chore(deps): update helm release cilium to v1.17.0

This MR contains the following updates:

Package	Type	Update	Change
cilium (source)	HelmChart	patch	1.17.0-rc.2 -> 1.17.0

---

Release Notes

cilium/cilium (cilium)

v1.17.0: 1.17.0

Compare Source

We are excited to announce the Cilium 1.17.0 release!

A total of 2761 new commits have been contributed to this release by a growing community of over 880 developers and over 20,800 GitHub stars! :star_struck:

To keep up to date with all the latest Cilium releases, see Announcements

Here's what's new in v1.17.0:

Networking

• Quality of Service: Annotate your Pods for Guaranteed, Burstable or BestEffort egress network traffic priority (#​36025, @​hemanthmalla)
• Multi-Cluster Service API: Use Kubernetes MCS to manage global services in a Cilium Cluster Mesh (#​34439, @​MrFreezeex)
• Load Balance based on L4 Protocol: Differentiate TCP and UDP based protocols for load balancing, so multiple services on the same port can be directed to different backends (#​33434, @​jibi)
• :magnet: Per-Service LB Algorithms: Choose maglev or random load balancing algorithms for individual services (#​35735, @​kl52752)
• Deny lists for Service source ranges: Control whether Kubernetes loadBalancerSourceRanges are treated as an allow or deny list (#​36120, @​borkmann)
• Better control over IPAM: IPs can be allocated statically using AWS tags, and multi-pool can support single IP ranges for pools (#​34622, @​antonipp; #​34618, @​juliusmh)
• Dynamic MTU detection: Cilium respects changes made to MTU made at runtime without requiring agent restart (#​34314, @​dylandreimerink)

:guardswoman: Security

• Improved network policy performance: The cost of computing complex combinations of network policies has been reduced (Various MRs by @​joamaki, @​jrajahalme, @​marseel, @​nathanjsweet, @​squeed and @​youngnick)
• Prioritize critical network policies: Cilium respects Kubernetes priorityNamespaces to prioritize endpoint propagation for critical namespaces when using CiliumEndpointSlices (#​34199, @​Kaczyniec)
• Validate Network Policies: Receive better feedback from Kubernetes when creating network policies (#​34585, @​squeed; #​35904, @​renyunkang; #​36598, @​pippolo84)
• Select CIDRGroups by Label: Add labels to CIDRGroups and use these for network policy selection (#​36087, @​squeed)
• Extend ToServices for in-cluster services: Services with a selector can be selected with ToServices network policies statements (#​34208, @​chaunceyjiang)
• FQDN Filtering for hostNetwork: Use CiliumClusterwideNetworkPolicy to configure Layer 7 filtering for DNS requests on nodes in the cluster (#​34024, @​atykhyy)
• HTTP policies on port ranges: Redirect multiple ports in a single policy towards Envoy for Layer 7 filtering of HTTP traffic (#​36056, @​jrajahalme)

Service Mesh & Gateway API

• Gateway API 1.2.1: Add support for the latest Gateway API v1.2.1 release, including HTTP retries and mirror fractions (#​34720, @​sayboras)
• Static Gateway Addressing: Cilium now supports statically specifying addresses for gateways (#​33042, @​chaunceyjiang)
• Improved Envoy TLS handling: Use SDS for managing TLS visibility secrets in Envoy, improving policy calculation speed and secrets access (#​35513, @​youngnick)

:artificial_satellite: Observability

• Dynamic Hubble Metrics: Configure Hubble metrics with a new hubble-metrics-config ConfigMap to tune your network observability (#​35185, @​rectified95)
• Track enabled features using Prometheus: The cilium-agent and cilium-operator components expose Prometheus metrics for which features are enabled. (#​35852, @​aanm)
• Many new metrics: Improved metrics related to BGP, network connections, network policy, pod management, and Cilium component status (Various MRs by @​AwesomePatrol, @​harsimran-pabla, @​joestringer, @​jshr-w, @​mikejoh, @​nimishamehta5, @​odinuge, @​ovidiutirla, @​rectified95 and @​sjdot)

