chore(deps): update helm release cilium to v1.17.0-rc.2
This MR contains the following updates:
| Package | Type | Update | Change |
|---|---|---|---|
| cilium (source) | HelmChart | patch |
1.17.0-rc.1 -> 1.17.0-rc.2
|
Release Notes
cilium/cilium (cilium)
v1.17.0-rc.2: 1.17.0-rc.2
Summary of Changes
Major Changes:
- The Helm setting tls.secretsBackend is deprecated and should be replaced with the use of the tls.readSecretsOnlyFromSecretsNamespace setting instead. tls.secretsBackend will be removed in a future Cilium version. (Backport MR #37232, Upstream MR #37076, @youngnick)
Minor Changes:
- Add IngressDeny and EgressDeny rules validation for CiliumNetworkPolicy and CiliumClusterwideNetworkPolicy (Backport MR #37126, Upstream MR #36598, @pippolo84)
- bpf: Address backend selection under session affinity with Maglev (Backport MR #37126, Upstream MR #37005, @borkmann)
- clustermesh: add dualstack support for MCS-API and fix a spec compliance issue with headless services (Backport MR #37126, Upstream MR #37053, @MrFreezeex)
- doc: Added hostLegacyRouting limitation for Talos (Backport MR #37126, Upstream MR #36852, @PhilipSchmid)
- Improves Network Policy validation and default deny behavior. Policies now require at least one of Ingress, IngressDeny, Egress, or EgressDeny to be defined. (Backport MR #37247, Upstream MR #35904, @renyunkang)
- ingress: Remove multiple network device limitation (Backport MR #37126, Upstream MR #36769, @sayboras)
- k8s: Bump k8s/kubectl to v0.32.0 (Backport MR #37126, Upstream MR #36827, @sayboras)
Bugfixes:
- Allow cilium agent to start on linux kernels that don't have CONFIG_XFRM. (Backport MR #37247, Upstream MR #37123, @julianwiedmann)
- clustermesh: fix MCS-API service export cache not properly deleted (Backport MR #37126, Upstream MR #36892, @MrFreezeex)
- clustermesh: add support for targetPort in MCS-API (Backport MR #37126, Upstream MR #36875, @MrFreezeex)
- envoy: add configurable access log buffer size (Backport MR #37126, Upstream MR #36823, @aetimmes)
- Fix a bug that prevents a pod from accessing Nodeport services when the pod is also in scope of a broad-range Egress Gateway policy. (Backport MR #37126, Upstream MR #36929, @julianwiedmann)
- Fix bug causing the endpoint regeneration failure handler to be effective only once (Backport MR #37247, Upstream MR #37085, @giorio94)
- Fix bug potentially causing newly added endpoints to remain stuck in waiting-to-regenerate state forever, causing traffic from/to that endpoint to be incorrectly dropped. (Backport MR #37126, Upstream MR #37086, @giorio94)
- Fix configuration of proxy-max-concurrent-retries (Backport MR #37247, Upstream MR #37061, @joestringer)
- Fix memory leak caused by service events when when CNPs/CCNPs are disabled (Backport MR #37126, Upstream MR #36727, @giorio94)
- fix: Hubble metrics not deleted for deleted pods (Backport MR #37126, Upstream MR #36819, @rectified95)
- hubble: fix metrics configuration parsing (Backport MR #37126, Upstream MR #36371, @kaworu)
- operator: don't reconcile non-GAMMA xRoutes without a Cilium-managed Gateway (Backport MR #37126, Upstream MR #35718, @aetimmes)
CI Changes:
- .github: Set --interactive=false for cilium status (Backport MR #37247, Upstream MR #37151, @joestringer)
- ci-e2e-upgrade: Cover wireguard + geneve tunnel (Backport MR #37247, Upstream MR #37163, @jschwinger233)
- ci: add leak detection to conformance-ipsec-upgrade (Backport MR #37169, Upstream MR #36377, @smagnani96)
