feat(helm): update chart cilium to 1.18.5 #132

renovate · 2024-02-03T05:06:39Z

Note: This PR body was truncated due to platform limits.

This PR contains the following updates:

Package	Update	Change
cilium (source)	minor	`1.14.6` → `1.18.5`

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cilium/cilium (cilium)

`v1.18.5`: 1.18.5

Compare Source

Summary of Changes

Minor Changes:

[v1.18] proxy: Bump envoy version to v1.34.11 (#43143, @sayboras)
Change the sidecar etcd instance of the Cluster Mesh API Server listen on all IP addresses (Backport PR #42948, Upstream PR #42818, @giorio94)

Bugfixes:

allow missing verbs for cilium-agent cluster role when readSecretsOnlyFromSecretsNamespace is false (Backport PR #42948, Upstream PR #42790, @kraashen)
AWS EC2: Fix ENI attachment on multi-network card instances with high-performance networking (EFA) setups (Backport PR #42745, Upstream PR #42512, @41ks)
CiliumEnvoyConfig proxy ports are now restored on agent restarts. (Backport PR #43117, Upstream PR #43108, @jrajahalme)
Cleanup FQDNs that have leaked into the global FQDN cache (Backport PR #42864, Upstream PR #42485, @sjohnsonpal)
Do not opt-out Endpoint ID 1 from dnsproxy transparent mode. (Backport PR #42948, Upstream PR #42887, @jrajahalme)
ENI: Fix panic on nil subnet (Backport PR #43117, Upstream PR #43023, @HadrienPatte)
Ensure cilium-agent gracefully does fallbacks when etcd is in a bad state. (Backport PR #43059, Upstream PR #42977, @odinuge)
Fix a bug that would cause Cilium to not report L4 checksum update errors when the length attribute is missing in ICMP Error messages with TCP inner packets. (Backport PR #42828, Upstream PR #42426, @yushoyamaguchi)
Fix a bug that would cause IPsec logs to incorrectly report the XFRM rules being processed as "Ingress" rules. (Backport PR #42828, Upstream PR #42640, @sjohnsonpal)
Fix agent local identity leak (Backport PR #43117, Upstream PR #42662, @odinuge)
Fix bug that could cause the agent to fail to add XFRM states when IPsec is enabled, thus preventing a proper startup. (Backport PR #42948, Upstream PR #42666, @pchaigno)
Fix GC of per-cluster ctmap entries (Backport PR #43294, Upstream PR #43160, @giorio94)
Fix ipcache issues causing severe issues with the fqdn subsystem (Backport PR #42864, Upstream PR #42815, @odinuge)
Fix issue where endpoints got stuck in "waiting-to-regenerate" (Backport PR #42948, Upstream PR #42856, @odinuge)
Fix leak in the policy subsystem (Backport PR #43117, Upstream PR #42661, @odinuge)
Fix rare kvstore issue where cilium continues to use an expired lease causing kvstore operations to fail consistently (Backport PR #42745, Upstream PR #42709, @odinuge)
fqdn: Fix fqdn subsystem correctness issues causing packet drops and inconsistent ipcache (Backport PR #43117, Upstream PR #42500, @odinuge)
In rare cases, the cilium-operator losing the lead of the HA deployment could continue acting as if leading for at most a minute, leading to split-brain problems such as double allocation of pod CIDRs. (Backport PR #43059, Upstream PR #42920, @bimmlerd)
KVStoreMesh now correctly respects the CA bundle setting when validating remote cluster certificates (Backport PR #42828, Upstream PR #42726, @giorio94)
policy: Fix rare Endpoint Selector Policy Deadlock causing policies to not be updated with new identities (Backport PR #42864, Upstream PR #42306, @odinuge)
Recreate CiliumEndpoints (k8s resource) if they are accidentally deleted. (Backport PR #43117, Upstream PR #42877, @aanm)
redirectpolicy: Avoid recomputing on pod changes that do not change resulting redirect backends (Backport PR #42948, Upstream PR #42814, @joamaki)

CI Changes:

bpf: test: add BPF Masq tests for unknown / handled protocols (Backport PR #42711, Upstream PR #42144, @julianwiedmann)
bpf: test: egressgw: fix up ENABLE_MASQUERADE (Backport PR #42966, Upstream PR #42912, @julianwiedmann)
bpf: tests: add BPF MASQ test for ICMP ECHOs (Backport PR #42711, Upstream PR #42656, @julianwiedmann)
bpf: tests: set ENABLE_MASQUERADE_IPV6 for EGW XDP test (Backport PR #43059, Upstream PR #42962, @julianwiedmann)
bpf:test: cover host endpoint case in tc_nodeport_l3_dev.h (Backport PR #43059, Upstream PR #42983, @smagnani96)
Delete .github/workflows/build-images-hotfixes.yaml (Backport PR #42966, Upstream PR #42958, @sekhar-isovalent)
gh: conn-disrupt: fix XFRM error checks (Backport PR #42764, Upstream PR #42724, @julianwiedmann)
gh: ipsec-e2e: fix flaky connection disruptivity test (Backport PR #42823, Upstream PR #42780, @julianwiedmann)
gha: additionally cleanup disk space in clustermesh upgrade workflow (Backport PR #42948, Upstream PR #42862, @giorio94)
gha: don't filter lint-build-commits steps when workflow is modified (Backport PR #42948, Upstream PR #42844, @giorio94)
gha: wait for cert-manager CRDs to be ready in conformance clustermesh (Backport PR #42966, Upstream PR #42947, @giorio94)
makefile: More reliable update-helm-values (Backport PR #42828, Upstream PR #42736, @devodev)

Misc Changes:

.github/workflows: make adjustments for new GitHub workflow behavior (#43219, @aanm)
[v1.18] deps: bump x/crypto to v0.45.0 (#43114, @ferozsalam)
[v1.18] vendor: Bump to StateDB v0.4.6 (#42953, @joamaki)
chore(deps): update all github action dependencies (v1.18) (#42783, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42937, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#43036, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#43181, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#43268, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#43317, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (patch) (#43314, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#42804, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#43037, @cilium-renovate[bot])
chore(deps): update dependency cilium/cilium-cli to v0.18.9 (v1.18) (#43182, @cilium-renovate[bot])
chore(deps): update dependency cilium/little-vm-helper to v0.0.28 (v1.18) (#42771, @cilium-renovate[bot])
chore(deps): update dependency protocolbuffers/protobuf to v33.1 (v1.18) (#42805, @cilium-renovate[bot])
chore(deps): update dependency protocolbuffers/protobuf to v33.2 (v1.18) (#43184, @cilium-renovate[bot])
chore(deps): update dependency protocolbuffers/protobuf-go to v1.36.11 (v1.18) (#43315, @cilium-renovate[bot])
chore(deps): update docker.io/library/busybox:1.37.0 docker digest to d80cd69 (v1.18) (#43312, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.24.10 docker digest to 7b13449 (v1.18) (#42935, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.24.10 docker digest to 83d7392 (v1.18) (#42802, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.24.11 docker digest to e3fb71a (v1.18) (#43313, @cilium-renovate[bot])
chore(deps): update gcr.io/distroless/static:nonroot docker digest to 2b7c93f (v1.18) (#43135, @cilium-renovate[bot])
chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.6.6 (v1.18) (#42936, @cilium-renovate[bot])
chore(deps): update github artifact actions (v1.18) (#43318, @cilium-renovate[bot])
chore(deps): update go to v1.24.11 (v1.18) (#43183, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/certgen docker tag to v0.3.1 (v1.18) (#43052, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.18) (patch) (#42803, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.18) (patch) (#43316, @cilium-renovate[bot])
docs: Add limitation about LB to same backend via multiple VIPs (Backport PR #42745, Upstream PR #42632, @brb)
Documentation: host firewall: document emergency recovery (Backport PR #42948, Upstream PR #42776, @squeed)
fqdn: rewrite name manager test to use real ipcache (Backport PR #42948, Upstream PR #42820, @odinuge)
Minor improvements around certificate validation in etcd/clustermesh troubleshoot commands (Backport PR #42948, Upstream PR #42782, @giorio94)
node/manager: TestNodesStartupPruning poll state (Backport PR #42948, Upstream PR #41648, @0xch4z)
policy: Marshal L4Filter marshalling errors into json (Backport PR #42948, Upstream PR #42834, @joestringer)
xds: Do not log an error on a done context (Backport PR #43117, Upstream PR #42990, @jrajahalme)

Other Changes:

[v1.18] Add periodic resync for secret-sync controller (#43356, @youngnick)
[v1.18] bpf: lxc: transfer source identity for lxc-to-host policy (#42821, @julianwiedmann)
[v1.18] ipcache: Fix leak in CIDR metadata consolidation logic (#43354, @christarazi)
[v1.18] lb: Implement Hybrid-DSR via annotation infrastructure (#43056, @julianwiedmann)
[v1.18] proxy: Bump envoy version to v1.34.12 (#43259, @sayboras)
install: Update image digests for v1.18.4 (#42735, @cilium-release-bot[bot])
Kubernetes endpoints that are terminating are retained in the backends BPF state regardless of the "serving" condition to avoid connection disruptions when a pod no longer signals readiness to process new connections. (#42708, @joamaki)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.18.5@sha256:2c92fb05962a346eaf0ce11b912ba434dc10bd54b9989e970416681f4a069628
quay.io/cilium/cilium:stable@sha256:2c92fb05962a346eaf0ce11b912ba434dc10bd54b9989e970416681f4a069628

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.18.5@sha256:952f07c30390847e4d9dfaa19a76c4eca946251ffbc4f6459946570f93ee72f1
quay.io/cilium/clustermesh-apiserver:stable@sha256:952f07c30390847e4d9dfaa19a76c4eca946251ffbc4f6459946570f93ee72f1

docker-plugin

quay.io/cilium/docker-plugin:v1.18.5@sha256:db81fda86653d96ea40687dc314985f5f23d5b57719dd1cb0d151be2c7c8789f
quay.io/cilium/docker-plugin:stable@sha256:db81fda86653d96ea40687dc314985f5f23d5b57719dd1cb0d151be2c7c8789f

hubble-relay

quay.io/cilium/hubble-relay:v1.18.5@sha256:17212962c92ff52384f94e407ffe3698714fcbd35c7575f67f24032d6224e446
quay.io/cilium/hubble-relay:stable@sha256:17212962c92ff52384f94e407ffe3698714fcbd35c7575f67f24032d6224e446

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.18.5@sha256:2e60f635495eb2837296ced5475875c281a05765d5ddd644a05e126bbb080b3c
quay.io/cilium/operator-alibabacloud:stable@sha256:2e60f635495eb2837296ced5475875c281a05765d5ddd644a05e126bbb080b3c

operator-aws

quay.io/cilium/operator-aws:v1.18.5@sha256:7608025d8b727a10f21d924d8e4f40beb176cefd690320433452816ad8776f52
quay.io/cilium/operator-aws:stable@sha256:7608025d8b727a10f21d924d8e4f40beb176cefd690320433452816ad8776f52

operator-azure

quay.io/cilium/operator-azure:v1.18.5@sha256:126667e000267f893cb81042bf8a710ad2f219619eb9ce06e8949333bd325ac6
quay.io/cilium/operator-azure:stable@sha256:126667e000267f893cb81042bf8a710ad2f219619eb9ce06e8949333bd325ac6

operator-generic

quay.io/cilium/operator-generic:v1.18.5@sha256:36c3f6f14c8ced7f45b40b0a927639894b44269dd653f9528e7a0dc363a4eb99
quay.io/cilium/operator-generic:stable@sha256:36c3f6f14c8ced7f45b40b0a927639894b44269dd653f9528e7a0dc363a4eb99

operator

quay.io/cilium/operator:v1.18.5@sha256:c6806ee97ef35a79aa72d411bc7f12745a1ea684208853e7d13c8e7f84cbb606
quay.io/cilium/operator:stable@sha256:c6806ee97ef35a79aa72d411bc7f12745a1ea684208853e7d13c8e7f84cbb606

`v1.18.4`: 1.18.4

Compare Source

Security Advisories

This release addresses GHSA-38pp-6gcp-rqvm.

