Closed renovate[bot] closed 4 months ago
This PR contains the following updates:
v1.15.2
v1.15.3
📅 Schedule: Branch creation - "on friday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.
This PR contains the following updates:
v1.15.2->v1.15.3Release Notes
cilium/cilium (cilium/cilium)
### [`v1.15.3`](https://togithub.com/cilium/cilium/releases/tag/v1.15.3): 1.15.3 [Compare Source](https://togithub.com/cilium/cilium/compare/1.15.2...1.15.3) ## Summary of Changes **Minor Changes:** - bgpv1: BGP Control Plane metrics (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31469](https://togithub.com/cilium/cilium/issues/31469), [@YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - cni: use default logger with timestamps. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31014](https://togithub.com/cilium/cilium/issues/31014), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - Introduce `cilium-dbg encrypt flush --stale` flag to remove XFRM states and policies with stale node IDs. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31159](https://togithub.com/cilium/cilium/issues/31159), [@pchaigno](https://togithub.com/pchaigno)) **Bugfixes:** - \[v1.15 - Author backport] envoy: enable k8s secret watch even if only CEC is enabled ([#31451](https://togithub.com/cilium/cilium/issues/31451), [@mhofstetter](https://togithub.com/mhofstetter)) - cni: Use batch endpoint deletion API in chaining plugin (Backport PR [#31515](https://togithub.com/cilium/cilium/issues/31515), Upstream PR [#31456](https://togithub.com/cilium/cilium/issues/31456), [@sayboras](https://togithub.com/sayboras)) - Fix a bug in the StateDB library that may have caused stale read after write. This may have potentially affected the L2 announcements feature and the node address selection. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31164](https://togithub.com/cilium/cilium/issues/31164), [@joamaki](https://togithub.com/joamaki)) - Fix a bug where pod label updates are not reflected in endpoint labels in presence of filtered labels. (Backport PR [#31473](https://togithub.com/cilium/cilium/issues/31473), Upstream PR [#31395](https://togithub.com/cilium/cilium/issues/31395), [@tklauser](https://togithub.com/tklauser)) - Fixed issue with assigning 0 nodeID when corresponding bpf map run out of space. Potentially it could have impacted connectivity in large clusters (>4k nodes) with IPSec or Mutual Auth enabled. Otherwise, it was merely generating unnecessary error log messages. (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31380](https://togithub.com/cilium/cilium/issues/31380), [@marseel](https://togithub.com/marseel)) - gateway-api: Retrieve LB service from same namespace (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31271](https://togithub.com/cilium/cilium/issues/31271), [@sayboras](https://togithub.com/sayboras)) - Handle InvalidParameterValue as well for PD fallback (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31016](https://togithub.com/cilium/cilium/issues/31016), [@hemanthmalla](https://togithub.com/hemanthmalla)) - helm: Update pod affinity for cilium-envoy (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31150](https://togithub.com/cilium/cilium/issues/31150), [@sayboras](https://togithub.com/sayboras)) - hubble/relay: Fix certificate reloading in PeerManager (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31376](https://togithub.com/cilium/cilium/issues/31376), [@glrf](https://togithub.com/glrf)) - Hubble: fix traffic direction and is reply when IPSec is enabled (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31211](https://togithub.com/cilium/cilium/issues/31211), [@kaworu](https://togithub.com/kaworu)) - k8s/utils: correctly filter out labels in StripPodSpecialLabels (Backport PR [#31473](https://togithub.com/cilium/cilium/issues/31473), Upstream PR [#31421](https://togithub.com/cilium/cilium/issues/31421), [@tklauser](https://togithub.com/tklauser)) - metrics: Disable prometheus metrics by default (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31144](https://togithub.com/cilium/cilium/issues/31144), [@joestringer](https://togithub.com/joestringer)) - operator: fix errors/warnings metric. (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31214](https://togithub.com/cilium/cilium/issues/31214), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) **CI Changes:** - \[v1.15] test: Remove duplicate Cilium deployments in some datapath config tests ([#31520](https://togithub.com/cilium/cilium/issues/31520), [@qmonnet](https://togithub.com/qmonnet)) - Additionally test host firewall + KPR disabled in E2E tests (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#30914](https://togithub.com/cilium/cilium/issues/30914), [@giorio94](https://togithub.com/giorio94)) - AKS: avoid overlapping pod and service CIDRs (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31504](https://togithub.com/cilium/cilium/issues/31504), [@bimmlerd](https://togithub.com/bimmlerd)) - bgpv1: avoid object tracker vs informer race (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31010](https://togithub.com/cilium/cilium/issues/31010), [@bimmlerd](https://togithub.com/bimmlerd)) - bgpv1: fix Test_PodIPPoolAdvert flakiness (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31365](https://togithub.com/cilium/cilium/issues/31365), [@rastislavs](https://togithub.com/rastislavs)) - bpf: fix go testdata check in ci (Backport PR [#31554](https://togithub.com/cilium/cilium/issues/31554), Upstream PR [#31419](https://togithub.com/cilium/cilium/issues/31419), [@mhofstetter](https://togithub.com/mhofstetter)) - Centralize configuration of kind version/image in GitHub Action workflows (Backport PR [#31191](https://togithub.com/cilium/cilium/issues/31191), Upstream PR [#30916](https://togithub.com/cilium/cilium/issues/30916), [@giorio94](https://togithub.com/giorio94)) - Checkout the target branch, instead of the default one, on pull_request based GHA test workflows (Backport PR [#31191](https://togithub.com/cilium/cilium/issues/31191), Upstream PR [#31198](https://togithub.com/cilium/cilium/issues/31198), [@giorio94](https://togithub.com/giorio94)) - ci-e2e: Add matrix for bpf.tproxy and ingress-controller (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31272](https://togithub.com/cilium/cilium/issues/31272), [@sayboras](https://togithub.com/sayboras)) - ci: Bump lvh-kind ssh-startup-wait-retries (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31387](https://togithub.com/cilium/cilium/issues/31387), [@YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - controlplane: fix mechanism for ensuring watchers (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31030](https://togithub.com/cilium/cilium/issues/31030), [@bimmlerd](https://togithub.com/bimmlerd)) - Fix bug preventing consistent symbols between ELF and BTF for eBPF unit tests. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#30610](https://togithub.com/cilium/cilium/issues/30610), [@learnitall](https://togithub.com/learnitall)) - gateway-api: Enable GRPCRoute conformance tests (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31055](https://togithub.com/cilium/cilium/issues/31055), [@sayboras](https://togithub.com/sayboras)) - gha: disable fail-fast on integration tests (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31420](https://togithub.com/cilium/cilium/issues/31420), [@giorio94](https://togithub.com/giorio94)) - gha: drop unused check_url environment variable (Backport PR [#31191](https://togithub.com/cilium/cilium/issues/31191), Upstream PR [#30928](https://togithub.com/cilium/cilium/issues/30928), [@giorio94](https://togithub.com/giorio94)) - introduce ARM github workflows (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31196](https://togithub.com/cilium/cilium/issues/31196), [@aanm](https://togithub.com/aanm)) - ipam: deepcopy interface resource correctly. (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#26998](https://togithub.com/cilium/cilium/issues/26998), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - k8s_install.sh: specify the CNI version (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31182](https://togithub.com/cilium/cilium/issues/31182), [@aanm](https://togithub.com/aanm)) - loader: fix issue where errors cancelled compile cause error logs. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#30988](https://togithub.com/cilium/cilium/issues/30988), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - Reduce flakiness of controlplane tests (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#30906](https://togithub.com/cilium/cilium/issues/30906), [@bimmlerd](https://togithub.com/bimmlerd)) - slices: don't modify missed input slice in test (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31119](https://togithub.com/cilium/cilium/issues/31119), [@bimmlerd](https://togithub.com/bimmlerd)) **Misc Changes:** - Add monitor aggregation for all events related to packets ingressing to the network-facing device. (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31015](https://togithub.com/cilium/cilium/issues/31015), [@learnitall](https://togithub.com/learnitall)) - Address race condition in TestGetIdentity (Backport PR [#31541](https://togithub.com/cilium/cilium/issues/31541), Upstream PR [#30885](https://togithub.com/cilium/cilium/issues/30885), [@bimmlerd](https://togithub.com/bimmlerd)) - bgpv1: Adjust ConnectionRetryTimeSeconds to 1 in component tests (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31218](https://togithub.com/cilium/cilium/issues/31218), [@YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - chore(deps): update all github action dependencies (v1.15) ([#31480](https://togithub.com/cilium/cilium/issues/31480), [@renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#31582](https://togithub.com/cilium/cilium/issues/31582), [@renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.3 (v1.15) ([#31464](https://togithub.com/cilium/cilium/issues/31464), [@renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.21.8 docker digest to [`8560736`](https://togithub.com/cilium/cilium/commit/8560736) (v1.15) ([#31450](https://togithub.com/cilium/cilium/issues/31450), [@renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to [`55c6361`](https://togithub.com/cilium/cilium/commit/55c6361) (v1.15) ([#31453](https://togithub.com/cilium/cilium/issues/31453), [@renovate](https://togithub.com/renovate)\[bot]) - chore: update json-mock image source in examples (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31373](https://togithub.com/cilium/cilium/issues/31373), [@loomkoom](https://togithub.com/loomkoom)) - cilium-dbg: listing load-balancing configurations displays L7LB proxy port (Backport PR [#31568](https://togithub.com/cilium/cilium/issues/31568), Upstream PR [#31503](https://togithub.com/cilium/cilium/issues/31503), [@mhofstetter](https://togithub.com/mhofstetter)) - datapath, bpf: Remove unnecessary IPsec code (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31344](https://togithub.com/cilium/cilium/issues/31344), [@pchaigno](https://togithub.com/pchaigno)) - doc: Clarified GwAPI KPR prerequisites (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31366](https://togithub.com/cilium/cilium/issues/31366), [@PhilipSchmid](https://togithub.com/PhilipSchmid)) - docs: Warn on key rotations during upgrades (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31437](https://togithub.com/cilium/cilium/issues/31437), [@pchaigno](https://togithub.com/pchaigno)) - Don't emit an error message on namespace termination due to Ingress reconciliation (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#30808](https://togithub.com/cilium/cilium/issues/30808), [@giorio94](https://togithub.com/giorio94)) - Downgrade L2 Neighbor Discovery failure log to Debug (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31179](https://togithub.com/cilium/cilium/issues/31179), [@YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - endpointmanager: Improve health reporter messages when stopped (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31231](https://togithub.com/cilium/cilium/issues/31231), [@christarazi](https://togithub.com/christarazi)) - hive/cell/health: don't warn when reporting on stopped reporter. (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31262](https://togithub.com/cilium/cilium/issues/31262), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - ingress: Update docs with network policy example (Backport PR [#31342](https://togithub.com/cilium/cilium/issues/31342), Upstream PR [#31060](https://togithub.com/cilium/cilium/issues/31060), [@sayboras](https://togithub.com/sayboras)) - job: avoid a race condition in TestTimer_ExitOnCloseFnCtx (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#30929](https://togithub.com/cilium/cilium/issues/30929), [@bimmlerd](https://togithub.com/bimmlerd)) - loader: add message if error is ENOTSUP (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31413](https://togithub.com/cilium/cilium/issues/31413), [@kkourt](https://togithub.com/kkourt)) - policy: Fix missing labels from SelectorCache selectors (Backport PR [#31490](https://togithub.com/cilium/cilium/issues/31490), Upstream PR [#31358](https://togithub.com/cilium/cilium/issues/31358), [@christarazi](https://togithub.com/christarazi)) - Replaced `declare_tailcall_if` with logic in the loader (Backport PR [#31554](https://togithub.com/cilium/cilium/issues/31554), Upstream PR [#30467](https://togithub.com/cilium/cilium/issues/30467), [@dylandreimerink](https://togithub.com/dylandreimerink)) **Other Changes:** - install: Update image digests for v1.15.2 ([#31378](https://togithub.com/cilium/cilium/issues/31378), [@jrajahalme](https://togithub.com/jrajahalme)) - v1.15: IPsec Fixes ([#31610](https://togithub.com/cilium/cilium/issues/31610), [@pchaigno](https://togithub.com/pchaigno))Configuration
📅 Schedule: Branch creation - "on friday" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.