ModestTG / heliod-cluster

Test Cluster
MIT License
0 stars 0 forks source link

feat(helm): update chart cilium to 1.14.0 #101

Closed renovate[bot] closed 1 year ago

renovate[bot] commented 1 year ago

Mend Renovate

This PR contains the following updates:

Package Update Change
cilium (source) minor 1.13.4 -> 1.14.0

Release Notes

cilium/cilium (cilium) ### [`v1.14.0`](https://togithub.com/cilium/cilium/releases/tag/v1.14.0): 1.14.0 [Compare Source](https://togithub.com/cilium/cilium/compare/1.13.5...1.14.0) ### Changelog The Cilium core team are excited to announce the Cilium 1.14 release. :tada: ## :warning: Warning - IPsec :warning: **Do NOT upgrade to this release if you are using IPsec.** ## Summary of Changes **Major Changes:** - Add mtls-spiffe as auth mode in the CiliumNetworkPolicy ([#​24263](https://togithub.com/cilium/cilium/issues/24263), [@​meyskens](https://togithub.com/meyskens)) - Add support for Kubernetes v1.27 ([#​24837](https://togithub.com/cilium/cilium/issues/24837), [@​tklauser](https://togithub.com/tklauser)) - Add support for Kubernetes v1.27 ([#​25602](https://togithub.com/cilium/cilium/issues/25602), [@​nathanjsweet](https://togithub.com/nathanjsweet)) - Add support for references to CiliumCIDRGroup inside FromCIDRSet for ingress rules in CNPs ([#​24638](https://togithub.com/cilium/cilium/issues/24638), [@​pippolo84](https://togithub.com/pippolo84)) - Add TLSRoute support to GatewayAPI ([#​25106](https://togithub.com/cilium/cilium/issues/25106), [@​meyskens](https://togithub.com/meyskens)) - Add WireGuard host2host and LB encryption ([#​19401](https://togithub.com/cilium/cilium/issues/19401), [@​brb](https://togithub.com/brb)) - Added L2 announcement feature ([#​25471](https://togithub.com/cilium/cilium/issues/25471), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - cilium: fib lookup consolidation ([#​23884](https://togithub.com/cilium/cilium/issues/23884), [@​borkmann](https://togithub.com/borkmann)) - cilium: IPv4 BIG TCP support ([#​26172](https://togithub.com/cilium/cilium/issues/26172), [@​borkmann](https://togithub.com/borkmann)) - Implement BPF-based masquerading for IPv6 ([#​23165](https://togithub.com/cilium/cilium/issues/23165), [@​qmonnet](https://togithub.com/qmonnet)) - Introduce kvstoremesh, a clustermesh-apiserver companion component allowing to cache remote cluster information in the local kvstore for increased scalability and separation. ([#​26083](https://togithub.com/cilium/cilium/issues/26083), [@​giorio94](https://togithub.com/giorio94)) - Module Health: Add Health Provider/Reporter ([#​25662](https://togithub.com/cilium/cilium/issues/25662), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - New high-scale ipcache mode to support clustermeshes with millions of pods. ([#​25148](https://togithub.com/cilium/cilium/issues/25148), [@​pchaigno](https://togithub.com/pchaigno)) - Support DSR with Geneve dispatch in CNI mode ([#​23890](https://togithub.com/cilium/cilium/issues/23890), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - Support for deploying Cilium L7 Proxy (Envoy) independently as a separate DaemonSet for availability, performance, and security benefits. ([#​25081](https://togithub.com/cilium/cilium/issues/25081), [@​mhofstetter](https://togithub.com/mhofstetter)) - The Cilium operator now taints nodes where Cilium is scheduled to run but is not running. This prevents pods from being scheduled on nodes without Cilium. The CNI configuration file is no longer removed on agent shutdown. This means that pod deletion will always succeed; previously it would fail if Cilium was down for an upgrade. This should help prevent nodes accidentally entering an unmanageable state. It also means that nodes are not removed from cloud LoadBalancer backends during Cilium upgrades. ([#​23486](https://togithub.com/cilium/cilium/issues/23486), [@​squeed](https://togithub.com/squeed)) **Minor Changes:** - 1. Add a new set of flags for CES work queue limit and burst rates, `CESWriteQPSLimit` to `and`CESWriteQPSBurst\`. The processed work queue items always trigger a single CES create, update or write request to the kube-apiserver. The work queue rate limiting effectively limits the rate of writes to the kube-apiserver for CES api objects. 2. Set the default `CESWriteQPSLimit` to `10` and `CESWriteQPSBurst` to `20`. 3. Set the maximums for qps `50` and burst `100`. These values cannot be exceeded regardless of any configuration. 4. Unhide `CESMaxCEPsInCES` and `CESSlicingMode` flags from appearing in logs when `CES` is enabled. ([#​24675](https://togithub.com/cilium/cilium/issues/24675), [@​dlapcevic](https://togithub.com/dlapcevic)) - \[SNAT] add "need to frag" ICMP support ([#​18414](https://togithub.com/cilium/cilium/issues/18414), [@​sahid](https://togithub.com/sahid)) - Add `--hubble-monitor-events` flag, to control the event types that get to the hubble subsystem. ([#​24828](https://togithub.com/cilium/cilium/issues/24828), [@​epk](https://togithub.com/epk)) - Add a mechanism for the SPIRE server to signal rotated certificates for re-authenticating connections ([#​24300](https://togithub.com/cilium/cilium/issues/24300), [@​meyskens](https://togithub.com/meyskens)) - Add a SPIRE delegate API client to receive SPIFFE certificates for mTLS ([#​23968](https://togithub.com/cilium/cilium/issues/23968), [@​meyskens](https://togithub.com/meyskens)) - Add flag to administratively enable APIs on bootstrap ([#​25009](https://togithub.com/cilium/cilium/issues/25009), [@​joestringer](https://togithub.com/joestringer)) - Add flag to configure the size of the egress gateway policy map ([#​23019](https://togithub.com/cilium/cilium/issues/23019), [@​cyclinder](https://togithub.com/cyclinder)) - Add hubble_lost_events_total metric for the number of events lost by Hubble. ([#​22865](https://togithub.com/cilium/cilium/issues/22865), [@​lambdanis](https://togithub.com/lambdanis)) - add native tunnel encapsulation support for the XDP Loadbalancer ([#​24422](https://togithub.com/cilium/cilium/issues/24422), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Add network policy auth method "always-fail" ([#​24609](https://togithub.com/cilium/cilium/issues/24609), [@​meyskens](https://togithub.com/meyskens)) - Add new logging format option, 'json-ts', for JSON formatted logs with timestamps ([#​24307](https://togithub.com/cilium/cilium/issues/24307), [@​learnitall](https://togithub.com/learnitall)) - Add option to remove query from HTTP flows ([#​25746](https://togithub.com/cilium/cilium/issues/25746), [@​ChrsMark](https://togithub.com/ChrsMark)) - Add pod-asymmetric context labeling that either uses pod or pod-short based on traffic direction. ([#​22731](https://togithub.com/cilium/cilium/issues/22731), [@​marqc](https://togithub.com/marqc)) - Add