feat(helm): update chart cilium to 1.17.0 #74

renovate · 2024-02-01T15:34:07Z

This PR contains the following updates:

Package	Update	Change
cilium (source)	minor	`1.14.6` -> `1.17.0`

Release Notes

cilium/cilium (cilium)

`v1.17.0`

Compare Source

`v1.16.6`: 1.16.6

Compare Source

Summary of Changes

Major Changes:

Add feature tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #35852, @aanm)
Add feature tracking in Cilium Operator as prometheus metrics (Backport PR #36263, Upstream PR #36077, @aanm)

Minor Changes:

envoy: Use yaml format for bootstrap config (Backport PR #36782, Upstream PR #36820, @sayboras)
Reject CNP/CCNP with CIDR rules where CIDRGroupRef is used in combination with ExceptCIDRs (#36561, @pippolo84)
service: Cap number of backends included in monitor message (Backport PR #36635, Upstream PR #36394, @joamaki)

Bugfixes:

cilium: LB source ranges fixes (Backport PR #36635, Upstream PR #36517, @borkmann)
eni.subnetTagsFilter and eni.instanceTagsFilter are now templated to comma separated string (Backport PR #36872, Upstream PR #36617, @sderoe)
envoy: Configure internal address config based on IP family (Backport PR #36782, Upstream PR #36733, @sayboras)
Fix connectivity issue caused by stale cilium eBPF program when using --bpf-filter-priority (Backport PR #36635, Upstream PR #36176, @tamilmani1989)
metrics/features: remove reporting metrics' defaults by default (Backport PR #36263, Upstream PR #36298, @aanm)
pkg/redirectpolicy: Fix backend slices in processConfig (Backport PR #36872, Upstream PR #35496, @Sm0ckingBird)
ui: drop CORS headers from api response (Backport PR #36872, Upstream PR #35762, @geakstr)

CI Changes:

[v1.16] .github: Remove CI Fuzz workflow (#36641, @joestringer)
[v1.16] gh: e2e-upgrade: use 6.12 kernel for netkit test configs (#36620, @julianwiedmann)
[v1.16] gha: use /test to trigger tests in stable branches (#36673, @giorio94)
ci: fix job names for various ci workflows (Backport PR #36263, Upstream PR #36397, @marseel)
Extend the check-ipsec-leak bpftrace script to capture additional details of leaked packets (Backport PR #36872, Upstream PR #33398, @giorio94)
gh: e2e-upgrade: add coverage for 6.6 kernel (Backport PR #36988, Upstream PR #36626, @julianwiedmann)
gh: e2e-upgrade: de-renovate the config example (Backport PR #36635, Upstream PR #36463, @julianwiedmann)
gha: drop leftover token parameter in net-perf-gke workflow (#36684, @giorio94)
gha: fix merging of features-related artifacts (#36665, @giorio94)
gha: merge artifacts in net-perf-gke workflow (Backport PR #36263, Upstream PR #36236, @giorio94)
gha: Use ubuntu-24.04 for integration-test (Backport PR #36659, Upstream PR #36628, @sayboras)

Misc Changes:

.github/workflows: always install cilium-cli (Backport PR #36263, Upstream PR #36234, @aanm)
.github/workflows: do not fail ginkgo if unable to fetch features (Backport PR #36263, Upstream PR #36461, @aanm)
.github: fix conformance-k8s NP test (Backport PR #36263, Upstream PR #36355, @aanm)
[v1.16] Use bash syntax to consume env variable (#36636, @ferozsalam)
Add more features tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #36078, @aanm)
Add policy-related features tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #36203, @aanm)
Add the tls:// prefix in the Hubble TLS doc (Backport PR #36635, Upstream PR #36410, @liyihuang)
chore(deps): update all github action dependencies (v1.16) (#36612, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36762, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36950, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#37099, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (patch) (#36760, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36707, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36787, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36949, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#37033, @cilium-renovate[bot])
chore(deps): update dependency cilium/cilium-cli to v0.16.23 (v1.16) (#36895, @cilium-renovate[bot])
chore(deps): update docker.io/library/busybox:1.36.1 docker digest to 7c3c3ce (v1.16) (#36609, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.10 docker digest to 1a6e657 (v1.16) (#36850, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.10 docker digest to 9855006 (v1.16) (#36610, @cilium-renovate[bot])
chore(deps): update go to v1.22.11 (v1.16) (#37045, @cilium-renovate[bot])
chore(deps): update helm/kind-action action to v1.12.0 (v1.16) (#36839, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#36611, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#36699, @cilium-renovate[bot])
doc: fix typo on kubeproxy-free (CEV -> CVE) (Backport PR #36872, Upstream PR #36701, @alagoutte)
docs: Add missing default identity label in the description of identity-relevant labels' example (Backport PR #36635, Upstream PR #36558, @liyihuang)
docs: Clarify the behavior of CiliumNetworkPolicies toCIDRSet (Backport PR #36635, Upstream PR #36549, @verysonglaa)
Ensure debug symbols are generated for the debug image even when stripping symbols for the release image. (Backport PR #36635, Upstream PR #36417, @EricMountain)
Fix make -C Documentation update-cmdref when make uses --jobserver-style=fifo. (Backport PR #36872, Upstream PR #36788, @gentoo-root)
fix(deps): update module golang.org/x/net to v0.33.0 [security] (v1.16) (#36711, @cilium-renovate[bot])
ingress, gateway-api: Convert test fixtures to file based (Backport PR #36782, Upstream PR #36732, @sayboras)
metrics/features: enable ClusterMesh (Backport PR #36263, Upstream PR #36402, @aanm)
metrics/features: refactor metric names (Backport PR #36263, Upstream PR #36209, @aanm)
Prepare for release v1.16.6 (#36989, @cilium-release-bot[bot])
Remove reference to DNS polling (Backport PR #36872, Upstream PR #36679, @JacobHenner)

Other Changes:

[v1.16] author backport: helm: avoid setting bpf-lb-sock-terminate-pod-connections (#36650, @ysksuzuki)
install: Update image digests for v1.16.5 (#36671, @cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
quay.io/cilium/cilium:stable@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.6@sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a
quay.io/cilium/clustermesh-apiserver:stable@sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a

docker-plugin

quay.io/cilium/docker-plugin:v1.16.6@sha256:f8f5833a60900b0264fd8982b11329e130c1a326afe2e4653e9f2d2e3fb2af66
quay.io/cilium/docker-plugin:stable@sha256:f8f5833a60900b0264fd8982b11329e130c1a326afe2e4653e9f2d2e3fb2af66

hubble-relay

quay.io/cilium/hubble-relay:v1.16.6@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b
quay.io/cilium/hubble-relay:stable@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.6@sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9
quay.io/cilium/operator-alibabacloud:stable@sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9

operator-aws

quay.io/cilium/operator-aws:v1.16.6@sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d
quay.io/cilium/operator-aws:stable@sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d

operator-azure

quay.io/cilium/operator-azure:v1.16.6@sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd
quay.io/cilium/operator-azure:stable@sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd

operator-generic

quay.io/cilium/operator-generic:v1.16.6@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc
quay.io/cilium/operator-generic:stable@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc

operator

quay.io/cilium/operator:v1.16.6@sha256:09ab2878e103fa32a00fd1fe4469f7042cfb053627b44c82fa03a04a820c0b46
quay.io/cilium/operator:stable@sha256:09ab2878e103fa32a00fd1fe4469f7042cfb053627b44c82fa03a04a820c0b46

`v1.16.5`: 1.16.5

Compare Source

Summary of Changes

Minor Changes:

hubble: Stop building 32-bit binaries (Backport PR #36066, Upstream PR #35974, @michi-covalent)

