fix(helm): update helm release cilium to v1.17.0-pre.2

[theriver-bot[bot]]

This PR contains the following updates:

Package	Update	Change	OpenSSF
cilium (source)	patch	1.17.0-pre.1 -> 1.17.0-pre.2

---

Release Notes

cilium/cilium (cilium)

### [`v1.17.0-pre.2`](https://redirect.github.com/cilium/cilium/releases/tag/v1.17.0-pre.2): 1.17.0-pre.2 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.17.0-pre.1...1.17.0-pre.2) ## Summary of Changes **Major Changes:** - clustermesh: add Multi-cluster Service API support ([#​34439](https://redirect.github.com/cilium/cilium/issues/34439), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) **Minor Changes:** - Add a --kubeconfig argument to CLI ([#​34573](https://redirect.github.com/cilium/cilium/issues/34573), [@​ldlb9527](https://redirect.github.com/ldlb9527)) - Add support for automatic port-forwarding in Hubble CLI Replace kubectl-based port-forwarding with native implementation in Cilium CLI ([#​35483](https://redirect.github.com/cilium/cilium/issues/35483), [@​devodev](https://redirect.github.com/devodev)) - Adds `cilium_hive_degraded_status` metric to count degraded health status levels of Hive components labeled by modules. \`\`\` ([#​34824](https://redirect.github.com/cilium/cilium/issues/34824), [@​ovidiutirla](https://redirect.github.com/ovidiutirla)) - bpf,tests: Add TCP and UDP checksum validation ([#​34408](https://redirect.github.com/cilium/cilium/issues/34408), [@​viktor-kurchenko](https://redirect.github.com/viktor-kurchenko)) - CIDRGroup Except blocks now produce fewer PolicyMap entries, improving scalability. ([#​35139](https://redirect.github.com/cilium/cilium/issues/35139), [@​squeed](https://redirect.github.com/squeed)) - cilium-cli status: fail fast on terminal error ([#​35048](https://redirect.github.com/cilium/cilium/issues/35048), [@​nimishamehta5](https://redirect.github.com/nimishamehta5)) - cilium: fix integer overflow in netkit probe on 32bit platform ([#​35659](https://redirect.github.com/cilium/cilium/issues/35659), [@​devodev](https://redirect.github.com/devodev)) - clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination ([#​35349](https://redirect.github.com/cilium/cilium/issues/35349), [@​giorio94](https://redirect.github.com/giorio94)) - daemon: rename --bpf-conntrack-accounting-enabled flag to --bpf-conntrack-accounting ([#​35142](https://redirect.github.com/cilium/cilium/issues/35142), [@​jibi](https://redirect.github.com/jibi)) - envoy: Bump envoy image to latest build ([#​35538](https://redirect.github.com/cilium/cilium/issues/35538), [@​sayboras](https://redirect.github.com/sayboras)) - feat(clustermesh): Deploy in parallel the connections ([#​35021](https://redirect.github.com/cilium/cilium/issues/35021), [@​littlejo](https://redirect.github.com/littlejo)) - feat(envoy): json logging support ([#​34323](https://redirect.github.com/cilium/cilium/issues/34323), [@​byxorna](https://redirect.github.com/byxorna)) - Fixes slow policy import times when many network policies reference the same CIDR. ([#​35511](https://redirect.github.com/cilium/cilium/issues/35511), [@​squeed](https://redirect.github.com/squeed)) - gateway-api: Support latest release v1.2.0 ([#​35216](https://redirect.github.com/cilium/cilium/issues/35216), [@​sayboras](https://redirect.github.com/sayboras)) - helm: Add configuration option for endpoint source IP verification ([#​34056](https://redirect.github.com/cilium/cilium/issues/34056), [@​CiraciNicolo](https://redirect.github.com/CiraciNicolo)) - helm: Lower default `hubble.tls.auto.certValidityDuration` to 365 days ([#​35630](https://redirect.github.com/cilium/cilium/issues/35630), [@​chancez](https://redirect.github.com/chancez)) - hubble-relay: Return underlying connection errors when connecting to peer manager ([#​35632](https://redirect.github.com/cilium/cilium/issues/35632), [@​chancez](https://redirect.github.com/chancez)) - In case of an IPsec key rotation, error if the user forgot to increment the SPI per the documentation. ([#​34037](https://redirect.github.com/cilium/cilium/issues/34037), [@​smagnani96](https://redirect.github.com/smagnani96)) - ipam: lower the severity of failed cilium node update if retry is going to be performed immediately ([#​35479](https://redirect.github.com/cilium/cilium/issues/35479), [@​marseel](https://redirect.github.com/marseel)) - ipam: Support for static IP allocation in AWS ([#​34622](https://redirect.github.com/cilium/cilium/issues/34622), [@​antonipp](https://redirect.github.com/antonipp)) - k8s: support for loadbalancer svc ip mode ([#​34780](https://redirect.github.com/cilium/cilium/issues/34780), [@​dakehero](https://redirect.github.com/dakehero)) - Miscellaneous improvements to the sysdump collection ([#​35610](https://redirect.github.com/cilium/cilium/issues/35610), [@​giorio94](https://redirect.github.com/giorio94)) - policy: add namespace index to the policy repository so we can skip trying to match namespace-specific rules for the non-matching namespaces. ([#​34802](https://redirect.github.com/cilium/cilium/issues/34802), [@​marseel](https://redirect.github.com/marseel)) - policy: make ToServices selectors work for in-cluster services too ([#​34208](https://redirect.github.com/cilium/cilium/issues/34208), [@​chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - Remove deprecated annotations-based L7 visibility ([#​35019](https://redirect.github.com/cilium/cilium/issues/35019), [@​tklauser](https://redirect.github.com/tklauser)) - ServiceMonitor: Only create `envoy-metrics` block if Envoy is enabled ([#​34673](https://redirect.github.com/cilium/cilium/issues/34673), [@​ToroNZ](https://redirect.github.com/ToroNZ)) - Strictly validate the cluster name format ([#​32819](https://redirect.github.com/cilium/cilium/issues/32819), [@​giorio94](https://redirect.github.com/giorio94)) - wireguard: remove deprecated userspace fallback ([#​35158](https://redirect.github.com/cilium/cilium/issues/35158), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) **Bugfixes:** - Avoid duplicate errors in health status for node-neighbor-link-updater ([#​35179](https://redirect.github.com/cilium/cilium/issues/35179), [@​wedaly](https://redirect.github.com/wedaly)) - bgpv1: fix reconciliation of services with shared VIPs ([#​35333](https://redirect.github.com/cilium/cilium/issues/35333), [@​rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: fix reconciliation of services with shared VIPs ([#​35166](https://redirect.github.com/cilium/cilium/issues/35166), [@​rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: set local peering address when specified ([#​35552](https://redirect.github.com/cilium/cilium/issues/35552), [@​harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bugfix: fixed extravolumes mount in cilium-preflight ([#​35386](https://redirect.github.com/cilium/cilium/issues/35386), [@​tokarev-artem](https://redirect.github.com/tokarev-artem)) - bugtool: fix cilium-health command ([#​35068](https://redirect.github.com/cilium/cilium/issues/35068), [@​ayuspin](https://redirect.github.com/ayuspin)) - Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. ([#​35150](https://redirect.github.com/cilium/cilium/issues/35150), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Cilium no longer fails compiling bpf programs if listing network links is interrupted. ([#​35259](https://redirect.github.com/cilium/cilium/issues/35259), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an `timeout waiting for response` error is encountered. ([#​35589](https://redirect.github.com/cilium/cilium/issues/35589), [@​bimmlerd](https://redirect.github.com/bimmlerd)) - cilium-dbg: fix status commands for cluster connectivity health ([#​33972](https://redirect.github.com/cilium/cilium/issues/33972), [@​darox](https://redirect.github.com/darox)) - Datasource error fixed for Cilium Operator dashboard ([#​35420](https://redirect.github.com/cilium/cilium/issues/35420), [@​VergeDX](https://redirect.github.com/VergeDX)) - Fix an issue where pod-to-world traffic goes up stack when BPF host routing is enabled with tunnel. ([#​35098](https://redirect.github.com/cilium/cilium/issues/35098), [@​jschwinger233](https://redirect.github.com/jschwinger233)) - Fix incorrect deletion of revNAT entries due to service ID conflict ([#​34552](https://redirect.github.com/cilium/cilium/issues/34552), [@​haozhangami](https://redirect.github.com/haozhangami)) - Fix missing flowlabel hash on SRv6 traffic. ([#​35498](https://redirect.github.com/cilium/cilium/issues/35498), [@​akaliwod](https://redirect.github.com/akaliwod)) - Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. ([#​35173](https://redirect.github.com/cilium/cilium/issues/35173), [@​smagnani96](https://redirect.github.com/smagnani96)) - Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode ([#​35673](https://redirect.github.com/cilium/cilium/issues/35673), [@​giorio94](https://redirect.github.com/giorio94)) - Fix redirect from L3 device to remote endpoint via overlay network. ([#​35165](https://redirect.github.com/cilium/cilium/issues/35165), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fixed bug in tracking policy changes that could have resulted in revert not woking in failure cases as expected. ([#​35109](https://redirect.github.com/cilium/cilium/issues/35109), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Fixed Cilium CLI fatal error: concurrent map read and map write ([#​35311](https://redirect.github.com/cilium/cilium/issues/35311), [@​chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. ([#​35599](https://redirect.github.com/cilium/cilium/issues/35599), [@​squeed](https://redirect.github.com/squeed)) - Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. ([#​35293](https://redirect.github.com/cilium/cilium/issues/35293), [@​squeed](https://redirect.github.com/squeed)) - gateway-api: Add service observable event handler ([#​33352](https://redirect.github.com/cilium/cilium/issues/33352), [@​sayboras](https://redirect.github.com/sayboras)) - gha: Remove hostLegacyRouting in clustermesh ([#​35418](https://redirect.github.com/cilium/cilium/issues/35418), [@​sayboras](https://redirect.github.com/sayboras)) - helm template function no longer errors when using k8sServiceHost: auto ([#​35186](https://redirect.github.com/cilium/cilium/issues/35186), [@​kreeuwijk](https://redirect.github.com/kreeuwijk)) - helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries ([#​35301](https://redirect.github.com/cilium/cilium/issues/35301), [@​hox](https://redirect.github.com/hox)) - hubble: add printer for lost events ([#​35208](https://redirect.github.com/cilium/cilium/issues/35208), [@​aanm](https://redirect.github.com/aanm)) - hubble: fix endpoint cluster name ([#​35415](https://redirect.github.com/cilium/cilium/issues/35415), [@​kaworu](https://redirect.github.com/kaworu)) - Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. ([#​35143](https://redirect.github.com/cilium/cilium/issues/35143), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - l7lb: fix registration of flag loadbalancer-l7 ([#​35623](https://redirect.github.com/cilium/cilium/issues/35623), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout ([#​35069](https://redirect.github.com/cilium/cilium/issues/35069), [@​chancez](https://redirect.github.com/chancez)) - Make LB-IPAM allow IP sharing between services with the same ports but different protocols ([#​34691](https://redirect.github.com/cilium/cilium/issues/34691), [@​ldlb9527](https://redirect.github.com/ldlb9527)) - netkit: Allow ARP packets through when using host firewall. ([#​35070](https://redirect.github.com/cilium/cilium/issues/35070), [@​jrife](https://redirect.github.com/jrife)) - netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. ([#​35306](https://redirect.github.com/cilium/cilium/issues/35306), [@​jrife](https://redirect.github.com/jrife)) - Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. ([#​35381](https://redirect.github.com/cilium/cilium/issues/35381), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - treewide: Add wrapper for `netlink` functions that may fail with `ErrDumpInterrupted` ([#​35614](https://redirect.github.com/cilium/cilium/issues/35614), [@​gandro](https://redirect.github.com/gandro)) **CI Changes:** - .github/conformance-ginkgo: replace deprecated jq flag ([#​35399](https://redirect.github.com/cilium/cilium/issues/35399), [@​aanm](https://redirect.github.com/aanm)) - .github/lint-build-commits: fix workflow for push events ([#​35264](https://redirect.github.com/cilium/cilium/issues/35264), [@​aanm](https://redirect.github.com/aanm)) - .github: do not push floating tag from PRs ([#​35227](https://redirect.github.com/cilium/cilium/issues/35227), [@​aanm](https://redirect.github.com/aanm)) - .github: extend timeout for tests-ipsec-upgrade workflow ([#​35657](https://redirect.github.com/cilium/cilium/issues/35657), [@​rastislavs](https://redirect.github.com/rastislavs)) - .github: remove libncurses5 from integration tests ([#​35408](https://redirect.github.com/cilium/cilium/issues/35408), [@​aanm](https://redirect.github.com/aanm)) - Add concurrency to e2e-upgrade tests ([#​34806](https://redirect.github.com/cilium/cilium/issues/34806), [@​aanm](https://redirect.github.com/aanm)) - Add concurrency to test-ipsec-upgrade ([#​35362](https://redirect.github.com/cilium/cilium/issues/35362), [@​aanm](https://redirect.github.com/aanm)) - Ariane: skip E2E tests when changing unit tests only ([#​35334](https://redirect.github.com/cilium/cilium/issues/35334), [@​giorio94](https://redirect.github.com/giorio94)) - bpf: complexity-tests: add HAVE_SET_RETVAL and HAVE_NETNS_COOKIE for bpf_sock tests ([#​35291](https://redirect.github.com/cilium/cilium/issues/35291), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - CI: Add channel arguments to GKE related workflows ([#​35522](https://redirect.github.com/cilium/cilium/issues/35522), [@​brlbil](https://redirect.github.com/brlbil)) - CI: Add list and filter artifacts steps ([#​35172](https://redirect.github.com/cilium/cilium/issues/35172), [@​brlbil](https://redirect.github.com/brlbil)) - CI: Add merge and upload composite action ([#​35355](https://redirect.github.com/cilium/cilium/issues/35355), [@​brlbil](https://redirect.github.com/brlbil)) - ci: conformance-kind: don't explicitly enable session affinity ([#​35290](https://redirect.github.com/cilium/cilium/issues/35290), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: conformance-kind: re-enable flaky Aggregator test ([#​35286](https://redirect.github.com/cilium/cilium/issues/35286), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: datapath-verifier: bump lvh images ([#​35456](https://redirect.github.com/cilium/cilium/issues/35456), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: Introduce CILIUM_INSTALL_NET_PERF_EXTRA_ARGS env var ([#​35178](https://redirect.github.com/cilium/cilium/issues/35178), [@​markpash](https://redirect.github.com/markpash)) - ci: netperf always run hubble ([#​35268](https://redirect.github.com/cilium/cilium/issues/35268), [@​marseel](https://redirect.github.com/marseel)) - CI: remove unsed env variable ([#​35149](https://redirect.github.com/cilium/cilium/issues/35149), [@​brlbil](https://redirect.github.com/brlbil)) - ci: run privileged tests in parallel except for IPSec ([#​35232](https://redirect.github.com/cilium/cilium/issues/35232), [@​marseel](https://redirect.github.com/marseel)) - ci: switch most remaining workflows to new IPsec key system ([#​35295](https://redirect.github.com/cilium/cilium/issues/35295), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - cilium-cli: Ignore "No egress gateway found" drops ([#​35609](https://redirect.github.com/cilium/cilium/issues/35609), [@​pchaigno](https://redirect.github.com/pchaigno)) - cli/connectivity: Test strict mode encryption ([#​35231](https://redirect.github.com/cilium/cilium/issues/35231), [@​jschwinger233](https://redirect.github.com/jschwinger233)) - Fix bug in testsuite where a list of Pods was initialized with several empty elements rather than allocating the buffer with space for enough elements. ([#​35164](https://redirect.github.com/cilium/cilium/issues/35164), [@​rusttech](https://redirect.github.com/rusttech)) - Fix bug preventing the ability to build images with non-stripped binaries ([#​35326](https://redirect.github.com/cilium/cilium/issues/35326), [@​learnitall](https://redirect.github.com/learnitall)) - gha: Update chmod command ([#​35400](https://redirect.github.com/cilium/cilium/issues/35400), [@​sayboras](https://redirect.github.com/sayboras)) - gha: Update logic to extract gateway-api version ([#​35189](https://redirect.github.com/cilium/cilium/issues/35189), [@​sayboras](https://redirect.github.com/sayboras)) - policy/ci: Add Complex Allow Test to Policy Engine ([#​35156](https://redirect.github.com/cilium/cilium/issues/35156), [@​nathanjsweet](https://redirect.github.com/nathanjsweet)) - Refactor and set a default for GH_RUNNER_EXTRA_POWER ([#​35267](https://redirect.github.com/cilium/cilium/issues/35267), [@​aanm](https://redirect.github.com/aanm)) - renovate: manually bump version ([#​35660](https://redirect.github.com/cilium/cilium/issues/35660), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - servicemesh, ci: run internal to NodePort test ([#​35177](https://redirect.github.com/cilium/cilium/issues/35177), [@​marseel](https://redirect.github.com/marseel)) - workflows/gateway-api: Cover IPsec with GatewayAPI ([#​35584](https://redirect.github.com/cilium/cilium/issues/35584), [@​pchaigno](https://redirect.github.com/pchaigno)) - workflows/ipsec: Cover Ingress ([#​35476](https://redirect.github.com/cilium/cilium/issues/35476), [@​pchaigno](https://redirect.github.com/pchaigno)) - workflows: Extend IPsec tests to cover egress gateway ([#​35323](https://redirect.github.com/cilium/cilium/issues/35323), [@​pchaigno](https://redirect.github.com/pchaigno)) **Misc Changes:** - .github/build-images-base: checkout base branch to get scripts ([#​35236](https://redirect.github.com/cilium/cilium/issues/35236), [@​aanm](https://redirect.github.com/aanm)) - .github: clean up disk for lint-build workflow ([#​35141](https://redirect.github.com/cilium/cilium/issues/35141), [@​aanm](https://redirect.github.com/aanm)) - .github: do not update github runners for bpf workflows ([#​35131](https://redirect.github.com/cilium/cilium/issues/35131), [@​aanm](https://redirect.github.com/aanm)) - .github: fix build image process to commit changes ([#​35262](https://redirect.github.com/cilium/cilium/issues/35262), [@​aanm](https://redirect.github.com/aanm)) - .github: increase concurrent jobs in tests-e2e-upgrade ([#​35225](https://redirect.github.com/cilium/cilium/issues/35225), [@​aanm](https://redirect.github.com/aanm)) - .github: remove retention days for image digests ([#​35457](https://redirect.github.com/cilium/cilium/issues/35457), [@​aanm](https://redirect.github.com/aanm)) - Add BMC to USERS.md ([#​35356](https://redirect.github.com/cilium/cilium/issues/35356), [@​ryebridge](https://redirect.github.com/ryebridge)) - add