Prometheus metrics support to clustermesh-apiserver ([#​25316](https://togithub.com/cilium/cilium/issues/25316), [@​giorio94](https://togithub.com/giorio94)) - Add support for allocating PodCIDRs from multiple IPAM pools ([#​22762](https://togithub.com/cilium/cilium/issues/22762), [@​gandro](https://togithub.com/gandro)) - Add support for BGP graceful restart configuration via CiliumBGPPeeringPolicy CRD ([#​25660](https://togithub.com/cilium/cilium/issues/25660), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - Add support for eBGP-multihop configuration for CiliumBGPNeighbor in CiliumBGPPeeringPolicy CRD ([#​25708](https://togithub.com/cilium/cilium/issues/25708), [@​rastislavs](https://togithub.com/rastislavs)) - Add support for Hybrid mode when using DSR with Geneve dispatch. ([#​25553](https://togithub.com/cilium/cilium/issues/25553), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Add support for load-balancing encapsulated requests in a configuration with high-scale ipcache. ([#​25854](https://togithub.com/cilium/cilium/issues/25854), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Add support for load-balancing unencapsulated requests in a configuration with high-scale ipcache. ([#​25745](https://togithub.com/cilium/cilium/issues/25745), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Add support for paginated lists in etcd, and propagate config options ([#​25469](https://togithub.com/cilium/cilium/issues/25469), [@​giorio94](https://togithub.com/giorio94)) - Add support for setting BGP timer parameters in CiliumBGPNeighbor CRD ([#​25408](https://togithub.com/cilium/cilium/issues/25408), [@​rastislavs](https://togithub.com/rastislavs)) - Add support for the `ingressclass.kubernetes.io/is-default-class` annotation on Cilium's IngressClass ([#​23719](https://togithub.com/cilium/cilium/issues/23719), [@​meyskens](https://togithub.com/meyskens)) - Add tls-server-enforce-mtls flag to hubble-relay to enforce mTLS connection with clients. (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​25582](https://togithub.com/cilium/cilium/issues/25582), [@​marqc](https://togithub.com/marqc)) - Added Gratuitous ARP Pod Announcements ([#​25482](https://togithub.com/cilium/cilium/issues/25482), [@​markpash](https://togithub.com/markpash)) - Adds `peerPort` field to CiliumBGPPeeringPolicy for specifying the port of a BGP neighbor. If unspecified, port 179 is used. ([#​25809](https://togithub.com/cilium/cilium/issues/25809), [@​danehans](https://togithub.com/danehans)) - agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead ([#​26036](https://togithub.com/cilium/cilium/issues/26036), [@​brb](https://togithub.com/brb)) - alibabacloud: Support selecting subnet by IDs ([#​23131](https://togithub.com/cilium/cilium/issues/23131), [@​jaffcheng](https://togithub.com/jaffcheng)) - Align selection of IP addresses used for masquerading and NodePort SNAT with Linux kernel behavior, by preferring addresses assigned to the interface earlier and filtering out secondary addresses. ([#​22866](https://togithub.com/cilium/cilium/issues/22866), [@​akhilles](https://togithub.com/akhilles)) - Allow Cilium Operator to restart any unmanaged pods via --pod-restart-selector, rather than just kube-dns pods ([#​22911](https://togithub.com/cilium/cilium/issues/22911), [@​lvyanru8200](https://togithub.com/lvyanru8200)) - Allow devices from local route table to be used for datapath programs. ([#​24608](https://togithub.com/cilium/cilium/issues/24608), [@​oblazek](https://togithub.com/oblazek)) - Allow to use a Secret for the caBundle ([#​25728](https://togithub.com/cilium/cilium/issues/25728), [@​farcaller](https://togithub.com/farcaller)) - auth: Add spire identity registration for CiliumIdentity ([#​24471](https://togithub.com/cilium/cilium/issues/24471), [@​sayboras](https://togithub.com/sayboras)) - bgpv1: Consolidate CRD API to follow K8s API Conventions ([#​26040](https://togithub.com/cilium/cilium/issues/26040), [@​rastislavs](https://togithub.com/rastislavs)) - BGPv1: Set N-bit in graceful restart capability negotiation. ([#​26325](https://togithub.com/cilium/cilium/issues/26325), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - BPF NodePort is now enabled by default if CiliumEnvoyConfig is configured. (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​25901](https://togithub.com/cilium/cilium/issues/25901), [@​jrajahalme](https://togithub.com/jrajahalme)) - bpf, ipcache: unconditionally assume support for LPM trie maps ([#​24258](https://togithub.com/cilium/cilium/issues/24258), [@​tklauser](https://togithub.com/tklauser)) - Change cilium_host IPv6 address, use node router IPv6 instead of native node IPv6, and fixed several relative IPv6 issues. ([#​24208](https://togithub.com/cilium/cilium/issues/24208), [@​jschwinger233](https://togithub.com/jschwinger233)) - Change default helm value of authentication.mutual.spire.install.enabled to true (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26864](https://togithub.com/cilium/cilium/issues/26864), [@​meyskens](https://togithub.com/meyskens)) - Cilium by default overwrites changes to its CNI configuration file. With this change, setting cni.exclusive to false disables this behavior. This is useful when additional plugins wish to chain after Cilium, such as Istio. (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26773](https://togithub.com/cilium/cilium/issues/26773), [@​squeed](https://togithub.com/squeed)) - Cilium L7 Proxy: Envoy config dump contains Cilium network policies ([#​25028](https://togithub.com/cilium/cilium/issues/25028), [@​mhofstetter](https://togithub.com/mhofstetter)) - Cilium now supports chaining with arbitrary CNI plugins. To use, set the Helm value cni.chainingTarget. ([#​24956](https://togithub.com/cilium/cilium/issues/24956), [@​squeed](https://togithub.com/squeed)) - Cilium now waits longer before returning a failure in the event of a pod creation burst. ([#​25805](https://togithub.com/cilium/cilium/issues/25805), [@​squeed](https://togithub.com/squeed)) - cilium/cmd: Remove deprecated policy_trace command ([#​23550](https://togithub.com/cilium/cilium/issues/23550), [@​sayboras](https://togithub.com/sayboras)) - clustermesh-apiserver: expose information about completion of initial synchronization through etcd ([#​25388](https://togithub.com/cilium/cilium/issues/25388), [@​giorio94](https://togithub.com/giorio94)) - clustermesh-apiserver: expose information about completion of initial synchronization through etcd ([#​25905](https://togithub.com/cilium/cilium/issues/25905), [@​giorio94](https://togithub.com/giorio94)) - clustermesh-apiserver: rework services synchronization to improve performance ([#​25260](https://togithub.com/cilium/cilium/issues/25260), [@​giorio94](https://togithub.com/giorio94)) - clustermesh: enable per-cluster RBAC in etcd server ([#​24284](https://togithub.com/cilium/cilium/issues/24284), [@​giorio94](https://togithub.com/giorio94)) - cmd/cleanup: add socketlb program cleanup ([#​25136](https://togithub.com/cilium/cilium/issues/25136), [@​rgo3](https://togithub.com/rgo3)) - cmd/service: unify service list/get output ([#​24136](https://togithub.com/cilium/cilium/issues/24136), [@​oblazek](https://togithub.com/oblazek)) - cmd: Add NodeEncryption status to the cilium status command ([#​24399](https://togithub.com/cilium/cilium/issues/24399), [@​romanspb80](https://togithub.com/romanspb80)) - daemon: remove deprecated force-local-policy-eval-at-source option ([#​24727](https://togithub.com/cilium/cilium/issues/24727), [@​tklauser](https://togithub.com/tklauser)) - Deprecate `--tunnel` in favor of `--routing-mode` and `--tunnel-protocol`. ([#​24561](https://togithub.com/cilium/cilium/issues/24561), [@​pchaigno](https://togithub.com/pchaigno)) - Deprecate CNP Node status updates. ([#​24464](https://togithub.com/cilium/cilium/issues/24464), [@​marseel](https://togithub.com/marseel)) - Disable by default CNP Node Status GC in cilium-operator. ([#​24390](https://togithub.com/cilium/cilium/issues/24390), [@​marseel](https://togithub.com/marseel)) - DNS Proxy binds to loopback interfaces only ([#​25309](https://togithub.com/cilium/cilium/issues/25309), [@​mhofstetter](https://togithub.com/mhofstetter)) - dns proxy: Only reuse DNS proxy port when it's free ([#​25466](https://togithub.com/cilium/cilium/issues/25466), [@​anfernee](https://togithub.com/anfernee)) - dns: Set --tofqdns-min-ttl to zero by default ([#​21439](https://togithub.com/cilium/cilium/issues/21439), [@​michi-covalent](https://togithub.com/michi-covalent)) - egressgw: add support for excludedCIDRs ([#​23448](https://togithub.com/cilium/cilium/issues/23448), [@​jibi](https://togithub.com/jibi)) - Enable configuration of the source IP verification per endpoint ([#​23985](https://togithub.com/cilium/cilium/issues/23985), [@​pchaigno](https://togithub.com/pchaigno)) - Enable endpoint routes + veth fast redirect support ([#​22006](https://togithub.com/cilium/cilium/issues/22006), [@​aspsk](https://togithub.com/aspsk)) - Enable update-ec2-adapter-limit-via-api by default ([#​24564](https://togithub.com/cilium/cilium/issues/24564), [@​christarazi](https://togithub.com/christarazi)) - Enabled cilium_bpf_map_pressure metric by default ([#​24721](https://togithub.com/cilium/cilium/issues/24721), [@​vishal-chdhry](https://togithub.com/vishal-chdhry)) - endpoint: omit pre-1.11 compatibility restoration symlink ([#​24730](https://togithub.com/cilium/cilium/issues/24730), [@​tklauser](https://togithub.com/tklauser)) - envoy: Add idle timeout configuration option ([#​25214](https://togithub.com/cilium/cilium/issues/25214), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy to 1.24.2 ([#​23940](https://togithub.com/cilium/cilium/issues/23940), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy to 1.24.3 ([#​24148](https://togithub.com/cilium/cilium/issues/24148), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy to v1.25.4 ([#​24649](https://togithub.com/cilium/cilium/issues/24649), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy to v1.25.8 (Backport PR [#​26887](https://togithub.com/cilium/cilium/issues/26887), Upstream PR [#​26815](https://togithub.com/cilium/cilium/issues/26815), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy version to v1.25.5 ([#​24893](https://togithub.com/cilium/cilium/issues/24893), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy version to v1.25.6 ([#​25165](https://togithub.com/cilium/cilium/issues/25165), [@​mhofstetter](https://togithub.com/mhofstetter)) - envoy: Bump envoy version to v1.25.7 ([#​25882](https://togithub.com/cilium/cilium/issues/25882), [@​mhofstetter](https://togithub.com/mhofstetter)) - envoy: Use embedded proxylib from cilium-proxy image ([#​26101](https://togithub.com/cilium/cilium/issues/26101), [@​sayboras](https://togithub.com/sayboras)) - etcd: extend rate limiting to consider the number of inflight requests ([#​25817](https://togithub.com/cilium/cilium/issues/25817), [@​giorio94](https://togithub.com/giorio94)) - Expand agent metric Policy Import Errors to count all policy changes ([#​23349](https://togithub.com/cilium/cilium/issues/23349), [@​dlapcevic](https://togithub.com/dlapcevic)) - Expose Cilium agent go runtime scheduler latency prometheus metric `go_sched_latencies_seconds` ([#​24745](https://togithub.com/cilium/cilium/issues/24745), [@​derailed](https://togithub.com/derailed)) - Extend clustermesh status reporting with remote configuration and synchronization information (Backport PR [#​27069](https://togithub.com/cilium/cilium/issues/27069), Upstream PR [#​26788](https://togithub.com/cilium/cilium/issues/26788), [@​giorio94](https://togithub.com/giorio94)) - Extend the Helm chart to allow configuring kvstoremesh. ([#​26109](https://togithub.com/cilium/cilium/issues/26109), [@​giorio94](https://togithub.com/giorio94)) - feat: optional bpf mount ([#​24161](https://togithub.com/cilium/cilium/issues/24161), [@​frezbo](https://togithub.com/frezbo)) - Fix broken IPv6 connectivity from outside to NodePort service when L7 ingress policy applied by removing PROXY_RT route table. ([#​24882](https://togithub.com/cilium/cilium/issues/24882), [@​jschwinger233](https://togithub.com/jschwinger233)) - Fix CIDR json tag in CNP CIDRRule ([#​25617](https://togithub.com/cilium/cilium/issues/25617), [@​pippolo84](https://togithub.com/pippolo84)) - Fix docker-cilium-image target for DOCKER_FLAGS=--push ([#​23679](https://togithub.com/cilium/cilium/issues/23679), [@​pippolo84](https://togithub.com/pippolo84)) - Fix endpoint slices filtering to ensure we filter out headless services and continue to support older k8s versions where service labels are not propagated to endpoint slices (Backport PR [#​26799](https://togithub.com/cilium/cilium/issues/26799), Upstream PR [#​25351](https://togithub.com/cilium/cilium/issues/25351), [@​odinuge](https://togithub.com/odinuge)) - Fixed incorrectly rendered chart when specified both configMap and customConf ([#​25200](https://togithub.com/cilium/cilium/issues/25200), [@​marseel](https://togithub.com/marseel)) - gateway-api: Bump version to v0.6.0 ([#​22680](https://togithub.com/cilium/cilium/issues/22680), [@​sayboras](https://togithub.com/sayboras)) - helm: Add CPU panel to Hubble L7 HTTP Workload dashboard ([#​24934](https://togithub.com/cilium/cilium/issues/24934), [@​chancez](https://togithub.com/chancez)) - helm: Add SA to nodeinit ds ([#​24836](https://togithub.com/cilium/cilium/issues/24836), [@​darox](https://togithub.com/darox)) - helm: Allow