Summary of Changes

Minor Changes:

fix indentation for certgen resources in helm templates (Backport PR #42450, Upstream PR #42412, @sdickhoven)

Bugfixes:

bpf: Do not accidentally update IPcache in cluster-aware routing (Backport PR #42577, Upstream PR #42472, @brb)
cilium-operator: ciliumendpoints are not garbage collected until a minimum age is reached (5m by default) (Backport PR #42577, Upstream PR #42413, @zhouhaibing089)
controller: avoid spurious errors when RemoveControllerAndWait is invoked when the controller does not exist (Backport PR #42617, Upstream PR #41384, @asdfmi)
encrypt status: also check tcx attachment on interfaces (Backport PR #42450, Upstream PR #42328, @bersoare)
envoy: pass stream idle timeout from Helm to configmap (Backport PR #42617, Upstream PR #42499, @mhofstetter)
Fix BGP operator crash when bgp-secrets-namespace not set. (Backport PR #42577, Upstream PR #42425, @rastislavs)
Fix cilium_operator_lbipam_conflicting_pools metric to report correct value. (Backport PR #42289, Upstream PR #41999, @hanapedia)
Fix issue where fqdn GC starts too early that results in potentially missed ips in the IPCache (Backport PR #42617, Upstream PR #42502, @odinuge)
Fix potential policy deadlock causing endpoint to use previous identity for policy calculation when endpoint changes identity (Backport PR #42617, Upstream PR #42420, @odinuge)
Fix the output of cilium lrp list command to show LRP selected backends. (Backport PR #42577, Upstream PR #42110, @Bigdelle)
Fix trace aggregation for IPv4 Host Firewall, reducing the amount of generated events. (Backport PR #42617, Upstream PR #42595, @smagnani96)
fix: Panic during endpoint restore due to nil logger (Backport PR #42450, Upstream PR #42385, @pinaki-08)
gatewayAPI: correctly handle reference to CGCC as cluster-scoped resource instead of namespaced one (Backport PR #42289, Upstream PR #42172, @oblazek)
operator/ciliumenvoyconfig: consistently propagate --http-stream-idle-timeout value (Backport PR #42577, Upstream PR #42495, @tklauser)
policy: prevent incorrect mutation of network policy when using policy-default-local-cluster (Backport PR #42698, Upstream PR #42668, @MrFreezeex)
Preventing removal of existing tproxy iptables rules for other services when they share a name prefix. (Backport PR #42450, Upstream PR #42236, @dackroyd)
When using the Egress Strict Mode for Transparent Encryption with Wireguard, packets destined to the local host are no longer excluded from encryption enforcement (when leaving the node), and will be dropped. (Backport PR #42450, Upstream PR #42419, @julianwiedmann)

CI Changes:

.github/actions/e2e: define static job names (Backport PR #42435, Upstream PR #42332, @aanm)
[v1.18] .github/workflows: Add base-SHA input to ariane triggered workflows (#42192, @dylandreimerink)
ci: Allow for alpine image overwrite within cache Dockerfile (Backport PR #42289, Upstream PR #42108, @jpayne3506)
conformance-aws-cni: disable l7 proxy with aws-cni (Backport PR #42617, Upstream PR #42578, @aanm)
Deflake TestNodeManagerAbortReleaseIPReassignment (Backport PR #42577, Upstream PR #42276, @lconnery)
gh: ginkgo: fix focus for service hairpin test (Backport PR #42641, Upstream PR #42633, @julianwiedmann)
gh: ginkgo: reduce number of tested k8s versions in PRs (Backport PR #42470, Upstream PR #42465, @julianwiedmann)
gh: ginkgo: replace rhel8 with 5.10 kernel (Backport PR #42449, Upstream PR #42084, @julianwiedmann)
gha/conformance-clustermesh: let service nodeport be selected randomly (Backport PR #42617, Upstream PR #41697, @giorio94)
gha: allow configuring runner for workflows building Cilium binaries (Backport PR #42617, Upstream PR #42582, @giorio94)
Testing for RHEL8 compatibility now uses a RHEL8.10-compatible kernel (previously this was a RHEL8.6-compatible kernel). (Backport PR #42604, Upstream PR #41639, @julianwiedmann)

Misc Changes:

[v1.18] deps: bump CNI plugins version (#42443, @ferozsalam)
bpf: host: remove stale code comment (Backport PR #42450, Upstream PR #42237, @julianwiedmann)
bpf: lxc: always set identity mark on forwarded egressing traffic (Backport PR #42617, Upstream PR #42551, @julianwiedmann)
bpf: nodeport: don't include EGW reply hook in bpf_wireguard (Backport PR #42450, Upstream PR #42187, @julianwiedmann)
chore(deps): update all github action dependencies (v1.18) (#42397, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42541, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42682, @cilium-renovate[bot])
chore(deps): update dependency cilium/cilium-cli to v0.18.8 (v1.18) (#42346, @cilium-renovate[bot])
chore(deps): update docker.io/library/busybox:1.37.0 docker digest to e3652a0 (v1.18) (#42539, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.24.10 docker digest to c3ea417 (v1.18) (#42679, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.24.9 docker digest to 5034fa4 (v1.18) (#42396, @cilium-renovate[bot])
chore(deps): update github artifact actions (v1.18) (#42398, @cilium-renovate[bot])
chore(deps): update go to v1.24.10 (v1.18) (#42621, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.10-1762597008-ff7ae7d623be00078865cff1b0672cc5d9bfc6d5 (v1.18) (#42680, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-llvm docker tag to v1758805548 (v1.18) (#42399, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.18) (patch) (#42540, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.18) (patch) (#42681, @cilium-renovate[bot])
ci: Add workflow permissions for auto-approve and renovate (Backport PR #42450, Upstream PR #42281, @kyle-c-simmons)
ci: Fix call-backport-label-updater permissions (Backport PR #42450, Upstream PR #42510, @kyle-c-simmons)
ci: Update hubble test workflow permissions (Backport PR #42450, Upstream PR #41911, @kyle-c-simmons)
cilium, routes: Downgrade warning on direct-routing-skip-unreachable (Backport PR #42289, Upstream PR #42210, @borkmann)
docs: tuning: remove some references to old kernels (Backport PR #42617, Upstream PR #42601, @julianwiedmann)
Docs: update fragmentation docs to reflect ipv6 (Backport PR #42289, Upstream PR #41748, @tommyp1ckles)
fix: run post-release and publish-helm workflows on cilium org (Backport PR #42450, Upstream PR #42279, @sekhar-isovalent)
loadbalancer: fix up code comment (Backport PR #42450, Upstream PR #42273, @julianwiedmann)
Log proxy instance creation at debug level (Backport PR #42617, Upstream PR #42319, @sjohnsonpal)
operator: Prevent panic when GCing identities (Backport PR #42289, Upstream PR #42217, @HadrienPatte)
pkg/nodediscover: Don't log warnings for intermittent updates (Backport PR #42577, Upstream PR #42505, @aditighag)

Other Changes:

[v1.18] ipam: fix TestNodeManagerAbortReleaseIPReassignment test (#42636, @rastislavs)
[v1.18] test: ginkgo: skip BPF masq tests on configs without external node (#42462, @julianwiedmann)
install: Update image digests for v1.18.3 (#42344, @cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.18.4@sha256:49d87af187eeeb9e9e3ec2bc6bd372261a0b5cb2d845659463ba7cc10fe9e45f
quay.io/cilium/cilium:stable@sha256:49d87af187eeeb9e9e3ec2bc6bd372261a0b5cb2d845659463ba7cc10fe9e45f

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.18.4@sha256:c240a7cbead5479d9085b5e837977bf6750164167a1c9f956720815d160d447d
quay.io/cilium/clustermesh-apiserver:stable@sha256:c240a7cbead5479d9085b5e837977bf6750164167a1c9f956720815d160d447d

docker-plugin

quay.io/cilium/docker-plugin:v1.18.4@sha256:5ec897904e4bd9784df8353b1bdc3559f541f4ca5957103addd46b600430888a
quay.io/cilium/docker-plugin:stable@sha256:5ec897904e4bd9784df8353b1bdc3559f541f4ca5957103addd46b600430888a

hubble-relay

quay.io/cilium/hubble-relay:v1.18.4@sha256:6d350cb1c84b847adb152173debef1f774126c69de21a5921a1e6a23b8779723
quay.io/cilium/hubble-relay:stable@sha256:6d350cb1c84b847adb152173debef1f774126c69de21a5921a1e6a23b8779723

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.18.4@sha256:c57d07e5dde3a1974c5cd5d46596db5ea7264f66e9e4ce98a59236aa88b857f7
quay.io/cilium/operator-alibabacloud:stable@sha256:c57d07e5dde3a1974c5cd5d46596db5ea7264f66e9e4ce98a59236aa88b857f7

operator-aws

quay.io/cilium/operator-aws:v1.18.4@sha256:f4c19007a804d37c781d6c8982006c5f1d8a890941036f9ab285e517fd181336
quay.io/cilium/operator-aws:stable@sha256:f4c19007a804d37c781d6c8982006c5f1d8a890941036f9ab285e517fd181336

operator-azure

quay.io/cilium/operator-azure:v1.18.4@sha256:19e7465ec8b151ec444757b6ce583b7a0d1e5e9fc5e3aef31d90e93019f599ca
quay.io/cilium/operator-azure:stable@sha256:19e7465ec8b151ec444757b6ce583b7a0d1e5e9fc5e3aef31d90e93019f599ca

operator-generic

quay.io/cilium/operator-generic:v1.18.4@sha256:1b22b9ff28affdf574378a70dade4ef835b00b080c2ee2418530809dd62c3012
quay.io/cilium/operator-generic:stable@sha256:1b22b9ff28affdf574378a70dade4ef835b00b080c2ee2418530809dd62c3012

operator

quay.io/cilium/operator:v1.18.4@sha256:78a4f6fb8da0556ed3648aeb789988bd2cb6847c805fb73e381f3e3b17dce0a5
quay.io/cilium/operator:stable@sha256:78a4f6fb8da0556ed3648aeb789988bd2cb6847c805fb73e381f3e3b17dce0a5

