Skip to content

chore(deps): update helm release cilium to v1.17.0-pre.3

Renovate Bot requested to merge renovate/cilium-1.x into master

This MR contains the following updates:

Package Type Update Change
cilium (source) HelmChart patch 1.17.0-pre.2 -> 1.17.0-pre.3

Warning

Some dependencies could not be looked up. Check the warning logs for more information.


Release Notes

cilium/cilium (cilium)

v1.17.0-pre.3: 1.17.0-pre.3

Compare Source

Summary of Changes

Major Changes:

  • Add feature tracking in Cilium agent as prometheus metrics (#​35852, @​aanm)
  • Add feature tracking in Cilium Operator as prometheus metrics (#​36077, @​aanm)
  • Allow users to override the load balancing algorithm for Services by setting the service.cilium.io/lb-algorithm annotation. (#​35735, @​kl52752)
  • Cilium now sends TLS Interception and Header manipulation secrets referenced in CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy by reference using SDS, using the same secret synchronization method used for Ingress, Gateway API, and BGP control plane secrets. (#​35513, @​youngnick)
  • feat: add dynamically configured Hubble metrics (#​35185, @​rectified95)

Minor Changes:

Bugfixes:

  • bgp: fix race in bgp stores (#​35971, @​harsimran-pabla)
  • BGPv1: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (#​36230, @​rastislavs)
  • bgpv2,operator: Fix the race condition in the nodeSelector conflict detection logic (#​35690, @​YutaroHayakawa)
  • BGPv2: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (#​36165, @​rastislavs)
  • bpf:nat: restore a NAT entry if its REV NAT is not found (#​35304, @​sugangli)
  • Cilium agent now waits until endpoints have restored before starting accepting new xDS streams. (#​35984, @​jrajahalme)
  • cilium-cli/connectivity: fix nil-pointer dereference if minimum version can't be detected (#​35802, @​tklauser)
  • cilium-health-ep controller is made to be more robust against successive failures. (#​35936, @​jrajahalme)
  • config: Remove superfluous warning on native routing CIDR (#​35738, @​gandro)
  • Envoy "initial fetch timeout" warnings are now demoted to info level, as they are expected to happen during Cilium Agent restart. (#​36060, @​jrajahalme)
  • Export Map{Key,Value} fields to prevent map {get,list} handler panics. (#​36219, @​tommyp1ckles)
  • Fix bug that would break all pod-to-pod connectivity when using the per-tunnel IPsec key system. (#​35806, @​pchaigno)
  • Fix identity leak for kvstore identity mode (#​34893, @​odinuge)
  • Fix incorrect trace reason for egress packets when WireGuard is used with Host Firewall. (#​35354, @​smagnani96)
  • Fix potential Cilium agent panic during endpoint restoration, occurring if the corresponding pod gets deleted while the agent is restarting. This regression only affects Cilium v1.16.4. (#​36292, @​giorio94)
  • Fix: cilium-cli install --repository flag respects repository even with cached versions. (#​35670, @​renyunkang)
  • Fixed a bug where replies for pod-originating connections came into scope of HostFW Ingress Network policy. Applicable to configurations that use iptables for Masquerading. (#​35694, @​julianwiedmann)
  • Fixes a bug where identities may be leaked if a pod changes labels and is immediately deleted. (#​35947, @​orange30)
  • Fixes a potential deadlock when restarting cilium agent with pods with DNS interception configured (#​35890, @​squeed)
  • Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure" and "alibabacloud". (#​35624, @​pippolo84)
  • helm: fix duplicate configmap key for bpf-lb-sock-terminate-pod-connections (#​35703, @​solidDoWant)
  • helm: set automountServiceAccountToken to false for hubble-relay sa (#​35674, @​ayuspin)
  • helm: Use an absolute FQDN for the Hubble peer-service endpoint to avoid incorrect DNS resolution outside the cluster (#​36005, @​devodev)
  • hubble: consistently use v as prefix for the Hubble version (#​35891, @​rolinh)
  • hubble: Lock exporters while gathering metrics (#​35860, @​joestringer)
  • ipam: Avoid empty CIDR in ENI mode (#​35695, @​sayboras)
  • ipam: Validate CiliumNode resource in ENI mode (#​35784, @​sayboras)
  • iptables: Fix data race in iptables manager (#​35902, @​pippolo84)
  • k8s: Avoid panic while checking ip mode (#​35782, @​sayboras)
  • lrp: update LRP services with stale backends on agent restart (#​36036, @​ysksuzuki)
  • option: Reduce log level for WG strict mode + IPv6 (#​35763, @​pchaigno)
  • pkg/redirectpolicy: Fix backend slices in processConfig (#​35496, @​Sm0ckingBird)
  • policy/correlation: Fix PolicyMatchL3Proto case (#​35680, @​gandro)
  • Unbreak the cilium-dbg preflight migrate-identity command (#​36089, @​giorio94)
  • Use strconv.Itoa instead of string() for the correct behavior when converting kafka.ErrorCode from int32 to string. Add relevant unit tests for Kafka plugin and handler. (#​35856, @​nddq)
  • wireguard: Fix connectivity issues following node reboots. (#​35750, @​jrife)

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests
cilium

quay.io/cilium/cilium:v1.17.0-pre.3@​sha256:a85a0ebd4155217cbd4083cac4c79a31180b43dad1ba3be807107b31c03ba534

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.17.0-pre.3@​sha256:ec1aea788396299ed4fdc57611be8422394b2d2af89eb89f9ad3807c94dfeeca

docker-plugin

quay.io/cilium/docker-plugin:v1.17.0-pre.3@​sha256:02e48d83037ac7da8f3fd7b8d5be2de8c085f387611080d58911774d6d8e11b8

hubble-relay

quay.io/cilium/hubble-relay:v1.17.0-pre.3@​sha256:c728161d06a7ff6b709edeb3a82ba8ede683a2968130876d8681b71bbbc8e327

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.17.0-pre.3@​sha256:6f6fc68230fc34986be3df26ee7713407463b073474822859e8b1d0d5fb1b0d6

operator-aws

quay.io/cilium/operator-aws:v1.17.0-pre.3@​sha256:241c82b7d60160ed66849b21f8b4c7ab1ded1777500fa856411c057c47eead14

operator-azure

quay.io/cilium/operator-azure:v1.17.0-pre.3@​sha256:bcd18e91fbc36808e1f3525cd75a207e24ce3aac9f2fea219255d86d8140b2ef

operator-generic

quay.io/cilium/operator-generic:v1.17.0-pre.3@​sha256:3f408dba3ab1940765ba4b0ecf37dbc68a7d823051a70a9f20e0dfe78cb52403

operator

quay.io/cilium/operator:v1.17.0-pre.3@​sha256:28dea23ee214c870944b7806d6a05e4264a0af4e31f1199262a2384fc87476e7


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.


  • If you want to rebase/retry this MR, check this box

This MR has been generated by Renovate Bot.

Edited by Renovate Bot

Merge request reports

Loading