node port allocation for Ingress LB service (Backport PR [#​26799](https://togithub.com/cilium/cilium/issues/26799), Upstream PR [#​26502](https://togithub.com/cilium/cilium/issues/26502), [@​sayboras](https://togithub.com/sayboras)) - helm: Bump default spire image version ([#​25444](https://togithub.com/cilium/cilium/issues/25444), [@​sayboras](https://togithub.com/sayboras)) - Helm: Clean up deprecated values ([#​24214](https://togithub.com/cilium/cilium/issues/24214), [@​qmonnet](https://togithub.com/qmonnet)) - helm: deprecate clustermesh CA configuration in favor of the global CA configuration ([#​25010](https://togithub.com/cilium/cilium/issues/25010), [@​giorio94](https://togithub.com/giorio94)) - helm: Improve spire template ([#​25589](https://togithub.com/cilium/cilium/issues/25589), [@​sayboras](https://togithub.com/sayboras)) - helm: simplify TLS configuration of clustermesh peers ([#​24222](https://togithub.com/cilium/cilium/issues/24222), [@​giorio94](https://togithub.com/giorio94)) - helm: use Helm hooks instead of Job unique name ([#​23102](https://togithub.com/cilium/cilium/issues/23102), [@​sathieu](https://togithub.com/sathieu)) - High-Scale IPcache: Chapter 3 ([#​25438](https://togithub.com/cilium/cilium/issues/25438), [@​pchaigno](https://togithub.com/pchaigno)) - hubble-relay: deprecate peer svc through local unix domain socket ([#​23407](https://togithub.com/cilium/cilium/issues/23407), [@​kaworu](https://togithub.com/kaworu)) - hubble: Add GetNamespaces to observer API ([#​25563](https://togithub.com/cilium/cilium/issues/25563), [@​chancez](https://togithub.com/chancez)) - hubble: traffic direction filter ([#​24120](https://togithub.com/cilium/cilium/issues/24120), [@​kaworu](https://togithub.com/kaworu)) - identity/cache: fix panic when re-init of cache after close. ([#​25269](https://togithub.com/cilium/cilium/issues/25269), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Improve cilium monitor output for dropped packets: display source file names instead of numerical ids ([#​24143](https://togithub.com/cilium/cilium/issues/24143), [@​aspsk](https://togithub.com/aspsk)) - Increase the default CiliumEndpointSlice sync time from 0 to 500ms ([#​23615](https://togithub.com/cilium/cilium/issues/23615), [@​dlapcevic](https://togithub.com/dlapcevic)) - ingress: Default TLS certificate for ingress ([#​26065](https://togithub.com/cilium/cilium/issues/26065), [@​sathieu](https://togithub.com/sathieu)) - install/kubernetes: make image digests for all components optional & configurable ([#​22732](https://togithub.com/cilium/cilium/issues/22732), [@​rastislavs](https://togithub.com/rastislavs)) - Integration of sample dashboards with Helm chart ([#​23794](https://togithub.com/cilium/cilium/issues/23794), [@​jcpunk](https://togithub.com/jcpunk)) - Introduce the support for specifying a CA bundle in the helm chart ([#​24862](https://togithub.com/cilium/cilium/issues/24862), [@​giorio94](https://togithub.com/giorio94)) - ipam/crd: Add new flag for configuring CiliumNode update rate ([#​23017](https://togithub.com/cilium/cilium/issues/23017), [@​jaffcheng](https://togithub.com/jaffcheng)) - ipam: Add ability to automatically create `CiliumPodIPPool` resources in multi-pool IPAM mode ([#​25991](https://togithub.com/cilium/cilium/issues/25991), [@​gandro](https://togithub.com/gandro)) - ipmasq: Add support for ip-masq-agent with IPv6 ([#​23219](https://togithub.com/cilium/cilium/issues/23219), [@​qmonnet](https://togithub.com/qmonnet)) - ipsec, option: Make the IPsec key rotation delay configurable ([#​24811](https://togithub.com/cilium/cilium/issues/24811), [@​pchaigno](https://togithub.com/pchaigno)) - Make Envoy sockets for tproxy and the xDS API and bind to localhost only ([#​24011](https://togithub.com/cilium/cilium/issues/24011), [@​meyskens](https://togithub.com/meyskens)) - metrics: Add k8s client rate limiter latency metric ([#​25555](https://togithub.com/cilium/cilium/issues/25555), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - metrics: support toggle bootstrap times metric via daemon config ([#​22643](https://togithub.com/cilium/cilium/issues/22643), [@​ArthurChiao](https://togithub.com/ArthurChiao)) - Modify operator metric CES errors sync to count all CES sync events ([#​23335](https://togithub.com/cilium/cilium/issues/23335), [@​dlapcevic](https://togithub.com/dlapcevic)) - mtls: SPIRE server and agent installation ([#​24765](https://togithub.com/cilium/cilium/issues/24765), [@​sayboras](https://togithub.com/sayboras)) - multi-pool: Determine IP pool based on `ipam.cilium.io/ip-pool` annotation ([#​25511](https://togithub.com/cilium/cilium/issues/25511), [@​gandro](https://togithub.com/gandro)) - mutual-auth: Avoid confusion on mTLS wording ([#​25761](https://togithub.com/cilium/cilium/issues/25761), [@​sayboras](https://togithub.com/sayboras)) - mutual-auth: Support spire k8s service dns resolution ([#​26031](https://togithub.com/cilium/cilium/issues/26031), [@​sayboras](https://togithub.com/sayboras)) - operator/ipam/metrics: Add new, more accurate, per-node available/used/needed metrics to deprecated existing ipam_ips metric. ([#​24776](https://togithub.com/cilium/cilium/issues/24776), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - operator: Fix default API server addr in metrics subcommand ([#​26132](https://togithub.com/cilium/cilium/issues/26132), [@​pippolo84](https://togithub.com/pippolo84)) - operator: proper rolling update ([#​23589](https://togithub.com/cilium/cilium/issues/23589), [@​mhofstetter](https://togithub.com/mhofstetter)) - option,helm: Add a flag to opt out from support for Kubernetes NetworkPolicy in Cilium ([#​23127](https://togithub.com/cilium/cilium/issues/23127), [@​ChengyuanLiCY](https://togithub.com/ChengyuanLiCY)) - policy: Derivative policies (policies for cloud provider-specific identities) for egress deny rules were not being generated, this has now been fixed. ([#​23927](https://togithub.com/cilium/cilium/issues/23927), [@​rockc2020](https://togithub.com/rockc2020)) - Prepare Cilium API for IPAM pools ([#​24248](https://togithub.com/cilium/cilium/issues/24248), [@​tklauser](https://togithub.com/tklauser)) - Remove sockops-enable and friends ([#​23606](https://togithub.com/cilium/cilium/issues/23606), [@​mohit-marathe](https://togithub.com/mohit-marathe)) - Rename the `sec_label` field in remote_endpoint_info structure to `sec_identity` ([#​25057](https://togithub.com/cilium/cilium/issues/25057), [@​ldelossa](https://togithub.com/ldelossa)) - Replace wait-for-it in SPIRE setup with a busybox script ([#​24959](https://togithub.com/cilium/cilium/issues/24959), [@​meyskens](https://togithub.com/meyskens)) - Report the kernel error code in case of packet drops due to failures to create