monosense-arc[bot]
commented
1 week ago no HelmRelease objects found in clusterClosed monosense-arc[bot] closed 1 week ago
monosense-arc[bot]
commented
1 week ago no HelmRelease objects found in cluster
This PR contains the following updates:
1.16.3->1.16.4Release Notes
cilium/cilium (cilium)
### [`v1.16.4`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.4): 1.16.4 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.16.3...1.16.4) ## Summary of Changes **Minor Changes:** - Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35809](https://redirect.github.com/cilium/cilium/issues/35809), [@jrajahalme](https://redirect.github.com/jrajahalme)) - clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#35349](https://redirect.github.com/cilium/cilium/issues/35349), [@giorio94](https://redirect.github.com/giorio94)) - helm: Lower default `hubble.tls.auto.certValidityDuration` to 365 days (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35630](https://redirect.github.com/cilium/cilium/issues/35630), [@chancez](https://redirect.github.com/chancez)) - helm: New socketLB.tracing flag (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35747](https://redirect.github.com/cilium/cilium/issues/35747), [@pchaigno](https://redirect.github.com/pchaigno)) - hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35632](https://redirect.github.com/cilium/cilium/issues/35632), [@chancez](https://redirect.github.com/chancez)) - netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#35306](https://redirect.github.com/cilium/cilium/issues/35306), [@jrife](https://redirect.github.com/jrife)) **Bugfixes:** - Avoid duplicate errors in health status for node-neighbor-link-updater (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35179](https://redirect.github.com/cilium/cilium/issues/35179), [@wedaly](https://redirect.github.com/wedaly)) - bgpv1: fix reconciliation of services with shared VIPs (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35333](https://redirect.github.com/cilium/cilium/issues/35333), [@rastislavs](https://redirect.github.com/rastislavs)) - bgpv2,operator: Fix the race condition in the nodeSelector conflict detection logic (Backport PR [#35863](https://redirect.github.com/cilium/cilium/issues/35863), Upstream PR [#35690](https://redirect.github.com/cilium/cilium/issues/35690), [@YutaroHayakawa](https://redirect.github.com/YutaroHayakawa)) - bgpv2: set local peering address when specified (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35552](https://redirect.github.com/cilium/cilium/issues/35552), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. (Backport PR [#35603](https://redirect.github.com/cilium/cilium/issues/35603), Upstream PR [#35150](https://redirect.github.com/cilium/cilium/issues/35150), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an `timeout waiting for response` error is encountered. (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35589](https://redirect.github.com/cilium/cilium/issues/35589), [@bimmlerd](https://redirect.github.com/bimmlerd)) - config: Remove superfluous warning on native routing CIDR (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35738](https://redirect.github.com/cilium/cilium/issues/35738), [@gandro](https://redirect.github.com/gandro)) - Fix missing flowlabel hash on SRv6 traffic. (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35498](https://redirect.github.com/cilium/cilium/issues/35498), [@akaliwod](https://redirect.github.com/akaliwod)) - Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#35173](https://redirect.github.com/cilium/cilium/issues/35173), [@smagnani96](https://redirect.github.com/smagnani96)) - Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35673](https://redirect.github.com/cilium/cilium/issues/35673), [@giorio94](https://redirect.github.com/giorio94)) - Fix redirect from L3 device to remote endpoint via overlay network. (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35165](https://redirect.github.com/cilium/cilium/issues/35165), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fixed a bug where replies for pod-originating connections came into scope of HostFW Ingress Network policy. Applicable to configurations that use iptables for Masquerading. (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35694](https://redirect.github.com/cilium/cilium/issues/35694), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35599](https://redirect.github.com/cilium/cilium/issues/35599), [@squeed](https://redirect.github.com/squeed)) - Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#35293](https://redirect.github.com/cilium/cilium/issues/35293), [@squeed](https://redirect.github.com/squeed)) - Fixes a potential deadlock when restarting cilium agent with pods with DNS interception configured (Backport PR [#35906](https://redirect.github.com/cilium/cilium/issues/35906), Upstream PR [#35890](https://redirect.github.com/cilium/cilium/issues/35890), [@squeed](https://redirect.github.com/squeed)) - Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure" and "alibabacloud". ([#35611](https://redirect.github.com/cilium/cilium/issues/35611), [@pippolo84](https://redirect.github.com/pippolo84)) - helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries (Backport PR [#35319](https://redirect.github.com/cilium/cilium/issues/35319), Upstream PR [#35301](https://redirect.github.com/cilium/cilium/issues/35301), [@hox](https://redirect.github.com/hox)) - helm: fix duplicate configmap key for `bpf-lb-sock-terminate-pod-connections` (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35703](https://redirect.github.com/cilium/cilium/issues/35703), [@solidDoWant](https://redirect.github.com/solidDoWant)) - helm: set automountServiceAccountToken to false for hubble-relay sa (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35674](https://redirect.github.com/cilium/cilium/issues/35674), [@ayuspin](https://redirect.github.com/ayuspin)) - hubble: fix endpoint cluster name (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35415](https://redirect.github.com/cilium/cilium/issues/35415), [@kaworu](https://redirect.github.com/kaworu)) - hubble: Lock exporters while gathering metrics (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35860](https://redirect.github.com/cilium/cilium/issues/35860), [@joestringer](https://redirect.github.com/joestringer)) - Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35143](https://redirect.github.com/cilium/cilium/issues/35143), [@jrajahalme](https://redirect.github.com/jrajahalme)) - ipam: Validate CiliumNode resource in ENI mode (Backport PR [#35792](https://redirect.github.com/cilium/cilium/issues/35792), Upstream PR [#35784](https://redirect.github.com/cilium/cilium/issues/35784), [@sayboras](https://redirect.github.com/sayboras)) - l7lb: fix registration of flag loadbalancer-l7 (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35623](https://redirect.github.com/cilium/cilium/issues/35623), [@mhofstetter](https://redirect.github.com/mhofstetter)) - Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout (Backport PR [#35319](https://redirect.github.com/cilium/cilium/issues/35319), Upstream PR [#35069](https://redirect.github.com/cilium/cilium/issues/35069), [@chancez](https://redirect.github.com/chancez)) - option: Reduce log level for WG strict mode + IPv6 (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35763](https://redirect.github.com/cilium/cilium/issues/35763), [@pchaigno](https://redirect.github.com/pchaigno)) - Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35381](https://redirect.github.com/cilium/cilium/issues/35381), [@jrajahalme](https://redirect.github.com/jrajahalme)) - treewide: Add wrapper for `netlink` functions that may fail with `ErrDumpInterrupted` (Backport PR [#35654](https://redirect.github.com/cilium/cilium/issues/35654), Upstream PR [#35614](https://redirect.github.com/cilium/cilium/issues/35614), [@gandro](https://redirect.github.com/gandro)) - wireguard: Fix connectivity issues following node reboots. (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35750](https://redirect.github.com/cilium/cilium/issues/35750), [@jrife](https://redirect.github.com/jrife)) **CI Changes:** - .github/conformance-ginkgo: replace deprecated jq flag (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35399](https://redirect.github.com/cilium/cilium/issues/35399), [@aanm](https://redirect.github.com/aanm)) - .github: extend timeout for tests-ipsec-upgrade workflow (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35657](https://redirect.github.com/cilium/cilium/issues/35657), [@rastislavs](https://redirect.github.com/rastislavs)) - .github: remove libncurses5 from integration tests (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35408](https://redirect.github.com/cilium/cilium/issues/35408), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] gh: e2e-upgrade: restart LRP backend pod after upgrade ([#35329](https://redirect.github.com/cilium/cilium/issues/35329), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - \[v1.16] github: update rhel8 LVH image to rhel8.6 ([#35733](https://redirect.github.com/cilium/cilium/issues/35733), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Additionally test KVStore mode in E2E/IPSec workflows (Backport PR [#35905](https://redirect.github.com/cilium/cilium/issues/35905), Upstream PR [#35679](https://redirect.github.com/cilium/cilium/issues/35679), [@giorio94](https://redirect.github.com/giorio94)) - ci: conformance-kind: re-enable flaky Aggregator test (Backport PR [#35582](https://redirect.github.com/cilium/cilium/issues/35582), Upstream PR [#35286](https://redirect.github.com/cilium/cilium/issues/35286), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: datapath-verifier: bump lvh images (Backport PR [#35648](https://redirect.github.com/cilium/cilium/issues/35648), Upstream PR [#35456](https://redirect.github.com/cilium/cilium/issues/35456), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - gha: Update chmod command (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35400](https://redirect.github.com/cilium/cilium/issues/35400), [@sayboras](https://redirect.github.com/sayboras)) - github: Pass the workflow step timeout to go test (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35814](https://redirect.github.com/cilium/cilium/issues/35814), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR [#35319](https://redirect.github.com/cilium/cilium/issues/35319), Upstream PR [#35267](https://redirect.github.com/cilium/cilium/issues/35267), [@aanm](https://redirect.github.com/aanm)) - workflows/gateway-api: Cover IPsec with GatewayAPI (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35584](https://redirect.github.com/cilium/cilium/issues/35584), [@pchaigno](https://redirect.github.com/pchaigno)) - workflows/ingress: Run basic checks (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35683](https://redirect.github.com/cilium/cilium/issues/35683), [@pchaigno](https://redirect.github.com/pchaigno)) - workflows/ipsec: Cover Ingress (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35476](https://redirect.github.com/cilium/cilium/issues/35476), [@pchaigno](https://redirect.github.com/pchaigno)) - workflows: Extend IPsec tests to cover egress gateway (Backport PR [#35540](https://redirect.github.com/cilium/cilium/issues/35540), Upstream PR [#35323](https://redirect.github.com/cilium/cilium/issues/35323), [@pchaigno](https://redirect.github.com/pchaigno)) **Misc Changes:** - .github/build-images-base: checkout base branch to get scripts (Backport PR [#35319](https://redirect.github.com/cilium/cilium/issues/35319), Upstream PR [#35236](https://redirect.github.com/cilium/cilium/issues/35236), [@aanm](https://redirect.github.com/aanm)) - .github: remove retention days for image digests (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35457](https://redirect.github.com/cilium/cilium/issues/35457), [@aanm](https://redirect.github.com/aanm)) - bpf: vxlan helper improvements (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#34755](https://redirect.github.com/cilium/cilium/issues/34755), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - chore(deps): update all github action dependencies (v1.16) ([#35382](https://redirect.github.com/cilium/cilium/issues/35382), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35439](https://redirect.github.com/cilium/cilium/issues/35439), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35573](https://redirect.github.com/cilium/cilium/issues/35573), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35710](https://redirect.github.com/cilium/cilium/issues/35710), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#35438](https://redirect.github.com/cilium/cilium/issues/35438), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.8 docker digest to [`0ca97f4`](https://redirect.github.com/cilium/cilium/commit/0ca97f4) (v1.16) ([#35730](https://redirect.github.com/cilium/cilium/issues/35730), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.8 docker digest to [`b274ff1`](https://redirect.github.com/cilium/cilium/commit/b274ff1) (v1.16) ([#35379](https://redirect.github.com/cilium/cilium/issues/35379), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.22.9 (v1.16) ([#35854](https://redirect.github.com/cilium/cilium/issues/35854), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1729635771-fa4efeff33a344a45e14a4068c61dc438b3d2270 (v1.16) ([#35491](https://redirect.github.com/cilium/cilium/issues/35491), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.16) (patch) ([#35731](https://redirect.github.com/cilium/cilium/issues/35731), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - cilium, docs: Extend requirements for L7 proxy (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35669](https://redirect.github.com/cilium/cilium/issues/35669), [@borkmann](https://redirect.github.com/borkmann)) - cilium: add probe for netkit for more user friendly error when not supported (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35551](https://redirect.github.com/cilium/cilium/issues/35551), [@borkmann](https://redirect.github.com/borkmann)) - ctrl-runtime: lower severity of retryable reconcile errors (Backport PR [#35592](https://redirect.github.com/cilium/cilium/issues/35592), Upstream PR [#35364](https://redirect.github.com/cilium/cilium/issues/35364), [@giorio94](https://redirect.github.com/giorio94)) - daemon: Reduce level of socket LB tracing warning (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35798](https://redirect.github.com/cilium/cilium/issues/35798), [@pchaigno](https://redirect.github.com/pchaigno)) - datapath: move policy map value prefix length to flags (Backport PR [#35603](https://redirect.github.com/cilium/cilium/issues/35603), Upstream PR [#35534](https://redirect.github.com/cilium/cilium/issues/35534), [@jrajahalme](https://redirect.github.com/jrajahalme)) - dnsproxy: fix error when sessionUDPFactory fails (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#33998](https://redirect.github.com/cilium/cilium/issues/33998), [@marseel](https://redirect.github.com/marseel)) - docs/ipsec: Remove KPR limitation (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35743](https://redirect.github.com/cilium/cilium/issues/35743), [@pchaigno](https://redirect.github.com/pchaigno)) - docs/xfrm: Fix incorrect statement regarding XFRM IN policies (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35626](https://redirect.github.com/cilium/cilium/issues/35626), [@pchaigno](https://redirect.github.com/pchaigno)) - docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation (Backport PR [#35319](https://redirect.github.com/cilium/cilium/issues/35319), Upstream PR [#35288](https://redirect.github.com/cilium/cilium/issues/35288), [@oneumyvakin](https://redirect.github.com/oneumyvakin)) - docs: clean up stale kernel requirements (Backport PR [#35582](https://redirect.github.com/cilium/cilium/issues/35582), Upstream PR [#35575](https://redirect.github.com/cilium/cilium/issues/35575), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: Fix incorrect link to RFC 4271 for BGP control plane timers. (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35725](https://redirect.github.com/cilium/cilium/issues/35725), [@nvibert](https://redirect.github.com/nvibert)) - docs: kpr: update error message regarding SocketLB tracing (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35337](https://redirect.github.com/cilium/cilium/issues/35337), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: tuning: XDP LB also supports tunnel routing (Backport PR [#35582](https://redirect.github.com/cilium/cilium/issues/35582), Upstream PR [#35574](https://redirect.github.com/cilium/cilium/issues/35574), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: update 1.16 upgrade note for LRP ([#35944](https://redirect.github.com/cilium/cilium/issues/35944), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - docs: update default identity label filters (Backport PR [#35468](https://redirect.github.com/cilium/cilium/issues/35468), Upstream PR [#35422](https://redirect.github.com/cilium/cilium/issues/35422), [@marseel](https://redirect.github.com/marseel)) - docs: XFRM reference guide for IPsec development (Backport PR [#35582](https://redirect.github.com/cilium/cilium/issues/35582), Upstream PR [#35322](https://redirect.github.com/cilium/cilium/issues/35322), [@pchaigno](https://redirect.github.com/pchaigno)) - Envoy simplify listener setup (Backport PR [#35764](https://redirect.github.com/cilium/cilium/issues/35764), Upstream PR [#35642](https://redirect.github.com/cilium/cilium/issues/35642), [@jrajahalme](https://redirect.github.com/jrajahalme)) - envoy: Configure internal_address_config to avoid warning log (Backport PR [#35471](https://redirect.github.com/cilium/cilium/issues/35471), Upstream PR [#35090](https://redirect.github.com/cilium/cilium/issues/35090), [@sayboras](https://redirect.github.com/sayboras)) - envoy: Limit started serving logging to the typeURL of the stream (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35736](https://redirect.github.com/cilium/cilium/issues/35736), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Fix wrongly spelled config option in error message (Backport PR [#35543](https://redirect.github.com/cilium/cilium/issues/35543), Upstream PR [#35390](https://redirect.github.com/cilium/cilium/issues/35390), [@baurmatt](https://redirect.github.com/baurmatt)) - helm: clarify text for serviceNoBackendResponse (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35734](https://redirect.github.com/cilium/cilium/issues/35734), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - hubble: Add 'release' Make target (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35561](https://redirect.github.com/cilium/cilium/issues/35561), [@michi-covalent](https://redirect.github.com/michi-covalent)) - image: Use cilium-builder instead of golang as operator builder image (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35351](https://redirect.github.com/cilium/cilium/issues/35351), [@learnitall](https://redirect.github.com/learnitall)) - iptables: always warn about missing xt_socket module (Backport PR [#35781](https://redirect.github.com/cilium/cilium/issues/35781), Upstream PR [#35591](https://redirect.github.com/cilium/cilium/issues/35591), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - makefile: add target to install Cilium in kvstore mode (Backport PR [#35905](https://redirect.github.com/cilium/cilium/issues/35905), Upstream PR [#35646](https://redirect.github.com/cilium/cilium/issues/35646), [@giorio94](https://redirect.github.com/giorio94)) - proxy: Ensure proxy ports are written on shutdown (Backport PR [#35908](https://redirect.github.com/cilium/cilium/issues/35908), Upstream PR [#35839](https://redirect.github.com/cilium/cilium/issues/35839), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Silence spurious clustermesh-related warnings (Backport PR [#35850](https://redirect.github.com/cilium/cilium/issues/35850), Upstream PR [#35867](https://redirect.github.com/cilium/cilium/issues/35867), [@giorio94](https://redirect.github.com/giorio94)) **Other Changes:** - \[v1.16] envoy: Add configuration for OverloadManager ([#35787](https://redirect.github.com/cilium/cilium/issues/35787), [@sayboras](https://redirect.github.com/sayboras)) - \[v1.16] envoy: Bump envoy version from 1.29.x to 1.30.x ([#35563](https://redirect.github.com/cilium/cilium/issues/35563), [@sayboras](https://redirect.github.com/sayboras)) - \[v1.16] policy/correlation: Fix `PolicyMatch{L3Proto,L4Only}` case ([#35681](https://redirect.github.com/cilium/cilium/issues/35681), [@gandro](https://redirect.github.com/gandro)) - chore(deps): update cilium-envoy dependency ([#35920](https://redirect.github.com/cilium/cilium/issues/35920), [@sayboras](https://redirect.github.com/sayboras)) - install: Update image digests for v1.16.3 ([#35361](https://redirect.github.com/cilium/cilium/issues/35361), [@cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) - Policy add deny rule test and benchmark ([#35714](https://redirect.github.com/cilium/cilium/issues/35714), [@jrajahalme](https://redirect.github.com/jrajahalme)) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf` `quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.4@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2` `quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.4@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e` `quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.4@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2` `quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.4@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686` `quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.4@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be` `quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.4@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de` `quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.4@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5` `quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5` ##### operator `quay.io/cilium/operator:v1.16.4@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff` `quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff`Configuration
π Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
π¦ Automerge: Disabled by config. Please merge this manually once you are satisfied.
β» Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
π Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.