fix(helm): update cilium ( 1.16.0 → 1.16.1 )

bot-ross[bot] commented 1 month ago

This PR contains the following updates:

Package	Update	Change
cilium (source)	patch	`1.16.0` -> `1.16.1`

Release Notes

cilium/cilium (cilium)

### [`v1.16.1`](https://togithub.com/cilium/cilium/releases/tag/v1.16.1): 1.16.1 [Compare Source](https://togithub.com/cilium/cilium/compare/1.16.0...1.16.1) ## Summary of Changes **Minor Changes:** - Deprecate providing Hubble TLS secrets in helm values (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34114](https://togithub.com/cilium/cilium/issues/34114), [@chancez](https://togithub.com/chancez)) - gateway-api: Add required labels and annotations (Backport PR [#34215](https://togithub.com/cilium/cilium/issues/34215), Upstream PR [#33990](https://togithub.com/cilium/cilium/issues/33990), [@sayboras](https://togithub.com/sayboras)) - helm: add config for nat-map-stats-{interval, entries} config. (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33847](https://togithub.com/cilium/cilium/issues/33847), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - Internal listener references are now properly qualified with namespace and CEC name. (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34104](https://togithub.com/cilium/cilium/issues/34104), [@jrajahalme](https://togithub.com/jrajahalme)) - Support configuring imagePullSecrets for spire agent/server pods (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33952](https://togithub.com/cilium/cilium/issues/33952), [@chancez](https://togithub.com/chancez)) **Bugfixes:** - auth: Fix data race in Upsert (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33905](https://togithub.com/cilium/cilium/issues/33905), [@chaunceyjiang](https://togithub.com/chaunceyjiang)) - BGPv1 + BGPv2: Fix incorrect service reconciliation in setups with multiple BGP instances (virtual routers) (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34177](https://togithub.com/cilium/cilium/issues/34177), [@rastislavs](https://togithub.com/rastislavs)) - bgpv1: Fix data race in bgppSelection (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33904](https://togithub.com/cilium/cilium/issues/33904), [@chaunceyjiang](https://togithub.com/chaunceyjiang)) - bgpv2: Avoid duplicate route policy naming (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34031](https://togithub.com/cilium/cilium/issues/34031), [@rastislavs](https://togithub.com/rastislavs)) - BGPv2: Fix `Service` advertisement selector: do not require matching `CiliumLoadBalancerIPPool` (Backport PR [#34201](https://togithub.com/cilium/cilium/issues/34201), Upstream PR [#34182](https://togithub.com/cilium/cilium/issues/34182), [@rastislavs](https://togithub.com/rastislavs)) - Fix a nil dereference crash during cilium-agent initialization affecting setups with FQDN policies. The crash is triggered when a restored endpoint performs a DNS request just a the right time during early cilium-agent restoration. Problem is not expected to be persistent and the agent should get pass the problematic part of the initialization on restart. (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34059](https://togithub.com/cilium/cilium/issues/34059), [@joamaki](https://togithub.com/joamaki)) - Fix appArmorProfile condition for CronJob helm template (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34100](https://togithub.com/cilium/cilium/issues/34100), [@sathieu](https://togithub.com/sathieu)) - Fix bug causing etcd upsertion/deletion events to be potentially missed during the initial synchronization, when Cilium operates in KVStore mode, or Cluster Mesh is enabled. (Backport PR [#34181](https://togithub.com/cilium/cilium/issues/34181), Upstream PR [#34091](https://togithub.com/cilium/cilium/issues/34091), [@giorio94](https://togithub.com/giorio94)) - Fix issue in picking node IP addresses from the loopback device. This fixes a regression in v1.15 and v1.16 where VIPs assigned to the lo device