conntrack map entries. ([#​24716](https://togithub.com/cilium/cilium/issues/24716), [@​gentoo-root](https://togithub.com/gentoo-root)) - Report the kernel error code in case of packet drops due to failures to create NAT map entries. ([#​25883](https://togithub.com/cilium/cilium/issues/25883), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Retire Cilium-Integrated Istio documentation ([#​25722](https://togithub.com/cilium/cilium/issues/25722), [@​networkop](https://togithub.com/networkop)) - Return better error codes from hooked syscalls, such as connect() and bind(). ([#​22965](https://togithub.com/cilium/cilium/issues/22965), [@​gentoo-root](https://togithub.com/gentoo-root)) - Revert "Revert agent/helm: Deprecate --kpr=partial|strict|disabled and use --kpr=true|false instead" ([#​26496](https://togithub.com/cilium/cilium/issues/26496), [@​brb](https://togithub.com/brb)) - Set BGP IdleHoldTimeAfterReset to 5 seconds, session reset can happen on BGP peer configuration change. ([#​26001](https://togithub.com/cilium/cilium/issues/26001), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - Significantly reduce Hubble flow traffic by transmitting only requested information ([#​23198](https://togithub.com/cilium/cilium/issues/23198), [@​AwesomePatrol](https://togithub.com/AwesomePatrol)) - spire: Add identity GC capability ([#​25867](https://togithub.com/cilium/cilium/issues/25867), [@​sayboras](https://togithub.com/sayboras)) - Support `enable-endpoint-routes` with `enable-high-scale-ipcache`. ([#​25601](https://togithub.com/cilium/cilium/issues/25601), [@​pchaigno](https://togithub.com/pchaigno)) - Support defining IPAM pools using CiliumPodIPPool CRD ([#​25824](https://togithub.com/cilium/cilium/issues/25824), [@​tklauser](https://togithub.com/tklauser)) - Support externalTrafficPolicy=local for BGP CPlane service VIP advertisement ([#​25477](https://togithub.com/cilium/cilium/issues/25477), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - Support Gateway API v0.7.0 ([#​25711](https://togithub.com/cilium/cilium/issues/25711), [@​meyskens](https://togithub.com/meyskens)) - Support GENEVE encapsulation with high-scale ipcache. ([#​25591](https://togithub.com/cilium/cilium/issues/25591), [@​pchaigno](https://togithub.com/pchaigno)) - Supports IPv4 ICMP "fragmentation needed" in egress SNAT ([#​25054](https://togithub.com/cilium/cilium/issues/25054), [@​liuyuan10](https://togithub.com/liuyuan10)) - sysdump: Added Kubernetes CNI logs to sysdump. ([#​23937](https://togithub.com/cilium/cilium/issues/23937), [@​marseel](https://togithub.com/marseel)) - The Cilium agent now manages the CNI configuration file. This will allow for faster startup times when injecting Cilium as a chained plugin, such as with aws-cni. ([#​24389](https://togithub.com/cilium/cilium/issues/24389), [@​squeed](https://togithub.com/squeed)) - The deprecated pod-short context option in Hubble metrics is now removed ([#​26125](https://togithub.com/cilium/cilium/issues/26125), [@​lambdanis](https://togithub.com/lambdanis)) **Bugfixes:** - Add drop notifications from various error paths in the BPF datapath. (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26956](https://togithub.com/cilium/cilium/issues/26956), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Add host-side interface info to cni.Result, which allows bandwidth CNI to work with Cilium (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​26518](https://togithub.com/cilium/cilium/issues/26518), [@​nayihz](https://togithub.com/nayihz)) - Added validation to ensure that enabling Ingress or Gateway API support while l7proxy is disabled will fail, as this is an incompatible configuration. ([#​25215](https://togithub.com/cilium/cilium/issues/25215), [@​youngnick](https://togithub.com/youngnick)) - auth: Switch to observing identity changes (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​26375](https://togithub.com/cilium/cilium/issues/26375), [@​mhofstetter](https://togithub.com/mhofstetter)) - bgpv1: Unconditionally select node when empty nodeSelector is given (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​26590](https://togithub.com/cilium/cilium/issues/26590), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bpf/nat: fix current behavior that is silently ignoring errors in a revSNAT context ([#​19753](https://togithub.com/cilium/cilium/issues/19753), [@​sahid](https://togithub.com/sahid)) - bpf: lb: deal with stale rev_nat_index after svc lookup in fallback path ([#​24757](https://togithub.com/cilium/cilium/issues/24757), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: nodeport: don't reset aggregate ID when revDNAT is called by bpf_lxc ([#​25929](https://togithub.com/cilium/cilium/issues/25929), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: nodeport: fix handling of stale CT entry with CT_REPLY ([#​23894](https://togithub.com/cilium/cilium/issues/23894), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: nodeport: fix up trace point in to-overlay NAT paths ([#​24886](https://togithub.com/cilium/cilium/issues/24886), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Bugfix: Invert `--hubble-monitor-events` logic to be an allowlist ([#​25167](https://togithub.com/cilium/cilium/issues/25167), [@​epk](https://togithub.com/epk)) - Bypassing policy check for IPv6 NDP to fix broken pod-to-pod connectivity when per-endpoint route is enabled with policy. ([#​24919](https://togithub.com/cilium/cilium/issues/24919), [@​jschwinger233](https://togithub.com/jschwinger233)) - CIDRGroup reference metric will not count nonexistent CIDRGroups ([#​26133](https://togithub.com/cilium/cilium/issues/26133), [@​akstron](https://togithub.com/akstron)) - client, health/client: set dummy host header on unix:// local communication (Backport PR [#​26838](https://togithub.com/cilium/cilium/issues/26838), Upstream PR [#​26800](https://togithub.com/cilium/cilium/issues/26800), [@​tklauser](https://togithub.com/tklauser)) - datapath: bigtcp: Fix the IPv4 BIG TCP may not work ([#​26336](https://togithub.com/cilium/cilium/issues/26336), [@​haiyuewa](https://togithub.com/haiyuewa)) - datapath: Do not send ICMP6 NA over cilium_wg0 ([#​23969](https://togithub.com/cilium/cilium/issues/23969), [@​brb](https://togithub.com/brb)) - datapath: Fix L7 reply to outside when endpoint routes disabled ([#​21980](https://togithub.com/cilium/cilium/issues/21980), [@​brb](https://togithub.com/brb)) - egressgw: fix race with endpoint deletion (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26901](https://togithub.com/cilium/cilium/issues/26901), [@​jibi](https://togithub.com/jibi)) - egressgw: retry getIdentityLabels on failure (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​26457](https://togithub.com/cilium/cilium/issues/26457), [@​jibi](https://togithub.com/jibi)) - Fix