Scale

• Better cluster connectivity checking: The cilium-health component for cluster-wide network connectivity health detection is better tuned for reliable health checking at high scale (#​35163, @​jshr-w)
• Rate-limit monitor events: Balance the number of eBPF events against the CPU usage required to process them (#​29711, @​siwiutki)
• Double-Write Identity mode: New allocation mode for Security Identities to ease migration between CRD and KVStore identity backends (#​31920, @​antonipp)
• :balance_scale: Better scale testing: This release benefits from regular automated scale testing for network policy (#​35278, @​marseel)

:houses: Community

• Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback!
  • Seznam, Alibaba Cloud, SysEleven, QingCloud, ECCO, Reddit, Confluent, SamsungAds, and Sony
• The Cilium Annual Report 2024 was released covering all the highlights from across the community and marking the “Year of Kubernetes Networking”
• The community gathered at Cilium + eBPF Day and the Cilium Developer Summit in Salt Lake City
• Meet us at the upcoming CiliumCon and the Cilium Developer Summit in London

And finally, we would like to thank you to all contributors of Cilium that helped directly and indirectly with the project. The success of Cilium could not happen without all of you.

For the full changelog check https://github.com/cilium/cilium/blob/v1.17.0/CHANGELOG.md

Docker Manifests

cilium

quay.io/cilium/cilium:v1.17.0@​sha256:51f21bdd003c3975b5aaaf41bd21aee23cc08f44efaa27effc91c621bc9d8b1d quay.io/cilium/cilium:stable@sha256:51f21bdd003c3975b5aaaf41bd21aee23cc08f44efaa27effc91c621bc9d8b1d

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.17.0@​sha256:05ccf79102724a943b967337a7cd45177118b76b72fb937d0c8ecb3ce136605c quay.io/cilium/clustermesh-apiserver:stable@sha256:05ccf79102724a943b967337a7cd45177118b76b72fb937d0c8ecb3ce136605c

docker-plugin

quay.io/cilium/docker-plugin:v1.17.0@​sha256:cf2a7b6779e1264c35d77a799aab25ee9bb67582764b297edf6ad62fa02a3c6f quay.io/cilium/docker-plugin:stable@sha256:cf2a7b6779e1264c35d77a799aab25ee9bb67582764b297edf6ad62fa02a3c6f

hubble-relay

quay.io/cilium/hubble-relay:v1.17.0@​sha256:022c084588caad91108ac73e04340709926ea7fe12af95f57fcb794b68472e05 quay.io/cilium/hubble-relay:stable@sha256:022c084588caad91108ac73e04340709926ea7fe12af95f57fcb794b68472e05

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.17.0@​sha256:0154a855650dac844347d35404e08f3ad141c05e1d903a648558e6f15e4fef8b quay.io/cilium/operator-alibabacloud:stable@sha256:0154a855650dac844347d35404e08f3ad141c05e1d903a648558e6f15e4fef8b

operator-aws

quay.io/cilium/operator-aws:v1.17.0@​sha256:a81cea10c4210589750c2588a20ece2822fd57be8529df4dc7779031cec66af7 quay.io/cilium/operator-aws:stable@sha256:a81cea10c4210589750c2588a20ece2822fd57be8529df4dc7779031cec66af7

operator-azure

quay.io/cilium/operator-azure:v1.17.0@​sha256:56e83fbdfbea161b2252c51c7ce03960f7141700473bbd2906bcdb53f46610d7 quay.io/cilium/operator-azure:stable@sha256:56e83fbdfbea161b2252c51c7ce03960f7141700473bbd2906bcdb53f46610d7

operator-generic

quay.io/cilium/operator-generic:v1.17.0@​sha256:1ce5a5a287166fc70b6a5ced3990aaa442496242d1d4930b5a3125e44cccdca8 quay.io/cilium/operator-generic:stable@sha256:1ce5a5a287166fc70b6a5ced3990aaa442496242d1d4930b5a3125e44cccdca8

operator

quay.io/cilium/operator:v1.17.0@​sha256:39c9221d75f47f717fe438912309a96b59b8257a74dc624fdeebebcfbd74b587 quay.io/cilium/operator:stable@sha256:39c9221d75f47f717fe438912309a96b59b8257a74dc624fdeebebcfbd74b587

---

Configuration

Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.