search

dotfilesh / ops

Cloud Operations Repository
Mozilla Public License 2.0
0 stars 0 forks source link

feat(helm): update chart cilium 1.14.6 -> 1.15.3 #492

Closed renovate[bot] closed 8 months ago

renovate[bot] commented 10 months ago

Mend Renovate

This PR contains the following updates:

Package Type Update Change
cilium (source) HelmChart minor 1.14.6 -> 1.15.3
cilium (source) minor 1.14.6 -> 1.15.3

Release Notes

cilium/cilium (cilium) ### [`v1.15.3`](https://togithub.com/cilium/cilium/compare/1.15.2...1.15.3) [Compare Source](https://togithub.com/cilium/cilium/compare/1.15.2...1.15.3) ### [`v1.15.2`](https://togithub.com/cilium/cilium/releases/tag/v1.15.2): 1.15.2 [Compare Source](https://togithub.com/cilium/cilium/compare/1.15.1...1.15.2) We are pleased to release Cilium v1.15.2. This release contains various bug fixes and improvements. ## Security Advisories This patch release addresses security vulnerabilities. See the following security advisories for details. - https://github.com/cilium/cilium/security/advisories/GHSA-68mj-9pjq-mc85 - https://github.com/cilium/cilium/security/advisories/GHSA-j89h-qrvr-xc36 - https://github.com/cilium/cilium/security/advisories/GHSA-v6q2-4qr3-5cw6 ## IPsec This patch release includes significant changes for the IPsec stack, to resolve issues for connections that are selected by a L7 Network Policy or a DNS Policy. Such connections may experience disruption during the upgrade, in particular in configurations with overlay routing mode. ## Summary of Changes **Minor Changes:** - Add default divisor for GOMEMLIMIT to satisfy Argo CD diff (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30635](https://togithub.com/cilium/cilium/issues/30635), [@​jdmcmahan](https://togithub.com/jdmcmahan)) - Fixes a bug where ToFQDN IPs may be garbage collected too early, disrupting existing connections. (Backport PR [#​31318](https://togithub.com/cilium/cilium/issues/31318), Upstream PR [#​31205](https://togithub.com/cilium/cilium/issues/31205), [@​squeed](https://togithub.com/squeed)) - Gateway API BackendRef filters support (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30090](https://togithub.com/cilium/cilium/issues/30090), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) **Bugfixes:** - Cilium allows selecting 'lo' as a device again. (Backport PR [#​31206](https://togithub.com/cilium/cilium/issues/31206), Upstream PR [#​31200](https://togithub.com/cilium/cilium/issues/31200), [@​bimmlerd](https://togithub.com/bimmlerd)) - endpoint: fix inability to create endpoint with labels in a single API call (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30170](https://togithub.com/cilium/cilium/issues/30170), [@​oblazek](https://togithub.com/oblazek)) - Fix bug in the VTEP feature which caused all traffic from the VTEP to be dropped with "Incorrect VNI from VTEP" (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31039](https://togithub.com/cilium/cilium/issues/31039), [@​joestringer](https://togithub.com/joestringer)) - Fix bug prevented endpoints from sending or receiving network traffic due to the 'reserved:init' label persisting after initialization. (Backport PR [#​31047](https://togithub.com/cilium/cilium/issues/31047), Upstream PR [#​30909](https://togithub.com/cilium/cilium/issues/30909), [@​aanm](https://togithub.com/aanm)) - Fix GC interval calculation by taking into account the actual time passed between GC runs. (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​28657](https://togithub.com/cilium/cilium/issues/28657), [@​gentoo-root](https://togithub.com/gentoo-root)) - Fix host firewall policy enforcement for pod to node traffic when tunneling is enabled and KPR is disabled (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30818](https://togithub.com/cilium/cilium/issues/30818), [@​giorio94](https://togithub.com/giorio94)) - Fix the referenced interface in iptables rules (`eni+` instead of `lxc+`) when `--enable-endpoint-routes=true` and `--cni-chaining-mode="aws-cni"` (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​30766](https://togithub.com/cilium/cilium/issues/30766), [@​pippolo84](https://togithub.com/pippolo84)) - Fixes an IPv6 issue that cilium doesn't respond to Neighbor Solicitation targeting the pods on same node. (Backport PR [#​31155](https://togithub.com/cilium/cilium/issues/31155), Upstream PR [#​30837](https://togithub.com/cilium/cilium/issues/30837), [@​jschwinger233](https://togithub.com/jschwinger233)) - Fixes proxy issues by opting out from SNAT for L7 + Tunnel. (Backport PR [#​31158](https://togithub.com/cilium/cilium/issues/31158), Upstream PR [#​29594](https://togithub.com/cilium/cilium/issues/29594), [@​jschwinger233](https://togithub.com/jschwinger233)) - Fixes proxy issues in egress direction (Backport PR [#​31158](https://togithub.com/cilium/cilium/issues/31158), Upstream PR [#​30095](https://togithub.com/cilium/cilium/issues/30095), [@​jschwinger233](https://togithub.com/jschwinger233)) - Fixes some valid GC entries being removed at agent restart (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​29696](https://togithub.com/cilium/cilium/issues/29696), [@​rsafonseca](https://togithub.com/rsafonseca)) - gateway-api: Correct the null check for GRPRRoute Match (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31052](https://togithub.com/cilium/cilium/issues/31052), [@​sayboras](https://togithub.com/sayboras)) - helm: Probe Envoy DaemonSet localhost IP directly (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30970](https://togithub.com/cilium/cilium/issues/30970), [@​iandrewt](https://togithub.com/iandrewt)) - hubble: fix parsing of invalid HTTP URLs (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31100](https://togithub.com/cilium/cilium/issues/31100), [@​kaworu](https://togithub.com/kaworu)) - srv6: Fix packet drop with GSO type mismatch (Backport PR [#​30799](https://togithub.com/cilium/cilium/issues/30799), Upstream PR [#​30732](https://togithub.com/cilium/cilium/issues/30732), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - statedb: Fix race between Observable and DB stopping (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​30816](https://togithub.com/cilium/cilium/issues/30816), [@​joamaki](https://togithub.com/joamaki)) - xds: Avoid xds timeout due to agent restart in envoy DS mode (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31061](https://togithub.com/cilium/cilium/issues/31061), [@​sayboras](https://togithub.com/sayboras)) **CI Changes:** - ci/ipsec: Fix downgrade version retrieval (Backport PR [#​31047](https://togithub.com/cilium/cilium/issues/31047), Upstream PR [#​30742](https://togithub.com/cilium/cilium/issues/30742), [@​qmonnet](https://togithub.com/qmonnet)) - ci: Enhance test execution security by restricting permissions to the 'organization-members' team (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​30790](https://togithub.com/cilium/cilium/issues/30790), [@​brlbil](https://togithub.com/brlbil)) - CI: Update tested K8S versions across all cloud providers (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​30795](https://togithub.com/cilium/cilium/issues/30795), [@​brlbil](https://togithub.com/brlbil)) - Fix datapath mode in Network Performance CI test (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​30756](https://togithub.com/cilium/cilium/issues/30756), [@​marseel](https://togithub.com/marseel)) - Prevent E2E tests from failing on a known-ok warning log of temporary CRD failure (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​30778](https://togithub.com/cilium/cilium/issues/30778), [@​learnitall](https://togithub.com/learnitall)) **Misc Changes:** - bgpv1: Remove disruptive error handling from BGPRouterManager ([#​30735](https://togithub.com/cilium/cilium/issues/30735), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bgpv1: Remove or downgrade noisy logs (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30868](https://togithub.com/cilium/cilium/issues/30868), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bitlpm: Factor out common code (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31026](https://togithub.com/cilium/cilium/issues/31026), [@​jrajahalme](https://togithub.com/jrajahalme)) - bpf: host: optimize from-host's ICMPv6 path (Backport PR [#​31155](https://togithub.com/cilium/cilium/issues/31155), Upstream PR [#​31127](https://togithub.com/cilium/cilium/issues/31127), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bpf: host: skip from-proxy handling in from-netdev (Backport PR [#​31158](https://togithub.com/cilium/cilium/issues/31158), Upstream PR [#​29962](https://togithub.com/cilium/cilium/issues/29962), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - bugtool: Capture memory fragmentation info from /proc (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​30966](https://togithub.com/cilium/cilium/issues/30966), [@​pchaigno](https://togithub.com/pchaigno)) - Bump google.golang.org/protobuf (v1.15) ([#​31319](https://togithub.com/cilium/cilium/issues/31319), [@​ferozsalam](https://togithub.com/ferozsalam)) - Change ariane config CODEOWNERS (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​30803](https://togithub.com/cilium/cilium/issues/30803), [@​brlbil](https://togithub.com/brlbil)) - chore(deps): update actions/download-artifact action to v4.1.3 (v1.15) ([#​30986](https://togithub.com/cilium/cilium/issues/30986), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​30951](https://togithub.com/cilium/cilium/issues/30951), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​31113](https://togithub.com/cilium/cilium/issues/31113), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) ([#​31290](https://togithub.com/cilium/cilium/issues/31290), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) (patch) ([#​30780](https://togithub.com/cilium/cilium/issues/30780), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies (v1.15) (patch) ([#​31133](https://togithub.com/cilium/cilium/issues/31133), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all github action dependencies to v4 (v1.15) (major) ([#​30781](https://togithub.com/cilium/cilium/issues/30781), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all kind-images main (v1.15) ([#​30851](https://togithub.com/cilium/cilium/issues/30851), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all-dependencies (v1.15) ([#​30949](https://togithub.com/cilium/cilium/issues/30949), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all-dependencies (v1.15) ([#​31287](https://togithub.com/cilium/cilium/issues/31287), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.15.23 (v1.15) ([#​30860](https://togithub.com/cilium/cilium/issues/30860), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.0 (v1.15) ([#​31172](https://togithub.com/cilium/cilium/issues/31172), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.21.7 docker digest to [`549dd88`](https://togithub.com/cilium/cilium/commit/549dd88) (v1.15) ([#​30855](https://togithub.com/cilium/cilium/issues/30855), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update docker.io/library/ubuntu:22.04 docker digest to [`f9d633f`](https://togithub.com/cilium/cilium/commit/f9d633f) (v1.15) ([#​30738](https://togithub.com/cilium/cilium/issues/30738), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update go to v1.21.7 (v1.15) (patch) ([#​30672](https://togithub.com/cilium/cilium/issues/30672), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update go to v1.21.8 (v1.15) ([#​31183](https://togithub.com/cilium/cilium/issues/31183), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update hubble cli to v0.13.2 (v1.15) ([#​31338](https://togithub.com/cilium/cilium/issues/31338), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#​30652](https://togithub.com/cilium/cilium/issues/30652), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#​31134](https://togithub.com/cilium/cilium/issues/31134), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#​31288](https://togithub.com/cilium/cilium/issues/31288), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images to v6.6-20240221.111541 (v1.15) ([#​30977](https://togithub.com/cilium/cilium/issues/30977), [@​renovate](https://togithub.com/renovate)\[bot]) - CODEOWNERS: Ensure gha review for actions ([#​31139](https://togithub.com/cilium/cilium/issues/31139), [@​joestringer](https://togithub.com/joestringer)) - container/bitlpm: Add Lookup Boolean Return Value (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31037](https://togithub.com/cilium/cilium/issues/31037), [@​nathanjsweet](https://togithub.com/nathanjsweet)) - docs: Fix 'kubectl exec' invocations (quotes, double dash separator) in example script kafka-sw-gen-traffic.sh (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​30462](https://togithub.com/cilium/cilium/issues/30462), [@​saintdle](https://togithub.com/saintdle)) - docs: kpr: DSR-Geneve with native-routing requires tunnelProtocol (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30854](https://togithub.com/cilium/cilium/issues/30854), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - docs: update note on WireGuard with tunnel routing (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31083](https://togithub.com/cilium/cilium/issues/31083), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - images: bump cni plugins to v1.4.1 ([#​31348](https://togithub.com/cilium/cilium/issues/31348), [@​aanm](https://togithub.com/aanm)) - lbipam: copy slice before modification in (\*LBIPAM).handlePoolModified (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30859](https://togithub.com/cilium/cilium/issues/30859), [@​tklauser](https://togithub.com/tklauser)) - loader: also populate NATIVE_DEV_IFINDEX for cilium_overlay (Backport PR [#​31154](https://togithub.com/cilium/cilium/issues/31154), Upstream PR [#​31025](https://togithub.com/cilium/cilium/issues/31025), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - pkg: Add Bitwise LPM Trie Library (Backport PR [#​30863](https://togithub.com/cilium/cilium/issues/30863), Upstream PR [#​29717](https://togithub.com/cilium/cilium/issues/29717), [@​nathanjsweet](https://togithub.com/nathanjsweet)) - slices: don't modify input slices in test (Backport PR [#​30997](https://togithub.com/cilium/cilium/issues/30997), Upstream PR [#​30677](https://togithub.com/cilium/cilium/issues/30677), [@​tklauser](https://togithub.com/tklauser)) - v1.15: Remove cilium/build from codeowners ([#​31210](https://togithub.com/cilium/cilium/issues/31210), [@​joestringer](https://togithub.com/joestringer)) **Other Changes:** - \[v1.15] envoy: Bump golang version to 1.21.8 ([#​31221](https://togithub.com/cilium/cilium/issues/31221), [@​sayboras](https://togithub.com/sayboras)) - bgpv1: Disable PodCIDR Reconciler for unsupported IPAM modes ([#​31354](https://togithub.com/cilium/cilium/issues/31354), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - cli: Replace --cluster-name with --helm-set cluster.name ([#​31176](https://togithub.com/cilium/cilium/issues/31176), [@​michi-covalent](https://togithub.com/michi-covalent)) - install: Update image digests for v1.15.1 ([#​30777](https://togithub.com/cilium/cilium/issues/30777), [@​michi-covalent](https://togithub.com/michi-covalent)) - Upgrade GoBGP to v3.23.0 ([#​30792](https://togithub.com/cilium/cilium/issues/30792), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - v1.15 envoy: Avoid duplicated upstream callback ([#​30942](https://togithub.com/cilium/cilium/issues/30942), [@​sayboras](https://togithub.com/sayboras)) - v1.15: WG L7 ([#​31266](https://togithub.com/cilium/cilium/issues/31266), [@​brb](https://togithub.com/brb)) ### [`v1.15.1`](https://togithub.com/cilium/cilium/releases/tag/v1.15.1): 1.15.1 [Compare Source](https://togithub.com/cilium/cilium/compare/1.15.0...1.15.1) We are pleased to release Cilium v1.15.1. This release contains various bug fixes and improvements, including a fix for a regression where veth devices were incorrectly getting classified as native devices ([https://github.com/cilium/cilium/pull/30762](https://togithub.com/cilium/cilium/pull/30762)). ## Summary of Changes **Minor Changes:** - Enhance trace events from the outbound SNAT path, to report the pre-SNAT IP address and the interface index of the egress interface. (Backport PR [#​30704](https://togithub.com/cilium/cilium/issues/30704), Upstream PR [#​28723](https://togithub.com/cilium/cilium/issues/28723), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - ui: release v0.13.0 (Backport PR [#​30727](https://togithub.com/cilium/cilium/issues/30727), Upstream PR [#​30711](https://togithub.com/cilium/cilium/issues/30711), [@​geakstr](https://togithub.com/geakstr)) **Bugfixes:** - envoy: Change socket option from 'STATE_LISTENING' to 'STATE_PREBIND' (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30543](https://togithub.com/cilium/cilium/issues/30543), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - Fix bug in indexing of routes that lead to veth devices being considered native devices, which caused the wrong BPF program to be loaded onto them. (Backport PR [#​30767](https://togithub.com/cilium/cilium/issues/30767), Upstream PR [#​30762](https://togithub.com/cilium/cilium/issues/30762), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - fix edge case in node addressing logic which could result in a panic (Backport PR [#​30767](https://togithub.com/cilium/cilium/issues/30767), Upstream PR [#​30757](https://togithub.com/cilium/cilium/issues/30757), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - hive: Fix start hook log output (Backport PR [#​30727](https://togithub.com/cilium/cilium/issues/30727), Upstream PR [#​30712](https://togithub.com/cilium/cilium/issues/30712), [@​joamaki](https://togithub.com/joamaki)) - Updating ENI prefix delegation fallback to use dedicated error codes (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30536](https://togithub.com/cilium/cilium/issues/30536), [@​hemanthmalla](https://togithub.com/hemanthmalla)) **CI Changes:** - ci: add trigger phrase to Gateway API conformance test workflow name (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30525](https://togithub.com/cilium/cilium/issues/30525), [@​tklauser](https://togithub.com/tklauser)) - CI: Change cloud regions (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30378](https://togithub.com/cilium/cilium/issues/30378), [@​brlbil](https://togithub.com/brlbil)) - ci: Fix PR labels parsing in update label workflow (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30507](https://togithub.com/cilium/cilium/issues/30507), [@​pippolo84](https://togithub.com/pippolo84)) - gh: ci-verifier: use lvh-images/complexity-test as renovate dependency (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30520](https://togithub.com/cilium/cilium/issues/30520), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - gha: additionally cover BPF masquerade in clustermesh E2E tests (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30321](https://togithub.com/cilium/cilium/issues/30321), [@​giorio94](https://togithub.com/giorio94)) - gha: make runner type for clustermesh workflows configurable (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30496](https://togithub.com/cilium/cilium/issues/30496), [@​giorio94](https://togithub.com/giorio94)) - Update GitHub upload-artifact action (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30443](https://togithub.com/cilium/cilium/issues/30443), [@​brlbil](https://togithub.com/brlbil)) - workflows: Clean IPsec test output (Backport PR [#​30767](https://togithub.com/cilium/cilium/issues/30767), Upstream PR [#​30759](https://togithub.com/cilium/cilium/issues/30759), [@​pchaigno](https://togithub.com/pchaigno)) **Misc