were not considered by Cilium. Fix spurious updates node addresses to avoid unnecessary datapath reinitializations. (Backport PR [#34085](https://togithub.com/cilium/cilium/issues/34085), Upstream PR [#34012](https://togithub.com/cilium/cilium/issues/34012), [@joamaki](https://togithub.com/joamaki)) - Fix possible connection disruption on agent restart with WireGuard + kvstore (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34062](https://togithub.com/cilium/cilium/issues/34062), [@giorio94](https://togithub.com/giorio94)) - Fixes DNS proxy "connect: cannot assign requested address" errors in transparent mode, which were due to opening multiple TCP connections to the upstream DNS server. (Backport PR [#34201](https://togithub.com/cilium/cilium/issues/34201), Upstream PR [#33989](https://togithub.com/cilium/cilium/issues/33989), [@bimmlerd](https://togithub.com/bimmlerd)) - gateway-api: Add HTTP method condition in sortable routes (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34109](https://togithub.com/cilium/cilium/issues/34109), [@sayboras](https://togithub.com/sayboras)) - gateway-api: Enqueue gateway for Reference Grant changes (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34032](https://togithub.com/cilium/cilium/issues/34032), [@sayboras](https://togithub.com/sayboras)) - lbipam: fixed bug in sharing key logic (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34106](https://togithub.com/cilium/cilium/issues/34106), [@dylandreimerink](https://togithub.com/dylandreimerink)) - policy: Fix policy cache covers context lookup. ([#34322](https://togithub.com/cilium/cilium/issues/34322), [@nathanjsweet](https://togithub.com/nathanjsweet)) - service: Relax protocol matching for L7 Service (Backport PR [#34195](https://togithub.com/cilium/cilium/issues/34195), Upstream PR [#34131](https://togithub.com/cilium/cilium/issues/34131), [@sayboras](https://togithub.com/sayboras)) **CI Changes:** - .github: ginkgo: remove duplicate datapath ipv4only test in f09/f21. (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34071](https://togithub.com/cilium/cilium/issues/34071), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - bpf: egressgw: don't install allow-all policy in to-netdev tests (Backport PR [#34201](https://togithub.com/cilium/cilium/issues/34201), Upstream PR [#34143](https://togithub.com/cilium/cilium/issues/34143), [@julianwiedmann](https://togithub.com/julianwiedmann)) - ci: multi pool run tests concurrently (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#33945](https://togithub.com/cilium/cilium/issues/33945), [@viktor-kurchenko](https://togithub.com/viktor-kurchenko)) - Fix workflow telemetry in ci-ipsec-upgrade (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34097](https://togithub.com/cilium/cilium/issues/34097), [@chancez](https://togithub.com/chancez)) - gha: Add extended features in gateway profile run (Backport PR [#34215](https://togithub.com/cilium/cilium/issues/34215), Upstream PR [#34098](https://togithub.com/cilium/cilium/issues/34098), [@sayboras](https://togithub.com/sayboras)) - gha: Free up Github runner disk space (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34247](https://togithub.com/cilium/cilium/issues/34247), [@sayboras](https://togithub.com/sayboras)) - gha: lint absence of trailing spaces in workflow files (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33908](https://togithub.com/cilium/cilium/issues/33908), [@giorio94](https://togithub.com/giorio94)) - gha: simplify the call-backport-label-updater workflow (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33934](https://togithub.com/cilium/cilium/issues/33934), [@giorio94](https://togithub.com/giorio94)) - ginkgo-ci: split f09 into two groups to reduce timeouts & flakes (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34038](https://togithub.com/cilium/cilium/issues/34038), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - test: use cgr.dev/chainguard/busybox:latest