ZeroDownTime/kubezero
3
0
Fork 0
Code Issues 1 Pull Requests 27 Wiki Activity

chore(deps): update kubezero-network-dependencies #332

Merged
stefan merged 1 commits from renovate/kubezero-network-kubezero-network-dependencies into main 2024-07-18 13:43:24 +00:00
Conversation 0 Commits 1 Files Changed 1 +3 -3
renovate commented 2024-07-12 03:08:32 +00:00
Member
Copy Link

This PR contains the following updates:

Package Update Change
cilium (source) patch 1.15.5 -> 1.15.7
metallb (source) patch 0.14.5 -> 0.14.7

Release Notes

cilium/cilium (cilium)

v1.15.7: 1.15.7

Compare Source

Summary of Changes

We are pleased to release Cilium v1.15.7, which makes the load balancer class of the Clustermesh API server configurable and includes stability and bug fixes. Thanks to all contributors, reviewers, testers, and users!

Minor Changes:

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

  • (v1.15) Add permissions to read generated SBOMs (#​33059, @​ferozsalam)
  • v1.15] bpf: ct: return actual error from CT lookup (fixup) ([#​33484](https://github.com/cilium/cilium/issues/33484), [@​julianwiedmann](https://github.com/julianwiedmann))

  • v1.15] gh/workflows: fix skipping of no-frag test in ipsec-e2e workflow ([#​33671](https://github.com/cilium/cilium/issues/33671), [@​julianwiedmann](https://github.com/julianwiedmann))
  • Bump GoBGP to v3.27.0 (#​32993, @​YutaroHayakawa)
  • envoy: Bump golang version to v1.22.5 (#​33555, @​sayboras)
  • envoy: Update envoy 1.28.x to v1.28.5 (#​33483, @​sayboras)
  • install: Update image digests for v1.15.6 (#​33015, @​qmonnet)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.7@​sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0
quay.io/cilium/cilium:stable@sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.7@​sha256:f8fc26060e0f0c131200b762667f91788a4499362fc72209ce30b4032e926c68
quay.io/cilium/clustermesh-apiserver:stable@sha256:f8fc26060e0f0c131200b762667f91788a4499362fc72209ce30b4032e926c68

docker-plugin

quay.io/cilium/docker-plugin:v1.15.7@​sha256:1091cd5586fd5bac23816a05f8828758442a134255e0f73f0ac384310395d304
quay.io/cilium/docker-plugin:stable@sha256:1091cd5586fd5bac23816a05f8828758442a134255e0f73f0ac384310395d304

hubble-relay

quay.io/cilium/hubble-relay:v1.15.7@​sha256:12870e87ec6c105ca86885c4ee7c184ece6b706cc0f22f63d2a62a9a818fd68f
quay.io/cilium/hubble-relay:stable@sha256:12870e87ec6c105ca86885c4ee7c184ece6b706cc0f22f63d2a62a9a818fd68f

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.7@​sha256:2dcd7e3305cb47e4b5fbbb9bc2451d6aacb18788a87cab95cf86aec65ec19329
quay.io/cilium/operator-alibabacloud:stable@sha256:2dcd7e3305cb47e4b5fbbb9bc2451d6aacb18788a87cab95cf86aec65ec19329

operator-aws

quay.io/cilium/operator-aws:v1.15.7@​sha256:bb4085da666a5c7a7c6f8135f0de10f0b6895dbf561e9fccda0e272b51bb936e
quay.io/cilium/operator-aws:stable@sha256:bb4085da666a5c7a7c6f8135f0de10f0b6895dbf561e9fccda0e272b51bb936e

operator-azure

quay.io/cilium/operator-azure:v1.15.7@​sha256:8e189549bc3c31a44a1171cc970b8e502ae8bf55cd07035735c4b3a24a16f80b
quay.io/cilium/operator-azure:stable@sha256:8e189549bc3c31a44a1171cc970b8e502ae8bf55cd07035735c4b3a24a16f80b

operator-generic

quay.io/cilium/operator-generic:v1.15.7@​sha256:6840a6dde703b3e73dd31e03390327a9184fcb888efbad9d9d098d65b9035b54
quay.io/cilium/operator-generic:stable@sha256:6840a6dde703b3e73dd31e03390327a9184fcb888efbad9d9d098d65b9035b54

operator

quay.io/cilium/operator:v1.15.7@​sha256:9a599861adc64631c134f86c95823321b59948f35ebc5af31586987d74166341
quay.io/cilium/operator:stable@sha256:9a599861adc64631c134f86c95823321b59948f35ebc5af31586987d74166341

v1.15.6: 1.15.6

Compare Source

We are pleased to release Cilium v1.15.6 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! ❤️

Summary of Changes

Minor Changes:

  • v1.15] fqdn: Forward-compatibility with Cilium 1.16 FQDN identities ([#​32872](https://github.com/cilium/cilium/issues/32872), [@​gandro](https://github.com/gandro))
  • Generate SBOMs using Syft instead of bom (Backport PR #​32691, Upstream PR #​32307, @​ferozsalam)
  • Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR #​32748, Upstream PR #​32577, @​marseel)
  • Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR #​32568, Upstream PR #​32336, @​giorio94)
  • ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR #​32882, Upstream PR #​32588, @​marseel)
  • KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (Backport PR #​32568, Upstream PR #​32156, @​giorio94)

Bugfixes:

  • .github/workflows: fix digests file creation (Backport PR #​32889, Upstream PR #​32860, @​aanm)
  • v1.15] iptables: Do not install NOTRACK rules if IPv4NativeRoutingCIDR is nil ([#​32649](https://github.com/cilium/cilium/issues/32649), [@​pippolo84](https://github.com/pippolo84))
  • Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (Backport PR #​32500, Upstream PR #​32117, @​giorio94)
  • bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (Backport PR #​32691, Upstream PR #​32536, @​harsimran-pabla)
  • Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (Backport PR #​32889, Upstream PR #​32694, @​dswaffordcw)
  • cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR #​32789, Upstream PR #​32725, @​gandro)
  • egressgw: Let the EGW manager relax rp_filter on egress device (Backport PR #​32778, Upstream PR #​32679, @​ysksuzuki)
  • Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (Backport PR #​32789, Upstream PR #​31671, @​foyerunix)
  • Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (Backport PR #​32691, Upstream PR #​32506, @​joamaki)
  • Fix PromQL query in Cilium Metrics dashboard (Backport PR #​32691, Upstream PR #​32017, @​mikemykhaylov)
  • Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR #​32691, Upstream PR #​32513, @​giorio94)
  • Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR #​32691, Upstream PR #​32548, @​squeed)
  • Fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. (Backport PR #​32932, Upstream PR #​32683, @​jschwinger233)
  • ingress: Set the default value for max_stream_timeout (Backport PR #​32889, Upstream PR #​31514, @​tskinn)
  • Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (Backport PR #​32802, Upstream PR #​32671, @​giorio94)
  • ipsec: Safely delete Xfrm state (Backport PR #​32691, Upstream PR #​32450, @​jschwinger233)
  • proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR #​32481, Upstream PR #​32367, @​sayboras)
  • Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (Backport PR #​32889, Upstream PR #​32338, @​stelucz)

CI Changes:

Misc Changes:

Other Changes:

  • v1.15] bugtool: Avoid sensitive data in envoy config dump ([#​32964](https://github.com/cilium/cilium/issues/32964), [@​sayboras](https://github.com/sayboras))

  • v1.15] envoy: Bump envoy version to v1.28.4 ([#​32908](https://github.com/cilium/cilium/issues/32908), [@​sayboras](https://github.com/sayboras))
  • Fix: LB service lookup for flow matching conntrack entry (#​32608, @​sypakine)
  • install: Update image digests for v1.15.5 (#​32544, @​nebril)
  • Revert golang image version of hubble-relay (#​32732, @​YutaroHayakawa)

v1.15.6

Docker Manifests

cilium

quay.io/cilium/cilium:v1.15.6@​sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def
quay.io/cilium/cilium:stable@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.15.6@​sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029
quay.io/cilium/clustermesh-apiserver:stable@sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029

docker-plugin

quay.io/cilium/docker-plugin:v1.15.6@​sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b
quay.io/cilium/docker-plugin:stable@sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b

hubble-relay

quay.io/cilium/hubble-relay:v1.15.6@​sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c
quay.io/cilium/hubble-relay:stable@sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.15.6@​sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f
quay.io/cilium/operator-alibabacloud:stable@sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f

operator-aws

quay.io/cilium/operator-aws:v1.15.6@​sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620
quay.io/cilium/operator-aws:stable@sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620

operator-azure

quay.io/cilium/operator-azure:v1.15.6@​sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170
quay.io/cilium/operator-azure:stable@sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170

operator-generic

quay.io/cilium/operator-generic:v1.15.6@​sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d
quay.io/cilium/operator-generic:stable@sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d

operator

quay.io/cilium/operator:v1.15.6@​sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875
quay.io/cilium/operator:stable@sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875

metallb/metallb (metallb)