`v1.18.3`: 1.18.3

Compare Source

Summary of Changes

ℹ️ The images in this release were signed with cosign v3. Please use cosign v3 tooling to validate signatures with the following command syntax:

cosign verify --certificate-github-workflow-repository cilium/cilium --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-github-workflow-name 'Image Release Build' --certificate-github-workflow-ref refs/tags/v1.18.3 --certificate-identity https://github.com/cilium/cilium/.github/workflows/build-images-releases.yaml@refs/tags/v1.18.3 quay.io/cilium/operator-aws:v1.18.3 | jq -r '.[].critical.image'

Minor Changes:

Fix a complexity issue for the bpf_xdp program (Backport PR #42198, Upstream PR #42193, @aspsk)
hubble: mark kafka l7 visibility as deprecated (Backport PR #41968, Upstream PR #41072, @kaworu)

Bugfixes:

add the port name for address based LRP so frontend can pick the right backend (Backport PR #41828, Upstream PR #41602, @liyihuang)
Avoid scenario where ENI device configuration can be skipped. (Backport PR #41968, Upstream PR #41760, @jasonaliyetti)
Cilium now configures Envoy to allow websocket connections to be passed through with HTTP policies. (Backport PR #41828, Upstream PR #41729, @jrajahalme)
Fix a bug that was preventing Cilium to delete stale pod CIDRs routes when changing routing mode to native (Backport PR #41968, Upstream PR #41819, @pippolo84)
Fix a fatal error when accessing multicast map using cilium-dbg bpf multicast (Backport PR #42151, Upstream PR #42080, @tklauser)
Fix BGP auto discovery not sending community info (Backport PR #41968, Upstream PR #41920, @jiashengz)
Fix bug in ENI routing where Cilium would chose the wrong subnet for routing traffic on secondary interfaces (Backport PR #41828, Upstream PR #40860, @liyihuang)
Fix bug that could cause ICMP error packets to have an incorrect inner IP checksum when KPR is enabled. (Backport PR #41828, Upstream PR #41551, @yushoyamaguchi)
Fix bug with delegated IPAM where IPv6 traffic was routed via the wrong interface (Backport PR #41968, Upstream PR #41598, @NihaNallappagari)
Fix failing node health check on dual stack cluster if NodeInternalIPs are not configured for both families. (Backport PR #42055, Upstream PR #41633, @Dennor)
Fix increase in memory usage when service names are looked up at high rate during Hubble flow creation (Backport PR #42151, Upstream PR #41965, @joamaki)
Fix panic at startup in IPsec subsystem with Multi-Pool IPAM mode (#41725, @pippolo84)
Fix race condition preventing the skiplbmap BPF map from sometimes being pruned after restart. (Backport PR #41828, Upstream PR #41529, @joamaki)
Fixes a rare bug where endpoints may have incomplete policies in large clusters. (Backport PR #42151, Upstream PR #42049, @squeed)
hostfw: also exclude non-transparent proxy traffic when BPF masq is enabled (Backport PR #41989, Upstream PR #41915, @julianwiedmann)
Ignore expected error in neighbor reconciliation (Backport PR #41968, Upstream PR #41815, @dylandreimerink)
loadbalancer: allow HostPort for multiple protos on same port (Backport PR #41913, Upstream PR #41521, @bersoare)
operator/pkg/lbipam: fix LoadBalancerIPPool conditions update logic (Backport PR #41828, Upstream PR #41322, @alimehrabikoshki)

CI Changes:

.actions/cilium-config: add missing extraEnv in GH action (Backport PR #41828, Upstream PR #41420, @aanm)
.github/workflows: add variable for renovate bot username (Backport PR #41843, Upstream PR #41818, @aanm)
.github/workflows: automatically add /test for renovate PRs (Backport PR #41843, Upstream PR #41770, @aanm)
.github/workflows: do not wait on linters form forks (Backport PR #41828, Upstream PR #41822, @aanm)
.github/workflows: remove reviewers requested by auto-committer[bot] (Backport PR #41828, Upstream PR #41759, @aanm)
cli: Fix unreliable tests due to error emitted in Cilium logs "retrieving device lxc*: Link not found" (Backport PR #42200, Upstream PR #42146, @fristonio)
gha: Correct k8s version for f12-datapath-service-ns-misc (Backport PR #41756, Upstream PR #41753, @sayboras)
ginkgo: add test ownership for ginkgo tests (Backport PR #42055, Upstream PR #41950, @aanm)
Streamline ci-multi-pool workflow (Backport PR #41631, Upstream PR #40658, @pippolo84)
workflows: fix GCP OIDC authentication's project ID (#42173, @nbusseneau)

Misc Changes:

.github/workflows: stop build CI images until base images are built (Backport PR #41828, Upstream PR #41681, @aanm)
agent: Add Cilium health config cell (Backport PR #42055, Upstream PR #41627, @aditighag)
bpf/nat: Move ipv6_nat_entry to map (Backport PR #41968, Upstream PR #41902, @pchaigno)
bpf: hostfw: have from-host always pass the ipcache-based src identity (Backport PR #42113, Upstream PR #42093, @julianwiedmann)
bpf: Only send fillup signal to agent on ENOMEM error (Backport PR #41968, Upstream PR #41864, @borkmann)
chore(deps): update all github action dependencies (v1.18) (#41795, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#41931, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42028, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42136, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.18) (#42264, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#41716, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#41793, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#42035, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.18) (#42116, @cilium-renovate[bot])
chore(deps): update dependency cilium/little-vm-helper to v0.0.27 (v1.18) (#42263, @cilium-renovate[bot])
chore(deps): update dependency protocolbuffers/protobuf to v33 (v1.18) (#42265, [@ciliu

Configuration

📅 Schedule: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-02-03T05:07:08Z

--- kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cluster-apps-cilium HelmRelease: kube-system/cilium

+++ kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cluster-apps-cilium HelmRelease: kube-system/cilium

@@ -12,13 +12,13 @@

     spec:
       chart: cilium
       sourceRef:
         kind: HelmRepository
         name: cilium
         namespace: flux-system
-      version: 1.14.6
+      version: 1.18.2
   install:
     remediation:
       retries: 3
   interval: 30m
   maxHistory: 2
   uninstall:

github-actions · 2024-02-03T05:07:11Z

--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard

@@ -39,13 +39,16 @@

             "error": "#890f02",
             "warning": "#c15c17"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -143,13 +146,16 @@

           "aliasColors": {
             "avg": "#cffaff"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -283,13 +289,16 @@

             "MAX_virtual_memory_bytes": "#e5ac0e",
             "Max Virtual Memory": "#584477"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -406,13 +415,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -523,13 +535,16 @@

           "aliasColors": {
             "all nodes": "#e5a8e2"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -648,13 +663,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "description": "BPF memory usage in the entire system including components not managed by Cilium.",
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -771,13 +789,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "description": "Fill percentage of BPF maps, tagged by map name",
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -882,13 +903,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -983,13 +1007,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1084,13 +1111,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1185,13 +1215,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1286,13 +1319,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1387,13 +1423,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1523,13 +1562,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1624,13 +1666,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "decimals": 2,
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -1727,13 +1772,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1828,13 +1876,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1927,13 +1978,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2028,13 +2082,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2129,13 +2186,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2251,13 +2311,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "decimals": 2,
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -2354,13 +2417,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

@@ -7,18 +7,18 @@

 data:
   identity-allocation-mode: crd
   identity-heartbeat-timeout: 30m0s
   identity-gc-interval: 15m0s
   cilium-endpoint-gc-interval: 5m0s
   nodes-gc-interval: 5m0s
-  skip-cnp-status-startup-clean: 'false'
   debug: 'false'
   debug-verbose: ''
   enable-policy: default
+  policy-cidr-match-mode: ''
   prometheus-serve-addr: :9962
-  proxy-prometheus-port: '9964'
+  controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
   operator-prometheus-serve-addr: :9963
   enable-metrics: 'true'
   enable-ipv4: 'true'
   enable-ipv6: 'false'
   custom-cni-conf: 'false'
   enable-bpf-clock-probe: 'false'
@@ -26,96 +26,120 @@