- ci: more robust hubble relay service port-forwarding (Backport MR #37247, Upstream MR #37110, @rolinh)
- gh: e2e-upgrade: use DSR-Geneve in config 15 (Backport MR #37126, Upstream MR #36982, @julianwiedmann)
- gh: update removed --loglevel option for kind (Backport MR #37126, Upstream MR #36935, @julianwiedmann)
- gha: Bump k8s version to v1.32.0 (Backport MR #37126, Upstream MR #36905, @sayboras)
- gha: bump ubuntu version in conformance-externalworkloads (Backport MR #37126, Upstream MR #36859, @giorio94)
- gha: correctly downgrade to patch release in ipsec workflows (Backport MR #37126, Upstream MR #36858, @giorio94)
- gha: Retrieve eks supported version via aws cli (Backport MR #37222, Upstream MR #37210, @sayboras)
- integration: Bump ubuntu to 24.04 for arm runners (Backport MR #37126, Upstream MR #37042, @sayboras)
- Modify bpftrace script in CI to ignore proxy traffic if destination is outside pod CIDRs. (Backport MR #37126, Upstream MR #36364, @smagnani96)
- Skip tracking unmarked plain-text TCP RST packets generated from proxy timeouts in the CI bpftrace script. (Backport MR #37247, Upstream MR #36962, @smagnani96)
- test: Fix the flake for TestRestoredPort (Backport MR #37247, Upstream MR #37106, @sayboras)
- test: Move demo-httpd from Docker to Quay (Backport MR #37247, Upstream MR #37149, @joestringer)
Misc Changes:
- .github/build-images-ci: re-enable floating tags for stable branches (Backport MR #37126, Upstream MR #36913, @aanm)
- [v1.17] deps: bump x/crypto to v0.31 and x/net to v0.33 (#36958, @ferozsalam)
- Add GOARCH to go install dlv command (Backport MR #37126, Upstream MR #36853, @gyutaeb)
- build: Remove debug leftover from Makefile (Backport MR #37126, Upstream MR #36917, @gentoo-root)
- chore(deps): update actions/setup-go action to v5.3.0 (v1.17) (#37116, @cilium-renovate[bot])
- chore(deps): update all github action dependencies (v1.17) (#36948, @cilium-renovate[bot])
- chore(deps): update all github action dependencies (v1.17) (#37073, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.17) (#36916, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.17) (#37032, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.17) (#37115, @cilium-renovate[bot])
- chore(deps): update all-dependencies (v1.17) (#37150, @cilium-renovate[bot])
- chore(deps): update dependency cilium/little-vm-helper to v0.0.20 (v1.17) (#37214, @cilium-renovate[bot])
- chore(deps): update docker.io/alpine/socat docker tag to v1.8.0.1 (v1.17) (#37071, @cilium-renovate[bot])
- chore(deps): update go (v1.17) (#37179, @cilium-renovate[bot])
- chore(deps): update go to v1.23.5 (v1.17) (#37044, @cilium-renovate[bot])
- chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.31.5-1737074032-41faf0e6060077f7cccb8bb34a08eff4afde2ccd (v1.17) (#37040, @cilium-renovate[bot])
- chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.31.5-1737535524-fe8efeb16a7d233bffd05af9ea53599340d3f18e (v1.17) (#37200, @cilium-renovate[bot])
- cilium: minor hostport fixes (Backport MR #37126, Upstream MR #36856, @borkmann)
- cli: Fix empty egress bandwidth and priority config display (Backport MR #37247, Upstream MR #37109, @l1b0k)
- clustermesh: Add hidden flag --allow-unsafe-policy-skb-usage (Backport MR #37126, Upstream MR #36602, @joestringer)
- clustermesh: update coredns version in mcs-api docs (Backport MR #37126, Upstream MR #36899, @MrFreezeex)
- doc: ebpf host-routing and netfilter (Backport MR #37126, Upstream MR #36921, @PhilipSchmid)