v0.14.7: v0.0.17

Compare Source

See the release notes for the details

https://metallb.universe.tf/release-notes/#version-0-14-7

v0.14.6: v0.0.16

Compare Source

See the release notes for the details

https://metallb.universe.tf/release-notes/#version-0-14-6

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | patch | `1.15.5` -> `1.15.7` | | [metallb](https://metallb.universe.tf) ([source](https://github.com/metallb/metallb)) | patch | `0.14.5` -> `0.14.7` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.15.7`](https://github.com/cilium/cilium/releases/tag/v1.15.7): 1.15.7 [Compare Source](https://github.com/cilium/cilium/compare/1.15.6...1.15.7) ## Summary of Changes We are pleased to release Cilium v1.15.7, which makes the load balancer class of the Clustermesh API server configurable and includes stability and bug fixes. Thanks to all contributors, reviewers, testers, and users! **Minor Changes:** - helm: loadBalancerClass for Cluster Mesh APIserver (Backport PR [#&#8203;33342](https://github.com/cilium/cilium/issues/33342), Upstream PR [#&#8203;33033](https://github.com/cilium/cilium/issues/33033), [@&#8203;PhilipSchmid](https://github.com/PhilipSchmid)) - ui: v0.13.1 release (Backport PR [#&#8203;33223](https://github.com/cilium/cilium/issues/33223), Upstream PR [#&#8203;32852](https://github.com/cilium/cilium/issues/32852), [@&#8203;geakstr](https://github.com/geakstr)) **Bugfixes:** - bgpv1: reorder neighbor creation and deletion steps (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33262](https://github.com/cilium/cilium/issues/33262), [@&#8203;harsimran-pabla](https://github.com/harsimran-pabla)) - datapath: Fix redirect from from L3 netdev to tunnel (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33421](https://github.com/cilium/cilium/issues/33421), [@&#8203;brb](https://github.com/brb)) - Datasource error fixed for Hubble DNS and Network dashboards (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;30580](https://github.com/cilium/cilium/issues/30580), [@&#8203;Pionerd](https://github.com/Pionerd)) - egress-gateway: Validate ep identity before fetching labels (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33311](https://github.com/cilium/cilium/issues/33311), [@&#8203;pippolo84](https://github.com/pippolo84)) - envoy: Avoid short circuit backend filtering (Backport PR [#&#8203;33533](https://github.com/cilium/cilium/issues/33533), Upstream PR [#&#8203;33403](https://github.com/cilium/cilium/issues/33403), [@&#8203;sayboras](https://github.com/sayboras)) - Fix [#&#8203;32587](https://github.com/cilium/cilium/issues/32587) concurrent hubble dynamic exporter stop and reload (Backport PR [#&#8203;33098](https://github.com/cilium/cilium/issues/33098), Upstream PR [#&#8203;33000](https://github.com/cilium/cilium/issues/33000), [@&#8203;marqc](https://github.com/marqc)) - Fix hubble metrics leak by using CiliumEndpoint watcher to remove stale metrics. (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33260](https://github.com/cilium/cilium/issues/33260), [@&#8203;sgargan](https://github.com/sgargan)) - Fix rare spurious double reconnection upon clustermesh configuration change for remote cluster (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33248](https://github.com/cilium/cilium/issues/33248), [@&#8203;giorio94](https://github.com/giorio94)) - Fix too many open Unix sockets (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33569](https://github.com/cilium/cilium/issues/33569), [@&#8203;chaunceyjiang](https://github.com/chaunceyjiang)) - gateway-api: Check for matching controller name (Backport PR [#&#8203;33223](https://github.com/cilium/cilium/issues/33223), Upstream PR [#&#8203;33050](https://github.com/cilium/cilium/issues/33050), [@&#8203;sayboras](https://github.com/sayboras)) - Generate SBOM from the correct release image ([#&#8203;33052](https://github.com/cilium/cilium/issues/33052), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - helm: Decouple sysctlfix from cgroup.autoMount (Backport PR [#&#8203;33010](https://github.com/cilium/cilium/issues/33010), Upstream PR [#&#8203;32866](https://github.com/cilium/cilium/issues/32866), [@&#8203;YutaroHayakawa](https://github.com/YutaroHayakawa)) - ipsec: do not nil out EncryptInterface when using IPAM ENI on netlink… (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33512](https://github.com/cilium/cilium/issues/33512), [@&#8203;jasonaliyetti](https://github.com/jasonaliyetti)) - IPv6 and IPv4 '0.0.0.0/0' CIDR parsing in policy processing has been fixed (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33448](https://github.com/cilium/cilium/issues/33448), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Recreate CT entries for non-TCP to fix L7 proxy redirect failures. (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33222](https://github.com/cilium/cilium/issues/33222), [@&#8203;ysksuzuki](https://github.com/ysksuzuki)) - Report the correct drop reason when a packet is dropped by the bpf_lxc program. (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33551](https://github.com/cilium/cilium/issues/33551), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Revert PR [#&#8203;32244](https://github.com/cilium/cilium/issues/32244) which caused unintended side-effects that negatively impacted network performance. (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33304](https://github.com/cilium/cilium/issues/33304), [@&#8203;learnitall](https://github.com/learnitall)) - socketlb: tolerate cgroupv1 when detaching bpf programs (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33599](https://github.com/cilium/cilium/issues/33599), [@&#8203;rgo3](https://github.com/rgo3)) - Update IPsec to handle larger PSK values when using per-tunnel PSK (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33472](https://github.com/cilium/cilium/issues/33472), [@&#8203;jasonaliyetti](https://github.com/jasonaliyetti)) - When the Bandwidth Manager feature is enabled, don't apply Egress rate-limiting to "Port unreachable" ICMP replies by Cilium's North-South Loadbalancer. (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33624](https://github.com/cilium/cilium/issues/33624), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) **CI Changes:** - \[v1.15] Disable release SBOM asset uploads ([#&#8203;33072](https://github.com/cilium/cilium/issues/33072), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - Bump CLI to v0.16.11 (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33444](https://github.com/cilium/cilium/issues/33444), [@&#8203;brb](https://github.com/brb)) - ci: Add IPsec leak detection for ci-ipsec-e2e (Backport PR [#&#8203;33047](https://github.com/cilium/cilium/issues/33047), Upstream PR [#&#8203;32930](https://github.com/cilium/cilium/issues/32930), [@&#8203;jschwinger233](https://github.com/jschwinger233)) - ci: l4lb: Don't hang on gathering logs forever (Backport PR [#&#8203;33010](https://github.com/cilium/cilium/issues/33010), Upstream PR [#&#8203;32947](https://github.com/cilium/cilium/issues/32947), [@&#8203;joestringer](https://github.com/joestringer)) - gh: ipsec: clarify check for leaked proxy traffic during key rotation (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33509](https://github.com/cilium/cilium/issues/33509), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - gha: Only retrieve IPv4 CIDR from docker network (Backport PR [#&#8203;33110](https://github.com/cilium/cilium/issues/33110), Upstream PR [#&#8203;33093](https://github.com/cilium/cilium/issues/33093), [@&#8203;sayboras](https://github.com/sayboras)) - workflows: e2e-upgrade: fix EXTRA parameters (Backport PR [#&#8203;33223](https://github.com/cilium/cilium/issues/33223), Upstream PR [#&#8203;33150](https://github.com/cilium/cilium/issues/33150), [@&#8203;jibi](https://github.com/jibi)) **Misc Changes:** - .github: add workflow for renovate to build base images (Backport PR [#&#8203;33346](https://github.com/cilium/cilium/issues/33346), Upstream PR [#&#8203;33326](https://github.com/cilium/cilium/issues/33326), [@&#8203;aanm](https://github.com/aanm)) - .github: fix cloud workflows for renovate (Backport PR [#&#8203;33321](https://github.com/cilium/cilium/issues/33321), Upstream PR [#&#8203;33320](https://github.com/cilium/cilium/issues/33320), [@&#8203;aanm](https://github.com/aanm)) - .github: fix worfklows used by renovate (Backport PR [#&#8203;33317](https://github.com/cilium/cilium/issues/33317), Upstream PR [#&#8203;33309](https://github.com/cilium/cilium/issues/33309), [@&#8203;aanm](https://github.com/aanm)) - \[v1.15] remove tracking of backports with MLH ([#&#8203;33124](https://github.com/cilium/cilium/issues/33124), [@&#8203;aanm](https://github.com/aanm)) - Add auto-merge for renovate for trusted dependencies (Backport PR [#&#8203;33317](https://github.com/cilium/cilium/issues/33317), Upstream PR [#&#8203;33287](https://github.com/cilium/cilium/issues/33287), [@&#8203;aanm](https://github.com/aanm)) - bpf: ct: return actual error from CT lookup (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33225](https://github.com/cilium/cilium/issues/33225), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: encap: fix ifindex in TO_OVERLAY trace notification (Backport PR [#&#8203;33575](https://github.com/cilium/cilium/issues/33575), Upstream PR [#&#8203;33083](https://github.com/cilium/cilium/issues/33083), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: lxc: fix ifindex in TO_ENDPOINT trace notification (Backport PR [#&#8203;33575](https://github.com/cilium/cilium/issues/33575), Upstream PR [#&#8203;33085](https://github.com/cilium/cilium/issues/33085), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: lxc: prefer SECLABEL_IPV4 over SECLABEL in ipv4\_policy() (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33181](https://github.com/cilium/cilium/issues/33181), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - build(deps): bump urllib3 from 2.0.7 to 2.2.2 in /Documentation (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33218](https://github.com/cilium/cilium/issues/33218), [@&#8203;dependabot](https://github.com/dependabot)\[bot]) - build-images-base: cancel github runs based on branch name (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33353](https://github.com/cilium/cilium/issues/33353), [@&#8203;aanm](https://github.com/aanm)) - build-images-base: push to branch if pull request ref doesn't exist (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33368](https://github.com/cilium/cilium/issues/33368), [@&#8203;aanm](https://github.com/aanm)) - build-images: fetch artifacts with specific pattern (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33216](https://github.com/cilium/cilium/issues/33216), [@&#8203;aanm](https://github.com/aanm)) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;33177](https://github.com/cilium/cilium/issues/33177), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;33338](https://github.com/cilium/cilium/issues/33338), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;33492](https://github.com/cilium/cilium/issues/33492), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.15) ([#&#8203;33175](https://github.com/cilium/cilium/issues/33175), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.15) ([#&#8203;33337](https://github.com/cilium/cilium/issues/33337), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.15) ([#&#8203;33571](https://github.com/cilium/cilium/issues/33571), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/cilium-cli action to v0.16.11 (v1.15) ([#&#8203;33650](https://github.com/cilium/cilium/issues/33650), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/scale-tests-action digest to [`511e3d9`](https://github.com/cilium/cilium/commit/511e3d9) (v1.15) ([#&#8203;33208](https://github.com/cilium/cilium/issues/33208), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.10 (v1.15) ([#&#8203;32990](https://github.com/cilium/cilium/issues/32990), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency eksctl-io/eksctl to v0.182.0 (v1.15) ([#&#8203;32991](https://github.com/cilium/cilium/issues/32991), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.21.11 docker digest to [`2eb85b8`](https://github.com/cilium/cilium/commit/2eb85b8) (v1.15) ([#&#8203;33174](https://github.com/cilium/cilium/issues/33174), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.21.11 docker digest to [`b405b62`](https://github.com/cilium/cilium/commit/b405b62) (v1.15) ([#&#8203;33336](https://github.com/cilium/cilium/issues/33336), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.21.12 docker digest to [`488f80a`](https://github.com/cilium/cilium/commit/488f80a) (v1.15) ([#&#8203;33660](https://github.com/cilium/cilium/issues/33660), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker/build-push-action action to v5.4.0 (v1.15) ([#&#8203;33018](https://github.com/cilium/cilium/issues/33018), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker/build-push-action action to v6 (v1.15) ([#&#8203;33198](https://github.com/cilium/cilium/issues/33198), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.21.12 (v1.15) ([#&#8203;33539](https://github.com/cilium/cilium/issues/33539), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#&#8203;33003](https://github.com/cilium/cilium/issues/33003), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#&#8203;33176](https://github.com/cilium/cilium/issues/33176), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#&#8203;33301](https://github.com/cilium/cilium/issues/33301), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#&#8203;33657](https://github.com/cilium/cilium/issues/33657), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - daemon: Allow DNS transparent mode to be turned off with encryption (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33420](https://github.com/cilium/cilium/issues/33420), [@&#8203;gandro](https://github.com/gandro)) - docs: Improve note on kube-apiserver entity limitations (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33382](https://github.com/cilium/cilium/issues/33382), [@&#8203;gandro](https://github.com/gandro)) - docs: ipsec: mention dependency on transparent mode for DNS proxy (Backport PR [#&#8203;33098](https://github.com/cilium/cilium/issues/33098), Upstream PR [#&#8203;33062](https://github.com/cilium/cilium/issues/33062), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Documentation: accept ORG and REPO (Backport PR [#&#8203;33631](https://github.com/cilium/cilium/issues/33631), Upstream PR [#&#8203;33514](https://github.com/cilium/cilium/issues/33514), [@&#8203;aanm](https://github.com/aanm)) - examples: Fix subject selector in ingress policy (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;33292](https://github.com/cilium/cilium/issues/33292), [@&#8203;joestringer](https://github.com/joestringer)) - Fix renovate's concurrency group (Backport PR [#&#8203;33559](https://github.com/cilium/cilium/issues/33559), Upstream PR [#&#8203;33528](https://github.com/cilium/cilium/issues/33528), [@&#8203;aanm](https://github.com/aanm)) - images: update cilium-{runtime,builder} ([#&#8203;33714](https://github.com/cilium/cilium/issues/33714), [@&#8203;aanm](https://github.com/aanm)) - Increase usability of Makefile.override (Backport PR [#&#8203;33098](https://github.com/cilium/cilium/issues/33098), Upstream PR [#&#8203;32660](https://github.com/cilium/cilium/issues/32660), [@&#8203;learnitall](https://github.com/learnitall)) - install/kubernetes: update nodeinit image to latest version (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33427](https://github.com/cilium/cilium/issues/33427), [@&#8203;marseel](https://github.com/marseel)) - ipcache: Fix orphaned ipcache entries when mixing Upsert and Inject (Backport PR [#&#8203;33152](https://github.com/cilium/cilium/issues/33152), Upstream PR [#&#8203;33120](https://github.com/cilium/cilium/issues/33120), [@&#8203;squeed](https://github.com/squeed)) - LRP: Misc fix-ups (Backport PR [#&#8203;33529](https://github.com/cilium/cilium/issues/33529), Upstream PR [#&#8203;33442](https://github.com/cilium/cilium/issues/33442), [@&#8203;aditighag](https://github.com/aditighag)) - Miscellaneous fixes in the usage of Makefile.override and build modifiers (Backport PR [#&#8203;33098](https://github.com/cilium/cilium/issues/33098), Upstream PR [#&#8203;33129](https://github.com/cilium/cilium/issues/33129), [@&#8203;giorio94](https://github.com/giorio94)) - Miscellaneous improvements to clustermesh-related troubleshooting tools (Backport PR [#&#8203;33378](https://github.com/cilium/cilium/issues/33378), Upstream PR [#&#8203;32951](https://github.com/cilium/cilium/issues/32951), [@&#8203;giorio94](https://github.com/giorio94)) - Remove release scripts (Backport PR [#&#8203;33010](https://github.com/cilium/cilium/issues/33010), Upstream PR [#&#8203;32938](https://github.com/cilium/cilium/issues/32938), [@&#8203;aanm](https://github.com/aanm)) - Renovate changes (Backport PR [#&#8203;33559](https://github.com/cilium/cilium/issues/33559), Upstream PR [#&#8203;33519](https://github.com/cilium/cilium/issues/33519), [@&#8203;aanm](https://github.com/aanm)) - renovate: add auto-approve bot for renovate PRs (Backport PR [#&#8203;33642](https://github.com/cilium/cilium/issues/33642), Upstream PR [#&#8203;33604](https://github.com/cilium/cilium/issues/33604), [@&#8203;aanm](https://github.com/aanm)) **Other Changes:** - (v1.15) Add permissions to read generated SBOMs ([#&#8203;33059](https://github.com/cilium/cilium/issues/33059), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - \[v1.15] bpf: ct: return actual error from CT lookup (fixup) ([#&#8203;33484](https://github.com/cilium/cilium/issues/33484), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - \[v1.15] gh/workflows: fix skipping of no-frag test in ipsec-e2e workflow ([#&#8203;33671](https://github.com/cilium/cilium/issues/33671), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Bump GoBGP to v3.27.0 ([#&#8203;32993](https://github.com/cilium/cilium/issues/32993), [@&#8203;YutaroHayakawa](https://github.com/YutaroHayakawa)) - envoy: Bump golang version to v1.22.5 ([#&#8203;33555](https://github.com/cilium/cilium/issues/33555), [@&#8203;sayboras](https://github.com/sayboras)) - envoy: Update envoy 1.28.x to v1.28.5 ([#&#8203;33483](https://github.com/cilium/cilium/issues/33483), [@&#8203;sayboras](https://github.com/sayboras)) - install: Update image digests for v1.15.6 ([#&#8203;33015](https://github.com/cilium/cilium/issues/33015), [@&#8203;qmonnet](https://github.com/qmonnet)) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.15.7@&#8203;sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0` `quay.io/cilium/cilium:stable@sha256:2e432bf6879feb8b891c497d6fd784b13e53456017d2b8e4ea734145f0282ef0` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.15.7@&#8203;sha256:f8fc26060e0f0c131200b762667f91788a4499362fc72209ce30b4032e926c68` `quay.io/cilium/clustermesh-apiserver:stable@sha256:f8fc26060e0f0c131200b762667f91788a4499362fc72209ce30b4032e926c68` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.15.7@&#8203;sha256:1091cd5586fd5bac23816a05f8828758442a134255e0f73f0ac384310395d304` `quay.io/cilium/docker-plugin:stable@sha256:1091cd5586fd5bac23816a05f8828758442a134255e0f73f0ac384310395d304` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.15.7@&#8203;sha256:12870e87ec6c105ca86885c4ee7c184ece6b706cc0f22f63d2a62a9a818fd68f` `quay.io/cilium/hubble-relay:stable@sha256:12870e87ec6c105ca86885c4ee7c184ece6b706cc0f22f63d2a62a9a818fd68f` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.15.7@&#8203;sha256:2dcd7e3305cb47e4b5fbbb9bc2451d6aacb18788a87cab95cf86aec65ec19329` `quay.io/cilium/operator-alibabacloud:stable@sha256:2dcd7e3305cb47e4b5fbbb9bc2451d6aacb18788a87cab95cf86aec65ec19329` ##### operator-aws `quay.io/cilium/operator-aws:v1.15.7@&#8203;sha256:bb4085da666a5c7a7c6f8135f0de10f0b6895dbf561e9fccda0e272b51bb936e` `quay.io/cilium/operator-aws:stable@sha256:bb4085da666a5c7a7c6f8135f0de10f0b6895dbf561e9fccda0e272b51bb936e` ##### operator-azure `quay.io/cilium/operator-azure:v1.15.7@&#8203;sha256:8e189549bc3c31a44a1171cc970b8e502ae8bf55cd07035735c4b3a24a16f80b` `quay.io/cilium/operator-azure:stable@sha256:8e189549bc3c31a44a1171cc970b8e502ae8bf55cd07035735c4b3a24a16f80b` ##### operator-generic `quay.io/cilium/operator-generic:v1.15.7@&#8203;sha256:6840a6dde703b3e73dd31e03390327a9184fcb888efbad9d9d098d65b9035b54` `quay.io/cilium/operator-generic:stable@sha256:6840a6dde703b3e73dd31e03390327a9184fcb888efbad9d9d098d65b9035b54` ##### operator `quay.io/cilium/operator:v1.15.7@&#8203;sha256:9a599861adc64631c134f86c95823321b59948f35ebc5af31586987d74166341` `quay.io/cilium/operator:stable@sha256:9a599861adc64631c134f86c95823321b59948f35ebc5af31586987d74166341` ### [`v1.15.6`](https://github.com/cilium/cilium/releases/tag/v1.15.6): 1.15.6 [Compare Source](https://github.com/cilium/cilium/compare/1.15.5...1.15.6) We are pleased to release Cilium v1.15.6 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! :heart: ## Summary of Changes **Minor Changes:** - \[v1.15] fqdn: Forward-compatibility with Cilium 1.16 FQDN identities ([#&#8203;32872](https://github.com/cilium/cilium/issues/32872), [@&#8203;gandro](https://github.com/gandro)) - Generate SBOMs using Syft instead of bom (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32307](https://github.com/cilium/cilium/issues/32307), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR [#&#8203;32748](https://github.com/cilium/cilium/issues/32748), Upstream PR [#&#8203;32577](https://github.com/cilium/cilium/issues/32577), [@&#8203;marseel](https://github.com/marseel)) - Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR [#&#8203;32568](https://github.com/cilium/cilium/issues/32568), Upstream PR [#&#8203;32336](https://github.com/cilium/cilium/issues/32336), [@&#8203;giorio94](https://github.com/giorio94)) - ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR [#&#8203;32882](https://github.com/cilium/cilium/issues/32882), Upstream PR [#&#8203;32588](https://github.com/cilium/cilium/issues/32588), [@&#8203;marseel](https://github.com/marseel)) - KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (Backport PR [#&#8203;32568](https://github.com/cilium/cilium/issues/32568), Upstream PR [#&#8203;32156](https://github.com/cilium/cilium/issues/32156), [@&#8203;giorio94](https://github.com/giorio94)) **Bugfixes:** - .github/workflows: fix digests file creation (Backport PR [#&#8203;32889](https://github.com/cilium/cilium/issues/32889), Upstream PR [#&#8203;32860](https://github.com/cilium/cilium/issues/32860), [@&#8203;aanm](https://github.com/aanm)) - \[v1.15] iptables: Do not install NOTRACK rules if IPv4NativeRoutingCIDR is nil ([#&#8203;32649](https://github.com/cilium/cilium/issues/32649), [@&#8203;pippolo84](https://github.com/pippolo84)) - Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (Backport PR [#&#8203;32500](https://github.com/cilium/cilium/issues/32500), Upstream PR [#&#8203;32117](https://github.com/cilium/cilium/issues/32117), [@&#8203;giorio94](https://github.com/giorio94)) - bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32536](https://github.com/cilium/cilium/issues/32536), [@&#8203;harsimran-pabla](https://github.com/harsimran-pabla)) - Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (Backport PR [#&#8203;32889](https://github.com/cilium/cilium/issues/32889), Upstream PR [#&#8203;32694](https://github.com/cilium/cilium/issues/32694), [@&#8203;dswaffordcw](https://github.com/dswaffordcw)) - cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;32725](https://github.com/cilium/cilium/issues/32725), [@&#8203;gandro](https://github.com/gandro)) - egressgw: Let the EGW manager relax rp_filter on egress device (Backport PR [#&#8203;32778](https://github.com/cilium/cilium/issues/32778), Upstream PR [#&#8203;32679](https://github.com/cilium/cilium/issues/32679), [@&#8203;ysksuzuki](https://github.com/ysksuzuki)) - Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;31671](https://github.com/cilium/cilium/issues/31671), [@&#8203;foyerunix](https://github.com/foyerunix)) - Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32506](https://github.com/cilium/cilium/issues/32506), [@&#8203;joamaki](https://github.com/joamaki)) - Fix PromQL query in Cilium Metrics dashboard (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32017](https://github.com/cilium/cilium/issues/32017), [@&#8203;mikemykhaylov](https://github.com/mikemykhaylov)) - Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32513](https://github.com/cilium/cilium/issues/32513), [@&#8203;giorio94](https://github.com/giorio94)) - Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32548](https://github.com/cilium/cilium/issues/32548), [@&#8203;squeed](https://github.com/squeed)) - Fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. (Backport PR [#&#8203;32932](https://github.com/cilium/cilium/issues/32932), Upstream PR [#&#8203;32683](https://github.com/cilium/cilium/issues/32683), [@&#8203;jschwinger233](https://github.com/jschwinger233)) - ingress: Set the default value for max_stream_timeout (Backport PR [#&#8203;32889](https://github.com/cilium/cilium/issues/32889), Upstream PR [#&#8203;31514](https://github.com/cilium/cilium/issues/31514), [@&#8203;tskinn](https://github.com/tskinn)) - Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (Backport PR [#&#8203;32802](https://github.com/cilium/cilium/issues/32802), Upstream PR [#&#8203;32671](https://github.com/cilium/cilium/issues/32671), [@&#8203;giorio94](https://github.com/giorio94)) - ipsec: Safely delete Xfrm state (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32450](https://github.com/cilium/cilium/issues/32450), [@&#8203;jschwinger233](https://github.com/jschwinger233)) - proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR [#&#8203;32481](https://github.com/cilium/cilium/issues/32481), Upstream PR [#&#8203;32367](https://github.com/cilium/cilium/issues/32367), [@&#8203;sayboras](https://github.com/sayboras)) - Remove deprecated `hubble.ui.securityContext.enabled` from hubble-ui deployment template (Backport PR [#&#8203;32889](https://github.com/cilium/cilium/issues/32889), Upstream PR [#&#8203;32338](https://github.com/cilium/cilium/issues/32338), [@&#8203;stelucz](https://github.com/stelucz)) **CI Changes:** - CI: Add job name validation (Backport PR [#&#8203;32500](https://github.com/cilium/cilium/issues/32500), Upstream PR [#&#8203;32462](https://github.com/cilium/cilium/issues/32462), [@&#8203;brlbil](https://github.com/brlbil)) - ci: Filter supported versions of EKS (Backport PR [#&#8203;32889](https://github.com/cilium/cilium/issues/32889), Upstream PR [#&#8203;32304](https://github.com/cilium/cilium/issues/32304), [@&#8203;marseel](https://github.com/marseel)) - ci: Filter supported versions of GKE (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32302](https://github.com/cilium/cilium/issues/32302), [@&#8203;marseel](https://github.com/marseel)) - ci: l4lb: gather more infos about docker-in-docker issues (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32570](https://github.com/cilium/cilium/issues/32570), [@&#8203;mhofstetter](https://github.com/mhofstetter)) - ci: l4lb: restart docker-in-docker container on failure (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32600](https://github.com/cilium/cilium/issues/32600), [@&#8203;mhofstetter](https://github.com/mhofstetter)) - eks: Don't use spot instances (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32553](https://github.com/cilium/cilium/issues/32553), [@&#8203;michi-covalent](https://github.com/michi-covalent)) - GCP OIDC instead of SA creds. (Backport PR [#&#8203;32707](https://github.com/cilium/cilium/issues/32707), Upstream PR [#&#8203;30809](https://github.com/cilium/cilium/issues/30809), [@&#8203;viktor-kurchenko](https://github.com/viktor-kurchenko)) - gha: cover TLS auth mode in clustermesh upgrade/downgrade tests (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;32684](https://github.com/cilium/cilium/issues/32684), [@&#8203;giorio94](https://github.com/giorio94)) - gha: test certificate generation methods in conformance clustermesh (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;32654](https://github.com/cilium/cilium/issues/32654), [@&#8203;giorio94](https://github.com/giorio94)) - Modify GitHub Actions Workflows to echo the inputs they are given when triggered by a `workflow_dispatch` event. (Backport PR [#&#8203;32500](https://github.com/cilium/cilium/issues/32500), Upstream PR [#&#8203;31424](https://github.com/cilium/cilium/issues/31424), [@&#8203;learnitall](https://github.com/learnitall)) - Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR [#&#8203;32500](https://github.com/cilium/cilium/issues/32500), Upstream PR [#&#8203;32402](https://github.com/cilium/cilium/issues/32402), [@&#8203;michi-covalent](https://github.com/michi-covalent)) - workflows: ignore "No egress gateway found" drops (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32564](https://github.com/cilium/cilium/issues/32564), [@&#8203;jibi](https://github.com/jibi)) - workflows: Remove stale CodeQL workflow (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32084](https://github.com/cilium/cilium/issues/32084), [@&#8203;pchaigno](https://github.com/pchaigno)) **Misc Changes:** - (v1.15) Bump go-jose ([#&#8203;32869](https://github.com/cilium/cilium/issues/32869), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - (v1.15) Bump golang.org/x/net ([#&#8203;32793](https://github.com/cilium/cilium/issues/32793), [@&#8203;ferozsalam](https://github.com/ferozsalam)) - background-sync: fix bootstrap issue and edge-case with 1 node (Backport PR [#&#8203;32748](https://github.com/cilium/cilium/issues/32748), Upstream PR [#&#8203;32630](https://github.com/cilium/cilium/issues/32630), [@&#8203;marseel](https://github.com/marseel)) - bpf: add ext_err for more callers of tail_call_internal() (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;30023](https://github.com/cilium/cilium/issues/30023), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: add improved helper for program-internal tail-call (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;30001](https://github.com/cilium/cilium/issues/30001), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: add multicast in MAX_OVERLAY_OPTIONS (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;32129](https://github.com/cilium/cilium/issues/32129), [@&#8203;harsimran-pabla](https://github.com/harsimran-pabla)) - bpf: convert ep_tail_call() to tail_call_internal() (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;30288](https://github.com/cilium/cilium/issues/30288), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: egw: delay SNAT for local client to actual egress interface (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;32428](https://github.com/cilium/cilium/issues/32428), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: hide dynamic/static variant for policy tail-call (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;32299](https://github.com/cilium/cilium/issues/32299), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bpf: minor tail-call cleanups (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;31990](https://github.com/cilium/cilium/issues/31990), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - bump cni plugins to v1.5.0 (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32629](https://github.com/cilium/cilium/issues/32629), [@&#8203;antonipp](https://github.com/antonipp)) - Bump timeout of lint-build-commits.yaml (Backport PR [#&#8203;32789](https://github.com/cilium/cilium/issues/32789), Upstream PR [#&#8203;32746](https://github.com/cilium/cilium/issues/32746), [@&#8203;YutaroHayakawa](https://github.com/YutaroHayakawa)) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;32493](https://github.com/cilium/cilium/issues/32493), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;32632](https://github.com/cilium/cilium/issues/32632), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;32719](https://github.com/cilium/cilium/issues/32719), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;32841](https://github.com/cilium/cilium/issues/32841), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#&#8203;32923](https://github.com/cilium/cilium/issues/32923), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) (patch) ([#&#8203;32633](https://github.com/cilium/cilium/issues/32633), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update cilium/cilium-cli action to v0.16.7 (v1.15) ([#&#8203;32395](https://github.com/cilium/cilium/issues/32395), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update cilium/little-vm-helper action to v0.0.18 (v1.15) ([#&#8203;32580](https://github.com/cilium/cilium/issues/32580), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.8 (v1.15) ([#&#8203;32780](https://github.com/cilium/cilium/issues/32780), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.9 (v1.15) ([#&#8203;32835](https://github.com/cilium/cilium/issues/32835), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/hubble to v0.13.4 (v1.15) ([#&#8203;32519](https://github.com/cilium/cilium/issues/32519), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update dependency cilium/hubble to v0.13.5 (v1.15) ([#&#8203;32948](https://github.com/cilium/cilium/issues/32948), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/ubuntu:22.04 docker digest to [`19478ce`](https://github.com/cilium/cilium/commit/19478ce) (v1.15) ([#&#8203;32922](https://github.com/cilium/cilium/issues/32922), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.14 (v1.15) ([#&#8203;32838](https://github.com/cilium/cilium/issues/32838), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update go (v1.15) ([#&#8203;32623](https://github.com/cilium/cilium/issues/32623), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update go to v1.21.11 (v1.15) ([#&#8203;32894](https://github.com/cilium/cilium/issues/32894), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update quay.io/cilium/hubble docker tag to v0.13.4 (v1.15) ([#&#8203;32634](https://github.com/cilium/cilium/issues/32634), [@&#8203;renovate](https://github.