   monitor-aggregation-interval: 5s
   monitor-aggregation-flags: all
   bpf-map-dynamic-size-ratio: '0.0025'
   bpf-policy-map-max: '16384'
   bpf-lb-map-max: '65536'
   bpf-lb-external-clusterip: 'false'
+  bpf-events-drop-enabled: 'true'
+  bpf-events-policy-verdict-enabled: 'true'
+  bpf-events-trace-enabled: 'true'
   preallocate-bpf-maps: 'false'
-  sidecar-istio-proxy-image: cilium/istio_proxy
   cluster-name: home-cluster
   cluster-id: '1'
-  routing-mode: native
+  routing-mode: tunnel
+  tunnel-protocol: vxlan
+  service-no-backend-response: reject
   enable-l7-proxy: 'true'
   enable-ipv4-masquerade: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv6-big-tcp: 'false'
   enable-ipv6-masquerade: 'true'
+  enable-tcx: 'true'
+  datapath-mode: veth
   enable-bpf-masquerade: 'true'
+  enable-masquerade-to-route-source: 'false'
   enable-xt-socket-fallback: 'true'
   install-no-conntrack-iptables-rules: 'false'
   auto-direct-node-routes: 'true'
+  direct-routing-skip-unreachable: 'false'
   enable-local-redirect-policy: 'true'
   ipv4-native-routing-cidr: ${CLUSTER_CIDR}
+  enable-runtime-device-detection: 'true'
   kube-proxy-replacement: 'true'
   kube-proxy-replacement-healthz-bind-address: 0.0.0.0:10256
   bpf-lb-sock: 'false'
+  bpf-lb-sock-terminate-pod-connections: 'false'
+  nodeport-addresses: ''
   enable-health-check-nodeport: 'true'
+  enable-health-check-loadbalancer-ip: 'false'
   node-port-bind-protection: 'true'
   enable-auto-protect-node-port-range: 'true'
   bpf-lb-mode: dsr
   bpf-lb-algorithm: maglev
+  bpf-lb-acceleration: disabled
   enable-svc-source-range-check: 'true'
   enable-l2-neigh-discovery: 'true'
   arping-refresh-period: 30s
+  k8s-require-ipv4-pod-cidr: 'false'
+  k8s-require-ipv6-pod-cidr: 'false'
   enable-endpoint-routes: 'true'
   enable-k8s-networkpolicy: 'true'
   write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
   cni-exclusive: 'true'
   cni-log-file: /var/run/cilium/cilium-cni.log
   enable-endpoint-health-checking: 'true'
   enable-health-checking: 'true'
   enable-well-known-identities: 'false'
-  enable-remote-node-identity: 'true'
+  enable-node-selector-labels: 'false'
   synchronize-k8s-nodes: 'true'
   operator-api-serve-addr: 127.0.0.1:9234
   enable-hubble: 'true'
   hubble-socket-path: /var/run/cilium/hubble.sock
   hubble-metrics-server: :9965
+  hubble-metrics-server-enable-tls: 'false'
   hubble-metrics: dns:query drop tcp flow port-distribution icmp http
   enable-hubble-open-metrics: 'false'
+  hubble-export-file-max-size-mb: '10'
+  hubble-export-file-max-backups: '5'
   hubble-listen-address: :4244
   hubble-disable-tls: 'false'
   hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
   hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
   hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
   ipam: kubernetes
   ipam-cilium-node-update-rate: 15s
-  disable-cnp-status-updates: 'true'
-  cnp-node-status-gc-interval: 0s
   egress-gateway-reconciliation-trigger-interval: 1s
   enable-vtep: 'false'
   vtep-endpoint: ''
   vtep-cidr: ''
   vtep-mask: ''
   vtep-mac: ''
   enable-l2-announcements: 'true'
   l2-announcements-lease-duration: 120s
   l2-announcements-renew-deadline: 60s
   l2-announcements-retry-period: 1s
-  enable-bgp-control-plane: 'false'
   bpf-root: /sys/fs/bpf
   cgroup-root: /run/cilium/cgroupv2
   enable-k8s-terminating-endpoint: 'true'
   enable-sctp: 'false'
-  k8s-client-qps: '5'
-  k8s-client-burst: '10'
+  k8s-client-qps: '10'
+  k8s-client-burst: '20'
   remove-cilium-node-taints: 'true'
   set-cilium-node-taints: 'true'
   set-cilium-is-up-condition: 'true'
   unmanaged-pod-watcher-interval: '15'
   dnsproxy-enable-transparent-mode: 'true'
+  dnsproxy-socket-linger-timeout: '10'
   tofqdns-dns-reject-response-code: refused
   tofqdns-enable-dns-compression: 'true'
   tofqdns-endpoint-max-ip-per-hostname: '50'
   tofqdns-idle-connection-grace-period: 0s
   tofqdns-max-deferred-connection-deletes: '10000'
   tofqdns-proxy-response-max-delay: 100ms
   agent-not-ready-taint-key: node.cilium.io/agent-not-ready
   mesh-auth-enabled: 'true'
   mesh-auth-queue-size: '1024'
   mesh-auth-rotated-identities-queue-size: '1024'
   mesh-auth-gc-interval: 5m0s
+  proxy-xff-num-trusted-hops-ingress: '0'
+  proxy-xff-num-trusted-hops-egress: '0'
   proxy-connect-timeout: '2'
   proxy-max-requests-per-connection: '0'
   proxy-max-connection-duration-seconds: '0'
-  external-envoy-proxy: 'false'
+  proxy-idle-timeout-seconds: '60'
+  external-envoy-proxy: 'true'
+  envoy-base-id: '0'
+  envoy-keep-cap-netbindservice: 'false'
+  max-connected-clusters: '255'
+  clustermesh-enable-endpoint-sync: 'false'
+  clustermesh-enable-mcs-api: 'false'
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard

@@ -11,17 +11,30 @@

     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
   cilium-operator-dashboard.json: |
     {
+      "__inputs": [
+        {
+          "name": "DS_PROMETHEUS",
+          "label": "prometheus",
+          "description": "",
+          "type": "datasource",
+          "pluginId": "prometheus",
+          "pluginName": "Prometheus"
+        }
+      ],
       "annotations": {
         "list": [
           {
             "builtIn": 1,
-            "datasource": "-- Grafana --",
+            "datasource": {
+              "type": "datasource",
+              "uid": "grafana"
+            },
             "enable": true,
             "hide": true,
             "iconColor": "rgba(0, 211, 255, 1)",
             "name": "Annotations & Alerts",
             "type": "dashboard"
           }
@@ -37,13 +50,16 @@

           "aliasColors": {
             "avg": "#cffaff"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -163,13 +179,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -293,13 +312,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -390,13 +412,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -487,13 +512,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -584,13 +612,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -681,13 +712,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -778,13 +812,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -875,13 +912,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config

@@ -6,9 +6,9 @@

   namespace: kube-system
 data:
   config.yaml: "cluster-name: home-cluster\npeer-service: \"hubble-peer.kube-system.svc.cluster.local:443\"\
     \nlisten-address: :4245\ngops: true\ngops-port: \"9893\"\ndial-timeout: \nretry-timeout:\
     \ \nsort-buffer-len-max: \nsort-buffer-drain-timeout: \ntls-hubble-client-cert-file:\
     \ /var/lib/hubble-relay/tls/client.crt\ntls-hubble-client-key-file: /var/lib/hubble-relay/tls/client.key\n\
-    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\ndisable-server-tls:\
-    \ true\n"
+    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\n\n\
+    disable-server-tls: true\n"
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-ui-nginx

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-ui-nginx

@@ -15,8 +15,10 @@

     \ range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;\n\
     \        if ($request_method = OPTIONS) {\n            return 204;\n        }\n\
     \        # /CORS\n\n        location /api {\n            proxy_http_version 1.1;\n\
     \            proxy_pass_request_headers on;\n            proxy_hide_header Access-Control-Allow-Origin;\n\
     \            proxy_pass http://127.0.0.1:8090;\n        }\n        location /\
     \ {\n            # double `/index.html` is required here \n            try_files\
-    \ $uri $uri/ /index.html /index.html;\n        }\n    }\n}"
+    \ $uri $uri/ /index.html /index.html;\n        }\n\n        # Liveness probe\n\
+    \        location /healthz {\n            access_log off;\n            add_header\
+    \ Content-Type text/plain;\n            return 200 'ok';\n        }\n    }\n}"
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard

@@ -9,3240 +9,1059 @@

     app.kubernetes.io/name: hubble
     app.kubernetes.io/part-of: cilium
     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
-  hubble-dashboard.json: |
-    {
-      "annotations": {
-        "list": [
-          {
-            "builtIn": 1,
-            "datasource": "-- Grafana --",
-            "enable": true,
-            "hide": true,
-            "iconColor": "rgba(0, 211, 255, 1)",
-            "name": "Annotations & Alerts",
-            "type": "dashboard"
-          }
-        ]
-      },
-      "editable": true,
-      "gnetId": null,
-      "graphTooltip": 0,
-      "id": 3,
-      "links": [],
-      "panels": [
-        {
-          "collapsed": false,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 0
-          },
-          "id": 14,
-          "panels": [],
-          "title": "General Processing",
-          "type": "row"
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 0,
-            "y": 1
-          },
-          "id": 12,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [
-            {
-              "alias": "max",
-              "fillBelowTo": "avg",
-              "lines": false
-            },
-            {
-              "alias": "avg",
-              "fill": 0,
-              "fillBelowTo": "min"
-            },
-            {
-              "alias": "min",
-              "lines": false
-            }
-          ],
-          "spaceLength": 10,
-          "stack": false,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "avg(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "avg",
-              "refId": "A"
-            },
-            {
-              "expr": "min(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "min",
-              "refId": "B"
-            },
-            {
-              "expr": "max(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "max",
-              "refId": "C"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Flows processed Per Node",
-          "tooltip": {
-            "shared": true,
-            "sort": 1,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 12,
-            "y": 1
-          },
-          "id": 32,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total[1m])) by (pod, type)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{type}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Flows Types",
-          "tooltip": {
-            "shared": true,
-            "sort": 2,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 0,
-            "y": 6
-          },
-          "id": 59,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total{type=\"L7\"}[1m])) by (pod, subtype)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{subtype}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "L7 Flow Distribution",
-          "tooltip": {
-            "shared": true,
-            "sort": 2,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 12,
-            "y": 6
-          },
-          "id": 60,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total{type=\"Trace\"}[1m])) by (pod, subtype)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{subtype}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Trace Flow Distribution",
-          "tooltip": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload

@@ -11,13 +11,22 @@

     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
   hubble-l7-http-metrics-by-workload.json: |
     {
-      "__inputs": [],
+      "__inputs": [
+        {
+          "name": "DS_PROMETHEUS",
+          "label": "prometheus",
+          "description": "",
+          "type": "datasource",
+          "pluginId": "prometheus",
+          "pluginName": "Prometheus"
+        }
+      ],
       "__elements": {},
       "__requires": [
         {
           "type": "grafana",
           "id": "grafana",
           "name": "Grafana",
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

@@ -54,12 +54,15 @@

   - get
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
   - ciliumbgppeeringpolicies
+  - ciliumbgpnodeconfigs
+  - ciliumbgpadvertisements
+  - ciliumbgppeerconfigs
   - ciliumclusterwideenvoyconfigs
   - ciliumclusterwidenetworkpolicies
   - ciliumegressgatewaypolicies
   - ciliumendpoints
   - ciliumendpointslices
   - ciliumenvoyconfigs
@@ -103,14 +106,13 @@

   verbs:
   - get
   - update
 - apiGroups:
   - cilium.io
   resources:
-  - ciliumnetworkpolicies/status
-  - ciliumclusterwidenetworkpolicies/status
   - ciliumendpoints/status
   - ciliumendpoints
   - ciliuml2announcementpolicies/status
+  - ciliumbgpnodeconfigs/status
   verbs:
   - patch
 
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

@@ -116,12 +116,15 @@

   - update
 - apiGroups:
   - cilium.io
   resources:
   - ciliumendpointslices
   - ciliumenvoyconfigs
+  - ciliumbgppeerconfigs
+  - ciliumbgpadvertisements
+  - ciliumbgpnodeconfigs
   verbs:
   - create
   - update
   - get
   - list
   - watch
@@ -142,12 +145,17 @@

   - customresourcedefinitions
   verbs:
   - update
   resourceNames:
   - ciliumloadbalancerippools.cilium.io
   - ciliumbgppeeringpolicies.cilium.io
+  - ciliumbgpclusterconfigs.cilium.io
+  - ciliumbgppeerconfigs.cilium.io
+  - ciliumbgpadvertisements.cilium.io
+  - ciliumbgpnodeconfigs.cilium.io
+  - ciliumbgpnodeconfigoverrides.cilium.io
   - ciliumclusterwideenvoyconfigs.cilium.io
   - ciliumclusterwidenetworkpolicies.cilium.io
   - ciliumegressgatewaypolicies.cilium.io
   - ciliumendpoints.cilium.io
   - ciliumendpointslices.cilium.io
   - ciliumenvoyconfigs.cilium.io
@@ -162,12 +170,15 @@

   - ciliumpodippools.cilium.io
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
   - ciliumpodippools
+  - ciliumbgppeeringpolicies
+  - ciliumbgpclusterconfigs
+  - ciliumbgpnodeconfigoverrides
   verbs:
   - get
   - list
   - watch
 - apiGroups:
   - cilium.io
--- HelmRelease: kube-system/cilium Service: kube-system/cilium-agent

