Closed renovate[bot] closed 2 weeks ago
This PR contains the following updates:
1.16.2
1.16.3
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
1.16.2
->1.16.3
Release Notes
cilium/cilium (cilium)
### [`v1.16.3`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.3): 1.16.3 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.16.2...1.16.3) ## Summary of Changes **Bugfixes:** - bgpv2: fix reconciliation of services with shared VIPs (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35166](https://redirect.github.com/cilium/cilium/issues/35166), [@rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: Fix service reconciliation logic to update service advertisement metadata only after successful reconciliation (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34976](https://redirect.github.com/cilium/cilium/issues/34976), [@rastislavs](https://redirect.github.com/rastislavs)) - bpf: nat: recreate a NAT entry if the packet hits the stale entry (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34913](https://redirect.github.com/cilium/cilium/issues/34913), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - bugtool: fix cilium-health command (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35068](https://redirect.github.com/cilium/cilium/issues/35068), [@ayuspin](https://redirect.github.com/ayuspin)) - Fix a low-probability issue where the DNS proxy could occasionally drop DNS queries due to "duplicate request id" errors. (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34941](https://redirect.github.com/cilium/cilium/issues/34941), [@bimmlerd](https://redirect.github.com/bimmlerd)) - Fix issue where bpf packet buffer mark would in some cases set incorrect mark value resulting in incorrectly SNATed traffic. (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34789](https://redirect.github.com/cilium/cilium/issues/34789), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - Fix parameter check to forbid IPAM ENI with TUNNEL routing, and prevent agent segfault when also IPSec is enabled. (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34651](https://redirect.github.com/cilium/cilium/issues/34651), [@smagnani96](https://redirect.github.com/smagnani96)) - Fixed bug in LB-IPAM where restarting the operator would unshare previously shared IPs between services (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34783](https://redirect.github.com/cilium/cilium/issues/34783), [@dylandreimerink](https://redirect.github.com/dylandreimerink)) - Fixed bug in tracking policy changes that could have resulted in revert not woking in failure cases as expected. (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35109](https://redirect.github.com/cilium/cilium/issues/35109), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Fixed bug where service id allocator would loop infinity when out of service ids (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35033](https://redirect.github.com/cilium/cilium/issues/35033), [@WeeNews](https://redirect.github.com/WeeNews)) - Fixes startup fatal error when updating CiliumNode resource. (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34862](https://redirect.github.com/cilium/cilium/issues/34862), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - gateway-api: Align GRPCRoute matchers with GEP specification (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#34808](https://redirect.github.com/cilium/cilium/issues/34808), [@cfsnyder](https://redirect.github.com/cfsnyder)) - helm template function no longer errors when using k8sServiceHost: auto (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35186](https://redirect.github.com/cilium/cilium/issues/35186), [@kreeuwijk](https://redirect.github.com/kreeuwijk)) - hubble: add printer for lost events (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35208](https://redirect.github.com/cilium/cilium/issues/35208), [@aanm](https://redirect.github.com/aanm)) - ipcache: Yet another refcounting fix with mix of APIs (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34715](https://redirect.github.com/cilium/cilium/issues/34715), [@gandro](https://redirect.github.com/gandro)) - netkit: Allow ARP packets through when using host firewall. (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35070](https://redirect.github.com/cilium/cilium/issues/35070), [@jrife](https://redirect.github.com/jrife)) - wireguard: Fix issue where updates to a WireGuard device's configuration caused connectivity blips. (Backport PR [#35115](https://redirect.github.com/cilium/cilium/issues/35115), Upstream PR [#34612](https://redirect.github.com/cilium/cilium/issues/34612), [@jrife](https://redirect.github.com/jrife)) **CI Changes:** - .github/lint-build-commits: fix workflow for push events (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35264](https://redirect.github.com/cilium/cilium/issues/35264), [@aanm](https://redirect.github.com/aanm)) - .github: create cache directories on cache miss (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#35088](https://redirect.github.com/cilium/cilium/issues/35088), [@aanm](https://redirect.github.com/aanm)) - .github: do not push floating tag from PRs (Backport PR [#35230](https://redirect.github.com/cilium/cilium/issues/35230), Upstream PR [#35227](https://redirect.github.com/cilium/cilium/issues/35227), [@aanm](https://redirect.github.com/aanm)) - .github: install golang action after checkout (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34843](https://redirect.github.com/cilium/cilium/issues/34843), [@aanm](https://redirect.github.com/aanm)) - .github: re-enable configurations in e2e-upgrade (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34800](https://redirect.github.com/cilium/cilium/issues/34800), [@aanm](https://redirect.github.com/aanm)) - .github: specify cache-dependency-path in lint-workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34845](https://redirect.github.com/cilium/cilium/issues/34845), [@aanm](https://redirect.github.com/aanm)) - \[1.16] test: Skip envoy internal_address_config warning log ([#35053](https://redirect.github.com/cilium/cilium/issues/35053), [@pippolo84](https://redirect.github.com/pippolo84)) - \[v1.16] gha: fix incorrect go version in lint-build-commits workflow ([#35312](https://redirect.github.com/cilium/cilium/issues/35312), [@giorio94](https://redirect.github.com/giorio94)) - ci: conformance-\[gateway-api|ginkgo|ingress] wait for images before matrix generation (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34820](https://redirect.github.com/cilium/cilium/issues/34820), [@aanm](https://redirect.github.com/aanm)) - fix: repository nil value handled on workflow_dispatch context for renovate updates (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34902](https://redirect.github.com/cilium/cilium/issues/34902), [@Artyop](https://redirect.github.com/Artyop)) - servicemesh, ci: run internal to NodePort test (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35177](https://redirect.github.com/cilium/cilium/issues/35177), [@marseel](https://redirect.github.com/marseel)) **Misc Changes:** - .github: add cache to cilium-cli and hubble-cli build workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34847](https://redirect.github.com/cilium/cilium/issues/34847), [@aanm](https://redirect.github.com/aanm)) - .github: clean up disk for lint-build workflow (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#35141](https://redirect.github.com/cilium/cilium/issues/35141), [@aanm](https://redirect.github.com/aanm)) - .github: fix build image process to commit changes (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35262](https://redirect.github.com/cilium/cilium/issues/35262), [@aanm](https://redirect.github.com/aanm)) - .github: fix lvh-kind warnings (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34811](https://redirect.github.com/cilium/cilium/issues/34811), [@aanm](https://redirect.github.com/aanm)) - .github: fix runtime image digests (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35107](https://redirect.github.com/cilium/cilium/issues/35107), [@aanm](https://redirect.github.com/aanm)) - .github: push floating tag for push events for stable branches ([#35235](https://redirect.github.com/cilium/cilium/issues/35235), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] .github: do not update github runners for bpf workflows ([#35106](https://redirect.github.com/cilium/cilium/issues/35106), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] manually update dependency cilium/cilium-cli to v0.16.19 (v1.16) ([#35310](https://redirect.github.com/cilium/cilium/issues/35310), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - bgpv2/docs: add ebgp multihop documentation (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34951](https://redirect.github.com/cilium/cilium/issues/34951), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: cleanup service reconciliation logic (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34959](https://redirect.github.com/cilium/cilium/issues/34959), [@rastislavs](https://redirect.github.com/rastislavs)) - Change GH runners to GH's default (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#33451](https://redirect.github.com/cilium/cilium/issues/33451), [@aanm](https://redirect.github.com/aanm)) - chore(deps): update all github action dependencies (v1.16) ([#35025](https://redirect.github.com/cilium/cilium/issues/35025), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35082](https://redirect.github.com/cilium/cilium/issues/35082), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35250](https://redirect.github.com/cilium/cilium/issues/35250), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#35005](https://redirect.github.com/cilium/cilium/issues/35005), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#35283](https://redirect.github.com/cilium/cilium/issues/35283), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.18 (v1.16) ([#34999](https://redirect.github.com/cilium/cilium/issues/34999), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.7 docker digest to [`ddad330`](https://redirect.github.com/cilium/cilium/commit/ddad330) (v1.16) ([#35101](https://redirect.github.com/cilium/cilium/issues/35101), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.22.8 (v1.16) ([#35201](https://redirect.github.com/cilium/cilium/issues/35201), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727741018-e3a7412f65722ebbe34254b3582b89d315765d0d (v1.16) ([#35137](https://redirect.github.com/cilium/cilium/issues/35137), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727997080-b094128ed01b784b63ada19b54f8c7fdc3042e6e (v1.16) ([#35218](https://redirect.github.com/cilium/cilium/issues/35218), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - cilium-cli: Show config.cilium.io annotations on configmap (Backport PR [#35155](https://redirect.github.com/cilium/cilium/issues/35155), Upstream PR [#35020](https://redirect.github.com/cilium/cilium/issues/35020), [@joamaki](https://redirect.github.com/joamaki)) - docs: Add known issue for netkit endpoint route issues (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35126](https://redirect.github.com/cilium/cilium/issues/35126), [@jrife](https://redirect.github.com/jrife)) - docs: fix EKS Kubernetes compatibility link (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34922](https://redirect.github.com/cilium/cilium/issues/34922), [@fjvela](https://redirect.github.com/fjvela)) - docs: Improve warning on insecure global IPsec keys (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34846](https://redirect.github.com/cilium/cilium/issues/34846), [@pchaigno](https://redirect.github.com/pchaigno)) - docs: move sig-policy to second Tuesday of the month (Backport PR [#35115](https://redirect.github.com/cilium/cilium/issues/35115), Upstream PR [#35040](https://redirect.github.com/cilium/cilium/issues/35040), [@squeed](https://redirect.github.com/squeed)) - fix: Assign PodStore from Pod resource until cell migration is completed (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#34090](https://redirect.github.com/cilium/cilium/issues/34090), [@dlapcevic](https://redirect.github.com/dlapcevic)) - helm: add client auth to hubble server certificate (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34934](https://redirect.github.com/cilium/cilium/issues/34934), [@kaworu](https://redirect.github.com/kaworu)) - helm: set key usages for hubble certificates with cert-manager (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34946](https://redirect.github.com/cilium/cilium/issues/34946), [@kaworu](https://redirect.github.com/kaworu)) - Improve speed on lint commits GH workflow (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34848](https://redirect.github.com/cilium/cilium/issues/34848), [@aanm](https://redirect.github.com/aanm)) - install/kubernetes: fix Operator's clusterrole for pods deletion (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35193](https://redirect.github.com/cilium/cilium/issues/35193), [@aanm](https://redirect.github.com/aanm)) - Re-write GitHub cache usages across workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34866](https://redirect.github.com/cilium/cilium/issues/34866), [@aanm](https://redirect.github.com/aanm)) - Remove conformance-e2e tests (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34742](https://redirect.github.com/cilium/cilium/issues/34742), [@aanm](https://redirect.github.com/aanm)) **Other Changes:** - \[v1.16] Add missing test coverage in v1.16 branch ([#35223](https://redirect.github.com/cilium/cilium/issues/35223), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] author backport: fix ENABLE_LOCAL_REDIRECT_POLICY ([#35129](https://redirect.github.com/cilium/cilium/issues/35129), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - \[v1.16] author backport: LRP fixes ([#35072](https://redirect.github.com/cilium/cilium/issues/35072), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - \[v1.16] ginkgo: disable test for deprecated annotations-based L7 visibility ([#35160](https://redirect.github.com/cilium/cilium/issues/35160), [@tklauser](https://redirect.github.com/tklauser)) - \[v1.16] test/k8s: replace L7 visibility Pod annotations by L7 visibility policy ([#35151](https://redirect.github.com/cilium/cilium/issues/35151), [@tklauser](https://redirect.github.com/tklauser)) - install: Update image digests for v1.16.2 ([#35052](https://redirect.github.com/cilium/cilium/issues/35052), [@cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28` `quay.io/cilium/cilium:stable@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.3@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb` `quay.io/cilium/clustermesh-apiserver:stable@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.3@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae` `quay.io/cilium/docker-plugin:stable@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.3@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089` `quay.io/cilium/hubble-relay:stable@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.3@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898` `quay.io/cilium/operator-alibabacloud:stable@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.3@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916` `quay.io/cilium/operator-aws:stable@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.3@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542` `quay.io/cilium/operator-azure:stable@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.3@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b` `quay.io/cilium/operator-generic:stable@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b` ##### operator `quay.io/cilium/operator:v1.16.3@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f` `quay.io/cilium/operator:stable@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f`Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.