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#&#8203;32635](https://github.com/cilium/cilium/issues/32635), [@&#8203;renovate](https://github.com/renovate)\[bot]) - contrib: Remove CHARTS_PATH dependency (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32328](https://github.com/cilium/cilium/issues/32328), [@&#8203;joestringer](https://github.com/joestringer)) - datapath: report distinct drop reason for missed endpoint policy tailcall (Backport PR [#&#8203;32332](https://github.com/cilium/cilium/issues/32332), Upstream PR [#&#8203;32151](https://github.com/cilium/cilium/issues/32151), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - docs: Add example for kube-apiserver entity policy (Backport PR [#&#8203;32500](https://github.com/cilium/cilium/issues/32500), Upstream PR [#&#8203;32278](https://github.com/cilium/cilium/issues/32278), [@&#8203;joestringer](https://github.com/joestringer)) - Docs: add note about AKS kube-apiserver entity (Backport PR [#&#8203;32691](https://github.com/cilium/cilium/issues/32691), Upstream PR [#&#8203;32464](https://github.com/cilium/cilium/issues/32464), [@&#8203;darox](https://github.com/darox)) - docs: ipsec: remove limitation for native-routing with L7 egress policy (Backport PR [#&#8203;32955](https://github.com/cilium/cilium/issues/32955), Upstream PR [#&#8203;32906](https://github.com/cilium/cilium/issues/32906), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) - Miscellaneous improvements to the clustermesh troubleshooting guide (Backport PR [#&#8203;32568](https://github.com/cilium/cilium/issues/32568), Upstream PR [#&#8203;32552](https://github.com/cilium/cilium/issues/32552), [@&#8203;giorio94](https://github.com/giorio94)) **Other Changes:** - \[v1.15] bugtool: Avoid sensitive data in envoy config dump ([#&#8203;32964](https://github.com/cilium/cilium/issues/32964), [@&#8203;sayboras](https://github.com/sayboras)) - \[v1.15] envoy: Bump envoy version to v1.28.4 ([#&#8203;32908](https://github.com/cilium/cilium/issues/32908), [@&#8203;sayboras](https://github.com/sayboras)) - Fix: LB service lookup for flow matching conntrack entry ([#&#8203;32608](https://github.com/cilium/cilium/issues/32608), [@&#8203;sypakine](https://github.com/sypakine)) - install: Update image digests for v1.15.5 ([#&#8203;32544](https://github.com/cilium/cilium/issues/32544), [@&#8203;nebril](https://github.com/nebril)) - Revert golang image version of hubble-relay ([#&#8203;32732](https://github.com/cilium/cilium/issues/32732), [@&#8203;YutaroHayakawa](https://github.com/YutaroHayakawa)) #### v1.15.6 #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.15.6@&#8203;sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def` `quay.io/cilium/cilium:stable@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.15.6@&#8203;sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029` `quay.io/cilium/clustermesh-apiserver:stable@sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.15.6@&#8203;sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b` `quay.io/cilium/docker-plugin:stable@sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.15.6@&#8203;sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c` `quay.io/cilium/hubble-relay:stable@sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.15.6@&#8203;sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f` `quay.io/cilium/operator-alibabacloud:stable@sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f` ##### operator-aws `quay.io/cilium/operator-aws:v1.15.6@&#8203;sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620` `quay.io/cilium/operator-aws:stable@sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620` ##### operator-azure `quay.io/cilium/operator-azure:v1.15.6@&#8203;sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170` `quay.io/cilium/operator-azure:stable@sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170` ##### operator-generic `quay.io/cilium/operator-generic:v1.15.6@&#8203;sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d` `quay.io/cilium/operator-generic:stable@sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d` ##### operator `quay.io/cilium/operator:v1.15.6@&#8203;sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875` `quay.io/cilium/operator:stable@sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875` </details> <details> <summary>metallb/metallb (metallb)</summary> ### [`v0.14.7`](https://github.com/metallb/metallb/releases/tag/v0.14.7): v0.0.17 [Compare Source](https://github.com/metallb/metallb/compare/v0.14.6...v0.14.7) See the release notes for the details https://metallb.universe.tf/release-notes/#version-0-14-7 ### [`v0.14.6`](https://github.com/metallb/metallb/releases/tag/v0.14.6): v0.0.16 [Compare Source](https://github.com/metallb/metallb/compare/v0.14.5...v0.14.6) See the release notes for the details https://metallb.universe.tf/release-notes/#version-0-14-6 </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 👻 **Immortal**: This PR will be recreated if closed unmerged. Get [config help](https://github.com/renovatebot/renovate/discussions) if that's undesired. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MDYuMiIsInVwZGF0ZWRJblZlciI6IjM3LjQwNi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->
renovate added the
renovate
 label 2024-07-12 03:08:32 +00:00
renovate force-pushed renovate/kubezero-network-kubezero-network-dependencies from 30121e201b to bba4fb4ab7 2024-07-17 03:14:55 +00:00 Compare
renovate changed title from chore(deps): update helm release cilium to v1.15.7 to chore(deps): update kubezero-network-dependencies 2024-07-17 03:15:19 +00:00
stefan merged commit 27757230d8 into main 2024-07-18 13:43:24 +00:00
stefan deleted branch renovate/kubezero-network-kubezero-network-dependencies 2024-07-18 13:43:26 +00:00
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels
  
renovate

Dependency via Renovate

No Label
renovate
Milestone
Clear milestone
No items
No Milestone
Assignees
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: ZeroDownTime/kubezero#332
No description provided.
Delete Branch "renovate/kubezero-network-kubezero-network-dependencies"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?