a bug in the Egress Gateway feature when using the --install-egress-gateway-routes option. Delete stale IP rules after a CiliumEgressGatewayPolicy is updated and selects a different egress network interface. (Backport PR [#​27069](https://togithub.com/cilium/cilium/issues/27069), Upstream PR [#​26846](https://togithub.com/cilium/cilium/issues/26846), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Fix a bug where datapath option DisableSipVerification can no longer be used. ([#​25533](https://togithub.com/cilium/cilium/issues/25533), [@​oblazek](https://togithub.com/oblazek)) - Fix broken IPv6 access to native node devices due to wrong source IPv6 of NA response. ([#​25329](https://togithub.com/cilium/cilium/issues/25329), [@​jschwinger233](https://togithub.com/jschwinger233)) - Fix bug in AlibabaCloud where instance type limits could not be determined ([#​25387](https://togithub.com/cilium/cilium/issues/25387), [@​haozhangami](https://togithub.com/haozhangami)) - Fix bug that caused transient IPsec packet drops on upgrades when tunneling is enabled. (Backport PR [#​26914](https://togithub.com/cilium/cilium/issues/26914), Upstream PR [#​26708](https://togithub.com/cilium/cilium/issues/26708), [@​pchaigno](https://togithub.com/pchaigno)) - Fix bug where bpf map entries may not be reliably dumped or garbage collected when the map is actively being updated. (Backport PR [#​26838](https://togithub.com/cilium/cilium/issues/26838), Upstream PR [#​26583](https://togithub.com/cilium/cilium/issues/26583), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Fix bug with `toServices` policy where service backend churn left stale CIDR identities ([#​25687](https://togithub.com/cilium/cilium/issues/25687), [@​christarazi](https://togithub.com/christarazi)) - Fix Cilium crash during network policy computation ([#​24322](https://togithub.com/cilium/cilium/issues/24322), [@​joestringer](https://togithub.com/joestringer)) - Fix compilation error when enabling Wireguard and XDP ([#​25734](https://togithub.com/cilium/cilium/issues/25734), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - Fix data race affecting the preferred mark in backends, e.g. backends selected by service with affinity set to local. In very rare cases a backend might be missing its preferred status and a non-local backend might be selected. ([#​25087](https://togithub.com/cilium/cilium/issues/25087), [@​joamaki](https://togithub.com/joamaki)) - Fix enable-stale-cilium-endpoint-cleanup flag not actually disabling the cleanup init set when set to false. This provides a workaround for an existing panic that can occur when running using etcd kvstore. ([#​23874](https://togithub.com/cilium/cilium/issues/23874), [@​sjdot](https://togithub.com/sjdot)) - Fix error propagation issue in clustermesh which prevented retrying on certain validation errors (Backport PR [#​26799](https://togithub.com/cilium/cilium/issues/26799), Upstream PR [#​26613](https://togithub.com/cilium/cilium/issues/26613), [@​giorio94](https://togithub.com/giorio94)) - Fix failure to load the datapath for new pods on latest kernel when (almost) all datapath features are enabled. ([#​24405](https://togithub.com/cilium/cilium/issues/24405), [@​borkmann](https://togithub.com/borkmann)) - Fix for Identities that can be deleted before CESs are reconciled ([#​25001](https://togithub.com/cilium/cilium/issues/25001), [@​dlapcevic](https://togithub.com/dlapcevic)) - Fix issue where Cilium ServiceAPI would ignore backend changes to services with backends that were used in several services and updated at least once ([#​24474](https://togithub.com/cilium/cilium/issues/24474), [@​strudelPi](https://togithub.com/strudelPi)) - Fix issues that caused SPIRE not to install properly ([#​25160](https://togithub.com/cilium/cilium/issues/25160), [@​meyskens](https://togithub.com/meyskens)) - Fix missed deletion events when reconnecting to/disconnecting from remote clusters (identities) ([#​25677](https://togithub.com/cilium/cilium/issues/25677), [@​giorio94](https://togithub.com/giorio94)) - Fix missed deletion events when reconnecting to/disconnecting from remote clusters (ipcache entries) ([#​25675](https://togithub.com/cilium/cilium/issues/25675), [@​giorio94](https://togithub.com/giorio94)) - Fix missed deletion events when reconnecting to/disconnecting from remote clusters (nodes and services) ([#​25499](https://togithub.com/cilium/cilium/issues/25499), [@​giorio94](https://togithub.com/giorio94)) - Fix missing metric "cilium_services_events_total" (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26719](https://togithub.com/cilium/cilium/issues/26719), [@​christarazi](https://togithub.com/christarazi)) - Fix operator entering broken state when it has outdated version of the CES in the cache. (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26455](https://togithub.com/cilium/cilium/issues/26455), [@​alan-kut](https://togithub.com/alan-kut)) - Fix panic due to nil-map assignment in l2announcer ([#​26315](https://togithub.com/cilium/cilium/issues/26315), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - Fix panic in hubble http v2 metrics ([#​24350](https://togithub.com/cilium/cilium/issues/24350), [@​chancez](https://togithub.com/chancez)) - Fix possible connection drops on agents restart when a service is associated with multiple endpointslices or has backends across multiple clusters (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26912](https://togithub.com/cilium/cilium/issues/26912), [@​giorio94](https://togithub.com/giorio94)) - Fix SNAT by the N/S load-balancer for fragmented IPv4 requests. (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​26550](https://togithub.com/cilium/cilium/issues/26550), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Fix some test failures for bpf_nat_test.c ([#​24534](https://togithub.com/cilium/cilium/issues/24534), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - Fixed double metric accounting for k8s events (Backport PR [#​26636](https://togithub.com/cilium/cilium/issues/26636), Upstream PR [#​26349](https://togithub.com/cilium/cilium/issues/26349), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - Fixed proxy redirect policy implementation when any deny rule prevents them. (Backport PR [#​26813](https://togithub.com/cilium/cilium/issues/26813), Upstream PR [#​26344](https://togithub.com/cilium/cilium/issues/26344), [@​jrajahalme](https://togithub.com/jrajahalme)) - Fixes an issue where SRv6 encapsulated packets are forwarded to the wrong layer 2 next hop. ([#​26136](https://togithub.com/cilium/cilium/issues/26136), [@​ldelossa](https://togithub.com/ldelossa)) - Fixes issue in BGP reconciler when multiple pod cidr withdrawals are