Open renovate[bot] opened 8 months ago
This PR contains the following updates:
1.15.0-rc.0
1.16.3
[!WARNING] Some dependencies could not be looked up. Check the Dependency Dashboard for more information.
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.
This PR contains the following updates:
1.15.0-rc.0->1.16.3Release Notes
cilium/cilium (cilium/cilium)
### [`v1.16.3`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.3): 1.16.3 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.16.2...1.16.3) ## Summary of Changes **Bugfixes:** - bgpv2: fix reconciliation of services with shared VIPs (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35166](https://redirect.github.com/cilium/cilium/issues/35166), [@rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: Fix service reconciliation logic to update service advertisement metadata only after successful reconciliation (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34976](https://redirect.github.com/cilium/cilium/issues/34976), [@rastislavs](https://redirect.github.com/rastislavs)) - bpf: nat: recreate a NAT entry if the packet hits the stale entry (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34913](https://redirect.github.com/cilium/cilium/issues/34913), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - bugtool: fix cilium-health command (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35068](https://redirect.github.com/cilium/cilium/issues/35068), [@ayuspin](https://redirect.github.com/ayuspin)) - Fix a low-probability issue where the DNS proxy could occasionally drop DNS queries due to "duplicate request id" errors. (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34941](https://redirect.github.com/cilium/cilium/issues/34941), [@bimmlerd](https://redirect.github.com/bimmlerd)) - Fix issue where bpf packet buffer mark would in some cases set incorrect mark value resulting in incorrectly SNATed traffic. (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34789](https://redirect.github.com/cilium/cilium/issues/34789), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - Fix parameter check to forbid IPAM ENI with TUNNEL routing, and prevent agent segfault when also IPSec is enabled. (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34651](https://redirect.github.com/cilium/cilium/issues/34651), [@smagnani96](https://redirect.github.com/smagnani96)) - Fixed bug in LB-IPAM where restarting the operator would unshare previously shared IPs between services (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34783](https://redirect.github.com/cilium/cilium/issues/34783), [@dylandreimerink](https://redirect.github.com/dylandreimerink)) - Fixed bug in tracking policy changes that could have resulted in revert not woking in failure cases as expected. (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35109](https://redirect.github.com/cilium/cilium/issues/35109), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Fixed bug where service id allocator would loop infinity when out of service ids (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35033](https://redirect.github.com/cilium/cilium/issues/35033), [@WeeNews](https://redirect.github.com/WeeNews)) - Fixes startup fatal error when updating CiliumNode resource. (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34862](https://redirect.github.com/cilium/cilium/issues/34862), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - gateway-api: Align GRPCRoute matchers with GEP specification (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#34808](https://redirect.github.com/cilium/cilium/issues/34808), [@cfsnyder](https://redirect.github.com/cfsnyder)) - helm template function no longer errors when using k8sServiceHost: auto (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35186](https://redirect.github.com/cilium/cilium/issues/35186), [@kreeuwijk](https://redirect.github.com/kreeuwijk)) - hubble: add printer for lost events (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35208](https://redirect.github.com/cilium/cilium/issues/35208), [@aanm](https://redirect.github.com/aanm)) - ipcache: Yet another refcounting fix with mix of APIs (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34715](https://redirect.github.com/cilium/cilium/issues/34715), [@gandro](https://redirect.github.com/gandro)) - netkit: Allow ARP packets through when using host firewall. (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35070](https://redirect.github.com/cilium/cilium/issues/35070), [@jrife](https://redirect.github.com/jrife)) - wireguard: Fix issue where updates to a WireGuard device's configuration caused connectivity blips. (Backport PR [#35115](https://redirect.github.com/cilium/cilium/issues/35115), Upstream PR [#34612](https://redirect.github.com/cilium/cilium/issues/34612), [@jrife](https://redirect.github.com/jrife)) **CI Changes:** - .github/lint-build-commits: fix workflow for push events (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35264](https://redirect.github.com/cilium/cilium/issues/35264), [@aanm](https://redirect.github.com/aanm)) - .github: create cache directories on cache miss (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#35088](https://redirect.github.com/cilium/cilium/issues/35088), [@aanm](https://redirect.github.com/aanm)) - .github: do not push floating tag from PRs (Backport PR [#35230](https://redirect.github.com/cilium/cilium/issues/35230), Upstream PR [#35227](https://redirect.github.com/cilium/cilium/issues/35227), [@aanm](https://redirect.github.com/aanm)) - .github: install golang action after checkout (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34843](https://redirect.github.com/cilium/cilium/issues/34843), [@aanm](https://redirect.github.com/aanm)) - .github: re-enable configurations in e2e-upgrade (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34800](https://redirect.github.com/cilium/cilium/issues/34800), [@aanm](https://redirect.github.com/aanm)) - .github: specify cache-dependency-path in lint-workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34845](https://redirect.github.com/cilium/cilium/issues/34845), [@aanm](https://redirect.github.com/aanm)) - \[1.16] test: Skip envoy internal_address_config warning log ([#35053](https://redirect.github.com/cilium/cilium/issues/35053), [@pippolo84](https://redirect.github.com/pippolo84)) - \[v1.16] gha: fix incorrect go version in lint-build-commits workflow ([#35312](https://redirect.github.com/cilium/cilium/issues/35312), [@giorio94](https://redirect.github.com/giorio94)) - ci: conformance-\[gateway-api|ginkgo|ingress] wait for images before matrix generation (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34820](https://redirect.github.com/cilium/cilium/issues/34820), [@aanm](https://redirect.github.com/aanm)) - fix: repository nil value handled on workflow_dispatch context for renovate updates (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34902](https://redirect.github.com/cilium/cilium/issues/34902), [@Artyop](https://redirect.github.com/Artyop)) - servicemesh, ci: run internal to NodePort test (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35177](https://redirect.github.com/cilium/cilium/issues/35177), [@marseel](https://redirect.github.com/marseel)) **Misc Changes:** - .github: add cache to cilium-cli and hubble-cli build workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34847](https://redirect.github.com/cilium/cilium/issues/34847), [@aanm](https://redirect.github.com/aanm)) - .github: clean up disk for lint-build workflow (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#35141](https://redirect.github.com/cilium/cilium/issues/35141), [@aanm](https://redirect.github.com/aanm)) - .github: fix build image process to commit changes (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35262](https://redirect.github.com/cilium/cilium/issues/35262), [@aanm](https://redirect.github.com/aanm)) - .github: fix lvh-kind warnings (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34811](https://redirect.github.com/cilium/cilium/issues/34811), [@aanm](https://redirect.github.com/aanm)) - .github: fix runtime image digests (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35107](https://redirect.github.com/cilium/cilium/issues/35107), [@aanm](https://redirect.github.com/aanm)) - .github: push floating tag for push events for stable branches ([#35235](https://redirect.github.com/cilium/cilium/issues/35235), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] .github: do not update github runners for bpf workflows ([#35106](https://redirect.github.com/cilium/cilium/issues/35106), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] manually update dependency cilium/cilium-cli to v0.16.19 (v1.16) ([#35310](https://redirect.github.com/cilium/cilium/issues/35310), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - bgpv2/docs: add ebgp multihop documentation (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34951](https://redirect.github.com/cilium/cilium/issues/34951), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: cleanup service reconciliation logic (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34959](https://redirect.github.com/cilium/cilium/issues/34959), [@rastislavs](https://redirect.github.com/rastislavs)) - Change GH runners to GH's default (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#33451](https://redirect.github.com/cilium/cilium/issues/33451), [@aanm](https://redirect.github.com/aanm)) - chore(deps): update all github action dependencies (v1.16) ([#35025](https://redirect.github.com/cilium/cilium/issues/35025), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35082](https://redirect.github.com/cilium/cilium/issues/35082), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#35250](https://redirect.github.com/cilium/cilium/issues/35250), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#35005](https://redirect.github.com/cilium/cilium/issues/35005), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#35283](https://redirect.github.com/cilium/cilium/issues/35283), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.18 (v1.16) ([#34999](https://redirect.github.com/cilium/cilium/issues/34999), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.7 docker digest to [`ddad330`](https://redirect.github.com/cilium/cilium/commit/ddad330) (v1.16) ([#35101](https://redirect.github.com/cilium/cilium/issues/35101), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.22.8 (v1.16) ([#35201](https://redirect.github.com/cilium/cilium/issues/35201), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727741018-e3a7412f65722ebbe34254b3582b89d315765d0d (v1.16) ([#35137](https://redirect.github.com/cilium/cilium/issues/35137), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727997080-b094128ed01b784b63ada19b54f8c7fdc3042e6e (v1.16) ([#35218](https://redirect.github.com/cilium/cilium/issues/35218), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - cilium-cli: Show config.cilium.io annotations on configmap (Backport PR [#35155](https://redirect.github.com/cilium/cilium/issues/35155), Upstream PR [#35020](https://redirect.github.com/cilium/cilium/issues/35020), [@joamaki](https://redirect.github.com/joamaki)) - docs: Add known issue for netkit endpoint route issues (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35126](https://redirect.github.com/cilium/cilium/issues/35126), [@jrife](https://redirect.github.com/jrife)) - docs: fix EKS Kubernetes compatibility link (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34922](https://redirect.github.com/cilium/cilium/issues/34922), [@fjvela](https://redirect.github.com/fjvela)) - docs: Improve warning on insecure global IPsec keys (Backport PR [#34918](https://redirect.github.com/cilium/cilium/issues/34918), Upstream PR [#34846](https://redirect.github.com/cilium/cilium/issues/34846), [@pchaigno](https://redirect.github.com/pchaigno)) - docs: move sig-policy to second