chore(deps): update helm release cilium to v1.15.3

This MR contains the following updates:

Package	Type	Update	Change
cilium (source)	HelmChart	patch	1.15.2 -> 1.15.3

---

Release Notes

cilium/cilium (cilium)

v1.15.3: 1.15.3

Compare Source

Summary of Changes

Minor Changes:

• bgpv1: BGP Control Plane metrics (Backport MR #​31568, Upstream MR #​31469, @​YutaroHayakawa)
• cni: use default logger with timestamps. (Backport MR #​31342, Upstream MR #​31014, @​tommyp1ckles)
• Introduce cilium-dbg encrypt flush --stale flag to remove XFRM states and policies with stale node IDs. (Backport MR #​31342, Upstream MR #​31159, @​pchaigno)

Bugfixes:

• [v1.15 - Author backport] envoy: enable k8s secret watch even if only CEC is enabled (#​31451, @​mhofstetter)
• cni: Use batch endpoint deletion API in chaining plugin (Backport MR #​31515, Upstream MR #​31456, @​sayboras)
• Fix a bug in the StateDB library that may have caused stale read after write. This may have potentially affected the L2 announcements feature and the node address selection. (Backport MR #​31342, Upstream MR #​31164, @​joamaki)
• Fix a bug where pod label updates are not reflected in endpoint labels in presence of filtered labels. (Backport MR #​31473, Upstream MR #​31395, @​tklauser)
• Fixed issue with assigning 0 nodeID when corresponding bpf map run out of space. Potentially it could have impacted connectivity in large clusters (>4k nodes) with IPSec or Mutual Auth enabled. Otherwise, it was merely generating unnecessary error log messages. (Backport MR #​31490, Upstream MR #​31380, @​marseel)
• gateway-api: Retrieve LB service from same namespace (Backport MR #​31490, Upstream MR #​31271, @​sayboras)
• Handle InvalidParameterValue as well for PD fallback (Backport MR #​31490, Upstream MR #​31016, @​hemanthmalla)
• helm: Update pod affinity for cilium-envoy (Backport MR #​31490, Upstream MR #​31150, @​sayboras)
• hubble/relay: Fix certificate reloading in PeerManager (Backport MR #​31568, Upstream MR #​31376, @​glrf)
• Hubble: fix traffic direction and is reply when IPSec is enabled (Backport MR #​31568, Upstream MR #​31211, @​kaworu)
• k8s/utils: correctly filter out labels in StripPodSpecialLabels (Backport MR #​31473, Upstream MR #​31421, @​tklauser)
• metrics: Disable prometheus metrics by default (Backport MR #​31342, Upstream MR #​31144, @​joestringer)
• operator: fix errors/warnings metric. (Backport MR #​31490, Upstream MR #​31214, @​tommyp1ckles)

CI Changes:

• [v1.15] test: Remove duplicate Cilium deployments in some datapath config tests (#​31520, @​qmonnet)
• Additionally test host firewall + KPR disabled in E2E tests (Backport MR #​31342, Upstream MR #​30914, @​giorio94)
• AKS: avoid overlapping pod and service CIDRs (Backport MR #​31568, Upstream MR #​31504, @​bimmlerd)
• bgpv1: avoid object tracker vs informer race (Backport MR #​31490, Upstream MR #​31010, @​bimmlerd)
• bgpv1: fix Test_PodIPPoolAdvert flakiness (Backport MR #​31490, Upstream MR #​31365, @​rastislavs)
• bpf: fix go testdata check in ci (Backport MR #​31554, Upstream MR #​31419, @​mhofstetter)
• Centralize configuration of kind version/image in GitHub Action workflows (Backport MR #​31191, Upstream MR #​30916, @​giorio94)
• Checkout the target branch, instead of the default one, on pull_request based GHA test workflows (Backport MR #​31191, Upstream MR #​31198, @​giorio94)
• ci-e2e: Add matrix for bpf.tproxy and ingress-controller (Backport MR #​31490, Upstream MR #​31272, @​sayboras)
• ci: Bump lvh-kind ssh-startup-wait-retries (Backport MR #​31490, Upstream MR #​31387, @​YutaroHayakawa)
• controlplane: fix mechanism for ensuring watchers (Backport MR #​31490, Upstream MR #​31030, @​bimmlerd)
• Fix bug preventing consistent symbols between ELF and BTF for eBPF unit tests. (Backport MR #​31342, Upstream MR #​30610, @​learnitall)
• gateway-api: Enable GRPCRoute conformance tests (Backport MR #​31342, Upstream MR #​31055, @​sayboras)
• gha: disable fail-fast on integration tests (Backport MR #​31490, Upstream MR #​31420, @​giorio94)
• gha: drop unused check_url environment variable (Backport MR #​31191, Upstream MR #​30928, @​giorio94)
• introduce ARM github workflows (Backport MR #​31342, Upstream MR #​31196, @​aanm)
• ipam: deepcopy interface resource correctly. (Backport MR #​31490, Upstream MR #​26998, @​tommyp1ckles)
• k8s_install.sh: specify the CNI version (Backport MR #​31342, Upstream MR #​31182, @​aanm)
• loader: fix issue where errors cancelled compile cause error logs. (Backport MR #​31342, Upstream MR #​30988, @​tommyp1ckles)
• Reduce flakiness of controlplane tests (Backport MR #​31490, Upstream MR #​30906, @​bimmlerd)
• slices: don't modify missed input slice in test (Backport MR #​31490, Upstream MR #​31119, @​bimmlerd)