done. ([#​25320](https://togithub.com/cilium/cilium/issues/25320), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - Handles nodeIP changes when CEPs are checkpointed to tmpfs and the nodeIP changes across a reboot. ([#​26281](https://togithub.com/cilium/cilium/issues/26281), [@​bprashanth](https://togithub.com/bprashanth)) - helm: Fix a bug caused by incorrect indentation of the extraEnv parameter for Hubble UI backend (Backport PR [#​26914](https://togithub.com/cilium/cilium/issues/26914), Upstream PR [#​26797](https://togithub.com/cilium/cilium/issues/26797), [@​toVersus](https://togithub.com/toVersus)) - Implement OnAddNode handlers for CiliumNodeUpdater and EndpointManager (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​26484](https://togithub.com/cilium/cilium/issues/26484), [@​pippolo84](https://togithub.com/pippolo84)) - ingress: Delay secret sync if not available (Backport PR [#​26995](https://togithub.com/cilium/cilium/issues/26995), Upstream PR [#​26988](https://togithub.com/cilium/cilium/issues/26988), [@​sayboras](https://togithub.com/sayboras)) - ipam/azure: fix crash due to race condition when handling new node. (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26658](https://togithub.com/cilium/cilium/issues/26658), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - iptables: Fix wrong use of podCIDR in cluster node NAT exclusion ([#​26397](https://togithub.com/cilium/cilium/issues/26397), [@​gandro](https://togithub.com/gandro)) - Keep sync on deployed proxy ports when retrying proxy redirect creation. ([#​26343](https://togithub.com/cilium/cilium/issues/26343), [@​jrajahalme](https://togithub.com/jrajahalme)) - nat: fix usage in nat.h of csum.h module ([#​25576](https://togithub.com/cilium/cilium/issues/25576), [@​sahid](https://togithub.com/sahid)) - Policy auth precedence fix (Backport PR [#​26813](https://togithub.com/cilium/cilium/issues/26813), Upstream PR [#​26331](https://togithub.com/cilium/cilium/issues/26331), [@​jrajahalme](https://togithub.com/jrajahalme)) - Removed unnecessary updates to service status by MetalLB ([#​23210](https://togithub.com/cilium/cilium/issues/23210), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - Revert "datapath: Remove 2005 route table" ([#​23346](https://togithub.com/cilium/cilium/issues/23346), [@​brb](https://togithub.com/brb)) - Solved an issue failing to forward traffic to Services if the Endpoint Slices had the same Address on different Slices ([#​24202](https://togithub.com/cilium/cilium/issues/24202), [@​aojea](https://togithub.com/aojea)) - SPIRE Server image now is the value from the Helm values file (Backport PR [#​27038](https://togithub.com/cilium/cilium/issues/27038), Upstream PR [#​26911](https://togithub.com/cilium/cilium/issues/26911), [@​meyskens](https://togithub.com/meyskens)) - Support IPv4 DSR for packets with IP options. ([#​23810](https://togithub.com/cilium/cilium/issues/23810), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Temporarily disable bpf-clock-probe to avoid causing interruptions for long-lived connections during upgrades (Backport PR [#​27033](https://togithub.com/cilium/cilium/issues/27033), Upstream PR [#​26981](https://togithub.com/cilium/cilium/issues/26981), [@​margamanterola](https://togithub.com/margamanterola)) - test/controlplane: Disable endpoint GC ([#​26383](https://togithub.com/cilium/cilium/issues/26383), [@​pippolo84](https://togithub.com/pippolo84)) - test: bigtcp: Update the BIG TCP checking message ([#​26377](https://togithub.com/cilium/cilium/issues/26377), [@​haiyuewa](https://togithub.com/haiyuewa)) - The operator now reconciles duplicate entries in a CiliumEndpointSlice on startup. ([#​24596](https://togithub.com/cilium/cilium/issues/24596), [@​alan-kut](https://togithub.com/alan-kut)) - Updates TransformXXX Functions in k8s pkg ([#​26244](https://togithub.com/cilium/cilium/issues/26244), [@​danehans](https://togithub.com/danehans)) - Validate "ownership" of hostPort service being deleted (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​22587](https://togithub.com/cilium/cilium/issues/22587), [@​yasz24](https://togithub.com/yasz24)) **CI Changes:** - .github/workflows: add JUnit tag on workflows that have JUnits ([#​25930](https://togithub.com/cilium/cilium/issues/25930), [@​aanm](https://togithub.com/aanm)) - .github/workflows: add missing GH action version annotations ([#​25369](https://togithub.com/cilium/cilium/issues/25369), [@​tklauser](https://togithub.com/tklauser)) - .github/workflows: let renovate update kind ([#​26312](https://togithub.com/cilium/cilium/issues/26312), [@​tklauser](https://togithub.com/tklauser)) - .github/workflows: let renovate update kind in ingress workflow ([#​26390](https://togithub.com/cilium/cilium/issues/26390), [@​tklauser](https://togithub.com/tklauser)) - .github/workflows: re-enable coverage in BPF tests ([#​23291](https://togithub.com/cilium/cilium/issues/23291), [@​tklauser](https://togithub.com/tklauser)) - .github/workflows: run datapath complexity tests directly in VM ([#​24117](https://togithub.com/cilium/cilium/issues/24117), [@​tklauser](https://togithub.com/tklauser)) - .github/workflows: use Helm mode cilium-cli in K8sUpstreamNetConformance (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​26692](https://togithub.com/cilium/cilium/issues/26692), [@​tklauser](https://togithub.com/tklauser)) - .github: add 'name' field for the conformance-e2e job (Backport PR [#​26838](https://togithub.com/cilium/cilium/issues/26838), Upstream PR [#​26791](https://togithub.com/cilium/cilium/issues/26791), [@​aanm](https://togithub.com/aanm)) - .github: add cilium sysdump to test artifacts ([#​26143](https://togithub.com/cilium/cilium/issues/26143), [@​aanm](https://togithub.com/aanm)) - .github: add missing job to check for code changes ([#​25926](https://togithub.com/cilium/cilium/issues/25926), [@​aanm](https://togithub.com/aanm)) - .github: Clean up RBAC artifacts for v1.13 CI ([#​22823](https://togithub.com/cilium/cilium/issues/22823), [@​joestringer](https://togithub.com/joestringer)) - .github: Fail if print-chart-version.sh fails or does not exist ([#​26086](https://togithub.com/cilium/cilium/issues/26086), [@​chancez](https://togithub.com/chancez)) - .github: Fix chart push on forks ([#​25274](https://togithub.com/cilium/cilium/issues/25274), [@​chancez](https://togithub.com/chancez)) - .github: Pin docker buildx version to v0.9.1 ([#​23206](https://togithub.com/cilium/cilium/issues/23206), [@​joestringer](https://togithub.com/joestringer)) - .github: Rename failure step in actions ([#​24437](https://togithub.com/cilium/cilium/issues/24437), [@​joestringer](https://togithub.com/joestringer)) - .github: run scruffy for cilium/cilium only ([#​25772](https://togithub.com/cilium/cilium/issues/25772), [@​aanm](https://togithub.com/aanm)) - .github: simplify conformance-runtime workflow ([#​25955](https://togithub.com/cilium/cilium/issues/25955), [@​aanm](https://togithub.com/aanm)) - \[UT]improve network_policy_test.go for apiversion ([#​22591](https://togithub.com/cilium/cilium/issues/22591), [@​my-git9](https://togithub.com/my-git9)) - Add 1.13 conformance test ([#​24033](https://togithub.com/cilium/cilium/issues/24033), [@​aanm](https://togithub.com/aanm)) - Add BPF unit tests for IPsec ([#​25699](https://togithub.com/cilium/cilium/issues/25699), [@​jschwinger233](https://togithub.com/jschwinger233)) - Add checker to verify if comments from ginkgo GH workflows are in sync ([#​25971](https://togithub.com/cilium/cilium/issues/25971), [@​aanm](https://togithub.com/aanm)) - Add container image scanning to Cilium images. ([#​26489](https://togithub.com/cilium/cilium/issues/26489), [@​ferozsalam](https://togithub.com/ferozsalam)) - Add improvements in Conformance Runtime ([#​25797](https://togithub.com/cilium/cilium/issues/25797), [@​aanm](https://togithub.com/aanm)) - Add initial fuzz coverage of linux node handler. ([#​22577](https://togithub.com/cilium/cilium/issues/22577), [@​AdamKorcz](https://togithub.com/AdamKorcz)) - Add schema validation for configuration-matrix files ([#​26081](https://togithub.com/cilium/cilium/issues/26081), [@​aanm](https://togithub.com/aanm)) - Always use the 8.8.8.8 DNS resolver in kind ([#​24713](https://togithub.com/cilium/cilium/issues/24713), [@​aspsk](https://togithub.com/aspsk)) - ariane: don't skip verifier and l4lb tests on vendor/ changes (Backport PR [#​26734](https://togithub.com/cilium/cilium/issues/26734), Upstream PR [#​26715](https://togithub.com/cilium/cilium/issues/26715), [@​tklauser](https://togithub.com/tklauser)) - bgp,test: Properly wait for FRR container to be ready ([#​25777](https://togithub.com/cilium/cilium/issues/25777), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bgpv1: Avoid ports from common ip_local_port_range in unit tests ([#​26174](https://togithub.com/cilium/cilium/issues/26174), [@​rastislavs](https://togithub.com/rastislavs)) - bgpv1: Exercise HoldTime in Test_NeighborAddDel ([#​25760](https://togithub.com/cilium/cilium/issues/25760), [@​rastislavs](https://togithub.com/rastislavs)) - bgpv1: Extend the timeout for the Test_NeighborAddDel test ([#​25970](https://togithub.com/cilium/cilium/issues/25970), [@​rastislavs](https://togithub.com/rastislavs)) - bgpv1: Retry peer checks in NeighborAddDel test to avoid flakes ([#​25641](https://togithub.com/cilium/cilium/issues/25641), [@​rastislavs](https://togithub.com/rastislavs)) - bpf unit tests: Run tests on changes to pks/bpf/\*\* ([#​25911](https://togithub.com/cilium/cilium/issues/25911), [@​qmonnet](https://togithub.com/qmonnet)) - bpf,test: Add an option to disable coverage report per file ([#​24338](https://togithub.com/cilium/cilium/issues/24338), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bpf/test: Get rid of 4.9 leftovers ([#​23399](https://togithub.com/cilium/cilium/issues/23399), [@​brb](https://togithub.com/brb)) - bpf: Cover high-scale IPcache in complexity tests ([#​25592](https://togithub.com/cilium/cilium/issues/25592), [@​pchaigno](https://togithub.com/pchaigno)) - bpf: inline test functions with ctx as input ([#​24662](https://togithub.com/cilium/cilium/issues/24662), [@​anfernee](https://togithub.com/anfernee)) - bpf: test: add some IPv6 DSR integration tests ([#​25443](https://togithub.com/cilium/cilium/issues/25443), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: test: fix pktgen for IPv6 NEXTHDR_DEST option ([#​26151](https://togithub.com/cilium/cilium/issues/26151), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: tests: pktgen infra for tunneling + GENEVE-DSR test ([#​26301](https://togithub.com/cilium/cilium/issues/26301), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: Update checkpatch image ([#​24215](https://togithub.com/cilium/cilium/issues/24215), [@​qmonnet](https://togithub.com/qmonnet)) - bpf: Various fixes for `MAX_*_OPTIONS` and support for 5.10 ([#​24122](https://togithub.com/cilium/cilium/issues/24122), [@​pchaigno](https://togithub.com/pchaigno)) - build: Generate SBOM during image release ([#​23221](https://togithub.com/cilium/cilium/issues/23221), [@​joestringer](https://togithub.com/joestringer)) - CI / Kind enhancements ([#​24714](https://togithub.com/cilium/cilium/issues/24714), [@​aanm](https://togithub.com/aanm)) - CI Workflow: Add all AWS supported k8s versions ([#​26361](https://togithub.com/cilium/cilium/issues/26361), [@​brlbil](https://togithub.com/brlbil)) - CI Workflow: Add all Azure supported k8s versions ([#​26356](https://togithub.com/cilium/cilium/issues/26356), [@​brlbil](https://togithub.com/brlbil)) - CI Workflow: Add all GKE supported k8s version ([#​26364](https://togithub.com/cilium/cilium/issues/26364), [@​brlbil](https://togithub.com/brlbil)) - CI Workflows: Fix matrix generation ([#​26406](https://togithub.com/cilium/cilium/issues/26406), [@​brlbil](https://togithub.com/brlbil)) - CI Workflows: Fix sysdump file creation ([#​26402](https://togithub.com/cilium/cilium/issues/26402), [@​brlbil](https://togithub.com/brlbil)) - CI Workflows: Fix sysdump name typo ([#​26415](https://togithub.com/cilium/cilium/issues/26415), [@​brlbil](https://togithub.com/brlbil)) - ci-aks, ci-external-workloads: Use cilium-cli Helm mode ([#​26382](https://togithub.com/cilium/cilium/issues/26382), [@​michi-covalent](https://togithub.com/michi-covalent)) - ci-datapath: Enable IPV6 masquerading when KPR=off ([#​25111](https://togithub.com/cilium/cilium/issues/25111), [@​brb](https://togithub.com/brb)) - ci-datapath: Fix issue where test were wrongly reported as passing ([#​24813](https://togithub.com/cilium/cilium/issues/24813), [@​gandro](https://togithub.com/gandro)) - ci-datapath: Use QUAY_ORGANIZATION_DEV for Quay org name ([#​25052](https://togithub.com/cilium/cilium/issues/25052), [@​michi-covalent](https://togithub.com/michi-covalent)) - ci-e2e-v1.13: Fix workflow ([#​25412](https://togithub.com/cilium/cilium/issues/25412), [@​brb](https://togithub.com/brb)) - ci-e2e: backport changes in conformance-e2e into v1.13 tests ([#​25386](https://togithub.com/cilium/cilium/issues/25386), [@​brb](https://togithub.com/brb)) - ci-e2e: Bump cilium-cli v0.1.4.5 ([#​25672](https://togithub.com/cilium/cilium/issues/25672), [@​brb](https://togithub.com/brb)) - ci-e2e: Bump CLI v

Configuration

πŸ“… Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

β™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

πŸ”• Ignore: Close this PR and you won't be reminded about these updates again.



This PR has been generated by Mend Renovate. View repository job log here.