+++ HelmRelease: kube-system/cilium Service: kube-system/cilium-agent

@@ -15,11 +15,7 @@

     k8s-app: cilium
   ports:
   - name: metrics
     port: 9962
     protocol: TCP
     targetPort: prometheus
-  - name: envoy-metrics
-    port: 9964
-    protocol: TCP
-    targetPort: envoy-metrics
 
--- HelmRelease: kube-system/cilium Service: kube-system/hubble-relay

+++ HelmRelease: kube-system/cilium Service: kube-system/hubble-relay

@@ -12,8 +12,8 @@

   type: ClusterIP
   selector:
     k8s-app: hubble-relay
   ports:
   - protocol: TCP
     port: 80
-    targetPort: 4245
+    targetPort: grpc
 
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -16,21 +16,24 @@

     rollingUpdate:
       maxUnavailable: 2
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 08d1b987525060dd3fa1cb445d7d467e645b3f18388f6e86b2d7f1a48139d963
+        cilium.io/cilium-configmap-checksum: 9dc6915d528f5ca07bc7738e972adc700828b82f9d8ccfea3a01c026ff3956d3
       labels:
         k8s-app: cilium
         app.kubernetes.io/name: cilium-agent
         app.kubernetes.io/part-of: cilium
     spec:
+      securityContext:
+        appArmorProfile:
+          type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -42,12 +45,13 @@

             httpHeaders:
             - name: brief
               value: 'true'
           failureThreshold: 105
           periodSeconds: 2
           successThreshold: 1
+          initialDelaySeconds: 5
         livenessProbe:
           httpGet:
             host: 127.0.0.1
             path: /healthz
             port: 9879
             scheme: HTTP
@@ -81,12 +85,17 @@

           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
         - name: CILIUM_CLUSTERMESH_CONFIG
           value: /var/lib/cilium/clustermesh/
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
+              divisor: '1'
         - name: KUBERNETES_SERVICE_HOST
           value: ${KUBE_VIP_ADDR}
         - name: KUBERNETES_SERVICE_PORT
           value: '6443'
         lifecycle:
           postStart:
@@ -124,24 +133,23 @@

           hostPort: 4244
           protocol: TCP
         - name: prometheus
           containerPort: 9962
           hostPort: 9962
           protocol: TCP
-        - name: envoy-metrics
-          containerPort: 9964
-          hostPort: 9964
-          protocol: TCP
         - name: hubble-metrics
           containerPort: 9965
           hostPort: 9965
           protocol: TCP
         securityContext:
           privileged: true
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
+        - name: envoy-sockets
+          mountPath: /var/run/cilium/envoy/sockets
+          readOnly: false
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
         - name: cilium-run
           mountPath: /var/run/cilium
         - name: etc-cni-netd
@@ -158,16 +166,16 @@

           mountPath: /var/lib/cilium/tls/hubble
           readOnly: true
         - name: tmp
           mountPath: /tmp
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
-        imagePullPolicy: IfNotPresent
-        command:
-        - cilium
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
+        imagePullPolicy: IfNotPresent
+        command:
+        - cilium-dbg
         - build-config
         env:
         - name: K8S_NODE_NAME
           valueFrom:
             fieldRef:
               apiVersion: v1
@@ -183,13 +191,13 @@

           value: '6443'
         volumeMounts:
         - name: tmp
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: mount-cgroup
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
         imagePullPolicy: IfNotPresent
         env:
         - name: CGROUP_ROOT
           value: /run/cilium/cgroupv2
         - name: BIN_PATH
           value: /opt/cni/bin
@@ -206,13 +214,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - sh
@@ -227,13 +235,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -243,12 +251,18 @@

               optional: true
         - name: CILIUM_BPF_STATE
           valueFrom:
             configMapKeyRef:
               name: cilium-config
               key: clean-cilium-bpf-state
+              optional: true
+        - name: WRITE_CNI_CONF_WHEN_READY
+          valueFrom:
+            configMapKeyRef:
+              name: cilium-config
+              key: write-cni-conf-when-ready
               optional: true
         - name: KUBERNETES_SERVICE_HOST
           value: ${KUBE_VIP_ADDR}
         - name: KUBERNETES_SERVICE_PORT
           value: '6443'
         terminationMessagePolicy: FallbackToLogsOnError
@@ -260,13 +274,13 @@

         - name: cilium-cgroup
           mountPath: /run/cilium/cgroupv2
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.0@sha256:46ffa4ef3cf6d8885dcc4af5963b0683f7d59daa90d49ed9fb68d3b1627fe058
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           requests:
             cpu: 100m
@@ -279,13 +293,12 @@

         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
         - name: cni-path
           mountPath: /host/opt/cni/bin
       restartPolicy: Always
       priorityClassName: system-node-critical
-      serviceAccount: cilium
       serviceAccountName: cilium
       automountServiceAccountToken: true
       terminationGracePeriodSeconds: 1
       hostNetwork: true
       affinity:
         podAntiAffinity:
@@ -329,12 +342,16 @@

         hostPath:
           path: /lib/modules
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
           type: FileOrCreate
+      - name: envoy-sockets
+        hostPath:
+          path: /var/run/cilium/envoy/sockets
+          type: DirectoryOrCreate
       - name: clustermesh-secrets
         projected:
           defaultMode: 256
           sources:
           - secret:
               name: cilium-clustermesh
@@ -346,12 +363,22 @@

               - key: tls.key
                 path: common-etcd-client.key
               - key: tls.crt
                 path: common-etcd-client.crt
               - key: ca.crt
                 path: common-etcd-client-ca.crt
+          - secret:
+              name: clustermesh-apiserver-local-cert
+              optional: true
+              items:
+              - key: tls.key
+                path: local-etcd-client.key
+              - key: tls.crt
+                path: local-etcd-client.crt
+              - key: ca.crt
+                path: local-etcd-client-ca.crt
       - name: hubble-tls
         projected:
           defaultMode: 256
           sources:
           - secret:
               name: hubble-server-certs
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -20,22 +20,22 @@

       maxSurge: 25%
       maxUnavailable: 100%
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 08d1b987525060dd3fa1cb445d7d467e645b3f18388f6e86b2d7f1a48139d963
+        cilium.io/cilium-configmap-checksum: 9dc6915d528f5ca07bc7738e972adc700828b82f9d8ccfea3a01c026ff3956d3
       labels:
         io.cilium/app: operator
         name: cilium-operator
         app.kubernetes.io/part-of: cilium
         app.kubernetes.io/name: cilium-operator
     spec:
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.14.6@sha256:2f0bf8fb8362c7379f3bf95036b90ad5b67378ed05cd8eb0410c1afc13423848
+        image: quay.io/cilium/operator-generic:v1.16.0@sha256:d6621c11c4e4943bf2998af7febe05be5ed6fdcf812b27ad4388f47022190316
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=$(CILIUM_DEBUG)
@@ -89,13 +89,12 @@

           mountPath: /tmp/cilium/config-map
           readOnly: true
         terminationMessagePolicy: FallbackToLogsOnError
       hostNetwork: true
       restartPolicy: Always
       priorityClassName: system-cluster-critical
-      serviceAccount: cilium-operator
       serviceAccountName: cilium-operator
       automountServiceAccountToken: true
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
           - labelSelector:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

@@ -17,13 +17,13 @@

     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/hubble-relay-configmap-checksum: 2377e902b05fcb5eab2f040823d96bf083593a39234638f79da89f0a3ba15121
+        cilium.io/hubble-relay-configmap-checksum: 69e30dec0c0be57e5f35be49d3b9dc513789c37c6c5976f288ad36a6cb24bfb7
       labels:
         k8s-app: hubble-relay
         app.kubernetes.io/name: hubble-relay
         app.kubernetes.io/part-of: cilium
     spec:
       securityContext:
@@ -34,38 +34,48 @@

           capabilities:
             drop:
             - ALL
           runAsGroup: 65532
           runAsNonRoot: true
           runAsUser: 65532
-        image: quay.io/cilium/hubble-relay:v1.14.6@sha256:adeb90adae481bb952211483f511afee40825707953ed7ac118902d3bc8dd37f
+        image: quay.io/cilium/hubble-relay:v1.16.0@sha256:33fca7776fc3d7b2abe08873319353806dc1c5e07e12011d7da4da05f836ce8d
         imagePullPolicy: IfNotPresent
         command:
         - hubble-relay
         args:
         - serve
         ports:
         - name: grpc
           containerPort: 4245
         readinessProbe:
-          tcpSocket:
-            port: grpc
+          grpc:
+            port: 4222
+          timeoutSeconds: 3
         livenessProbe:
-          tcpSocket:
-            port: grpc
+          grpc:
+            port: 4222
+          timeoutSeconds: 10
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          failureThreshold: 12
+        startupProbe:
+          grpc:
+            port: 4222
+          initialDelaySeconds: 10
+          failureThreshold: 20
+          periodSeconds: 3
         volumeMounts:
         - name: config
           mountPath: /etc/hubble-relay
           readOnly: true
         - name: tls
           mountPath: /var/lib/hubble-relay/tls
           readOnly: true
         terminationMessagePolicy: FallbackToLogsOnError
       restartPolicy: Always
       priorityClassName: null
-      serviceAccount: hubble-relay
       serviceAccountName: hubble-relay
       automountServiceAccountToken: false
       terminationGracePeriodSeconds: 1
       affinity:
         podAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui

+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui

@@ -17,38 +17,49 @@

     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/hubble-ui-nginx-configmap-checksum: 02d6b04b131029fae39270192dcff10fa3a64af9d1d4d0049f1efbc3f5526a34
+        cilium.io/hubble-ui-nginx-configmap-checksum: e8acee96ed990156efd0291c8c33709d2c7902d2ec993eefa16c7cd3d1a9d84b
       labels:
         k8s-app: hubble-ui
         app.kubernetes.io/name: hubble-ui
         app.kubernetes.io/part-of: cilium
     spec:
+      securityContext:
+        fsGroup: 1001
+        runAsGroup: 1001
+        runAsUser: 1001
       priorityClassName: null
-      serviceAccount: hubble-ui
       serviceAccountName: hubble-ui
       automountServiceAccountToken: true
       containers:
       - name: frontend
-        image: quay.io/cilium/hubble-ui:v0.12.1@sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267
+        image: quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http
           containerPort: 8081
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8081
         volumeMounts:
         - name: hubble-ui-nginx-conf
           mountPath: /etc/nginx/conf.d/default.conf
           subPath: nginx.conf
         - name: tmp-dir
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: backend
-        image: quay.io/cilium/hubble-ui-backend:v0.12.1@sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe
+        image: quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b
         imagePullPolicy: IfNotPresent
         env:
         - name: EVENTS_SERVER_PORT
           value: '8090'
         - name: FLOWS_API_ADDR
           value: hubble-relay:80
--- HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble

+++ HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble

@@ -15,12 +15,13 @@

     - kube-system
   endpoints:
   - port: hubble-metrics
     interval: 10s
     honorLabels: true
     path: /metrics
+    scheme: http
     relabelings:
     - replacement: ${1}
       sourceLabels:
       - __meta_kubernetes_pod_node_name
       targetLabel: node
 
--- HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy

@@ -0,0 +1,7 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cilium-envoy
+  namespace: kube-system
+
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

@@ -0,0 +1,326 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cilium-envoy-config
+  namespace: kube-system
+data:
+  bootstrap-config.json: |
+    {
+      "node": {
+        "id": "host~127.0.0.1~no-id~localdomain",
+        "cluster": "ingress-cluster"
+      },
+      "staticResources": {
+        "listeners": [
+          {
+            "name": "envoy-prometheus-metrics-listener",
+            "address": {
+              "socket_address": {
+                "address": "0.0.0.0",
+                "port_value": 9964
+              }
+            },
+            "filter_chains": [
+              {
+                "filters": [
+                  {
+                    "name": "envoy.filters.network.http_connection_manager",
+                    "typed_config": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                      "stat_prefix": "envoy-prometheus-metrics-listener",
+                      "route_config": {
+                        "virtual_hosts": [
+                          {
+                            "name": "prometheus_metrics_route",
+                            "domains": [
+                              "*"
+                            ],
+                            "routes": [
+                              {
+                                "name": "prometheus_metrics_route",
+                                "match": {
+                                  "prefix": "/metrics"
+                                },
+                                "route": {
+                                  "cluster": "/envoy-admin",
+                                  "prefix_rewrite": "/stats/prometheus"
+                                }
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      "http_filters": [
+                        {
+                          "name": "envoy.filters.http.router",
+                          "typed_config": {
+                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                          }
+                        }
+                      ],
+                      "stream_idle_timeout": "0s"
+                    }
+                  }
+                ]
+              }
+            ]
+          },
+          {
+            "name": "envoy-health-listener",
+            "address": {
+              "socket_address": {
+                "address": "127.0.0.1",
+                "port_value": 9878
+              }
+            },
+            "filter_chains": [
+              {
+                "filters": [
+                  {
+                    "name": "envoy.filters.network.http_connection_manager",
+                    "typed_config": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                      "stat_prefix": "envoy-health-listener",
+                      "route_config": {
+                        "virtual_hosts": [
+                          {
+                            "name": "health",
+                            "domains": [
+                              "*"
+                            ],
+                            "routes": [
+                              {
+                                "name": "health",
+                                "match": {
+                                  "prefix": "/healthz"
+                                },
+                                "route": {
+                                  "cluster": "/envoy-admin",
+                                  "prefix_rewrite": "/ready"
+                                }
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      "http_filters": [
+                        {
+                          "name": "envoy.filters.http.router",
+                          "typed_config": {
+                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                          }
+                        }
+                      ],
+                      "stream_idle_timeout": "0s"
+                    }
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "clusters": [
+          {
+            "name": "ingress-cluster",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s"
+          },
+          {
+            "name": "egress-cluster-tls",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "upstreamHttpProtocolOptions": {},
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s",
+            "transportSocket": {
+              "name": "cilium.tls_wrapper",
+              "typedConfig": {
+                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+              }
+            }
+          },
+          {
+            "name": "egress-cluster",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s"
+          },
+          {
+            "name": "ingress-cluster-tls",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "upstreamHttpProtocolOptions": {},
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s",
+            "transportSocket": {
+              "name": "cilium.tls_wrapper",
+              "typedConfig": {
+                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+              }
+            }
+          },
+          {
+            "name": "xds-grpc-cilium",
+            "type": "STATIC",
+            "connectTimeout": "2s",
+            "loadAssignment": {
+              "clusterName": "xds-grpc-cilium",
+              "endpoints": [
+                {
+                  "lbEndpoints": [
+                    {
+                      "endpoint": {
+                        "address": {
+                          "pipe": {
+                            "path": "/var/run/cilium/envoy/sockets/xds.sock"
+                          }
+                        }
+                      }
+                    }
+                  ]
+                }
+              ]
+            },
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "explicitHttpConfig": {
+                  "http2ProtocolOptions": {}
+                }
+              }
+            }
+          },
+          {
+            "name": "/envoy-admin",
+            "type": "STATIC",
+            "connectTimeout": "2s",
+            "loadAssignment": {
+              "clusterName": "/envoy-admin",
+              "endpoints": [
+                {
+                  "lbEndpoints": [
+                    {
+                      "endpoint": {
+                        "address": {
+                          "pipe": {
+                            "path": "/var/run/cilium/envoy/sockets/admin.sock"
+                          }
+                        }
+                      }
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        ]
+      },
+      "dynamicResources": {
+        "ldsConfig": {
+          "apiConfigSource": {
+            "apiType": "GRPC",
+            "transportApiVersion": "V3",
+            "grpcServices": [
+              {
+                "envoyGrpc": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace

@@ -0,0 +1,240 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-dns-namespace
+  namespace: kube-system
+  labels:
+    k8s-app: hubble
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    grafana_dashboard: '1'
+  annotations:
+    grafana_folder: Cilium
+data:
+  hubble-dns-namespace.json: "{\n    \"__inputs\": [\n      {\n        \"name\": \"\
+    DS_PROMETHEUS\",\n        \"label\": \"Prometheus\",\n        \"description\"\
+    : \"\",\n        \"type\": \"datasource\",\n        \"pluginId\": \"prometheus\"\
+    ,\n        \"pluginName\": \"Prometheus\"\n      }\n    ],\n    \"__elements\"\
+    : {},\n    \"__requires\": [\n      {\n        \"type\": \"panel\",\n        \"\
+    id\": \"bargauge\",\n        \"name\": \"Bar gauge\",\n        \"version\": \"\
+    \"\n      },\n      {\n        \"type\": \"grafana\",\n        \"id\": \"grafana\"\
+    ,\n        \"name\": \"Grafana\",\n        \"version\": \"9.4.7\"\n      },\n\
+    \      {\n        \"type\": \"datasource\",\n        \"id\": \"prometheus\",\n\
+    \        \"name\": \"Prometheus\",\n        \"version\": \"1.0.0\"\n      },\n\
+    \      {\n        \"type\": \"panel\",\n        \"id\": \"timeseries\",\n    \
+    \    \"name\": \"Time series\",\n        \"version\": \"\"\n      }\n    ],\n\
+    \    \"annotations\": {\n      \"list\": [\n        {\n          \"builtIn\":\
+    \ 1,\n          \"datasource\": {\n            \"type\": \"datasource\",\n   \
+    \         \"uid\": \"grafana\"\n          },\n          \"enable\": true,\n  \
+    \        \"hide\": true,\n          \"iconColor\": \"rgba(0, 211, 255, 1)\",\n\
+    \          \"name\": \"Annotations & Alerts\",\n          \"target\": {\n    \
+    \        \"limit\": 100,\n            \"matchAny\": false,\n            \"tags\"\
+    : [],\n            \"type\": \"dashboard\"\n          },\n          \"type\":\
+    \ \"dashboard\"\n        }\n      ]\n    },\n    \"description\": \"\",\n    \"\
+    editable\": true,\n    \"fiscalYearStartMonth\": 0,\n    \"gnetId\": 16612,\n\
+    \    \"graphTooltip\": 0,\n    \"id\": null,\n    \"links\": [\n      {\n    \
+    \    \"asDropdown\": true,\n        \"icon\": \"external link\",\n        \"includeVars\"\
+    : true,\n        \"keepTime\": true,\n        \"tags\": [\n          \"cilium-overview\"\
+    \n        ],\n        \"targetBlank\": false,\n        \"title\": \"Cilium Overviews\"\
+    ,\n        \"tooltip\": \"\",\n        \"type\": \"dashboards\",\n        \"url\"\
+    : \"\"\n      },\n      {\n        \"asDropdown\": true,\n        \"icon\": \"\
+    external link\",\n        \"includeVars\": false,\n        \"keepTime\": true,\n\
+    \        \"tags\": [\n          \"hubble\"\n        ],\n        \"targetBlank\"\
+    : false,\n        \"title\": \"Hubble\",\n        \"tooltip\": \"\",\n       \
+    \ \"type\": \"dashboards\",\n        \"url\": \"\"\n      }\n    ],\n    \"liveNow\"\
+    : false,\n    \"panels\": [\n      {\n        \"collapsed\": false,\n        \"\
+    gridPos\": {\n          \"h\": 1,\n          \"w\": 24,\n          \"x\": 0,\n\
+    \          \"y\": 0\n        },\n        \"id\": 2,\n        \"panels\": [],\n\
+    \        \"title\": \"DNS\",\n        \"type\": \"row\"\n      },\n      {\n \
+    \       \"datasource\": {\n          \"type\": \"prometheus\",\n          \"uid\"\
+    : \"${DS_PROMETHEUS}\"\n        },\n        \"description\": \"\",\n        \"\
+    fieldConfig\": {\n          \"defaults\": {\n            \"color\": {\n      \
+    \        \"mode\": \"palette-classic\"\n            },\n            \"custom\"\
+    : {\n              \"axisCenteredZero\": false,\n              \"axisColorMode\"\
+    : \"text\",\n              \"axisLabel\": \"\",\n              \"axisPlacement\"\
+    : \"auto\",\n              \"barAlignment\": 0,\n              \"drawStyle\":\
+    \ \"line\",\n              \"fillOpacity\": 10,\n              \"gradientMode\"\
+    : \"none\",\n              \"hideFrom\": {\n                \"legend\": false,\n\
+    \                \"tooltip\": false,\n                \"viz\": false\n       \
+    \       },\n              \"lineInterpolation\": \"linear\",\n              \"\
+    lineWidth\": 1,\n              \"pointSize\": 5,\n              \"scaleDistribution\"\
+    : {\n                \"type\": \"linear\"\n              },\n              \"\
+    showPoints\": \"auto\",\n              \"spanNulls\": false,\n              \"\
+    stacking\": {\n                \"group\": \"A\",\n                \"mode\": \"\
+    normal\"\n              },\n              \"thresholdsStyle\": {\n           \
+    \     \"mode\": \"off\"\n              }\n            },\n            \"mappings\"\
+    : [],\n            \"min\": 0,\n            \"thresholds\": {\n              \"\
+    mode\": \"absolute\",\n              \"steps\": [\n                {\n       \
+    \           \"color\": \"green\",\n                  \"value\": null\n       \
+    \         },\n                {\n                  \"color\": \"red\",\n     \
+    \             \"value\": 80\n                }\n              ]\n            },\n\
+    \            \"unit\": \"reqps\"\n          },\n          \"overrides\": []\n\
+    \        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\": 12,\n\
+    \          \"x\": 0,\n          \"y\": 1\n        },\n        \"id\": 37,\n  \
+    \      \"options\": {\n          \"legend\": {\n            \"calcs\": [\n   \
+    \           \"mean\",\n              \"lastNotNull\"\n            ],\n       \
+    \     \"displayMode\": \"table\",\n            \"placement\": \"bottom\",\n  \
+    \          \"showLegend\": true\n          },\n          \"tooltip\": {\n    \
+    \        \"mode\": \"single\",\n            \"sort\": \"none\"\n          }\n\
+    \        },\n        \"targets\": [\n          {\n            \"datasource\":\
+    \ {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_dns_queries_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (source) > 0\",\n            \"legendFormat\": \"{{source}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"DNS queries\",\n        \"type\": \"timeseries\"\
+    \n      },\n      {\n        \"datasource\": {\n          \"type\": \"prometheus\"\
+    ,\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n        \"fieldConfig\"\
+    : {\n          \"defaults\": {\n            \"color\": {\n              \"mode\"\
+    : \"thresholds\"\n            },\n            \"mappings\": [],\n            \"\
+    min\": 0,\n            \"thresholds\": {\n              \"mode\": \"absolute\"\
+    ,\n              \"steps\": [\n                {\n                  \"color\"\
+    : \"green\",\n                  \"value\": null\n                }\n         \
+    \     ]\n            },\n            \"unit\": \"reqps\"\n          },\n     \
+    \     \"overrides\": []\n        },\n        \"gridPos\": {\n          \"h\":\
+    \ 9,\n          \"w\": 12,\n          \"x\": 12,\n          \"y\": 1\n       \
+    \ },\n        \"id\": 41,\n        \"options\": {\n          \"displayMode\":\
+    \ \"gradient\",\n          \"minVizHeight\": 10,\n          \"minVizWidth\": 0,\n\
+    \          \"orientation\": \"horizontal\",\n          \"reduceOptions\": {\n\
+    \            \"calcs\": [\n              \"lastNotNull\"\n            ],\n   \
+    \         \"fields\": \"\",\n            \"values\": false\n          },\n   \
+    \       \"showUnfilled\": true\n        },\n        \"pluginVersion\": \"9.4.7\"\
+    ,\n        \"targets\": [\n          {\n            \"datasource\": {\n      \
+    \        \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"topk(10, sum(rate(hubble_dns_queries_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])*60) by (query))\",\n            \"legendFormat\": \"{{query}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"Top 10 DNS queries\",\n        \"type\": \"bargauge\"\
+    \n      },\n      {\n        \"datasource\": {\n          \"type\": \"prometheus\"\
+    ,\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n        \"fieldConfig\"\
+    : {\n          \"defaults\": {\n            \"color\": {\n              \"mode\"\
+    : \"palette-classic\"\n            },\n            \"custom\": {\n           \
+    \   \"axisCenteredZero\": false,\n              \"axisColorMode\": \"text\",\n\
+    \              \"axisLabel\": \"\",\n              \"axisPlacement\": \"auto\"\
+    ,\n              \"barAlignment\": 0,\n              \"drawStyle\": \"line\",\n\
+    \              \"fillOpacity\": 10,\n              \"gradientMode\": \"none\"\
+    ,\n              \"hideFrom\": {\n                \"legend\": false,\n       \
+    \         \"tooltip\": false,\n                \"viz\": false\n              },\n\
+    \              \"lineInterpolation\": \"linear\",\n              \"lineWidth\"\
+    : 1,\n              \"pointSize\": 5,\n              \"scaleDistribution\": {\n\
+    \                \"type\": \"linear\"\n              },\n              \"showPoints\"\
+    : \"auto\",\n              \"spanNulls\": false,\n              \"stacking\":\
+    \ {\n                \"group\": \"A\",\n                \"mode\": \"normal\"\n\
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace

@@ -0,0 +1,396 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-network-overview-namespace
+  namespace: kube-system
+  labels:
+    k8s-app: hubble
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    grafana_dashboard: '1'
+  annotations:
+    grafana_folder: Cilium
+data:
+  hubble-network-overview-namespace.json: "{\n    \"__inputs\": [\n      {\n     \
+    \   \"name\": \"DS_PROMETHEUS\",\n        \"label\": \"Prometheus\",\n       \
+    \ \"description\": \"\",\n        \"type\": \"datasource\",\n        \"pluginId\"\
+    : \"prometheus\",\n        \"pluginName\": \"Prometheus\"\n      }\n    ],\n \
+    \   \"__elements\": {},\n    \"__requires\": [\n      {\n        \"type\": \"\
+    panel\",\n        \"id\": \"bargauge\",\n        \"name\": \"Bar gauge\",\n  \
+    \      \"version\": \"\"\n      },\n      {\n        \"type\": \"grafana\",\n\
+    \        \"id\": \"grafana\",\n        \"name\": \"Grafana\",\n        \"version\"\
+    : \"9.4.7\"\n      },\n      {\n        \"type\": \"datasource\",\n        \"\
+    id\": \"prometheus\",\n        \"name\": \"Prometheus\",\n        \"version\"\
+    : \"1.0.0\"\n      },\n      {\n        \"type\": \"panel\",\n        \"id\":\
+    \ \"timeseries\",\n        \"name\": \"Time series\",\n        \"version\": \"\
+    \"\n      }\n    ],\n    \"annotations\": {\n      \"list\": [\n        {\n  \
+    \        \"builtIn\": 1,\n          \"datasource\": {\n            \"type\": \"\
+    datasource\",\n            \"uid\": \"grafana\"\n          },\n          \"enable\"\
+    : true,\n          \"hide\": true,\n          \"iconColor\": \"rgba(0, 211, 255,\
+    \ 1)\",\n          \"name\": \"Annotations & Alerts\",\n          \"target\":\
+    \ {\n            \"limit\": 100,\n            \"matchAny\": false,\n         \
+    \   \"tags\": [],\n            \"type\": \"dashboard\"\n          },\n       \
+    \   \"type\": \"dashboard\"\n        }\n      ]\n    },\n    \"description\":\
+    \ \"\",\n    \"editable\": true,\n    \"fiscalYearStartMonth\": 0,\n    \"gnetId\"\
+    : 16612,\n    \"graphTooltip\": 0,\n    \"id\": null,\n    \"links\": [\n    \
+    \  {\n        \"asDropdown\": true,\n        \"icon\": \"external link\",\n  \
+    \      \"includeVars\": true,\n        \"keepTime\": true,\n        \"tags\":\
+    \ [\n          \"cilium-overview\"\n        ],\n        \"targetBlank\": false,\n\
+    \        \"title\": \"Cilium Overviews\",\n        \"tooltip\": \"\",\n      \
+    \  \"type\": \"dashboards\",\n        \"url\": \"\"\n      },\n      {\n     \
+    \   \"asDropdown\": true,\n        \"icon\": \"external link\",\n        \"includeVars\"\
+    : false,\n        \"keepTime\": true,\n        \"tags\": [\n          \"hubble\"\
+    \n        ],\n        \"targetBlank\": false,\n        \"title\": \"Hubble\",\n\
+    \        \"tooltip\": \"\",\n        \"type\": \"dashboards\",\n        \"url\"\
+    : \"\"\n      }\n    ],\n    \"liveNow\": false,\n    \"panels\": [\n      {\n\
+    \        \"collapsed\": false,\n        \"gridPos\": {\n          \"h\": 1,\n\
+    \          \"w\": 24,\n          \"x\": 0,\n          \"y\": 0\n        },\n \
+    \       \"id\": 8,\n        \"panels\": [],\n        \"title\": \"Flows processed\"\
+    ,\n        \"type\": \"row\"\n      },\n      {\n        \"datasource\": {\n \
+    \         \"type\": \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\n\
+    \        },\n        \"fieldConfig\": {\n          \"defaults\": {\n         \
+    \   \"color\": {\n              \"mode\": \"palette-classic\"\n            },\n\
+    \            \"custom\": {\n              \"axisCenteredZero\": false,\n     \
+    \         \"axisColorMode\": \"text\",\n              \"axisLabel\": \"\",\n \
+    \             \"axisPlacement\": \"auto\",\n              \"barAlignment\": 0,\n\
+    \              \"drawStyle\": \"line\",\n              \"fillOpacity\": 10,\n\
+    \              \"gradientMode\": \"none\",\n              \"hideFrom\": {\n  \
+    \              \"legend\": false,\n                \"tooltip\": false,\n     \
+    \           \"viz\": false\n              },\n              \"lineInterpolation\"\
+    : \"linear\",\n              \"lineWidth\": 1,\n              \"pointSize\": 5,\n\
+    \              \"scaleDistribution\": {\n                \"type\": \"linear\"\n\
+    \              },\n              \"showPoints\": \"auto\",\n              \"spanNulls\"\
+    : false,\n              \"stacking\": {\n                \"group\": \"A\",\n \
+    \               \"mode\": \"normal\"\n              },\n              \"thresholdsStyle\"\
+    : {\n                \"mode\": \"off\"\n              }\n            },\n    \
+    \        \"mappings\": [],\n            \"min\": 0,\n            \"thresholds\"\
+    : {\n              \"mode\": \"absolute\",\n              \"steps\": [\n     \
+    \           {\n                  \"color\": \"green\",\n                  \"value\"\
+    : null\n                },\n                {\n                  \"color\": \"\
+    red\",\n                  \"value\": 80\n                }\n              ]\n\
+    \            },\n            \"unit\": \"ops\"\n          },\n          \"overrides\"\
+    : []\n        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\"\
+    : 12,\n          \"x\": 0,\n          \"y\": 1\n        },\n        \"id\": 12,\n\
+    \        \"options\": {\n          \"legend\": {\n            \"calcs\": [],\n\
+    \            \"displayMode\": \"list\",\n            \"placement\": \"bottom\"\
+    ,\n            \"showLegend\": true\n          },\n          \"tooltip\": {\n\
+    \            \"mode\": \"single\",\n            \"sort\": \"none\"\n         \
+    \ }\n        },\n        \"targets\": [\n          {\n            \"datasource\"\
+    : {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_flows_processed_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (type, subtype)\",\n            \"legendFormat\": \"\
+    {{type}}/{{subtype}}\",\n            \"range\": true,\n            \"refId\":\
+    \ \"A\"\n          }\n        ],\n        \"title\": \"Flows processed by type\"\
+    ,\n        \"type\": \"timeseries\"\n      },\n      {\n        \"datasource\"\
+    : {\n          \"type\": \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\
+    \n        },\n        \"fieldConfig\": {\n          \"defaults\": {\n        \
+    \    \"color\": {\n              \"mode\": \"palette-classic\"\n            },\n\
+    \            \"custom\": {\n              \"axisCenteredZero\": false,\n     \
+    \         \"axisColorMode\": \"text\",\n              \"axisLabel\": \"\",\n \
+    \             \"axisPlacement\": \"auto\",\n              \"barAlignment\": 0,\n\
+    \              \"drawStyle\": \"line\",\n              \"fillOpacity\": 10,\n\
+    \              \"gradientMode\": \"none\",\n              \"hideFrom\": {\n  \
+    \              \"legend\": false,\n                \"tooltip\": false,\n     \
+    \           \"viz\": false\n              },\n              \"lineInterpolation\"\
+    : \"linear\",\n              \"lineWidth\": 1,\n              \"pointSize\": 5,\n\
+    \              \"scaleDistribution\": {\n                \"type\": \"linear\"\n\
+    \              },\n              \"showPoints\": \"auto\",\n              \"spanNulls\"\
+    : false,\n              \"stacking\": {\n                \"group\": \"A\",\n \
+    \               \"mode\": \"normal\"\n              },\n              \"thresholdsStyle\"\
+    : {\n                \"mode\": \"off\"\n              }\n            },\n    \
+    \        \"mappings\": [],\n            \"min\": 0,\n            \"thresholds\"\
+    : {\n              \"mode\": \"absolute\",\n              \"steps\": [\n     \
+    \           {\n                  \"color\": \"green\",\n                  \"value\"\
+    : null\n                },\n                {\n                  \"color\": \"\
+    red\",\n                  \"value\": 80\n                }\n              ]\n\
+    \            },\n            \"unit\": \"ops\"\n          },\n          \"overrides\"\
+    : []\n        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\"\
+    : 12,\n          \"x\": 12,\n          \"y\": 1\n        },\n        \"id\": 35,\n\
+    \        \"options\": {\n          \"legend\": {\n            \"calcs\": [],\n\
+    \            \"displayMode\": \"list\",\n            \"placement\": \"bottom\"\
+    ,\n            \"showLegend\": true\n          },\n          \"tooltip\": {\n\
+    \            \"mode\": \"single\",\n            \"sort\": \"none\"\n         \
+    \ }\n        },\n        \"targets\": [\n          {\n            \"datasource\"\
+    : {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_flows_processed_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (verdict)\",\n            \"legendFormat\": \"{{verdict}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"Flows processed by verdict\",\n        \"type\"\
+    : \"timeseries\"\n      },\n      {\n        \"datasource\": {\n          \"type\"\
+    : \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n     \
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