checks to ipv6\_hdrlen return value usage during wireguard tracing in ingress path ([#​35345](https://redirect.github.com/cilium/cilium/issues/35345), [@​smagnani96](https://redirect.github.com/smagnani96)) - Add default prioriyClass system-node-critical to spire components ([#​35269](https://redirect.github.com/cilium/cilium/issues/35269), [@​Tilusch](https://redirect.github.com/Tilusch)) - Add documentation for clustermesh MCS-API support ([#​35114](https://redirect.github.com/cilium/cilium/issues/35114), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - Add Koyeb to users.md ([#​35481](https://redirect.github.com/cilium/cilium/issues/35481), [@​alisdairbr](https://redirect.github.com/alisdairbr)) - Add logic to detect and trace WireGuard encrypted ingress/egress packets. ([#​35183](https://redirect.github.com/cilium/cilium/issues/35183), [@​smagnani96](https://redirect.github.com/smagnani96)) - Add Scigility AG to USERS.md ([#​34970](https://redirect.github.com/cilium/cilium/issues/34970), [@​ciil](https://redirect.github.com/ciil)) - Adding Ecco Data and Ai to Cilium users ([#​35643](https://redirect.github.com/cilium/cilium/issues/35643), [@​Andre-Lx-Costa](https://redirect.github.com/Andre-Lx-Costa)) - Allow to group cells lifecycle and control the enablement leveraging the dynamic-config. ([#​34936](https://redirect.github.com/cilium/cilium/issues/34936), [@​ovidiutirla](https://redirect.github.com/ovidiutirla)) - api: Convert logrus to slog ([#​35340](https://redirect.github.com/cilium/cilium/issues/35340), [@​sayboras](https://redirect.github.com/sayboras)) - auth: Convert logrus to slog ([#​35461](https://redirect.github.com/cilium/cilium/issues/35461), [@​sayboras](https://redirect.github.com/sayboras)) - auth: fix confusing comment about mutual auth handler ([#​35649](https://redirect.github.com/cilium/cilium/issues/35649), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - bgpv2,doc: Update troubleshooting doc with CiliumBGPClusterConfig status conditions ([#​35601](https://redirect.github.com/cilium/cilium/issues/35601), [@​YutaroHayakawa](https://redirect.github.com/YutaroHayakawa)) - bgpv2-docs: updating troubleshooting and operations guide ([#​35431](https://redirect.github.com/cilium/cilium/issues/35431), [@​harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: Cleanup BGPInstance reconciler metadata ([#​34426](https://redirect.github.com/cilium/cilium/issues/34426), [@​rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: defining reconciler names and priorities constants ([#​35181](https://redirect.github.com/cilium/cilium/issues/35181), [@​harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: Introduce MissingAuthSecret condition to PeerConfig ([#​35650](https://redirect.github.com/cilium/cilium/issues/35650), [@​YutaroHayakawa](https://redirect.github.com/YutaroHayakawa)) - bgpv2: Introduce MissingPeerConfig condition to the ClusterConfig ([#​35527](https://redirect.github.com/cilium/cilium/issues/35527), [@​YutaroHayakawa](https://redirect.github.com/YutaroHayakawa)) - bgpv2: Introduce NoMatchingNode condition to CiliumBGPClusterConfig ([#​35517](https://redirect.github.com/cilium/cilium/issues/35517), [@​YutaroHayakawa](https://redirect.github.com/YutaroHayakawa)) - bgpv2: Use instance name instead of ASN in Diff ID ([#​35207](https://redirect.github.com/cilium/cilium/issues/35207), [@​rastislavs](https://redirect.github.com/rastislavs)) - bpf: aligncheck the `node_value` struct ([#​35309](https://redirect.github.com/cilium/cilium/issues/35309), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: clean up FORCE_LOCAL_POLICY_EVAL_AT_SOURCE macro ([#​35500](https://redirect.github.com/cilium/cilium/issues/35500), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: lxc: don't clear CB_POLICY prior to local delivery ([#​35175](https://redirect.github.com/cilium/cilium/issues/35175), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: lxc: handle encap_and_redirect_lxc() result with switch statement ([#​35691](https://redirect.github.com/cilium/cilium/issues/35691), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: lxc: streamline ingress network policy path ([#​35120](https://redirect.github.com/cilium/cilium/issues/35120), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: nat: support additional code points for IPv4 ICMP_DEST_UNREACH ([#​35636](https://redirect.github.com/cilium/cilium/issues/35636), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: nodeport: split off the egress-specific parts ([#​35474](https://redirect.github.com/cilium/cilium/issues/35474), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: remove CB_POLICY logic ([#​35239](https://redirect.github.com/cilium/cilium/issues/35239), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: slim down EGW-related CT lookup in to-netdev ([#​35463](https://redirect.github.com/cilium/cilium/issues/35463), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - Bump readme for releases v1.16.3, v1.15.10, v1.14.16 ([#​35412](https://redirect.github.com/cilium/cilium/issues/35412), [@​thorn3r](https://redirect.github.com/thorn3r)) - cec: Switch to slog for CEC ([#​35253](https://redirect.github.com/cilium/cilium/issues/35253), [@​sayboras](https://redirect.github.com/sayboras)) - chore(deps): update all github action dependencies (main) ([#​35246](https://redirect.github.com/cilium/cilium/issues/35246), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (main) ([#​35378](https://redirect.github.com/cilium/cilium/issues/35378), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (main) ([#​35437](https://redirect.github.com/cilium/cilium/issues/35437), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (main) ([#​35571](https://redirect.github.com/cilium/cilium/issues/35571), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([#​35221](https://redirect.github.com/cilium/cilium/issues/35221), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([#​35287](https://redirect.github.com/cilium/cilium/issues/35287), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([#​35376](https://redirect.github.com/cilium/cilium/issues/35376), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([#​35490](https://redirect.github.com/cilium/cilium/issues/35490), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([#​35524](https://redirect.github.com/cilium/cilium/issues/35524), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.19 (main) ([#​35198](https://redirect.github.com/cilium/cilium/issues/35198), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency renovatebot/renovate to v38.128.6 (main) ([#​35448](https://redirect.github.com/cilium/cilium/issues/35448), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency renovatebot/renovate to v38.132.2 (main) ([#​35572](https://redirect.github.com/cilium/cilium/issues/35572), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.23.2 docker digest to [`a7f2fc9`](https://redirect.github.com/cilium/cilium/commit/a7f2fc9) (main) ([#​35373](https://redirect.github.com/cilium/cilium/issues/35373), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.23.2 docker digest to [`ad5c126`](https://redirect.github.com/cilium/cilium/commit/ad5c126) (main) ([#​35568](https://redirect.github.com/cilium/cilium/issues/35568), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.23.2 (main) ([#​35199](https://redirect.github.com/cilium/cilium/issues/35199), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.6-1727741038-3056acb56ecfedf13398e5072c8f73320fe5e06f (main) ([#​35136](https://redirect.github.com/cilium/cilium/issues/35136), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - ci: fix build-images-base to not die in forks ([#​34950](https://redirect.github.com/cilium/cilium/issues/34950), [@​jsoref](https://redirect.github.com/jsoref)) - cilium, docs: Extend requirements for L7 proxy ([#​35669](https://redirect.github.com/cilium/cilium/issues/35669), [@​borkmann](https://redirect.github.com/borkmann)) - cilium-cli: account for opt out labels in node to node encryption tests ([#​35585](https://redirect.github.com/cilium/cilium/issues/35585), [@​giorio94](https://redirect.github.com/giorio94)) - cilium-cli: connectivity test: support every kind of resource for tests ([#​35314](https://redirect.github.com/cilium/cilium/issues/35314), [@​squeed](https://redirect.github.com/squeed)) - cilium-cli: Show config.cilium.io annotations on configmap ([#​35020](https://redirect.github.com/cilium/cilium/issues/35020), [@​joamaki](https://redirect.github.com/joamaki)) - cilium-dbg: Add "bpf ipcache delete/update" ([#​35454](https://redirect.github.com/cilium/cilium/issues/35454), [@​jschwinger233](https://redirect.github.com/jschwinger233)) - cilium: add probe for netkit for more user friendly error when not supported ([#​35551](https://redirect.github.com/cilium/cilium/issues/35551), [@​borkmann](https://redirect.github.com/borkmann)) - cilium: follow-ups on annotation mode ([#​35224](https://redirect.github.com/cilium/cilium/issues/35224), [@​borkmann](https://redirect.github.com/borkmann)) - cilium: support service source ranges also for other types ([#​35512](https://redirect.github.com/cilium/cilium/issues/35512), [@​borkmann](https://redirect.github.com/borkmann)) - clustermesh: add a readme explaining MCS-API implementation ([#​35339](https://redirect.github.com/cilium/cilium/issues/35339), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - clustermesh: fix flaky TestRemoteClusterStatus integration test ([#​35122](https://redirect.github.com/cilium/cilium/issues/35122), [@​giorio94](https://redirect.github.com/giorio94)) - clustermesh: refactor MCS-API derived service controller ([#​35039](https://redirect.github.com/cilium/cilium/issues/35039), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - CODEOWNERS: let cilium/ipsec cover .github/actions/ipsec ([#​35578](https://redirect.github.com/cilium/cilium/issues/35578), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - CODEOWNERS: pull in sig-policy for bpf/lib/policy.h ([#​35258](https://redirect.github.com/cilium/cilium/issues/35258), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - connectivity: Introdue Multicast connectivity test ([#​34530](https://redirect.github.com/cilium/cilium/issues/34530), [@​yushoyamaguchi](https://redirect.github.com/yushoyamaguchi)) - container/set: fix bug in `Set[T].Equal`, increase test coverage ([#​35315](https://redirect.github.com/cilium/cilium/issues/35315), [@​tklauser](https://redirect.github.com/tklauser)) - Control whether the anti-affinity rule is applied to cilium daemonset pods. Omitting the rule improves scheduling throughput for large clusters. ([#​35014](https://redirect.github.com/cilium/cilium/issues/35014), [@​sypakine](https://redirect.github.com/sypakine)) - ctrl-runtime: lower severity of retryable reconcile errors ([#​35364](https://redirect.github.com/cilium/cilium/issues/35364), [@​giorio94](https://redirect.github.com/giorio94)) - daemon: ensure tunnel map absence when running in native routing mode ([#​35544](https://redirect.github.com/cilium/cilium/issues/35544), [@​giorio94](https://redirect.github.com/giorio94)) - daemon: kpr: group all SocketLB related checks together ([#​35450](https://redirect.github.com/cilium/cilium/issues/35450), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - datapath: move policy map value prefix length to flags ([#​35534](https://redirect.github.com/cilium/cilium/issues/35534), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - datapath: require TCP EDT support and writeable skb queue_mapping ([#​34491](https://redirect.github.com/cilium/cilium/issues/34491), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - dbg: envoy: Introduce possibility to change Envoy log level ([#​35509](https://redirect.github.com/cilium/cilium/issues/35509), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - dbg: increase limit when safely reading envoy metrics via cilium-dbg ([#​35528](https://redirect.github.com/cilium/cilium/issues/35528), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - doc: Fixed Gateway API vs. Ingress naming mistake ([#​35499](https://redirect.github.com/cilium/cilium/issues/35499), [@​PhilipSchmid](https://redirect.github.com/PhilipSchmid)) - docs: Add known issue for netkit endpoint route issues ([#​35126](https://redirect.github.com/cilium/cilium/issues/35126), [@​jrife](https://redirect.github.com/jrife)) - docs: Add parameter to generate SSH keys for AKS "getting started" steps. ([#​35270](https://redirect.github.com/cilium/cilium/issues/35270), [@​pedroignacio13](https://redirect.github.com/pedroignacio13)) - docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation ([#​35288](https://redirect.github.com/cilium/cilium/issues/35288), [@​oneumyvakin](https://redirect.github.com/oneumyvakin)) - docs: clean up stale kernel requirements ([#​35575](https://redirect.github.com/cilium/cilium/issues/35575), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: Fix markdown in pkg/loadbalancer/experimental/README.md ([#​35065](https://redirect.github.com/cilium/cilium/issues/35065), [@​DamianSawicki](https://redirect.github.com/DamianSawicki)) - docs: improve KPR documentation ([#​35147](https://redirect.github.com/cilium/cilium/issues/35147), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: kpr: update error message regarding SocketLB tracing ([#​35337](https://redirect.github.com/cilium/cilium/issues/35337), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - Docs: make ToServices selectors work for in-cluster services too ([#​35506](https://redirect.github.com/cilium/cilium/issues/35506), [@​chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - docs: network policy: remove SCTP from `missing features` list ([#​35238](https://redirect.github.com/cilium/cilium/issues/35238), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: Trivial improvements to contributor guide ([#​35307](https://redirect.github.com/cilium/cilium/issues/35307), [@​pmatulis](https://redirect.github.com/pmatulis)) - docs: tuning: XDP LB also supports tunnel routing ([#​35574](https://redirect.github.com/cilium/cilium/issues/35574), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: update bisect instructions ([#​35194](https://redirect.github.com/cilium/cilium/issues/35194), [@​aanm](https://redirect.github.com/aanm)) - docs: update default identity label filters ([#​35422](https://redirect.github.com/cilium/cilium/issues/35422), [@​marseel](https://redirect.github.com/marseel)) - docs: Updated contributing_guide documentation files ([#​35061](https://redirect.github.com/cilium/cilium/issues/35061), [@​AdityaK60](https://redirect.github.com/AdityaK60)) - docs: XFRM reference guide for IPsec development ([#​35322](https://redirect.github.com/cilium/cilium/issues/35322), [@​pchaigno](https://redirect.github.com/pchaigno)) - Documentation/bgp: Add note about operator logs into BGP operation guide ([#​35580](https://redirect.github.com/cilium/cilium/issues/35580), [@​rastislavs](https://redirect.github.com/rastislavs)) - Enable testifylint to lint test files, and mechanically fix reported issues ([#​35237](https://redirect.github.com/cilium/cilium/issues/35237), [@​giorio94](https://redirect.github.com/giorio94)) - Endpoint redirect cleanup ([#​35350](https://redirect.github.com/cilium/cilium/issues/35350), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - endpoint/policy: Keep internals separate ([#​35372](https://redirect.github.com/cilium/cilium/issues/35372), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - endpoint: remove deprecated and unused (\*Endpoint).HasBPFPolicyMap ([#​35146](https://redirect.github.com/cilium/cilium/issues/35146), [@​tklauser](https://redirect.github.com/tklauser)) - Envoy simplify listener setup ([#​35642](https://redirect.github.com/cilium/cilium/issues/35642), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - envoy: avoid syncing empty Envoy secret ([#​35521](https://redirect.github.com/cilium/cilium/issues/35521), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - envoy: Configure internal_address_config to avoid warning log ([#​35090](https://redirect.github.com/cilium/cilium/issues/35090), [@​sayboras](https://redirect.github.com/sayboras)) - Fix a potential issue where VXLAN-in-ESP policies are installed erroneously when EGW is enabled. ([#​35549](https://redirect.github.com/cilium/cilium/issues/35549), [@​ldelossa](https://redirect.github.com/ldelossa)) - Fix Cilium developer community Zoom meeting link ([#​35516](https://redirect.github.com/cilium/cilium/issues/35516), [@​ptrivedi](https://redirect.github.com/ptrivedi)) - Fix wrongly spelled config option in error message ([#​35390](https://redirect.github.com/cilium/cilium/issues/35390), [@​baurmatt](https://redirect.github.com/baurmatt)) - fix(deps): update all go dependencies main (main) ([#​35244](https://redirect.github.com/cilium/cilium/issues/35244), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update all go dependencies main (main) ([#​35441](https://redirect.github.com/cilium/cilium/issues/35441), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update all go dependencies main (main) ([#​35467](https://redirect.github.com/cilium/cilium/issues/35467), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update aws-sdk-go-v2 monorepo (main) ([#​35245](https://redirect.github.com/cilium/cilium/issues/35245), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update aws-sdk-go-v2 monorepo (main) ([#​35375](https://redirect.github.com/cilium/cilium/issues/35375), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update aws-sdk-go-v2 monorepo (main) ([#​35435](https://redirect.github.com/cilium/cilium/issues/35435), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update kubernetes packages to v0.31.2 (main) ([#​35570](https://redirect.github.com/cilium/cilium/issues/35570), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix(deps): update opentelemetry-go monorepo to v1.31.0 (main) ([#​35377](https://redirect.github.com/cilium/cilium/issues/35377), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - fix: hubble exporter filter test with clashing filters ([#​35058](https://redirect.github.com/cilium/cilium/issues/35058), [@​rectified95](https://redirect.github.com/rectified95)) - fix: Temporarily disable test TestDeleteUsedCIDIsRecreated ([#​35159](https://redirect.github.com/cilium/cilium/issues/35159), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - Fixed Cilium CLI fatal error: concurrent map read and map write ([#​35396](https://redirect.github.com/cilium/cilium/issues/35396), [@​chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - github: action: allow to specify lvh port-forward list ([#​35458](https://redirect.github.com/cilium/cilium/issues/35458), [@​jibi](https://redirect.github.com/jibi)) - helm: Add certgen.generateCA value ([#​35602](https://redirect.github.com/cilium/cilium/issues/35602), [@​sderoe](https://redirect.github.com/sderoe)) - Helm: add LoadBalancer option as comment for Hubble relay service type ([#​34957](https://redirect.github.com/cilium/cilium/issues/34957), [@​darox](https://redirect.github.com/darox)) - helm: Add priorityClass & nodeSelector to certgen jobs ([#​35429](https://redirect.github.com/cilium/cilium/issues/35429), [@​adberger](https://redirect.github.com/adberger)) - Hive scripts and the cilium shell ([#​35154](https://redirect.github.com/cilium/cilium/issues/35154), [@​joamaki](https://redirect.github.com/joamaki)) - hubble: Add 'release' Make target ([#​35561](https://redirect.github.com/cilium/cilium/issues/35561), [@​michi-covalent](https://redirect.github.com/michi-covalent)) - hubble: Combine hubble and hubble-bin make targets ([#​35256](https://redirect.github.com/cilium/cilium/issues/35256), [@​michi-covalent](https://redirect.github.com/michi-covalent)) - hubble: fix drop notify test ([#​35196](https://redirect.github.com/cilium/cilium/issues/35196), [@​rolinh](https://redirect.github.com/rolinh)) - hubble: remove outdated //go:build go1.18 tag ([#​35174](https://redirect.github.com/cilium/cilium/issues/35174), [@​tklauser](https://redirect.github.com/tklauser)) - hubble: Use hubble-bin target to generate release binaries ([#​35127](https://redirect.github.com/cilium/cilium/issues/35127), [@​michi-covalent](https://redirect.github.com/michi-covalent)) - identity: Allow registration of additional identity handlers ([#​35523](https://redirect.github.com/cilium/cilium/issues/35523), [@​gandro](https://redirect.github.com/gandro)) - image: Use cilium-builder instead of golang as operator builder image ([#​35351](https://redirect.github.com/cilium/cilium/issues/35351), [@​learnitall](https://redirect.github.com/learnitall)) - Improve compatibility with LLVM 18. ([#​34593](https://redirect.github.com/cilium/cilium/issues/34593), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - Improve compatibility with LLVM 18. ([#​35590](https://redirect.github.com/cilium/cilium/issues/35590), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - Improve the performance of endpoints correlation in service cache ([#​35604](https://redirect.github.com/cilium/cilium/issues/35604), [@​giorio94](https://redirect.github.com/giorio94)) - install/kubernetes: fix Operator's clusterrole for pods deletion ([#​35193](https://redirect.github.com/cilium/cilium/issues/35193), [@​aanm](https://redirect.github.com/aanm)) - Introduce an option to control if NodeIPAM or LBIPAM should be the the default Service LoadBalancer ([#​35074](https://redirect.github.com/cilium/cilium/issues/35074), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - ipsec: Refactor `IPSecDir` ([#​35346](https://redirect.github.com/cilium/cilium/issues/35346), [@​pchaigno](https://redirect.github.com/pchaigno)) - iptables: always warn about missing xt_socket module ([#​35591](https://redirect.github.com/cilium/cilium/issues/35591), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - Log entries printed from config subsys during startup now honor logging config such as LogDriver, LogOpt or Debug. ([#​34620](https://redirect.github.com/cilium/cilium/issues/34620), [@​jingyuanliang](https://redirect.github.com/jingyuanliang)) - logging: consistent error attribute when emitted through logr ([#​35397](https://redirect.github.com/cilium/cilium/issues/35397), [@​giorio94](https://redirect.github.com/giorio94)) - MAINTAINERS: Add Dorde ([#​35357](https://redirect.github.com/cilium/cilium/issues/35357), [@​pchaigno](https://redirect.github.com/pchaigno)) - MAINTAINERS: New emeritus committers ([#​35359](https://redirect.github.com/cilium/cilium/issues/35359), [@​pchaigno](https://redirect.github.com/pchaigno)) - MAINTAINERS: Update affiliations ([#​35352](https://redirect.github.com/cilium/cilium/issues/35352), [@​pchaigno](https://redirect.github.com/pchaigno)) - Make triggers less garbage intensive ([#​35541](https://redirect.github.com/cilium/cilium/issues/35541), [@​bimmlerd](https://redirect.github.com/bimmlerd)) - make: add hubble cli to kind-image-fast-agent ([#​35344](https://redirect.github.com/cilium/cilium/issues/35344), [@​kaworu](https://redirect.github.com/kaworu)) - maps/nat/stats: check the snat tuple direction as a bitmask. ([#​34504](https://redirect.github.com/cilium/cilium/issues/34504), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - minor pkg/ip fixes ([#​35130](https://redirect.github.com/cilium/cilium/issues/35130), [@​bimmlerd](https://redirect.github.com/bimmlerd)) - Minor updates in configuration and community docs ([#​35132](https://redirect.github.com/cilium/cilium/issues/35132), [@​AdityaK60](https://redirect.github.com/AdityaK60)) - node: remove unused GetHostMasqueradeIPv\*() helpers ([#​35519](https://redirect.github.com/cilium/cilium/issues/35519), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - operator-id-management: agent waits for global identities ([#​34867](https://redirect.github.com/cilium/cilium/issues/34867), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - operator/watchers: skip expensive debug log operations when disabled ([#​35605](https://redirect.github.com/cilium/cilium/issues/35605), [@​giorio94](https://redirect.github.com/giorio94)) - operator: Convert logrus to slog ([#​35567](https://redirect.github.com/cilium/cilium/issues/35567), [@​sayboras](https://redirect.github.com/sayboras)) - operator: fix Test_performCiliumNodeGC ([#​35317](https://redirect.github.com/cilium/cilium/issues/35317), [@​giorio94](https://redirect.github.com/giorio94)) - pkg/ciliumidentity: Fix DeleteUsedCIDIsRecreated test ([#​35466](https://redirect.github.com/cilium/cilium/issues/35466), [@​ovidiutirla](https://redirect.github.com/ovidiutirla)) - Policy mapstate cleanups ([#​35233](https://redirect.github.com/cilium/cilium/issues/35233), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Policy mapstate cleanups redux ([#​35305](https://redirect.github.com/cilium/cilium/issues/35305), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - policy: Add config for enabling Cilium Clusterwide Network Policy ([#​35405](https://redirect.github.com/cilium/cilium/issues/35405), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - policy: Add config for enabling Cilium NetworkPolicy ([#​35049](https://redirect.github.com/cilium/cilium/issues/35049), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - policy: Add IDManager interface ([#​35112](https://redirect.github.com/cilium/cilium/issues/35112), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - policy: Add PolicyRepository interface ([#​35067](https://redirect.github.com/cilium/cilium/issues/35067), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - policy: Add ResourcesWatcher interface to policy directory ([#​35110](https://redirect.github.com/cilium/cilium/issues/35110), [@​dlapcevic](https://redirect.github.com/dlapcevic)) - policy: Do not record a change if nothing was done ([#​35111](https://redirect.github.com/cilium/cilium/issues/35111), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - policy: Reduce allocs when keeping track of owners ([#​34692](https://redirect.github.com/cilium/cilium/issues/34692), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - policy: remove unused addL4Filter ruleLabels parameter ([#​35398](https://redirect.github.com/cilium/cilium/issues/35398), [@​tklauser](https://redirect.github.com/tklauser)) - policy: Simplify L4PolicyMap Structure ([#​35321](https://redirect.github.com/cilium/cilium/issues/35321), [@​nathanjsweet](https://redirect.github.com/nathanjsweet)) - policy: Wait on sync.WaitGroup only after adding to it ([#​35195](https://redirect.github.com/cilium/cilium/issues/35195), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Prepare for release v1.17.0-pre.1 ([#​35134](https://redirect.github.com/cilium/cilium/issues/35134), [@​cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) - README.rst: Add "Powered-by-eBPF" and CNCF logos to README, link to ebpf.io and cncf.io ([#​35192](https://redirect.github.com/cilium/cilium/issues/35192), [@​sknrao](https://redirect.github.com/sknrao)) - README: Update badge for GAPI v1.1.0 ([#​35217](https://redirect.github.com/cilium/cilium/issues/35217), [@​joestringer](https://redirect.github.com/joestringer)) - README: Update releases ([#​35140](https://redirect.github.com/cilium/cilium/issues/35140), [@​aanm](https://redirect.github.com/aanm)) - Refactor Hubble as a cell ([#​35206](https://redirect.github.com/cilium/cilium/issues/35206), [@​kaworu](https://redirect.github.com/kaworu)) - Refactor XFRM policy and state creation ([#​35210](https://redirect.github.com/cilium/cilium/issues/35210), [@​ldelossa](https://redirect.github.com/ldelossa)) - refactor: Use error definition in github.com/cilium/ebpf instead of using hard-corded error message ([#​35389](https://redirect.github.com/cilium/cilium/issues/35389), [@​yushoyamaguchi](https://redirect.github.com/yushoyamaguchi)) - Refactored the endpoint and policy packages to separate test-specific code from production code. ([#​35384](https://redirect.github.com/cilium/cilium/issues/35384), [@​roykharman](https://redirect.github.com/roykharman)) - Reimplement experimental load-balancing tests in scripttest ([#​35480](https://redirect.github.com/cilium/cilium/issues/35480), [@​joamaki](https://redirect.github.com/joamaki)) - Remove deprecated call to DialContext in Hubble ([#​34241](https://redirect.github.com/cilium/cilium/issues/34241), [@​davchos](https://redirect.github.com/davchos)) - renovate: Skip auto-upgrade for deepequal-gen ([#​35453](https://redirect.github.com/cilium/cilium/issues/35453), [@​sayboras](https://redirect.github.com/sayboras)) - renovate: temporarily do not update GoBGP dependency ([#​35272](https://redirect.github.com/cilium/cilium/issues/35272), [@​rastislavs](https://redirect.github.com/rastislavs)) - renovate: Update allowed cilium-envoy version for stable branches ([#​35566](https://redirect.github.com/cilium/cilium/issues/35566), [@​sayboras](https://redirect.github.com/sayboras)) - Replace `inctimer` package with `time.After` ([#​35653](https://redirect.github.com/cilium/cilium/issues/35653), [@​tklauser](https://redirect.github.com/tklauser)) - Revert "Fixed Cilium CLI fatal error: concurrent map read and map write" ([#​35391](https://redirect.github.com/cilium/cilium/issues/35391), [@​pchaigno](https://redirect.github.com/pchaigno)) - Rework error handling logic in neighbor discovery ([#​35144](https://redirect.github.com/cilium/cilium/issues/35144), [@​pippolo84](https://redirect.github.com/pippolo84)) - servicemesh: add make target for local testing ([#​35169](https://redirect.github.com/cilium/cilium/issues/35169), [@​marseel](https://redirect.github.com/marseel)) - StateDB in Cilium guide ([#​34686](https://redirect.github.com/cilium/cilium/issues/34686), [@​joamaki](https://redirect.github.com/joamaki)) - Strip quotes from modifier arg in all Dockerfiles ([#​35427](https://redirect.github.com/cilium/cilium/issues/35427), [@​hemanthmalla](https://redirect.github.com/hemanthmalla)) - test(notify): add tests to compare flow proto parsed from notify events ([#​35059](https://redirect.github.com/cilium/cilium/issues/35059), [@​sypakine](https://redirect.github.com/sypakine)) - versioned: Never clean up current version ([#​35190](https://redirect.github.com/cilium/cilium/issues/35190), [@​jrajahalme](https://redirect.github.com/jrajahalme)) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.17.0-pre.2@​sha256:9027c22b27e600e56eef6b35771629e9d14a7e9075170f516845d30b5776943d` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.17.0-pre.2@​sha256:6771668172fccc9b0e76e12b61552bb2e8bd03a7954224cf3add983ca90e511d` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.17.0-pre.2@​sha256:42f06a4047d35e5a051a29fe807f8348be608aa3f5775605f502177b803d51a1` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.17.0-pre.2@​sha256:f37cf93adc02d60143132272169ff6e528b9271d1c46830d802271c22606720f` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.17.0-pre.2@​sha256:5b0b8fb95315abc81fd58d1d891dc6818a0deacdf32451ecd5550ab5775ce096` ##### operator-aws `quay.io/cilium/operator-aws:v1.17.0-pre.2@​sha256:f26f0ff726bdab83ad97c0c53625fbd648e5d48a1c5dcba814a67c08bd33bfe3` ##### operator-azure `quay.io/cilium/operator-azure:v1.17.0-pre.2@​sha256:99e63566ea440d2b8f034088aff448c6b540e2e11a131fbe67c8106880e6511a` ##### operator-generic `quay.io/cilium/operator-generic:v1.17.0-pre.2@​sha256:2262d42f99acce0aefac822e0317f4d74668a5e76d54f736f19b75f6081184cb` ##### operator `quay.io/cilium/operator:v1.17.0-pre.2@​sha256:c942451db47217ace6b9e134734a0f148c3b0d474e9cc08a1fbe44d7b7d75be9`

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• [ ] If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.