://github.com/tvonhacht-apple)) - When the CT entry for a DSR connection is garbage-collected, the corresponding SNAT entry is now also removed. (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28857](https://github.com/cilium/cilium/issues/28857), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) **CI Changes:** - \[v1.14] Use pull_request_target in Update Backport Label workflow ([#&#8203;29009](https://github.com/cilium/cilium/issues/29009), [@&#8203;pippolo84](https://github.com/pippolo84)) - ci: disable envoy tracing in multi-pool workflow (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28966](https://github.com/cilium/cilium/issues/28966), [@&#8203;tklauser](https://github.com/tklauser)) - gh/workflows: Dump Cilium LB node logs in case of failure (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28808](https://github.com/cilium/cilium/issues/28808), [@&#8203;brb](https://github.com/brb)) - Test both VXLAN and GENEVE tunneling as part of the Conformance Cluster Mesh workflow (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28767](https://github.com/cilium/cilium/issues/28767), [@&#8203;giorio94](https://github.com/giorio94)) **Misc Changes:** - bpf: lb: fix missing drop reason in reverse_map_l4\_port() (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28884](https://github.com/cilium/cilium/issues/28884), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: lxc: remove stale ENABLE_IDENTITY_MARK ifdefs (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28391](https://github.com/cilium/cilium/issues/28391), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bugtool: Collect XFRM error counters twice (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28790](https://github.com/cilium/cilium/issues/28790), [@&#8203;pchaigno](https://github.com/pchaigno)) - chore(deps): update all github action dependencies (v1.14) (minor) ([#&#8203;29010](https://github.com/cilium/cilium/issues/29010), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.14) (patch) ([#&#8203;28733](https://github.com/cilium/cilium/issues/28733), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all lvh-images main (v1.14) (patch) ([#&#8203;28734](https://github.com/cilium/cilium/issues/28734), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all lvh-images main (v1.14) (patch) ([#&#8203;28867](https://github.com/cilium/cilium/issues/28867), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.15.11 (v1.14) ([#&#8203;28735](https://github.com/cilium/cilium/issues/28735), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.15.12 (v1.14) ([#&#8203;28998](https://github.com/cilium/cilium/issues/28998), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update docker.io/library/alpine docker tag to v3.18.4 (v1.14) ([#&#8203;28739](https://github.com/cilium/cilium/issues/28739), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to [`91ca472`](https://github.com/cilium/cilium/commit/91ca472) (v1.14) ([#&#8203;28731](https://github.com/cilium/cilium/issues/28731), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update go to v1.20.11 (v1.14) (patch) ([#&#8203;29044](https://github.com/cilium/cilium/issues/29044), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update quay.io/lvh-images/kind docker tag to bpf-next-20231106.012832 (v1.14) ([#&#8203;28999](https://github.com/cilium/cilium/issues/28999), [@&#8203;renovate](https://github.com/renovate)\[bot]) - ci: Bump timeout on ci-runtime privileged worksflow (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28923](https://github.com/cilium/cilium/issues/28923), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - datapath: Move `linuxNodeHandler` IPsec functions to their own file (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28941](https://github.com/cilium/cilium/issues/28941), [@&#8203;pchaigno](https://github.com/pchaigno)) - doc: Add roadmap for mutual authentication (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;29006](https://github.com/cilium/cilium/issues/29006), [@&#8203;tgraf](https://github.com/tgraf)) - docs: Clarify BPF Map Pressure Metric (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28682](https://github.com/cilium/cilium/issues/28682), [@&#8203;nathanjsweet](https://github.com/nathanjsweet)) - docs: Update IPsec key rotation command (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;28141](https://github.com/cilium/cilium/issues/28141), [@&#8203;jschwinger233](https://github.com/jschwinger233)) - go.mod, vendor: use github.com/cilium/dns fork directly (Backport PR [#&#8203;29086](https://github.com/cilium/cilium/issues/29086), Upstream PR [#&#8203;27582](https://github.com/cilium/cilium/issues/27582), [@&#8203;tklauser](https://github.com/tklauser)) - Improve deletion of stale backends associated with non-global services, without waiting for full Cluster Mesh synchronization (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28745](https://github.com/cilium/cilium/issues/28745), [@&#8203;giorio94](https://github.com/giorio94)) - ipsec: Improve `encrypt flush` command (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28795](https://github.com/cilium/cilium/issues/28795), [@&#8203;pchaigno](https://github.com/pchaigno)) - ipsec: Remove dead code for IPsec node encryption (Backport PR [#&#8203;29030](https://github.com/cilium/cilium/issues/29030), Upstream PR [#&#8203;28898](https://github.com/cilium/cilium/issues/28898), [@&#8203;pchaigno](https://github.com/pchaigno)) - labels/cidr: Memoize labels for already seen prefixes (Backport PR [#&#8203;28870](https://github.com/cilium/cilium/issues/28870), Upstream PR [#&#8203;28465](https://github.com/cilium/cilium/issues/28465), [@&#8203;pippolo84](https://github.com/pippolo84)) - labels/cidr: On the fly char replacement for IPv6 (Backport PR [#&#8203;29021](https://github.com/cilium/cilium/issues/29021), Upstream PR [#&#8203;28647](https://github.com/cilium/cilium/issues/28647), [@&#8203;pippolo84](https://github.com/pippolo84)) - labels: Use slices.Sort instead of sort.Strings (Backport PR [#&#8203;29021](https://github.com/cilium/cilium/issues/29021), Upstream PR [#&#8203;28649](https://github.com/cilium/cilium/issues/28649), [@&#8203;pippolo84](https://github.com/pippolo84)) - pkg/allocator: store key in variable for error message (Backport PR [#&#8203;29064](https://github.com/cilium/cilium/issues/29064), Upstream PR [#&#8203;29076](https://github.com/cilium/cilium/issues/29076), [@&#8203;aanm](https://github.com/aanm)) - Update the clustermesh troubleshooting guide (Backport PR [#&#8203;28759](https://github.com/cilium/cilium/issues/28759), Upstream PR [#&#8203;26798](https://github.com/cilium/cilium/issues/26798), [@&#8203;giorio94](https://github.com/giorio94)) **Other Changes:** - \[1.14 Backport] ci: use renovate to upgrade Helm in ginkgo tests ([#&#8203;28940](https://github.com/cilium/cilium/issues/28940), [@&#8203;nebril](https://github.com/nebril)) - \[v1.14] Always migrate cilium_calls_\* during ELF load ([#&#8203;28830](https://github.com/cilium/cilium/issues/28830), [@&#8203;ti-mo](https://github.com/ti-mo)) - \[v1.14] envoy: Bump version to v1.26.6 ([#&#8203;28853](https://github.com/cilium/cilium/issues/28853), [@&#8203;sayboras](https://github.com/sayboras)) - ci-e2e: Enable WG encapsulation tests ([#&#8203;28997](https://github.com/cilium/cilium/issues/28997), [@&#8203;brb](https://github.com/brb)) - install: Update image digests for v1.14.3 ([#&#8203;28683](https://github.com/cilium/cilium/issues/28683), [@&#8203;jrajahalme](https://github.com/jrajahalme)) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4zMS41IiwidXBkYXRlZEluVmVyIjoiMzcuMzEuNSIsInRhcmdldEJyYW5jaCI6Im1haW4ifQ==-->
smeagol-help force-pushed renovate/patch-cilium from d85b5350db to 0085924f69 2023-11-27 22:35:10 -06:00 Compare
jahanson merged commit 929b508303 into main 2023-11-27 22:40:36 -06:00
jahanson deleted branch renovate/patch-cilium 2023-11-27 22:40:36 -06:00
This repo is archived. You cannot comment on pull requests.
Reviewers
No reviewers
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: jahanson/valinor#135
No description provided.
Delete branch "renovate/patch-cilium"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?