instead of docker.io image. (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34004](https://togithub.com/cilium/cilium/issues/34004), [@tommyp1ckles](https://togithub.com/tommyp1ckles)) - tests-clustermesh-upgrade: Don't hardcode test namespace (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34121](https://togithub.com/cilium/cilium/issues/34121), [@michi-covalent](https://togithub.com/michi-covalent)) **Misc Changes:** - \[v1.16] docs: Add note for CNP empty slices semantic under v1.16 section ([#34008](https://togithub.com/cilium/cilium/issues/34008), [@pippolo84](https://togithub.com/pippolo84)) - Add source IP visibility info to Ingress and Gateway API docs (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34137](https://togithub.com/cilium/cilium/issues/34137), [@youngnick](https://togithub.com/youngnick)) - bgpv1: Reconcile with retry in BGP Controller (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33971](https://togithub.com/cilium/cilium/issues/33971), [@rastislavs](https://togithub.com/rastislavs)) - bgpv2: deprecate local port setting in transport config (Backport PR [#34209](https://togithub.com/cilium/cilium/issues/34209), Upstream PR [#33438](https://togithub.com/cilium/cilium/issues/33438), [@harsimran-pabla](https://togithub.com/harsimran-pabla)) - bgpv2: use correct path key in path reconciler (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33947](https://togithub.com/cilium/cilium/issues/33947), [@harsimran-pabla](https://togithub.com/harsimran-pabla)) - bitlpm: Avoid allocs in CIDR trie lookups (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33518](https://togithub.com/cilium/cilium/issues/33518), [@jrajahalme](https://togithub.com/jrajahalme)) - bitlpm: Simplify matchPrefix() (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#33517](https://togithub.com/cilium/cilium/issues/33517), [@jrajahalme](https://togithub.com/jrajahalme)) - bugtool: dump cilium_skip_lb{4,6} (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34017](https://togithub.com/cilium/cilium/issues/34017), [@ysksuzuki](https://togithub.com/ysksuzuki)) - bugtool: dumping more Envoy information (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34110](https://togithub.com/cilium/cilium/issues/34110), [@mhofstetter](https://togithub.com/mhofstetter)) - chore(deps): update all github action dependencies (v1.16) ([#34166](https://togithub.com/cilium/cilium/issues/34166), [@cilium-renovate](https://togithub.com/cilium-renovate)\[bot]) - chore(deps): update dependency protocolbuffers/protobuf to v27.3 (v1.16) ([#34165](https://togithub.com/cilium/cilium/issues/34165), [@cilium-renovate](https://togithub.com/cilium-renovate)\[bot]) - chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.15 (v1.16) ([#34049](https://togithub.com/cilium/cilium/issues/34049), [@cilium-renovate](https://togithub.com/cilium-renovate)\[bot]) - Clean up documentation make targets for cases of nesting make builds inside container invocations (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34151](https://togithub.com/cilium/cilium/issues/34151), [@joestringer](https://togithub.com/joestringer)) - doc: update slack channel reference (Backport PR [#34158](https://togithub.com/cilium/cilium/issues/34158), Upstream PR [#34044](https://togithub.com/cilium/cilium/issues/34044), [@Huweicai](https://togithub.com/Huweicai)) - docs: Add warning on CRDs requirement for using the Gateway API (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#33974](https://togithub.com/cilium/cilium/issues/33974), [@xtineskim](https://togithub.com/xtineskim)) - Documentation: Introduce support for redirects (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34233](https://togithub.com/cilium/cilium/issues/34233), [@chancez](https://togithub.com/chancez)) - Documentation: Update readthedocs configuration (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34190](https://togithub.com/cilium/cilium/issues/34190), [@joestringer](https://togithub.com/joestringer)) - Fix