- doc: Removed nodeinit from aks byocni install (Backport MR #37126, Upstream MR #37048, @PhilipSchmid)
- Docs: CiliumCIDRGroup updates & cleanups (Backport MR #37126, Upstream MR #37059, @squeed)
- docs: Clarify Identity-Relevant Labels description (Backport MR #37126, Upstream MR #36924, @joestringer)
- docs: pass current_version to html_context (Backport MR #37126, Upstream MR #37008, @ayuspin)
- docs: remove some stale requirements (Backport MR #37126, Upstream MR #36861, @julianwiedmann)
- docs: Remove stale limitation on KPR+IPsec (Backport MR #37126, Upstream MR #37054, @pchaigno)
- docs: tuning: add config snippet for BPF Host Routing (Backport MR #37126, Upstream MR #36878, @julianwiedmann)
- docs: Update L7 Port Range Information (Backport MR #37126, Upstream MR #36966, @nathanjsweet)
- Endpoint policy before restoration (Backport MR #37126, Upstream MR #36433, @jrajahalme)
- Fix
make -C Documentation update-cmdrefwhen make uses--jobserver-style=fifo. (Backport MR #37126, Upstream MR #36788, @gentoo-root) - localnodeconfig: dedup cluster routing mode (Backport MR #37126, Upstream MR #36932, @julianwiedmann)
- make: Don't hide install errors (Backport MR #37126, Upstream MR #36980, @joestringer)
- metrics: Use new style script flags (Backport MR #37247, Upstream MR #37088, @joamaki)
- policy: Deprecating the
toRequiresandfromRequiresfields in network policies. (Backport MR #37126, Upstream MR #36649, @nathanjsweet) - policy: reduce allocs by avoiding use of interface types, retire MapStateOwners (Backport MR #37126, Upstream MR #36798, @jrajahalme)
- proxy: Mark restored port as configured (Backport MR #37126, Upstream MR #36953, @jrajahalme)
- Remove outdated roadmap matrix and links to it (Backport MR #37247, Upstream MR #37170, @xmulligan)
- watchers: demote "CEP deleted" log message to debug level (Backport MR #37126, Upstream MR #37081, @giorio94)
- wireguard: attach Ingress program for native routing mode configurations (Backport MR #37247, Upstream MR #37108, @julianwiedmann)
Other Changes:
- install: Update image digests for v1.17.0-rc.1 (#36938, @cilium-release-bot[bot])
Docker Manifests
cilium
quay.io/cilium/cilium:v1.17.0-rc.2@​sha256:a0d21e7191f7635c05f5aeb977c19369adafe50365eca65cfe364615a6cb8fc6
clustermesh-apiserver
quay.io/cilium/clustermesh-apiserver:v1.17.0-rc.2@​sha256:77e5bf1a8048e7f21704168af3763e9d399170371c6b6ae762676b75b60c1add
docker-plugin
quay.io/cilium/docker-plugin:v1.17.0-rc.2@​sha256:3e00442c12837297aab287bb99dbb3c30d795dc638c9d051307cbd4a017e70ad
hubble-relay
quay.io/cilium/hubble-relay:v1.17.0-rc.2@​sha256:409333bf0a3224ce6e26073a5a46156b5b15357818582f32c5be4d7d7608033b
operator-alibabacloud
quay.io/cilium/operator-alibabacloud:v1.17.0-rc.2@​sha256:a6b678e3e20954ee623dff5a49a27a40e17ba73b66ee364eb659c762658c20c8
operator-aws
quay.io/cilium/operator-aws:v1.17.0-rc.2@​sha256:3c5576e5a5bbedeede90ce684f9c3d99c9a675319a2c13c935f1b8245c1d3413
operator-azure
quay.io/cilium/operator-azure:v1.17.0-rc.2@​sha256:edee761954fbc5b1411aa7a270ee15e56074d462109b507aff1684d467d82742
operator-generic
quay.io/cilium/operator-generic:v1.17.0-rc.2@​sha256:13fcd5cbe871342bcbdc42dea9d72250c8e38cdd538ce049c5506a81f8f43b72
operator
quay.io/cilium/operator:v1.17.0-rc.2@​sha256:af7ef3aa16b39110a3f9e424a90f9b334ed31ebaf4235895fdf0392239b7cb51
Configuration
-
If you want to rebase/retry this MR, check this box
This MR has been generated by Renovate Bot.