Changes:** - Added Last page Edit on Documentation (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30612](https://togithub.com/cilium/cilium/issues/30612), [@​gailsuccess](https://togithub.com/gailsuccess)) - bgpv1: remove BGP Controller from daemon cell (Backport PR [#​30767](https://togithub.com/cilium/cilium/issues/30767), Upstream PR [#​30561](https://togithub.com/cilium/cilium/issues/30561), [@​harsimran-pabla](https://togithub.com/harsimran-pabla)) - chore(deps): update all github action dependencies (v1.15) (patch) ([#​30486](https://togithub.com/cilium/cilium/issues/30486), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update all kind-images main (v1.15) (patch) ([#​30670](https://togithub.com/cilium/cilium/issues/30670), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.15.21 (v1.15) ([#​30570](https://togithub.com/cilium/cilium/issues/30570), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.15.22 (v1.15) ([#​30671](https://togithub.com/cilium/cilium/issues/30671), [@​renovate](https://togithub.com/renovate)\[bot]) - chore(deps): update stable lvh-images (v1.15) (patch) ([#​30574](https://togithub.com/cilium/cilium/issues/30574), [@​renovate](https://togithub.com/renovate)\[bot]) - dep: Bump grpc_health_probe to v0.4.24 (Backport PR [#​30704](https://togithub.com/cilium/cilium/issues/30704), Upstream PR [#​30643](https://togithub.com/cilium/cilium/issues/30643), [@​ferozsalam](https://togithub.com/ferozsalam)) - docs: Document XfrmInStateInvalid errors (Backport PR [#​30767](https://togithub.com/cilium/cilium/issues/30767), Upstream PR [#​30151](https://togithub.com/cilium/cilium/issues/30151), [@​pchaigno](https://togithub.com/pchaigno)) - egressgw: improvements for FIB-driven redirect path (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30576](https://togithub.com/cilium/cilium/issues/30576), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - Fix failure in `FuzzDenyPreferredInsert` test (Backport PR [#​30681](https://togithub.com/cilium/cilium/issues/30681), Upstream PR [#​30368](https://togithub.com/cilium/cilium/issues/30368), [@​christarazi](https://togithub.com/christarazi)) **Other Changes:** - \[v1.15] ci/ipsec: Fix downgrade version for release preparation commits ([#​30718](https://togithub.com/cilium/cilium/issues/30718), [@​qmonnet](https://togithub.com/qmonnet)) - envoy: Bump envoy version to v1.27.3 ([#​30696](https://togithub.com/cilium/cilium/issues/30696), [@​sayboras](https://togithub.com/sayboras)) - install: Update image digests for v1.15.0 ([#​30559](https://togithub.com/cilium/cilium/issues/30559), [@​aanm](https://togithub.com/aanm)) #### v1.15.0 #### Docker Manifests ### [`v1.15.0`](https://togithub.com/cilium/cilium/releases/tag/v1.15.0): 1.15.0 [Compare Source](https://togithub.com/cilium/cilium/compare/1.14.9...1.15.0) ### Changelog The Cilium core team are excited to announce the Cilium 1.15 release. :tada: ## Summary of Changes **Major Changes:** - Add dynamic flowlog exporters configured by yaml file (configmap) without a need of agent restart. ([#​28873](https://togithub.com/cilium/cilium/issues/28873), [@​marqc](https://togithub.com/marqc)) - Add support for extending ClusterMesh to 511 clusters By setting the flag `--max-connected-clusters=511`, a new cluster will be able to connect to a ClusterMesh with up to 511 clusters. If enabled, the number of possible cluster-local identities will be reduced to 32,768. This feature can only be enabled on new clusters, and all clusters in the ClusterMesh must share the same configuration. ([#​27520](https://togithub.com/cilium/cilium/issues/27520), [@​thorn3r](https://togithub.com/thorn3r)) - Add support for Gateway API v1.0 ([#​28836](https://togithub.com/cilium/cilium/issues/28836), [@​sayboras](https://togithub.com/sayboras)) - Add support for k8s 1.28 ([#​27361](https://togithub.com/cilium/cilium/issues/27361), [@​aanm](https://togithub.com/aanm)) - Allow selecting nodes by CIDR policy ([#​27464](https://togithub.com/cilium/cilium/issues/27464), [@​squeed](https://togithub.com/squeed)) - bgpv1: Add `bgp/routes` API endpoint and `cilium bgp routes` CLI command ([#​27182](https://togithub.com/cilium/cilium/issues/27182), [@​rastislavs](https://togithub.com/rastislavs)) - gateway-api: Support GRPCRoute resource ([#​28654](https://togithub.com/cilium/cilium/issues/28654), [@​sayboras](https://togithub.com/sayboras)) - k8s: add support for k8s 1.29.0 ([#​29473](https://togithub.com/cilium/cilium/issues/29473), [@​aanm](https://togithub.com/aanm)) - Module Health: Node Manager: First Iteration ([#​25994](https://togithub.com/cilium/cilium/issues/25994), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Support BGP passwords in the Go BGP implementation. ([#​23759](https://togithub.com/cilium/cilium/issues/23759), [@​dgl](https://togithub.com/dgl)) **Minor Changes:** - \*\_kvstore_operations_duration_seconds metrics do not include client-side rate-limiting latency anymore. ([#​27396](https://togithub.com/cilium/cilium/issues/27396), [@​marseel](https://togithub.com/marseel)) - `io.cilium.podippool.namespace: ` and `io.cilium.podippool.name: ` selectors can be specified for a PodIPPoolSelector of a CiliumBGPPeeringPolicy to select a CiliumPodIPPool by namespaced name instead of labels. ([#​28314](https://togithub.com/cilium/cilium/issues/28314), [@​danehans](https://togithub.com/danehans)) - Add `cilium bpf auth flush` command for debugging purposes ([#​27216](https://togithub.com/cilium/cilium/issues/27216), [@​meyskens](https://togithub.com/meyskens)) - Add an option to Cilium to set the persistent keepalive for cilium_wg0 ([#​27932](https://togithub.com/cilium/cilium/issues/27932), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - Add an option to specify a filters and field mask for hubble-exporter ([#​26379](https://togithub.com/cilium/cilium/issues/26379), [@​AwesomePatrol](https://togithub.com/AwesomePatrol)) - Add documentation of Hubble exporter - an option to save Hubble flows to a file ([#​27610](https://togithub.com/cilium/cilium/issues/27610), [@​AwesomePatrol](https://togithub.com/AwesomePatrol)) - Add flows per second information to Hubble status ([#​28205](https://togithub.com/cilium/cilium/issues/28205), [@​glrf](https://togithub.com/glrf)) - Add Hubble Grafana dashboards: Network and DNS overview ([#​27751](https://togithub.com/cilium/cilium/issues/27751), [@​lambdanis](https://togithub.com/lambdanis)) - add Ingress controller proxy protocol support ([#​28194](https://togithub.com/cilium/cilium/issues/28194), [@​zetaab](https://togithub.com/zetaab)) - Add