two bugs in dnsproxy tcp conn reuse (Backport PR [#34201](https://togithub.com/cilium/cilium/issues/34201), Upstream PR [#34175](https://togithub.com/cilium/cilium/issues/34175), [@bimmlerd](https://togithub.com/bimmlerd)) - Improve documentation on configuring Hubble TLS (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34115](https://togithub.com/cilium/cilium/issues/34115), [@chancez](https://togithub.com/chancez)) - iptables: Support Envoy listener chaining (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34105](https://togithub.com/cilium/cilium/issues/34105), [@jrajahalme](https://togithub.com/jrajahalme)) - Makefile: Fix docker flags for fast image targets (Backport PR [#34297](https://togithub.com/cilium/cilium/issues/34297), Upstream PR [#34132](https://togithub.com/cilium/cilium/issues/34132), [@joestringer](https://togithub.com/joestringer)) - policy: Sanitize DNS Rules to Disallow Port Ranges (Backport PR [#34201](https://togithub.com/cilium/cilium/issues/34201), Upstream PR [#34023](https://togithub.com/cilium/cilium/issues/34023), [@nathanjsweet](https://togithub.com/nathanjsweet)) - Revert "fix: support validation of stringToString values in ConfigMap" (Backport PR [#34305](https://togithub.com/cilium/cilium/issues/34305), Upstream PR [#34277](https://togithub.com/cilium/cilium/issues/34277), [@aanm](https://togithub.com/aanm)) - vendor: Bump StateDB to version v0.2.1 (Backport PR [#34246](https://togithub.com/cilium/cilium/issues/34246), Upstream PR [#33587](https://togithub.com/cilium/cilium/issues/33587), [@joamaki](https://togithub.com/joamaki)) **Other Changes:** - install: Update image digests for v1.16.0 ([#33994](https://togithub.com/cilium/cilium/issues/33994), [@cilium-release-bot](https://togithub.com/cilium-release-bot)\[bot]) - v1.16: Remove leftover backporter state file ([#34210](https://togithub.com/cilium/cilium/issues/34210), [@gandro](https://togithub.com/gandro)) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39` `quay.io/cilium/cilium:stable@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.1@sha256:e9c77417cd474cc943b2303a76c5cf584ac7024dd513ebb8d608cb62fe28896f` `quay.io/cilium/clustermesh-apiserver:stable@sha256:e9c77417cd474cc943b2303a76c5cf584ac7024dd513ebb8d608cb62fe28896f` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.1@sha256:243fd7759818d990a7f9b33df3eb685a9f250a12020e22f660547f9516b76320` `quay.io/cilium/docker-plugin:stable@sha256:243fd7759818d990a7f9b33df3eb685a9f250a12020e22f660547f9516b76320` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.1@sha256:2e1b4c739a676ae187d4c2bfc45c3e865bda2567cc0320a90cb666657fcfcc35` `quay.io/cilium/hubble-relay:stable@sha256:2e1b4c739a676ae187d4c2bfc45c3e865bda2567cc0320a90cb666657fcfcc35` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.1@sha256:4381adf48d76ec482551183947e537d44bcac9b6c31a635a9ac63f696d978804` `quay.io/cilium/operator-alibabacloud:stable@sha256:4381adf48d76ec482551183947e537d44bcac9b6c31a635a9ac63f696d978804` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.1@sha256:e3876fcaf2d6ccc8d5b4aaaded7b1efa971f3f4175eaa2c8a499878d58c39df4` `quay.io/cilium/operator-aws:stable@sha256:e3876fcaf2d6ccc8d5b4aaaded7b1efa971f3f4175eaa2c8a499878d58c39df4` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.1@sha256:e55c222654a44ceb52db7ade3a7b9e8ef05681ff84c14ad1d46fea34869a7a22` `quay.io/cilium/operator-azure:stable@sha256:e55c222654a44ceb52db7ade3a7b9e8ef05681ff84c14ad1d46fea34869a7a22` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.1@sha256:3bc7e7a43bc4a4d8989cb7936c5d96675dd2d02c306adf925ce0a7c35aa27dc4` `quay.io/cilium/operator-generic:stable@sha256:3bc7e7a43bc4a4d8989cb7936c5d96675dd2d02c306adf925ce0a7c35aa27dc4` ##### operator `quay.io/cilium/operator:v1.16.1@sha256:258b28fefc9f3fe1cbcb21a3b2c4c96dcc72f6ee258eed0afebe9b0ac47f462b` `quay.io/cilium/operator:stable@sha256:258b28fefc9f3fe1cbcb21a3b2c4c96dcc72f6ee258eed0afebe9b0ac47f462b`

