search

MathiasPius / kronform

Public configuration for Kubernetes cluster hosted with Hetzner.
https://datavirke.dk/posts/bare-metal-kubernetes-part-1-talos-on-hetzner/
MIT License
81 stars 10 forks source link

Update Helm release cilium to <1.15.7 #54

Closed MathiasPius closed 4 months ago

MathiasPius commented 4 months ago

This PR contains the following updates:

Package Update Change
cilium (source) patch <1.15.6 -> <1.15.7

Release Notes

cilium/cilium (cilium) ### [`v1.15.6`](https://togithub.com/cilium/cilium/releases/tag/v1.15.6): 1.15.6 [Compare Source](https://togithub.com/cilium/cilium/compare/1.15.5...1.15.6) We are pleased to release Cilium v1.15.6 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! :heart: ## Summary of Changes **Minor Changes:** - \[v1.15] fqdn: Forward-compatibility with Cilium 1.16 FQDN identities ([#​32872](https://togithub.com/cilium/cilium/issues/32872), [@​gandro](https://togithub.com/gandro)) - Generate SBOMs using Syft instead of bom (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32307](https://togithub.com/cilium/cilium/issues/32307), [@​ferozsalam](https://togithub.com/ferozsalam)) - Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR [#​32748](https://togithub.com/cilium/cilium/issues/32748), Upstream PR [#​32577](https://togithub.com/cilium/cilium/issues/32577), [@​marseel](https://togithub.com/marseel)) - Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR [#​32568](https://togithub.com/cilium/cilium/issues/32568), Upstream PR [#​32336](https://togithub.com/cilium/cilium/issues/32336), [@​giorio94](https://togithub.com/giorio94)) - ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR [#​32882](https://togithub.com/cilium/cilium/issues/32882), Upstream PR [#​32588](https://togithub.com/cilium/cilium/issues/32588), [@​marseel](https://togithub.com/marseel)) - KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (Backport PR [#​32568](https://togithub.com/cilium/cilium/issues/32568), Upstream PR [#​32156](https://togithub.com/cilium/cilium/issues/32156), [@​giorio94](https://togithub.com/giorio94)) **Bugfixes:** - .github/workflows: fix digests file creation (Backport PR [#​32889](https://togithub.com/cilium/cilium/issues/32889), Upstream PR [#​32860](https://togithub.com/cilium/cilium/issues/32860), [@​aanm](https://togithub.com/aanm)) - \[v1.15] iptables: Do not install NOTRACK rules if IPv4NativeRoutingCIDR is nil ([#​32649](https://togithub.com/cilium/cilium/issues/32649), [@​pippolo84](https://togithub.com/pippolo84)) - Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (Backport PR [#​32500](https://togithub.com/cilium/cilium/issues/32500), Upstream PR [#​32117](https://togithub.com/cilium/cilium/issues/32117), [@​giorio94](https://togithub.com/giorio94)) - bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32536](https://togithub.com/cilium/cilium/issues/32536), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (Backport PR [#​32889](https://togithub.com/cilium/cilium/issues/32889), Upstream PR [#​32694](https://togithub.com/cilium/cilium/issues/32694), [@​dswaffordcw](https://togithub.com/dswaffordcw)) - cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​32725](https://togithub.com/cilium/cilium/issues/32725), [@​gandro](https://togithub.com/gandro)) - egressgw: Let the EGW manager relax rp_filter on egress device (Backport PR [#​32778](https://togithub.com/cilium/cilium/issues/32778), Upstream PR [#​32679](https://togithub.com/cilium/cilium/issues/32679), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​31671](https://togithub.com/cilium/cilium/issues/31671), [@​foyerunix](https://togithub.com/foyerunix)) - Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32506](https://togithub.com/cilium/cilium/issues/32506), [@​joamaki](https://togithub.com/joamaki)) - Fix PromQL query in Cilium Metrics dashboard (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32017](https://togithub.com/cilium/cilium/issues/32017), [@​mikemykhaylov](https://togithub.com/mikemykhaylov)) - Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32513](https://togithub.com/cilium/cilium/issues/32513), [@​giorio94](https://togithub.com/giorio94)) - Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32548](https://togithub.com/cilium/cilium/issues/32548), [@​squeed](https://togithub.com/squeed)) - Fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. (Backport PR [#​32932](https://togithub.com/cilium/cilium/issues/32932), Upstream PR [#​32683](https://togithub.com/cilium/cilium/issues/32683), [@​jschwinger233](https://togithub.com/jschwinger233)) - ingress: Set the default value for max_stream_timeout (Backport PR [#​32889](https://togithub.com/cilium/cilium/issues/32889), Upstream PR [#​31514](https://togithub.com/cilium/cilium/issues/31514), [@​tskinn](https://togithub.com/tskinn)) - Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (Backport PR [#​32802](https://togithub.com/cilium/cilium/issues/32802), Upstream PR [#​32671](https://togithub.com/cilium/cilium/issues/32671), [@​giorio94](https://togithub.com/giorio94)) - ipsec: Safely delete Xfrm state (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32450](https://togithub.com/cilium/cilium/issues/32450), [@​jschwinger233](https://togithub.com/jschwinger233)) - proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR [#​32481](https://togithub.com/cilium/cilium/issues/32481), Upstream PR [#​32367](https://togithub.com/cilium/cilium/issues/32367), [@​sayboras](https://togithub.com/sayboras)) - Remove deprecated `hubble.ui.securityContext.enabled` from hubble-ui deployment template (Backport PR [#​32889](https://togithub.com/cilium/cilium/issues/32889), Upstream PR [#​32338](https://togithub.com/cilium/cilium/issues/32338), [@​stelucz](https://togithub.com/stelucz)) **CI Changes:** - CI: Add job name validation (Backport PR [#​32500](https://togithub.com/cilium/cilium/issues/32500), Upstream PR [#​32462](https://togithub.com/cilium/cilium/issues/32462), [@​brlbil](https://togithub.com/brlbil)) - ci: Filter supported versions of EKS (Backport PR [#​32889](https://togithub.com/cilium/cilium/issues/32889), Upstream PR [#​32304](https://togithub.com/cilium/cilium/issues/32304), [@​marseel](https://togithub.com/marseel)) - ci: Filter supported versions of GKE (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32302](https://togithub.com/cilium/cilium/issues/32302), [@​marseel](https://togithub.com/marseel)) - ci: l4lb: gather more infos about docker-in-docker issues (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32570](https://togithub.com/cilium/cilium/issues/32570), [@​mhofstetter](https://togithub.com/mhofstetter)) - ci: l4lb: restart docker-in-docker container on failure (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32600](https://togithub.com/cilium/cilium/issues/32600), [@​mhofstetter](https://togithub.com/mhofstetter)) - eks: Don't use spot instances (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32553](https://togithub.com/cilium/cilium/issues/32553), [@​michi-covalent](https://togithub.com/michi-covalent)) - GCP OIDC instead of SA creds. (Backport PR [#​32707](https://togithub.com/cilium/cilium/issues/32707), Upstream PR [#​30809](https://togithub.com/cilium/cilium/issues/30809), [@​viktor-kurchenko](https://togithub.com/viktor-kurchenko)) - gha: cover TLS auth mode in clustermesh upgrade/downgrade tests (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​32684](https://togithub.com/cilium/cilium/issues/32684), [@​giorio94](https://togithub.com/giorio94)) - gha: test certificate generation methods in conformance clustermesh (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​32654](https://togithub.com/cilium/cilium/issues/32654), [@​giorio94](https://togithub.com/giorio94)) - Modify GitHub Actions Workflows to echo the inputs they are given when triggered by a `workflow_dispatch` event. (Backport PR [#​32500](https://togithub.com/cilium/cilium/issues/32500), Upstream PR [#​31424](https://togithub.com/cilium/cilium/issues/31424), [@​learnitall](https://togithub.com/learnitall)) - Use GH_RUNNER_EXTRA_POWER for CI image workflow (Backport PR [#​32500](https://togithub.com/cilium/cilium/issues/32500), Upstream PR [#​32402](https://togithub.com/cilium/cilium/issues/32402), [@​michi-covalent](https://togithub.com/michi-covalent)) - workflows: ignore "No egress gateway found" drops (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32564](https://togithub.com/cilium/cilium/issues/32564), [@​jibi](https://togithub.com/jibi)) - workflows: Remove stale CodeQL workflow (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32084](https://togithub.com/cilium/cilium/issues/32084), [@​pchaigno](https://togithub.com/pchaigno)) **Misc Changes:** - (v1.15) Bump go-jose ([#​32869](https://togithub.com/cilium/cilium/issues/32869), [@​ferozsalam](https://togithub.com/ferozsalam)) - (v1.15) Bump golang.org/x/net ([#​32793](https://togithub.com/cilium/cilium/issues/32793), [@​ferozsalam](https://togithub.com/ferozsalam)) - background-sync: fix bootstrap issue and edge-case with 1 node (Backport PR [#​32748](https://togithub.com/cilium/cilium/issues/32748), Upstream PR [#​32630](https://togithub.com/cilium/cilium/issues/32630), [@​marseel](https://togithub.com/marseel)) - bpf: add ext_err for more callers of tail_call_internal() (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​30023](https://togithub.com/cilium/cilium/issues/30023), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: add improved helper for program-internal tail-call (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​30001](https://togithub.com/cilium/cilium/issues/30001), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: add multicast in MAX_OVERLAY_OPTIONS (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​32129](https://togithub.com/cilium/cilium/issues/32129), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - bpf: convert ep_tail_call() to tail_call_internal() (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​30288](https://togithub.com/cilium/cilium/issues/30288), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: egw: delay SNAT for local client to actual egress interface (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​32428](https://togithub.com/cilium/cilium/issues/32428), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: hide dynamic/static variant for policy tail-call (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​32299](https://togithub.com/cilium/cilium/issues/32299), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: minor tail-call cleanups (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​31990](https://togithub.com/cilium/cilium/issues/31990), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bump cni plugins to v1.5.0 (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32629](https://togithub.com/cilium/cilium/issues/32629), [@​antonipp](https://togithub.com/antonipp)) - Bump timeout of lint-build-commits.yaml (Backport PR [#​32789](https://togithub.com/cilium/cilium/issues/32789), Upstream PR [#​32746](https://togithub.com/cilium/cilium/issues/32746), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - chore(deps): update all github action dependencies (v1.15) ([#​32493](https://togithub.com/cilium/cilium/issues/32493), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​32632](https://togithub.com/cilium/cilium/issues/32632), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​32719](https://togithub.com/cilium/cilium/issues/32719), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​32841](https://togithub.com/cilium/cilium/issues/32841), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​32923](https://togithub.com/cilium/cilium/issues/32923), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) (patch) ([#​32633](https://togithub.com/cilium/cilium/issues/32633), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update cilium/cilium-cli action to v0.16.7 (v1.15) ([#​32395](https://togithub.com/cilium/cilium/issues/32395), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update cilium/little-vm-helper action to v0.0.18 (v1.15) ([#​32580](https://togithub.com/cilium/cilium/issues/32580), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.8 (v1.15) ([#​32780](https://togithub.com/cilium/cilium/issues/32780), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.9 (v1.15) ([#​32835](https://togithub.com/cilium/cilium/issues/32835), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/hubble to v0.13.4 (v1.15) ([#​32519](https://togithub.com/cilium/cilium/issues/32519), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/hubble to v0.13.5 (v1.15) ([#​32948](https://togithub.com/cilium/cilium/issues/32948), [@​cilium-renovate](https://togithub.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/ubuntu:22.04 docker digest to [`19478ce`](https://togithub.com/cilium/cilium/commit/19478ce) (v1.15) ([#​32922](https://togithub.com/cilium/cilium/issues/32922), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.14 (v1.15) ([#​32838](https://togithub.com/cilium/cilium/issues/32838), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update go (v1.15) ([#​32623](https://togithub.com/cilium/cilium/issues/32623), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update go to v1.21.11 (v1.15) ([#​32894](https://togithub.com/cilium/cilium/issues/32894), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update quay.io/cilium/hubble docker tag to v0.13.4 (v1.15) ([#​32634](https://togithub.com/cilium/cilium/issues/32634), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#​32635](https://togithub.com/cilium/cilium/issues/32635), [@​renovate](https://togithub.com/renovate)\[bot]) - contrib: Remove CHARTS_PATH dependency (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32328](https://togithub.com/cilium/cilium/issues/32328), [@​joestringer](https://togithub.com/joestringer)) - datapath: report distinct drop reason for missed endpoint policy tailcall (Backport PR [#​32332](https://togithub.com/cilium/cilium/issues/32332), Upstream PR [#​32151](https://togithub.com/cilium/cilium/issues/32151), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - docs: Add example for kube-apiserver entity policy (Backport PR [#​32500](https://togithub.com/cilium/cilium/issues/32500), Upstream PR [#​32278](https://togithub.com/cilium/cilium/issues/32278), [@​joestringer](https://togithub.com/joestringer)) - Docs: add note about AKS kube-apiserver entity (Backport PR [#​32691](https://togithub.com/cilium/cilium/issues/32691), Upstream PR [#​32464](https://togithub.com/cilium/cilium/issues/32464), [@​darox](https://togithub.com/darox)) - docs: ipsec: remove limitation for native-routing with L7 egress policy (Backport PR [#​32955](https://togithub.com/cilium/cilium/issues/32955), Upstream PR [#​32906](https://togithub.com/cilium/cilium/issues/32906), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Miscellaneous improvements to the clustermesh troubleshooting guide (Backport PR [#​32568](https://togithub.com/cilium/cilium/issues/32568), Upstream PR [#​32552](https://togithub.com/cilium/cilium/issues/32552), [@​giorio94](https://togithub.com/giorio94)) **Other Changes:** - \[v1.15] bugtool: Avoid sensitive data in envoy config dump ([#​32964](https://togithub.com/cilium/cilium/issues/32964), [@​sayboras](https://togithub.com/sayboras)) - \[v1.15] envoy: Bump envoy version to v1.28.4 ([#​32908](https://togithub.com/cilium/cilium/issues/32908), [@​sayboras](https://togithub.com/sayboras)) - Fix: LB service lookup for flow matching conntrack entry ([#​32608](https://togithub.com/cilium/cilium/issues/32608), [@​sypakine](https://togithub.com/sypakine)) - install: Update image digests for v1.15.5 ([#​32544](https://togithub.com/cilium/cilium/issues/32544), [@​nebril](https://togithub.com/nebril)) - Revert golang image version of hubble-relay ([#​32732](https://togithub.com/cilium/cilium/issues/32732), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) #### v1.15.6 #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.15.6@​sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def` `quay.io/cilium/cilium:stable@sha256:6aa840986a3a9722cd967ef63248d675a87add7e1704740902d5d3162f0c0def` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.15.6@​sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029` `quay.io/cilium/clustermesh-apiserver:stable@sha256:6365c2fe8a038fc7adcdeb7ffb8d7a8a2cd3ee524687f35fff9df76fafeeb029` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.15.6@​sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b` `quay.io/cilium/docker-plugin:stable@sha256:5615f007989bdf878291417b571f753948200087f2dd483a594693e320520b5b` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.15.6@​sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c` `quay.io/cilium/hubble-relay:stable@sha256:a0863dd70d081b273b87b9b7ce7e2d3f99171c2f5e202cd57bc6691e51283e0c` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.15.6@​sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f` `quay.io/cilium/operator-alibabacloud:stable@sha256:7e1664bd18645b38fd41dc1c2decd334abeefe63d4d69bfbc65765806eb4a31f` ##### operator-aws `quay.io/cilium/operator-aws:v1.15.6@​sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620` `quay.io/cilium/operator-aws:stable@sha256:9656d44ee69817d156cc7d3797f92de2e534dfb991610c79c00e097b4dedd620` ##### operator-azure `quay.io/cilium/operator-azure:v1.15.6@​sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170` `quay.io/cilium/operator-azure:stable@sha256:386456c055c5d1380daf966d565fcafaed68467a4fe692679530764e3b56f170` ##### operator-generic `quay.io/cilium/operator-generic:v1.15.6@​sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d` `quay.io/cilium/operator-generic:stable@sha256:5789f0935eef96ad571e4f5565a8800d3a8fbb05265cf6909300cd82fd513c3d` ##### operator `quay.io/cilium/operator:v1.15.6@​sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875` `quay.io/cilium/operator:stable@sha256:f3ebc5eac9c0b37aabdf120e120a704ccd77d8c34191adec120e9ee021b8a875`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

This PR has been generated by Renovate Bot.