Misc Changes:

• Add monitor aggregation for all events related to packets ingressing to the network-facing device. (Backport MR #​31342, Upstream MR #​31015, @​learnitall)
• Address race condition in TestGetIdentity (Backport MR #​31541, Upstream MR #​30885, @​bimmlerd)
• bgpv1: Adjust ConnectionRetryTimeSeconds to 1 in component tests (Backport MR #​31342, Upstream MR #​31218, @​YutaroHayakawa)
• chore(deps): update all github action dependencies (v1.15) (#​31480, @​renovate[bot])
• chore(deps): update all github action dependencies (v1.15) (#​31582, @​renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.3 (v1.15) (#​31464, @​renovate[bot])
• chore(deps): update docker.io/library/golang:1.21.8 docker digest to 8560736 (v1.15) (#​31450, @​renovate[bot])
• chore(deps): update gcr.io/distroless/static-debian11:nonroot docker digest to 55c6361 (v1.15) (#​31453, @​renovate[bot])
• chore: update json-mock image source in examples (Backport MR #​31568, Upstream MR #​31373, @​loomkoom)
• cilium-dbg: listing load-balancing configurations displays L7LB proxy port (Backport MR #​31568, Upstream MR #​31503, @​mhofstetter)
• datapath, bpf: Remove unnecessary IPsec code (Backport MR #​31490, Upstream MR #​31344, @​pchaigno)
• doc: Clarified GwAPI KPR prerequisites (Backport MR #​31490, Upstream MR #​31366, @​PhilipSchmid)
• docs: Warn on key rotations during upgrades (Backport MR #​31490, Upstream MR #​31437, @​pchaigno)
• Don't emit an error message on namespace termination due to Ingress reconciliation (Backport MR #​31342, Upstream MR #​30808, @​giorio94)
• Downgrade L2 Neighbor Discovery failure log to Debug (Backport MR #​31342, Upstream MR #​31179, @​YutaroHayakawa)
• endpointmanager: Improve health reporter messages when stopped (Backport MR #​31342, Upstream MR #​31231, @​christarazi)
• hive/cell/health: don't warn when reporting on stopped reporter. (Backport MR #​31490, Upstream MR #​31262, @​tommyp1ckles)
• ingress: Update docs with network policy example (Backport MR #​31342, Upstream MR #​31060, @​sayboras)
• job: avoid a race condition in TestTimer_ExitOnCloseFnCtx (Backport MR #​31490, Upstream MR #​30929, @​bimmlerd)
• loader: add message if error is ENOTSUP (Backport MR #​31490, Upstream MR #​31413, @​kkourt)
• policy: Fix missing labels from SelectorCache selectors (Backport MR #​31490, Upstream MR #​31358, @​christarazi)
• Replaced declare_tailcall_if with logic in the loader (Backport MR #​31554, Upstream MR #​30467, @​dylandreimerink)

Other Changes:

• install: Update image digests for v1.15.2 (#​31378, @​jrajahalme)
• v1.15: IPsec Fixes (#​31610, @​pchaigno)

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever MR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this MR and you won't be reminded about this update again.

---

• If you want to rebase/retry this MR, check this box

---

This MR has been generated by Renovate Bot.