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

[ ] If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

bot-ross[bot] commented 1 month ago

--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

@@ -13,13 +13,13 @@

     spec:
       chart: cilium
       sourceRef:
         kind: HelmRepository
         name: cilium
         namespace: flux-system
-      version: 1.16.0
+      version: 1.16.1
   install:
     remediation:
       retries: 3
   interval: 30m
   upgrade:
     cleanupOnFail: true

bot-ross[bot] commented 1 month ago

--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

@@ -128,7 +128,9 @@

   external-envoy-proxy: 'false'
   envoy-base-id: '0'
   envoy-keep-cap-netbindservice: 'false'
   max-connected-clusters: '255'
   clustermesh-enable-endpoint-sync: 'false'
   clustermesh-enable-mcs-api: 'false'
+  nat-map-stats-entries: '32'
+  nat-map-stats-interval: 30s

--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -16,24 +16,24 @@

     rollingUpdate:
       maxUnavailable: 2
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 0a77321777ad91149ae5195a36e554b0753525690cd99cf79377f9b597482707
+        cilium.io/cilium-configmap-checksum: 40a77f9f4075584b0fda09d1d87eb77eae2cc3eb94a5ddaa06ce956090244ad1
       labels:
         k8s-app: cilium
         app.kubernetes.io/name: cilium-agent
         app.kubernetes.io/part-of: cilium
     spec:
       securityContext:
         appArmorProfile:
           type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -187,13 +187,13 @@

         - name: xtables-lock
           mountPath: /run/xtables.lock
         - name: tmp
           mountPath: /tmp
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - cilium-dbg
         - build-config
         env:
         - name: K8S_NODE_NAME
@@ -212,13 +212,13 @@

           value: '7445'
         volumeMounts:
         - name: tmp
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: mount-cgroup
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         env:
         - name: CGROUP_ROOT
           value: /sys/fs/cgroup
         - name: BIN_PATH
           value: /opt/cni/bin
@@ -244,13 +244,13 @@

             - SYS_ADMIN
             - SYS_CHROOT
             - SYS_PTRACE
             drop:
             - ALL
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - sh
@@ -274,13 +274,13 @@

             - SYS_ADMIN
             - SYS_CHROOT
             - SYS_PTRACE
             drop:
             - ALL
       - name: mount-bpf-fs
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         args:
         - mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf
         command:
         - /bin/bash
         - -c
@@ -290,13 +290,13 @@

           privileged: true
         volumeMounts:
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -338,13 +338,13 @@

         - name: cilium-cgroup
           mountPath: /sys/fs/cgroup
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           requests:
             cpu: 100m
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -20,24 +20,24 @@

       maxSurge: 25%
       maxUnavailable: 50%
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 0a77321777ad91149ae5195a36e554b0753525690cd99cf79377f9b597482707
+        cilium.io/cilium-configmap-checksum: 40a77f9f4075584b0fda09d1d87eb77eae2cc3eb94a5ddaa06ce956090244ad1
         prometheus.io/port: '9963'
         prometheus.io/scrape: 'true'
       labels:
         io.cilium/app: operator
         name: cilium-operator
         app.kubernetes.io/part-of: cilium
         app.kubernetes.io/name: cilium-operator
     spec:
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.16.0@sha256:d6621c11c4e4943bf2998af7febe05be5ed6fdcf812b27ad4388f47022190316
+        image: quay.io/cilium/operator-generic:v1.16.1@sha256:3bc7e7a43bc4a4d8989cb7936c5d96675dd2d02c306adf925ce0a7c35aa27dc4
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=$(CILIUM_DEBUG)

onedr0p / home-ops

fix(helm): update cilium ( 1.16.0 → 1.16.1 ) #7997

Release Notes

Configuration