@@ -0,0 +1,171 @@

+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cilium-envoy
+  namespace: kube-system
+  labels:
+    k8s-app: cilium-envoy
+    app.kubernetes.io/part-of: cilium
+    app.kubernetes.io/name: cilium-envoy
+    name: cilium-envoy
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cilium-envoy
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 2
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        prometheus.io/port: '9964'
+        prometheus.io/scrape: 'true'
+      labels:
+        k8s-app: cilium-envoy
+        name: cilium-envoy
+        app.kubernetes.io/name: cilium-envoy
+        app.kubernetes.io/part-of: cilium
+    spec:
+      securityContext:
+        appArmorProfile:
+          type: Unconfined
+      containers:
+      - name: cilium-envoy
+        image: quay.io/cilium/cilium-envoy:v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51@sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b
+        imagePullPolicy: IfNotPresent
+        command:
+        - /usr/bin/cilium-envoy-starter
+        args:
+        - --
+        - -c /var/run/cilium/envoy/bootstrap-config.json
+        - --base-id 0
+        - --log-level info
+        - --log-format [%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v
+        startupProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          failureThreshold: 105
+          periodSeconds: 2
+          successThreshold: 1
+          initialDelaySeconds: 5
+        livenessProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 5
+        env:
+        - name: K8S_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        - name: CILIUM_K8S_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: KUBERNETES_SERVICE_HOST
+          value: ${KUBE_VIP_ADDR}
+        - name: KUBERNETES_SERVICE_PORT
+          value: '6443'
+        ports:
+        - name: envoy-metrics
+          containerPort: 9964
+          hostPort: 9964
+          protocol: TCP
+        securityContext:
+          seLinuxOptions:
+            level: s0
+            type: spc_t
+          capabilities:
+            add:
+            - NET_ADMIN
+            - SYS_ADMIN
+            drop:
+            - ALL
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+        - name: envoy-sockets
+          mountPath: /var/run/cilium/envoy/sockets
+          readOnly: false
+        - name: envoy-artifacts
+          mountPath: /var/run/cilium/envoy/artifacts
+          readOnly: true
+        - name: envoy-config
+          mountPath: /var/run/cilium/envoy/
+          readOnly: true
+        - name: bpf-maps
+          mountPath: /sys/fs/bpf
+          mountPropagation: HostToContainer
+      restartPolicy: Always
+      priorityClassName: system-node-critical
+      serviceAccountName: cilium-envoy
+      automountServiceAccountToken: true
+      terminationGracePeriodSeconds: 1
+      hostNetwork: true
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: cilium.io/no-schedule
+                operator: NotIn
+                values:
+                - 'true'
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                k8s-app: cilium
+            topologyKey: kubernetes.io/hostname
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                k8s-app: cilium-envoy
+            topologyKey: kubernetes.io/hostname
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - operator: Exists
+      volumes:
+      - name: envoy-sockets
+        hostPath:
+          path: /var/run/cilium/envoy/sockets
+          type: DirectoryOrCreate
+      - name: envoy-artifacts
+        hostPath:
+          path: /var/run/cilium/envoy/artifacts
+          type: DirectoryOrCreate
+      - name: envoy-config
+        configMap:
+          name: cilium-envoy-config
+          defaultMode: 256
+          items:
+          - key: bootstrap-config.json
+            path: bootstrap-config.json
+      - name: bpf-maps
+        hostPath:
+          path: /sys/fs/bpf
+          type: DirectoryOrCreate
+

renovate bot added renovate/helm type/minor labels Feb 3, 2024

github-actions bot added area/kubernetes area/bootstrap area/ansible labels Feb 3, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 28633f4 to adb38ba Compare February 15, 2024 07:30

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.0~~ feat(helm): update chart cilium to 1.15.1 Feb 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from adb38ba to 8dbc15e Compare March 13, 2024 17:47

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.1~~ feat(helm): update chart cilium to 1.15.2 Mar 13, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 8dbc15e to 13e0c4d Compare March 26, 2024 19:27

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.2~~ feat(helm): update chart cilium to 1.15.3 Mar 26, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 13e0c4d to 62e364d Compare April 12, 2024 02:00

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.3~~ feat(helm): update chart cilium to 1.15.4 Apr 12, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 62e364d to 57a7f17 Compare May 15, 2024 21:46

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.4~~ feat(helm): update chart cilium to 1.15.5 May 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 57a7f17 to 35bcb4a Compare June 10, 2024 19:24

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.5~~ feat(helm): update chart cilium to 1.15.6 Jun 10, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 35bcb4a to 64fe6bc Compare July 11, 2024 22:19

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.6~~ feat(helm): update chart cilium to 1.15.7 Jul 11, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 64fe6bc to b4173f5 Compare July 24, 2024 16:45

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.7~~ feat(helm): update chart cilium to 1.16.0 Jul 24, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from b4173f5 to 219aae5 Compare August 14, 2024 16:11

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.0~~ feat(helm): update chart cilium to 1.16.1 Aug 14, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 219aae5 to f1bacc6 Compare September 26, 2024 14:03

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.1~~ feat(helm): update chart cilium to 1.16.2 Sep 26, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from f1bacc6 to b793b36 Compare October 15, 2024 09:46

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.2~~ feat(helm): update chart cilium to 1.16.3 Oct 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from b793b36 to 15efbdc Compare November 20, 2024 10:12

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.5~~ feat(helm): update chart cilium to 1.16.6 Jan 22, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 137d88c to 03b3dc2 Compare February 4, 2025 17:12

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.6~~ feat(helm): update chart cilium to 1.17.0 Feb 4, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 03b3dc2 to 3a15ba9 Compare February 13, 2025 12:28

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.0~~ feat(helm): update chart cilium to 1.17.1 Feb 13, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 3a15ba9 to 0fe4b87 Compare March 15, 2025 17:56

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.1~~ feat(helm): update chart cilium to 1.17.2 Mar 15, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 0fe4b87 to 7b66efe Compare April 14, 2025 22:04

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.2~~ feat(helm): update chart cilium to 1.17.3 Apr 14, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 7b66efe to d1a7001 Compare May 15, 2025 20:09

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.3~~ feat(helm): update chart cilium to 1.17.4 May 15, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from d1a7001 to 5d96ec6 Compare June 19, 2025 23:13

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.4~~ feat(helm): update chart cilium to 1.17.5 Jun 19, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 5d96ec6 to 9099897 Compare July 16, 2025 16:47

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.5~~ feat(helm): update chart cilium to 1.17.6 Jul 16, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 9099897 to 4e27e32 Compare August 6, 2025 06:15

renovate bot changed the title ~~feat(helm): update chart cilium to 1.17.6~~ feat(helm): update chart cilium to 1.18.0 Aug 6, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 4e27e32 to 471e96d Compare August 15, 2025 16:40

renovate bot changed the title ~~feat(helm): update chart cilium to 1.18.0~~ feat(helm): update chart cilium to 1.18.1 Aug 15, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 471e96d to 69083b5 Compare September 21, 2025 10:50

renovate bot changed the title ~~feat(helm): update chart cilium to 1.18.1~~ feat(helm): update chart cilium to 1.18.2 Sep 21, 2025

renovate bot force-pushed the renovate/cilium-1.x branch 2 times, most recently from e7b3a16 to 7c1bd85 Compare October 23, 2025 23:11

renovate bot changed the title ~~feat(helm): update chart cilium to 1.18.2~~ feat(helm): update chart cilium to 1.18.3 Oct 23, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 7c1bd85 to 5fbe91a Compare November 12, 2025 22:02

renovate bot changed the title ~~feat(helm): update chart cilium to 1.18.3~~ feat(helm): update chart cilium to 1.18.4 Nov 12, 2025

renovate bot force-pushed the renovate/cilium-1.x branch from 5fbe91a to bb31b32 Compare December 12, 2025 00:12

feat(helm): update chart cilium to 1.18.5

e4f6788

renovate bot force-pushed the renovate/cilium-1.x branch from bb31b32 to e4f6788 Compare December 17, 2025 14:00

renovate bot changed the title ~~feat(helm): update chart cilium to 1.18.4~~ feat(helm): update chart cilium to 1.18.5 Dec 17, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

feat(helm): update chart cilium to 1.18.5 #132

feat(helm): update chart cilium to 1.18.5 #132

Uh oh!

renovate bot commented Feb 3, 2024 •

edited

Loading

Uh oh!

github-actions bot commented Feb 3, 2024 •

edited

Loading

Uh oh!

github-actions bot commented Feb 3, 2024 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

feat(helm): update chart cilium to 1.18.5 #132

Are you sure you want to change the base?

feat(helm): update chart cilium to 1.18.5 #132

Uh oh!

Conversation

renovate bot commented Feb 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Release Notes

v1.18.5: 1.18.5

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.18.4: 1.18.4

Security Advisories

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.18.3: 1.18.3

Summary of Changes

Configuration

Uh oh!

github-actions bot commented Feb 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

github-actions bot commented Feb 3, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

renovate bot commented Feb 3, 2024 •

edited

Loading

`v1.18.5`: 1.18.5

`v1.18.4`: 1.18.4

`v1.18.3`: 1.18.3

github-actions bot commented Feb 3, 2024 •

edited

Loading

github-actions bot commented Feb 3, 2024 •

edited

Loading