lbipam support for shared ips ([#​28806](https://togithub.com/cilium/cilium/issues/28806), [@​usiegl00](https://togithub.com/usiegl00)) - Add option to pass api-rate-limit via Helm values ([#​28239](https://togithub.com/cilium/cilium/issues/28239), [@​ungureanuvladvictor](https://togithub.com/ungureanuvladvictor)) - Add option to redact http headers ([#​26724](https://togithub.com/cilium/cilium/issues/26724), [@​ChrsMark](https://togithub.com/ChrsMark)) - Add per-controller success/failure count metrics and a config option for these ([#​26850](https://togithub.com/cilium/cilium/issues/26850), [@​asauber](https://togithub.com/asauber)) - Add Prometheus map pressure metrics for NAT maps ([#​27001](https://togithub.com/cilium/cilium/issues/27001), [@​derailed](https://togithub.com/derailed)) - Add securityContext for spire pod in helm chart ([#​27363](https://togithub.com/cilium/cilium/issues/27363), [@​ishuar](https://togithub.com/ishuar)) - Add source and destination workload_kind context labels (Hubble). ([#​27350](https://togithub.com/cilium/cilium/issues/27350), [@​marqc](https://togithub.com/marqc)) - Add strict mode for WireGuard Pod2Pod encryption ([#​21856](https://togithub.com/cilium/cilium/issues/21856), [@​3u13r](https://togithub.com/3u13r)) - Add support for filtering on HTTP URLs in Hubble ([#​28275](https://togithub.com/cilium/cilium/issues/28275), [@​glrf](https://togithub.com/glrf)) - Added cilium_kvstoremesh_kvstore_sync_errors_counter, cilium_clustermesh_apiserver_kvstore_sync_errors_counter and kvstore_sync_errors_counter metrics that capture data synchronization errors to kvstore. ([#​28419](https://togithub.com/cilium/cilium/issues/28419), [@​marseel](https://togithub.com/marseel)) - Added hubble_relay_pool_peer_connection_status metric for measuring the connection status of all peers. Metric keeps track of number of peers for each possible connectiion status. ([#​28217](https://togithub.com/cilium/cilium/issues/28217), [@​siwiutki](https://togithub.com/siwiutki)) - Added new `ingress.cilium.io/ssl-passthrough` annotation for Ingress objects ([#​28751](https://togithub.com/cilium/cilium/issues/28751), [@​youngnick](https://togithub.com/youngnick)) - Added the EnableHealthCheckLoadBalancerIP flag to address health checks on LoadBalancerIP in Google Cloud Platform using KubeProxyReplacement. ([#​26728](https://togithub.com/cilium/cilium/issues/26728), [@​nberlee](https://togithub.com/nberlee)) - Adds "best-effort" mode for XDP to skip interfaces without driver support ([#​28666](https://togithub.com/cilium/cilium/issues/28666), [@​poblahblahblah](https://togithub.com/poblahblahblah)) - Adds optional configurable jobLabel to cilium-agent, cilium-operator, and hubble serviceMonitors ([#​28125](https://togithub.com/cilium/cilium/issues/28125), [@​rbankston](https://togithub.com/rbankston)) - Adds the CiliumPodIPPool selector type to BGP CP AdvertisedPathAttributes to match CiliumPodIPPool custom resources. Path attributes apply to routes announced for selected CiliumPodIPPools. ([#​28310](https://togithub.com/cilium/cilium/issues/28310), [@​danehans](https://togithub.com/danehans)) - Allow case-insensitive name for CNI chaining mode ([#​28050](https://togithub.com/cilium/cilium/issues/28050), [@​asauber](https://togithub.com/asauber)) - api, cli: Show srv6 status in cilium status ([#​28700](https://togithub.com/cilium/cilium/issues/28700), [@​husnialhamdani](https://togithub.com/husnialhamdani)) - api/cli: Encryption status now includes rendering IPsec status in JSON. (Backport PR [#​30529](https://togithub.com/cilium/cilium/issues/30529), Upstream PR [#​30167](https://togithub.com/cilium/cilium/issues/30167), [@​viktor-kurchenko](https://togithub.com/viktor-kurchenko)) - api: Add extensions field to observer.GetFlowsRequest and flow.Flows types ([#​27577](https://togithub.com/cilium/cilium/issues/27577), [@​chancez](https://togithub.com/chancez)) - Augments `cilium status` CLI to report on agent modules health status. ([#​25714](https://togithub.com/cilium/cilium/issues/25714), [@​derailed](https://togithub.com/derailed)) - Auth map garbage collection will trigger if last local endpoint of a security identity was removed ([#​27697](https://togithub.com/cilium/cilium/issues/27697), [@​meyskens](https://togithub.com/meyskens)) - bgpv1: Add `cilium-dbg bgp route-policies` command & include it in the bugtool ([#​28973](https://togithub.com/cilium/cilium/issues/28973), [@​rastislavs](https://togithub.com/rastislavs)) - bgpv1: Enable `cilium-dbg bgp routes advertised` command without specifying a peer (Backport PR [#​30230](https://togithub.com/cilium/cilium/issues/30230), Upstream PR [#​30033](https://togithub.com/cilium/cilium/issues/30033), [@​rastislavs](https://togithub.com/rastislavs)) - BGPv1: Set R-bit in graceful restart capability negotiation. ([#​28293](https://togithub.com/cilium/cilium/issues/28293), [@​ArsenyBelorukov](https://togithub.com/ArsenyBelorukov)) - bgpv1: Use kube-system namespace by default for MD5 secret ([#​29478](https://togithub.com/cilium/cilium/issues/29478), [@​YutaroHayakawa](https://togithub.com/YutaroHayakawa)) - bpf: allow overriding Makefile variables ([#​27492](https://togithub.com/cilium/cilium/issues/27492), [@​lmb](https://togithub.com/lmb)) - bpf: compile test ENABLE_EGRESS_GATEWAY_COMMON ([#​27515](https://togithub.com/cilium/cilium/issues/27515), [@​lmb](https://togithub.com/lmb)) - bpf: gate egressgw datapath on separate defines ([#​27189](https://togithub.com/cilium/cilium/issues/27189), [@​lmb](https://togithub.com/lmb)) - bpf: static data: use inline asm to access static data ([#​27589](https://togithub.com/cilium/cilium/issues/27589), [@​ti-mo](https://togithub.com/ti-mo)) - bpgv1: move the internal BGP signaler to a cell and allow other cells to depend on it. ([#​26745](https://togithub.com/cilium/cilium/issues/26745), [@​ldelossa](https://togithub.com/ldelossa)) - can create the directory for the customized cni conf and remove the cni conf file in cleanup command ([#​27933](https://togithub.com/cilium/cilium/issues/27933), [@​sofat1989](https://togithub.com/sofat1989)) - Change the Helm values configuration for SPIRE to match other images in the Helm charts ([#​27621](https://togithub.com/cilium/cilium/issues/27621), [@​weizhoublue](https://togithub.com/weizhoublue)) - cilium ingress should have an option to set the number of trusted loadbalancer hops ([#​27952](https://togithub.com/cilium/cilium/issues/27952), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - cilium-agent: Remove the obsolete --bpf-lb-dev-ip-addr-inherit option (Backport PR [#​30264](https://togithub.com/cilium/cilium/issues/30264), Upstream PR [#​29963](https://togithub.com/cilium/cilium/issues/29963), [@​joamaki](https://togithub.com/joamaki)) - cilium-dbg: Add statedb query support and commands to inspect statedb tables devices, routes and l2-announce. ([#​28872](https://togithub.com/cilium/cilium/issues/28872), [@​joamaki](https://togithub.com/joamaki)) - Cilium-operator and clustermesh's kvstore metrics are now enabled by default in Helm. ([#​27653](https://togithub.com/cilium/cilium/issues/27653), [@​marseel](https://togithub.com/marseel)) - cilium/cmd: make output of 'cilium policy selectors' sorted. ([#​27803](https://togithub.com/cilium/cilium/issues/27803), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - cilium: export intermediate cobra.Commands ([#​26265](https://togithub.com/cilium/cilium/issues/26265), [@​lmb](https://togithub.com/lmb)) - cilium: use absolute path to include Makefile.defs ([#​27054](https://togithub.com/cilium/cilium/issues/27054), [@​lmb](https://togithub.com/lmb)) - CiliumL2AnnouncementPolicy will only select Services that do not specify a LoadBalancerClass or specify a LoadBalancerClass of "io.cilium/l2-announcer". ([#​27976](https://togithub.com/cilium/cilium/issues/27976), [@​danehans](https://togithub.com/danehans)) - cli: Update `cilium policy import` to allow policy replacement by label ([#​27103](https://togithub.com/cilium/cilium/issues/27103), [@​deverton-godaddy](https://togithub.com/deverton-godaddy)) - clustermesh-apiserver deployment support lifecycle and terminationGracePeriodSeconds. ([#​26945](https://togithub.com/cilium/cilium/issues/26945), [@​acgs771126](https://togithub.com/acgs771126)) - cmd/watchdogs: add health reporter to watchdog controller. ([#​29038](https://togithub.com/cilium/cilium/issues/29038), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - cmd: Disable local node routes when endpoint routes are enabled ([#​28324](https://togithub.com/cilium/cilium/issues/28324), [@​gandro](https://togithub.com/gandro)) - Config option to customize the default IP Pool when using MultiPool ([#​28818](https://togithub.com/cilium/cilium/issues/28818), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - Correlate flows with CiliumNetworkPolicies ([#​27854](https://togithub.com/cilium/cilium/issues/27854), [@​chancez](https://togithub.com/chancez)) - daemon: Do not require native routing CIDR if ipmasq-agent is enabled ([#​27747](https://togithub.com/cilium/cilium/issues/27747), [@​gandro](https://togithub.com/gandro)) - daemon: don't wait for presence of unused CiliumNodeConfig CRD ([#​27684](https://togithub.com/cilium/cilium/issues/27684), [@​akhilles](https://togithub.com/akhilles)) - daemon: The option "EnableRemoteNodeIdentity" is now deprecated and will be removed from the v1.16 release. ([#​28300](https://togithub.com/cilium/cilium/issues/28300), [@​nathanjsweet](https://togithub.com/nathanjsweet)) - Default client-go QPS and burst in agent and operator have been increased to 10 and 20 respectively for k8s versions 1.27+ ([#​29445](https://togithub.com/cilium/cilium/issues/29445), [@​marseel](https://togithub.com/marseel)) - Delete auth map entries for removed Security IDs in SPIRE ([#​27663](https://togithub.com/cilium/cilium/issues/27663), [@​meyskens](https://togithub.com/meyskens)) - Deprecated helm options enableK8sEventHandover/enableCnpStatusUpdates were removed. Corresponding flag "enable-k8s-event-handover" in Agent and "cnp-status-update-interval" in operator were removed. ([#​29395](https://togithub.com/cilium/cilium/issues/29395), [@​marseel](https://togithub.com/marseel)) - docs, cilium: Remove `cilium endpoint regenerate` command ([#​27326](https://togithub.com/cilium/cilium/issues/27326), [@​christarazi](https://togithub.com/christarazi)) - docs: remove annotations-based l7 visibility ([#​28449](https://togithub.com/cilium/cilium/issues/28449), [@​networkop](https://togithub.com/networkop)) - Don't automatically infer ClusterID and ClusterName for external workloads. ([#​27886](https://togithub.com/cilium/cilium/issues/27886), [@​giorio94](https://togithub.com/giorio94)) - egressgw: inject datapath config via hive ([#​27414](https://togithub.com/cilium/cilium/issues/27414), [@​lmb](https://togithub.com/lmb)) - EgressGW: interface selection is now done with BPF, using --install-egress-gateway-routes is no longer needed. ([#​26215](https://togithub.com/cilium/cilium/issues/26215), [@​jibi](https://togithub.com/jibi)) - egressgw: refactor check for conflicting egress IPs ([#​27491](https://togithub.com/cilium/cilium/issues/27491), [@​lmb](https://togithub.com/lmb)) - egressgw: reject config with CiliumEndpointSlice ([#​27984](https://togithub.com/cilium/cilium/issues/27984), [@​julianwiedmann](https://togithub.com/julianwiedmann)) - egressgw: tidy up Config handling ([#​27221](https://togithub.com/cilium/cilium/issues/27221), [@​lmb](https://togithub.com/lmb)) - endpoint, endpointmanager: Publish max policymap size as metric ([#​27367](https://togithub.com/cilium/cilium/issues/27367), [@​christarazi](https://togithub.com/christarazi)) - ENI: fix calculateExcessIPs excessive calculate of excess ip ([#​28467](https://togithub.com/cilium/cilium/issues/28467), [@​wu0407](https://togithub.com/wu0407)) - Envoy running inside the Cilium Agent may now be scraped by Prometheus when using Prometheus' ServiceMonitor objects. (Backport PR [#​30349](https://togithub.com/cilium/cilium/issues/30349), Upstream PR [#​30126](https://togithub.com/cilium/cilium/issues/30126), [@​youngnick](https://togithub.com/youngnick)) - envoy: Bump envoy to 1.26.2 ([#​26851](https://togithub.com/cilium/cilium/issues/26851), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy version to v1.26.4 ([#​27104](https://togithub.com/cilium/cilium/issues/27104), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy version to v1.27.1 ([#​28531](https://togithub.com/cilium/cilium/issues/28531), [@​sayboras](https://togithub.com/sayboras)) - envoy: Bump envoy version to v1.27.2 ([#​28671](https://togithub.com/cilium/cilium/issues/28671), [@​mhofstetter](https://togithub.com/mhofstetter)) - envoy: Update envoy version to the latest build ([#​27819](https://togithub.com/cilium/cilium/issues/27819), [@​jrajahalme](https://togithub.com/jrajahalme)) - Extend AWS metadata-based policy enforcement to work with any VPC-enabled service. ([#​27071](https://togithub.com/cilium/cilium/issues/27071), [@​spacepants](https://togithub.com/spacepants)) - Fix inaccurate calculation for bootstrap