Tuesday of the month (Backport PR [#35115](https://redirect.github.com/cilium/cilium/issues/35115), Upstream PR [#35040](https://redirect.github.com/cilium/cilium/issues/35040), [@squeed](https://redirect.github.com/squeed)) - fix: Assign PodStore from Pod resource until cell migration is completed (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#34090](https://redirect.github.com/cilium/cilium/issues/34090), [@dlapcevic](https://redirect.github.com/dlapcevic)) - helm: add client auth to hubble server certificate (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34934](https://redirect.github.com/cilium/cilium/issues/34934), [@kaworu](https://redirect.github.com/kaworu)) - helm: set key usages for hubble certificates with cert-manager (Backport PR [#35036](https://redirect.github.com/cilium/cilium/issues/35036), Upstream PR [#34946](https://redirect.github.com/cilium/cilium/issues/34946), [@kaworu](https://redirect.github.com/kaworu)) - Improve speed on lint commits GH workflow (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34848](https://redirect.github.com/cilium/cilium/issues/34848), [@aanm](https://redirect.github.com/aanm)) - install/kubernetes: fix Operator's clusterrole for pods deletion (Backport PR [#35274](https://redirect.github.com/cilium/cilium/issues/35274), Upstream PR [#35193](https://redirect.github.com/cilium/cilium/issues/35193), [@aanm](https://redirect.github.com/aanm)) - Re-write GitHub cache usages across workflows (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34866](https://redirect.github.com/cilium/cilium/issues/34866), [@aanm](https://redirect.github.com/aanm)) - Remove conformance-e2e tests (Backport PR [#35157](https://redirect.github.com/cilium/cilium/issues/35157), Upstream PR [#34742](https://redirect.github.com/cilium/cilium/issues/34742), [@aanm](https://redirect.github.com/aanm)) **Other Changes:** - \[v1.16] Add missing test coverage in v1.16 branch ([#35223](https://redirect.github.com/cilium/cilium/issues/35223), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] author backport: fix ENABLE_LOCAL_REDIRECT_POLICY ([#35129](https://redirect.github.com/cilium/cilium/issues/35129), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - \[v1.16] author backport: LRP fixes ([#35072](https://redirect.github.com/cilium/cilium/issues/35072), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - \[v1.16] ginkgo: disable test for deprecated annotations-based L7 visibility ([#35160](https://redirect.github.com/cilium/cilium/issues/35160), [@tklauser](https://redirect.github.com/tklauser)) - \[v1.16] test/k8s: replace L7 visibility Pod annotations by L7 visibility policy ([#35151](https://redirect.github.com/cilium/cilium/issues/35151), [@tklauser](https://redirect.github.com/tklauser)) - install: Update image digests for v1.16.2 ([#35052](https://redirect.github.com/cilium/cilium/issues/35052), [@cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28` `quay.io/cilium/cilium:stable@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.3@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb` `quay.io/cilium/clustermesh-apiserver:stable@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.3@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae` `quay.io/cilium/docker-plugin:stable@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.3@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089` `quay.io/cilium/hubble-relay:stable@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.3@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898` `quay.io/cilium/operator-alibabacloud:stable@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.3@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916` `quay.io/cilium/operator-aws:stable@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.3@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542` `quay.io/cilium/operator-azure:stable@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.3@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b` `quay.io/cilium/operator-generic:stable@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b` ##### operator `quay.io/cilium/operator:v1.16.3@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f` `quay.io/cilium/operator:stable@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f` ### [`v1.16.2`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.2): 1.16.2 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.16.1...1.16.2) We are happy to release Cilium v1.16.2! This release brings us improved validation for updating from v1.15, fixed panics, race conditions and deadlocks, CI fixes and many many more changes! Check out the summary below for details. ## Summary of Changes **Minor Changes:** - Add validation to prevent users from using deprecated values that have been removed in v1.15 and v1.16 (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34229](https://redirect.github.com/cilium/cilium/issues/34229), [@chancez](https://redirect.github.com/chancez)) - bgpv2: update status field of CiliumBGPNodeConfig CRD (Backport PR [#34580](https://redirect.github.com/cilium/cilium/issues/34580), Upstream PR [#33411](https://redirect.github.com/cilium/cilium/issues/33411), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - docs: Update examples for CNP L7 Host (Backport PR [#34644](https://redirect.github.com/cilium/cilium/issues/34644), Upstream PR [#34578](https://redirect.github.com/cilium/cilium/issues/34578), [@sayboras](https://redirect.github.com/sayboras)) - egressgw: drop traffic when gateway node is not configured for policy (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#33625](https://redirect.github.com/cilium/cilium/issues/33625), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) **Bugfixes:** - add support for validation of stringToString values in ConfigMap (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34279](https://redirect.github.com/cilium/cilium/issues/34279), [@alex-berger](https://redirect.github.com/alex-berger)) - bgpv2: correct service reconciler initialization (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34415](https://redirect.github.com/cilium/cilium/issues/34415), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: fix cilium-dbg bgp filtering by ASN & route-policy dump format (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34335](https://redirect.github.com/cilium/cilium/issues/34335), [@rastislavs](https://redirect.github.com/rastislavs)) - bpf: Fix `Prune` map operation leaking BPF map entries (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34476](https://redirect.github.com/cilium/cilium/issues/34476), [@gandro](https://redirect.github.com/gandro)) - config: fix disabling config 'Debug' (Backport PR [#34469](https://redirect.github.com/cilium/cilium/issues/34469), Upstream PR [#34401](https://redirect.github.com/cilium/cilium/issues/34401), [@mhofstetter](https://redirect.github.com/mhofstetter)) - daemon: Create IPsec and LRP maps early on startup (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34388](https://redirect.github.com/cilium/cilium/issues/34388), [@pchaigno](https://redirect.github.com/pchaigno)) - daemon: Fix error logic flow for pod store being out of date (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34389](https://redirect.github.com/cilium/cilium/issues/34389), [@christarazi](https://redirect.github.com/christarazi)) - envoy: fix log level mapping when changing log level via API (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34400](https://redirect.github.com/cilium/cilium/issues/34400), [@mhofstetter](https://redirect.github.com/mhofstetter)) - Fix "invalid sysctl parameter" error when Cilium needs to modify a sysctl with capital letters in its name. (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34298](https://redirect.github.com/cilium/cilium/issues/34298), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fix a bug in Cilium's kube-proxy replacement, where replies by a local backend are dropped with DROP_NO_FIB. (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34303](https://redirect.github.com/cilium/cilium/issues/34303), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fix a race condition that would cause errors related to maps `LB{4,6}_SKIP_MAP` when loading programs. (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34453](https://redirect.github.com/cilium/cilium/issues/34453), [@pchaigno](https://redirect.github.com/pchaigno)) - Fix agent panic when IPsec is enabled but XFRM stats are not exposed by the kernel. (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34647](https://redirect.github.com/cilium/cilium/issues/34647), [@chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - Fix issue where a hostport service would be created on an incorrect node when cilium-agent is configured with disable-endpoint-crd (Backport PR [#34644](https://redirect.github.com/cilium/cilium/issues/34644), Upstream PR [#34385](https://redirect.github.com/cilium/cilium/issues/34385), [@haozhangami](https://redirect.github.com/haozhangami)) - Fix operator deployment connecting to clustermesh kvstoremesh when endpointslice sync or MCS-API Service exports is enabled (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34295](https://redirect.github.com/cilium/cilium/issues/34295), [@MrFreezeex](https://redirect.github.com/MrFreezeex)) - Fix parsing of complex api-rate-limit options. The parsing failed when rate limits were configured for multiple API endpoints with multiple options, for example: "endpoint-create=rate-limit:1/s,rate-burst=1,endpoint-delete=rate-limit:2/s,rate-burst=2". The ability to also specify the rate limits as JSON strings was also returned. (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34249](https://redirect.github.com/cilium/cilium/issues/34249), [@joamaki](https://redirect.github.com/joamaki)) - Fix possible connection disruption on agent restart with WireGuard + native routing (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34095](https://redirect.github.com/cilium/cilium/issues/34095), [@giorio94](https://redirect.github.com/giorio94)) - Fix possible panic occurring in case errors are returned while updating/deleting IPv6 routes (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34721](https://redirect.github.com/cilium/cilium/issues/34721), [@giorio94](https://redirect.github.com/giorio94)) - Fix the Egress Gateway reconciliation logic to make progress after setting the rp_filter sysctl failed. (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34775](https://redirect.github.com/cilium/cilium/issues/34775), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fixes broken pod-to-remote-hostport connectivity when IPsec is used with L7 ingress policy and KPR. (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#33805](https://redirect.github.com/cilium/cilium/issues/33805), [@jschwinger233](https://redirect.github.com/jschwinger233)) - Fixes deadlock in identity watcher. This fixes an issue where a kvstore disconnect can cause the event receiver to exit and the event sender to get stuck forever. (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34611](https://redirect.github.com/cilium/cilium/issues/34611), [@dboslee](https://redirect.github.com/dboslee)) - helm: fix envoy prometheus metrics scraping with servicemonitor (Backport PR [#34472](https://redirect.github.com/cilium/cilium/issues/34472), Upstream PR [#34448](https://redirect.github.com/cilium/cilium/issues/34448), [@mhofstetter](https://redirect.github.com/mhofstetter)) - ingress: Avoid opening of port 80 for TLSPassthrough only (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34474](https://redirect.github.com/cilium/cilium/issues/34474), [@sayboras](https://redirect.github.com/sayboras)) - ingress: Remove generated CEC if empty (Backport PR [#34644](https://redirect.github.com/cilium/cilium/issues/34644), Upstream PR [#34576](https://redirect.github.com/cilium/cilium/issues/34576), [@sayboras](https://redirect.github.com/sayboras)) - lbipam: fix panic when changing the shared key & req. ip annotation (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34236](https://redirect.github.com/cilium/cilium/issues/34236), [@mhofstetter](https://redirect.github.com/mhofstetter)) - policy: Fixed CIDRGroupRef breaking the sanitization (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34076](https://redirect.github.com/cilium/cilium/issues/34076), [@chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - Replace dotted sysctl names with string slices (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34527](https://redirect.github.com/cilium/cilium/issues/34527), [@dylandreimerink](https://redirect.github.com/dylandreimerink)) **CI Changes:** - .github: change nick-invision/retry -> nick-fields/retry. ([#34735](https://redirect.github.com/cilium/cilium/issues/34735), [@michi-covalent](https://redirect.github.com/michi-covalent)) - bgpv1/test: fix route matching in PodIPPoolAdvert test (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34270](https://redirect.github.com/cilium/cilium/issues/34270), [@rastislavs](https://redirect.github.com/rastislavs)) - ci: clean disk only on ubuntu-latest runners (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34711](https://redirect.github.com/cilium/cilium/issues/34711), [@marseel](https://redirect.github.com/marseel)) - ci: Confromance E2E wait for images before matrix generation (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34707](https://redirect.github.com/cilium/cilium/issues/34707), [@marseel](https://redirect.github.com/marseel)) - ci: datapath-verifier: also run on 6.6 kernel (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34420](https://redirect.github.com/cilium/cilium/issues/34420), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: don't run AKS tests on LTS versions (Backport PR [#34644](https://redirect.github.com/cilium/cilium/issues/34644), Upstream PR [#34640](https://redirect.github.com/cilium/cilium/issues/34640), [@marseel](https://redirect.github.com/marseel)) - ci: Wait for images before generating test matrix (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34727](https://redirect.github.com/cilium/cilium/issues/34727), [@marseel](https://redirect.github.com/marseel)) - Fix: push PR changes when renovate build images under the workflow_call context (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34650](https://redirect.github.com/cilium/cilium/issues/34650), [@Artyop](https://redirect.github.com/Artyop)) - gha: Add disk cleanup step for build and test workflow (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34339](https://redirect.github.com/cilium/cilium/issues/34339), [@sayboras](https://redirect.github.com/sayboras)) **Misc Changes:** - .github: remove installation steps for arm64 (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34336](https://redirect.github.com/cilium/cilium/issues/34336), [@aanm](https://redirect.github.com/aanm)) - \[v1.16] deps: update Docker dependency ([#34354](https://redirect.github.com/cilium/cilium/issues/34354), [@ferozsalam](https://redirect.github.com/ferozsalam)) - bgpv2: correct error message log (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34276](https://redirect.github.com/cilium/cilium/issues/34276), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - chore(deps): update all github action dependencies (v1.16) ([#34569](https://redirect.github.com/cilium/cilium/issues/34569), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) ([#34749](https://redirect.github.com/cilium/cilium/issues/34749), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.16) (patch) ([#34568](https://redirect.github.com/cilium/cilium/issues/34568), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#34687](https://redirect.github.com/cilium/cilium/issues/34687), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.16) ([#34883](https://redirect.github.com/cilium/cilium/issues/34883), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.15 (v1.16) ([#34118](https://redirect.github.com/cilium/cilium/issues/34118), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.16 (v1.16) ([#34497](https://redirect.github.com/cilium/cilium/issues/34497), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.16.17 (v1.16) ([#34878](https://redirect.github.com/cilium/cilium/issues/34878), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/busybox:1.36.1 docker digest to [`34b191d`](https://redirect.github.com/cilium/cilium/commit/34b191d) (v1.16) ([#34760](https://redirect.github.com/cilium/cilium/issues/34760), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.22.7 docker digest to [`4594271`](https://redirect.github.com/cilium/cilium/commit/4594271) (v1.16) ([#34887](https://redirect.github.com/cilium/cilium/issues/34887), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.22.7 (v1.16) ([#34797](https://redirect.github.com/cilium/cilium/issues/34797), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore: Avoid docker warning due to casing (Backport PR [#34856](https://redirect.github.com/cilium/cilium/issues/34856), Upstream PR [#34125](https://redirect.github.com/cilium/cilium/issues/34125), [@sayboras](https://redirect.github.com/sayboras)) - cilium-dbg: add Envoy admin commands (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34398](https://redirect.github.com/cilium/cilium/issues/34398), [@mhofstetter](https://redirect.github.com/mhofstetter)) - clustermesh/endpointslicesync: fix panic on failure in Test_meshEndpointSlice_Reconcile (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34699](https://redirect.github.com/cilium/cilium/issues/34699), [@tklauser](https://redirect.github.com/tklauser)) - contrib: allow l7proxy in egressgw config (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34636](https://redirect.github.com/cilium/cilium/issues/34636), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - docs: Avoid using wildcard TLS certificate (Backport PR [#34831](https://redirect.github.com/cilium/cilium/issues/34831), Upstream PR [#34609](https://redirect.github.com/cilium/cilium/issues/34609), [@sayboras](https://redirect.github.com/sayboras)) - docs: Improve disk based policy documentation (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34234](https://redirect.github.com/cilium/cilium/issues/34234), [@tamilmani1989](https://redirect.github.com/tamilmani1989)) - docs: Update LB-IPAM `allowFirstLastIPs` documentation (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34227](https://redirect.github.com/cilium/cilium/issues/34227), [@dylandreimerink](https://redirect.github.com/dylandreimerink)) - Documentation: Add instructions on accessing the Hubble API with TLS (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34361](https://redirect.github.com/cilium/cilium/issues/34361), [@chancez](https://redirect.github.com/chancez)) - Documentation: Add section to validate Hubble TLS is enabled (Backport PR [#34644](https://redirect.github.com/cilium/cilium/issues/34644), Upstream PR [#34416](https://redirect.github.com/cilium/cilium/issues/34416), [@chancez](https://redirect.github.com/chancez)) - endpoint: Do not pass a function to WithFields (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34346](https://redirect.github.com/cilium/cilium/issues/34346), [@jrajahalme](https://redirect.github.com/jrajahalme)) - fix: base image update workflow will now be triggered on renovate branches with a workflow_call event type (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34372](https://redirect.github.com/cilium/cilium/issues/34372), [@Artyop](https://redirect.github.com/Artyop)) - images: fix path script (Backport PR [#34768](https://redirect.github.com/cilium/cilium/issues/34768), Upstream PR [#34764](https://redirect.github.com/cilium/cilium/issues/34764), [@aanm](https://redirect.github.com/aanm)) - ipsec: Document a new cause of XfrmInStateProtoError (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#34221](https://redirect.github.com/cilium/cilium/issues/34221), [@jschwinger233](https://redirect.github.com/jschwinger233)) - pkg/endpointmanager: don't hold lock while iterating over subscribers (Backport PR [#34586](https://redirect.github.com/cilium/cilium/issues/34586), Upstream PR [#33896](https://redirect.github.com/cilium/cilium/issues/33896), [@aanm](https://redirect.github.com/aanm)) - Reorganize Hubble docs (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34282](https://redirect.github.com/cilium/cilium/issues/34282), [@chancez](https://redirect.github.com/chancez)) - Use exponential backoff for etcd connection retries during quorum loss (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34231](https://redirect.github.com/cilium/cilium/issues/34231), [@hemanthmalla](https://redirect.github.com/hemanthmalla)) - wireguard: minor improvements (Backport PR [#34452](https://redirect.github.com/cilium/cilium/issues/34452), Upstream PR [#34285](https://redirect.github.com/cilium/cilium/issues/34285), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) **Other Changes:** - \[v1.16] CODEOWNERS: switch cilium/tophat to cilium/committers ([#34338](https://redirect.github.com/cilium/cilium/issues/34338), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - \[v1.16] envoy: Bump envoy version from v1.29.7 to v1.29.9 ([#34966](https://redirect.github.com/cilium/cilium/issues/34966), [@sayboras](https://redirect.github.com/sayboras)) - \[v1.16] envoy: Switch to image with timestamp tag ([#34395](https://redirect.github.com/cilium/cilium/issues/34395), [@sayboras](https://redirect.github.com/sayboras)) - envoy: Bump golang version ([#34328](https://redirect.github.com/cilium/cilium/issues/34328), [@sayboras](https://redirect.github.com/sayboras)) - Fix panic in endpoint regeneration when DNS requests are processed during early initialization. ([#34892](https://redirect.github.com/cilium/cilium/issues/34892), [@joamaki](https://redirect.github.com/joamaki)) - install: Update image digests for v1.16.1 ([#34378](https://redirect.github.com/cilium/cilium/issues/34378), [@cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.16.2@sha256:4386a8580d8d86934908eea022b0523f812e6a542f30a86a47edd8bed90d51ea` `quay.io/cilium/cilium:stable@sha256:4386a8580d8d86934908eea022b0523f812e6a542f30a86a47edd8bed90d51ea` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.16.2@sha256:cc84190fed92e03a2b3a33bc670b2447b521ee258ad9b076baaad13be312ea73` `quay.io/cilium/clustermesh-apiserver:stable@sha256:cc84190fed92e03a2b3a33bc670b2447b521ee258ad9b076baaad13be312ea73` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.16.2@sha256:9b455c663e43f785e3ef26471e29e22939c056af41d1e9215007b88dd37cd99b` `quay.io/cilium/docker-plugin:stable@sha256:9b455c663e43f785e3ef26471e29e22939c056af41d1e9215007b88dd37cd99b` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.16.2@sha256:4b559907b378ac18af82541dafab430a857d94f1057f2598645624e6e7ea286c` `quay.io/cilium/hubble-relay:stable@sha256:4b559907b378ac18af82541dafab430a857d94f1057f2598645624e6e7ea286c` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.16.2@sha256:16e33abb6b8381e2f66388b6d7141399f06c9b51b9ffa08fd159b8d321929716` `quay.io/cilium/operator-alibabacloud:stable@sha256:16e33abb6b8381e2f66388b6d7141399f06c9b51b9ffa08fd159b8d321929716` ##### operator-aws `quay.io/cilium/operator-aws:v1.16.2@sha256:b6a73ec94407a56cccc8a395225e2aecc3ca3611e7acfeec86201c19fc0727dd` `quay.io/cilium/operator-aws:stable@sha256:b6a73ec94407a56cccc8a395225e2aecc3ca3611e7acfeec86201c19fc0727dd` ##### operator-azure `quay.io/cilium/operator-azure:v1.16.2@sha256:fde7cf8bb887e106cd388bb5c3327e92682b2ec3ab4f03bb57b87f495b99f727` `quay.io/cilium/operator-azure:stable@sha256:fde7cf8bb887e106cd388bb5c3327e92682b2ec3ab4f03bb57b87f495b99f727` ##### operator-generic `quay.io/cilium/operator-generic:v1.16.2@sha256:cccfd3b886d52cb132c06acca8ca559f0fce91a6bd99016219b1a81fdbc4813a` `quay.io/cilium/operator-generic:stable@sha256:cccfd3b886d52cb132c06acca8ca559f0fce91a6bd99016219b1a81fdbc4813a` ##### operator `quay.io/cilium/operator:v1.16.2@sha256:01c4d846f65ecd2bd86f3d95a0ddc2bc4c813f6074a41828ca9ca2a30ed34381` `quay.io/cilium/operator:stable@sha256:01c4d846f65ecd2bd86f3d95a0ddc2bc4c813f6074a41828ca9ca2a30ed34381` ### [`v1.16.1`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.1): 1.16.1 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.16.0...1.16.1) ## Security Advisories This release addresses the following security vulnerabilities: - https://github.com/cilium/cilium/security/advisories/GHSA-vwf8-q6fw-4wcm - https://github.com/cilium/cilium/security/advisories/GHSA-qcm3-7879-xcww ## Summary of Changes **Minor Changes:** - Deprecate providing Hubble TLS secrets in helm values (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34114](https://redirect.github.com/cilium/cilium/issues/34114), [@chancez](https://redirect.github.com/chancez)) - gateway-api: Add required labels and annotations (Backport PR [#34215](https://redirect.github.com/cilium/cilium/issues/34215), Upstream PR [#33990](https://redirect.github.com/cilium/cilium/issues/33990), [@sayboras](https://redirect.github.com/sayboras)) - helm: add config for nat-map-stats-{interval, entries} config. (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33847](https://redirect.github.com/cilium/cilium/issues/33847), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - Internal listener references are now properly qualified with namespace and CEC name. (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34104](https://redirect.github.com/cilium/cilium/issues/34104), [@jrajahalme](https://redirect.github.com/jrajahalme)) - Support configuring imagePullSecrets for spire agent/server pods (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33952](https://redirect.github.com/cilium/cilium/issues/33952), [@chancez](https://redirect.github.com/chancez)) **Bugfixes:** - auth: Fix data race in Upsert (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33905](https://redirect.github.com/cilium/cilium/issues/33905), [@chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - BGPv1 + BGPv2: Fix incorrect service reconciliation in setups with multiple BGP instances (virtual routers) (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34177](https://redirect.github.com/cilium/cilium/issues/34177), [@rastislavs](https://redirect.github.com/rastislavs)) - bgpv1: Fix data race in bgppSelection (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33904](https://redirect.github.com/cilium/cilium/issues/33904), [@chaunceyjiang](https://redirect.github.com/chaunceyjiang)) - bgpv2: Avoid duplicate route policy naming (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34031](https://redirect.github.com/cilium/cilium/issues/34031), [@rastislavs](https://redirect.github.com/rastislavs)) - BGPv2: Fix `Service` advertisement selector: do not require matching `CiliumLoadBalancerIPPool` (Backport PR [#34201](https://redirect.github.com/cilium/cilium/issues/34201), Upstream PR [#34182](https://redirect.github.com/cilium/cilium/issues/34182), [@rastislavs](https://redirect.github.com/rastislavs)) - Fix a nil dereference crash during cilium-agent initialization affecting setups with FQDN policies. The crash is triggered when a restored endpoint performs a DNS request just a the right time during early cilium-agent restoration. Problem is not expected to be persistent and the agent should get pass the problematic part of the initialization on restart. (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34059](https://redirect.github.com/cilium/cilium/issues/34059), [@joamaki](https://redirect.github.com/joamaki)) - Fix appArmorProfile condition for CronJob helm template (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34100](https://redirect.github.com/cilium/cilium/issues/34100), [@sathieu](https://redirect.github.com/sathieu)) - Fix bug causing etcd upsertion/deletion events to be potentially missed during the initial synchronization, when Cilium operates in KVStore mode, or Cluster Mesh is enabled. (Backport PR [#34181](https://redirect.github.com/cilium/cilium/issues/34181), Upstream PR [#34091](https://redirect.github.com/cilium/cilium/issues/34091), [@giorio94](https://redirect.github.com/giorio94)) - Fix issue in picking node IP addresses from the loopback device. This fixes a regression in v1.15 and v1.16 where VIPs assigned to the lo device were not considered by Cilium. Fix spurious updates node addresses to avoid unnecessary datapath reinitializations. (Backport PR [#34085](https://redirect.github.com/cilium/cilium/issues/34085), Upstream PR [#34012](https://redirect.github.com/cilium/cilium/issues/34012), [@joamaki](https://redirect.github.com/joamaki)) - Fix possible connection disruption on agent restart with WireGuard + kvstore (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34062](https://redirect.github.com/cilium/cilium/issues/34062), [@giorio94](https://redirect.github.com/giorio94)) - Fixes DNS proxy "connect: cannot assign requested address" errors in transparent mode, which were due to opening multiple TCP connections to the upstream DNS server. (Backport PR [#34201](https://redirect.github.com/cilium/cilium/issues/34201), Upstream PR [#33989](https://redirect.github.com/cilium/cilium/issues/33989), [@bimmlerd](https://redirect.github.com/bimmlerd)) - gateway-api: Add HTTP method condition in sortable routes (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34109](https://redirect.github.com/cilium/cilium/issues/34109), [@sayboras](https://redirect.github.com/sayboras)) - gateway-api: Enqueue gateway for Reference Grant changes (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34032](https://redirect.github.com/cilium/cilium/issues/34032), [@sayboras](https://redirect.github.com/sayboras)) - lbipam: fixed bug in sharing key logic (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34106](https://redirect.github.com/cilium/cilium/issues/34106), [@dylandreimerink](https://redirect.github.com/dylandreimerink)) - policy: Fix policy cache covers context lookup. ([#34322](https://redirect.github.com/cilium/cilium/issues/34322), [@nathanjsweet](https://redirect.github.com/nathanjsweet)) - service: Relax protocol matching for L7 Service (Backport PR [#34195](https://redirect.github.com/cilium/cilium/issues/34195), Upstream PR [#34131](https://redirect.github.com/cilium/cilium/issues/34131), [@sayboras](https://redirect.github.com/sayboras)) **CI Changes:** - .github: ginkgo: remove duplicate datapath ipv4only test in f09/f21. (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34071](https://redirect.github.com/cilium/cilium/issues/34071), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - bpf: egressgw: don't install allow-all policy in to-netdev tests (Backport PR [#34201](https://redirect.github.com/cilium/cilium/issues/34201), Upstream PR [#34143](https://redirect.github.com/cilium/cilium/issues/34143), [@julianwiedmann](https://redirect.github.com/julianwiedmann)) - ci: multi pool run tests concurrently (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#33945](https://redirect.github.com/cilium/cilium/issues/33945), [@viktor-kurchenko](https://redirect.github.com/viktor-kurchenko)) - Fix workflow telemetry in ci-ipsec-upgrade (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34097](https://redirect.github.com/cilium/cilium/issues/34097), [@chancez](https://redirect.github.com/chancez)) - gha: Add extended features in gateway profile run (Backport PR [#34215](https://redirect.github.com/cilium/cilium/issues/34215), Upstream PR [#34098](https://redirect.github.com/cilium/cilium/issues/34098), [@sayboras](https://redirect.github.com/sayboras)) - gha: Free up Github runner disk space (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34247](https://redirect.github.com/cilium/cilium/issues/34247), [@sayboras](https://redirect.github.com/sayboras)) - gha: lint absence of trailing spaces in workflow files (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33908](https://redirect.github.com/cilium/cilium/issues/33908), [@giorio94](https://redirect.github.com/giorio94)) - gha: simplify the call-backport-label-updater workflow (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33934](https://redirect.github.com/cilium/cilium/issues/33934), [@giorio94](https://redirect.github.com/giorio94)) - ginkgo-ci: split f09 into two groups to reduce timeouts & flakes (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34038](https://redirect.github.com/cilium/cilium/issues/34038), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - test: use cgr.dev/chainguard/busybox:latest instead of docker.io image. (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34004](https://redirect.github.com/cilium/cilium/issues/34004), [@tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - tests-clustermesh-upgrade: Don't hardcode test namespace (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34121](https://redirect.github.com/cilium/cilium/issues/34121), [@michi-covalent](https://redirect.github.com/michi-covalent)) **Misc Changes:** - \[v1.16] docs: Add note for CNP empty slices semantic under v1.16 section ([#34008](https://redirect.github.com/cilium/cilium/issues/34008), [@pippolo84](https://redirect.github.com/pippolo84)) - Add source IP visibility info to Ingress and Gateway API docs (Backport PR [#34297](https://redirect.github.com/cilium/cilium/issues/34297), Upstream PR [#34137](https://redirect.github.com/cilium/cilium/issues/34137), [@youngnick](https://redirect.github.com/youngnick)) - bgpv1: Reconcile with retry in BGP Controller (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33971](https://redirect.github.com/cilium/cilium/issues/33971), [@rastislavs](https://redirect.github.com/rastislavs)) - bgpv2: deprecate local port setting in transport config (Backport PR [#34209](https://redirect.github.com/cilium/cilium/issues/34209), Upstream PR [#33438](https://redirect.github.com/cilium/cilium/issues/33438), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bgpv2: use correct path key in path reconciler (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33947](https://redirect.github.com/cilium/cilium/issues/33947), [@harsimran-pabla](https://redirect.github.com/harsimran-pabla)) - bitlpm: Avoid allocs in CIDR trie lookups (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33518](https://redirect.github.com/cilium/cilium/issues/33518), [@jrajahalme](https://redirect.github.com/jrajahalme)) - bitlpm: Simplify matchPrefix() (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#33517](https://redirect.github.com/cilium/cilium/issues/33517), [@jrajahalme](https://redirect.github.com/jrajahalme)) - bugtool: dump cilium_skip_lb{4,6} (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34017](https://redirect.github.com/cilium/cilium/issues/34017), [@ysksuzuki](https://redirect.github.com/ysksuzuki)) - bugtool: dumping more Envoy information (Backport PR [#34158](https://redirect.github.com/cilium/cilium/issues/34158), Upstream PR [#34110](https://redirect.github.com/cilium/cilium/issues/34110), [@mhofstetter](https://redirect.github.com/mhofstetter)) - chore(deps): update all github action dependencies (v1.16) ([#34166](https://redirect.github.com/cilium/cilium/issues/34166), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency protocolbuffers/protobuf to v27.3 (v1.16) ([#34165](https://redirect.github.com/cilium/cilium/issues/34165), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.15 (v1.16) ([#34049](https://redirect.github.com/cilium/cilium/issues/34049), [@cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - Clean up documentation make targets for cases of nesting make builds inside contaiConfiguration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR was generated by Mend Renovate. View the repository job log.