stats of restore ([#​27983](https://togithub.com/cilium/cilium/issues/27983), [@​PlatformLC](https://togithub.com/PlatformLC)) - fix: Preserve OwnerReferences when updating Ingresses with Load Balancer in shared mode ([#​28452](https://togithub.com/cilium/cilium/issues/28452), [@​bittermandel](https://togithub.com/bittermandel)) - Fixes name used for disabling KVStoreMesh metrics. ([#​27680](https://togithub.com/cilium/cilium/issues/27680), [@​marseel](https://togithub.com/marseel)) - FQDN: transition to asynchronous IPCache APIs ([#​29036](https://togithub.com/cilium/cilium/issues/29036), [@​squeed](https://togithub.com/squeed)) - gateway-api: Add support for gateway.infrastructure attribute ([#​29122](https://togithub.com/cilium/cilium/issues/29122), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Add support for multiple request mirrors ([#​28342](https://togithub.com/cilium/cilium/issues/28342), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Add supported features in GatewayClass status ([#​29116](https://togithub.com/cilium/cilium/issues/29116), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Bump the version to v0.8.1 ([#​28195](https://togithub.com/cilium/cilium/issues/28195), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Bump the version to v1.0.0-rc1 ([#​28757](https://togithub.com/cilium/cilium/issues/28757), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Bump version to v0.8.0-rc1 ([#​27592](https://togithub.com/cilium/cilium/issues/27592), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Check for required CRDs upon startup ([#​28982](https://togithub.com/cilium/cilium/issues/28982), [@​sayboras](https://togithub.com/sayboras)) - gateway-api: Update API version for Reference Grant ([#​29811](https://togithub.com/cilium/cilium/issues/29811), [@​sayboras](https://togithub.com/sayboras)) - Handle IPv4 fragments in SNAT flows correctly. ([#​25340](https://togithub.com/cilium/cilium/issues/25340), [@​gentoo-root](https://togithub.com/gentoo-root)) - helm: Add extraVolumeMounts to cilium config init container (Backport PR [#​30349](https://togithub.com/cilium/cilium/issues/30349), Upstream PR [#​30131](https://togithub.com/cilium/cilium/issues/30131), [@​ayuspin](https://togithub.com/ayuspin)) - helm: Added support for existing Cilium SPIRE NS ([#​29032](https://togithub.com/cilium/cilium/issues/29032), [@​PhilipSchmid](https://togithub.com/PhilipSchmid)) - helm: allow annotations to be set for preflight resources ([#​27860](https://togithub.com/cilium/cilium/issues/27860), [@​bradwhitfield](https://togithub.com/bradwhitfield)) - Hide empty columns by default in "kubectl get ciliumendpoints" output ([#​28744](https://togithub.com/cilium/cilium/issues/28744), [@​Iiqbal2000](https://togithub.com/Iiqbal2000)) - hive/cell: remove health reporting on health provider. ([#​28773](https://togithub.com/cilium/cilium/issues/28773), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - hubble-relay: Add support for peers joining during requests ([#​29326](https://togithub.com/cilium/cilium/issues/29326), [@​glrf](https://togithub.com/glrf)) - Hubble: add option to filter for pods and services in any namespace ([#​28921](https://togithub.com/cilium/cilium/issues/28921), [@​glrf](https://togithub.com/glrf)) - hubble: Add Support for filtering on HTTP headers ([#​28851](https://togithub.com/cilium/cilium/issues/28851), [@​ChrsMark](https://togithub.com/ChrsMark)) - hubble: Conditionally redact user info present in URLs in (L7) HTTP flows ([#​28848](https://togithub.com/cilium/cilium/issues/28848), [@​ioandr](https://togithub.com/ioandr)) - Hubble: improve security by adding an option to redact API key in Kafka requests (L7) ([#​25844](https://togithub.com/cilium/cilium/issues/25844), [@​ioandr](https://togithub.com/ioandr)) - hubble: replace deprecated usage of grpc.WithInsecure. ([#​25631](https://togithub.com/cilium/cilium/issues/25631), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Ignore Indexed Job-specific label by default for CID creation `batch.kubernetes.io/job-completion-index`. ([#​28897](https://togithub.com/cilium/cilium/issues/28897), [@​tosi3k](https://togithub.com/tosi3k)) - Ignore StatefulSet-specific labels by default for CID creation. This includes the two following labels: - statefulset.kubernetes.io/pod-name - apps.kubernetes.io/pod-index ([#​28003](https://togithub.com/cilium/cilium/issues/28003), [@​tosi3k](https://togithub.com/tosi3k)) - Implement `AdvertisedPathAttributes` for `CiliumBGPNeighbor` in the `CiliumBGPPeeringPolicy` CRD to allow setting BGP Community and Local Preference path attributes for advertised BGP routes. ([#​27705](https://togithub.com/cilium/cilium/issues/27705), [@​rastislavs](https://togithub.com/rastislavs)) - Improve `cilium status --verbose` and `cilium-health status --succinct` support to show IPv6 IPs as well ([#​27912](https://togithub.com/cilium/cilium/issues/27912), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - Improve cilium-agent bootstrap time when using cluster-pool ipam. ([#​28354](https://togithub.com/cilium/cilium/issues/28354), [@​marseel](https://togithub.com/marseel)) - Improve helm validation for clustermesh, and allow creating the clustermesh configuration also in kvstore mode ([#​28763](https://togithub.com/cilium/cilium/issues/28763), [@​giorio94](https://togithub.com/giorio94)) - Improve Hubble Relay Kubernetes Readiness/Liveness check ([#​28765](https://togithub.com/cilium/cilium/issues/28765), [@​glrf](https://togithub.com/glrf)) - Improve the usability of the `cilium policy selectors` command by including the policy name and namespace in order to easily understand which selector comes from what policy ([#​27838](https://togithub.com/cilium/cilium/issues/27838), [@​christarazi](https://togithub.com/christarazi)) - Increase number of dnsproxy mutexes from 128 to 131. ([#​27147](https://togithub.com/cilium/cilium/issues/27147), [@​marseel](https://togithub.com/marseel)) - init: Poll CRD synchronization times have been lowered from 1 second to 50ms. ([#​28954](https://togithub.com/cilium/cilium/issues/28954), [@​howardjohn](https://togithub.com/howardjohn)) - Introduce ability to specify SAFI/AFI for specific BGP peers. ([#​26940](https://togithub.com/cilium/cilium/issues/26940), [@​ldelossa](https://togithub.com/ldelossa)) - ipam, metrics: Add new capacity metric ([#​27710](https://togithub.com/cilium/cilium/issues/27710), [@​christarazi](https://togithub.com/christarazi)) - ipam/multipool: Introduce specific ip family annotations for specifying ip pools ([#​28244](https://togithub.com/cilium/cilium/issues/28244), [@​hargrovee](https://togithub.com/hargrovee)) - ipam: Remove cluster-pool-v2beta code ([#​27753](https://togithub.com/cilium/cilium/issues/27753), [@​gandro](https://togithub.com/gandro)) - Merge clustermesh-apiserver and kvstoremesh into a single image ([#​27888](https://togithub.com/cilium/cilium/issues/27888), [@​giorio94](https://togithub.com/giorio94)) - metrics: add bpf_map_capacity metric which provides max size of maps ([#​28146](https://togithub.com/cilium/cilium/issues/28146), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - metrics: Add workqueue metrics ([#​27042](https://togithub.com/cilium/cilium/issues/27042), [@​ysksuzuki](https://togithub.com/ysksuzuki)) - Modular daemon and operator ([#​25986](https://togithub.com/cilium/cilium/issues/25986), [@​pippolo84](https://togithub.com/pippolo84)) - Mutual Auth: only respond handshake with certificate if security ID is in use on node ([#​27682](https://togithub.com/cilium/cilium/issues/27682), [@​meyskens](https://togithub.com/meyskens)) - mutual-auth: Bump spire image version ([#​29101](https://togithub.com/cilium/cilium/issues/29101), [@​sayboras](https://togithub.com/sayboras)) - Named ports in DNS policies are now resolved correctly. ([#​29023](https://togithub.com/cilium/cilium/issues/29023), [@​jrajahalme](https://togithub.com/jrajahalme)) - Named ports in DNS policies are now resolved correctly. (Backport PR [#​30529](https://togithub.com/cilium/cilium/issues/30529), Upstream PR [#​29023](https://togithub.com/cilium/cilium/issues/29023), [@​jrajahalme](https://togithub.com/jrajahalme)) - Operator modular metrics ([#​28005](https://togithub.com/cilium/cilium/issues/28005), [@​pippolo84](https://togithub.com/pippolo84)) - operator: Remove identity GC and CES controller legacy metrics ([#​28166](https://togithub.com/cilium/cilium/issues/28166), [@​pippolo84](https://togithub.com/pippolo84)) - pkg/datapath: Remove defunct `--single-cluster-route` flag ([#​29221](https://togithub.com/cilium/cilium/issues/29221), [@​gandro](https://togithub.com/gandro)) - pkg/labels: print all leaf CIDRs, not just the last one. ([#​28224](https://togithub.com/cilium/cilium/issues/28224), [@​squeed](https://togithub.com/squeed)) - Pre-initialize several known metric vectors to avoid empty metrics (specifically: endpoint_regenerations_total, policy_change_total, policy_implementation_delay, policy_l7\_total and kubernetes_events metrics). ([#​27835](https://togithub.com/cilium/cilium/issues/27835), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - Propagate prefixed labels from Ingress resource to LB service ([#​28598](https://togithub.com/cilium/cilium/issues/28598), [@​log1cb0mb](https://togithub.com/log1cb0mb)) - Refactor hubble redact settings schema ([#​26989](https://togithub.com/cilium/cilium/issues/26989), [@​ChrsMark](https://togithub.com/ChrsMark)) - Refactor hubble redact settings schema \[v2] ([#​27553](https://togithub.com/cilium/cilium/issues/27553), [@​ChrsMark](https://togithub.com/ChrsMark)) - Remove deprecate clustermesh CA configuration from the helm chart ([#​27162](https://togithub.com/cilium/cilium/issues/27162), [@​giorio94](https://togithub.com/giorio94)) - Remove deprecated `policy_import_errors_total` metric ([#​28423](https://togithub.com/cilium/cilium/issues/28423), [@​tklauser](https://togithub.com/tklauser)) - Remove deprecated tunnel option, and corresponding helm values setting ([#​29053](https://togithub.com/cilium/cilium/issues/29053), [@​giorio94](https://togithub.com/giorio94)) - Rename the CLI for local Cilium API access to 'cilium-dbg' ([#​28085](https://togithub.com/cilium/cilium/issues/28085), [@​joestringer](https://togithub.com/joestringer)) - Replace etcd init script used for clustermesh with a Go equivalent. Upgrade etcd to v3.5.10. ([#​29109](https://togithub.com/cilium/cilium/issues/29109), [@​JamesLaverack](https://togithub.com/JamesLaverack)) - Replace LB-IPAM IP allocator to remove limitations and enable additional features ([#​26488](https://togithub.com/cilium/cilium/issues/26488), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - Replace metricsmap-bpf-prom-sync with Prometheus Collector pattern ([#​27370](https://togithub.com/cilium/cilium/issues/27370), [@​carnerito](https://togithub.com/carnerito)) - Respond with ICMP reply for traffic to services without backends ([#​28157](https://togithub.com/cilium/cilium/issues/28157), [@​dylandreimerink](https://togithub.com/dylandreimerink)) - show DSR-dispatch mode in cilium-dbg status ([#​29217](https://togithub.com/cilium/cilium/issues/29217), [@​chaunceyjiang](https://togithub.com/chaunceyjiang)) - Structured Health Reporter + EndpointManager Modular Health Checks ([#​27522](https://togithub.com/cilium/cilium/issues/27522), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - The cilium-agent now sets GOMEMLIMIT to the container's memory resource limit, which helps the Go GC to avoid unnecessary OOMs. ([#​27958](https://togithub.com/cilium/cilium/issues/27958), [@​bimmlerd](https://togithub.com/bimmlerd)) - The podIPPoolSelector field has been added to CiliumBGPVirtualRouter for selectively advertising multi-pool IPAM CIDRs. ([#​27100](https://togithub.com/cilium/cilium/issues/27100), [@​danehans](https://togithub.com/danehans)) - Update to Envoy 1.27.0, run cilium-envoy process without any privileges. ([#​27498](https://togithub.com/cilium/cilium/issues/27498), [@​jrajahalme](https://togithub.com/jrajahalme)) - When BGP control plane is enabled and configured for service announcements, it will only advertise a matching service that has an unspecified loadbalancerClass or set for "io.cilium/bgp-control-plane". ([#​26905](https://togithub.com/cilium/cilium/issues/26905), [@​danehans](https://togithub.com/danehans)) - When master key protection is enabled, failed attempts at recreating k8s identity resources will now be retried. ([#​28912](https://togithub.com/cilium/cilium/issues/28912), [@​tommyp1ckles](https://togithub.com/tommyp1ckles)) - When tunneling is enabled, a packet will be encapsulated by Cilium's tunnel netdev before encrypting with WireGuard. ([#​29000](https://togithub.com/cilium/cilium/issues/29000), [@​brb](https://togithub.com/brb)) **Bugfixes:** - `ImplementationSpecific` Ingress paths (which for Cilium Ingress means regex path matches) are now sorted correctly in between `Exa

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

â™» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

This PR has been generated by Mend Renovate. View repository job log here.