Bugfixes:

Address potential connectivity disruption when using either L7 / DNS Network policies in combination with per-endpoint routes and hostLegacyRouting, or L7 / DNS network policies in combination with IPsec network encryption. (Backport PR #36540, Upstream PR #36484, @julianwiedmann)
bgp: fix race in bgp stores (Backport PR #36066, Upstream PR #35971, @harsimran-pabla)
BGPv1: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (Backport PR #36286, Upstream PR #36230, @rastislavs)
BGPv2: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (Backport PR #36286, Upstream PR #36165, @rastislavs)
Cilium agent now waits until endpoints have restored before starting accepting new xDS streams. (Backport PR #36049, Upstream PR #35984, @jrajahalme)
Cilium no longer keeps old DNS-IP mappings alive while reaping newer ones, leading to spurious drops in connections to domains with many IPs associated. (Backport PR #36462, Upstream PR #36252, @bimmlerd)
cilium-health-ep controller is made to be more robust against successive failures. (Backport PR #36066, Upstream PR #35936, @jrajahalme)
DNS proxy port is no longer released when endpoint with a DNS policy fails to regenerate successfully. A potential deadlock between CEC/CCEC parser and endpoint policy update is removed. (Backport PR #36468, Upstream PR #36142, @jrajahalme)
Envoy "initial fetch timeout" warnings are now demoted to info level, as they are expected to happen during Cilium Agent restart. (Backport PR #36049, Upstream PR #36060, @jrajahalme)
Fix an issue where pod-to-world traffic goes up stack when BPF host routing is enabled with tunnel. (Backport PR #35861, Upstream PR #35098, @jschwinger233)
Fix identity leak for kvstore identity mode (Backport PR #36066, Upstream PR #34893, @odinuge)
Fix potential Cilium agent panic during endpoint restoration, occurring if the corresponding pod gets deleted while the agent is restarting. This regression only affects Cilium v1.16.4. (Backport PR #36302, Upstream PR #36292, @giorio94)
gateway-api: Fix gateway checks for namespace (Backport PR #36462, Upstream PR #35452, @sayboras)
gha: Remove hostLegacyRouting in clustermesh (Backport PR #36357, Upstream PR #35418, @sayboras)
helm: Use an absolute FQDN for the Hubble peer-service endpoint to avoid incorrect DNS resolution outside the cluster (Backport PR #36066, Upstream PR #36005, @devodev)
hubble: consistently use v as prefix for the Hubble version (Backport PR #36286, Upstream PR #35891, @rolinh)
iptables: Fix data race in iptables manager (Backport PR #36066, Upstream PR #35902, @pippolo84)
lrp: update LRP services with stale backends on agent restart (Backport PR #36106, Upstream PR #36036, @ysksuzuki)
policy: Fix bug that allowed port ranges to be attached to L7 policies, which is not permitted. (#36050, @nathanjsweet)
Unbreak the cilium-dbg preflight migrate-identity command (Backport PR #36286, Upstream PR #36089, @giorio94)
Use strconv.Itoa instead of string() for the correct behavior when converting kafka.ErrorCode from int32 to string. Add relevant unit tests for Kafka plugin and handler. (Backport PR #36066, Upstream PR #35856, @nddq)

CI Changes:

[v1.16] ci: modularize chart CI push workflow (#35958, @ferozsalam)
gh: conformance-clustermesh: test with IPsec + BPF NodePort (Backport PR #36462, Upstream PR #36384, @julianwiedmann)
gha: configure environment in build-images-base/image-digests job (Backport PR #36462, Upstream PR #36318, @giorio94)
node_local_store: prevent racey tests while using mock node store. (Backport PR #36066, Upstream PR #35945, @tommyp1ckles)
Remove unnecessary hubble port-forward commands (Backport PR #36066, Upstream PR #33523, @michi-covalent)

Misc Changes:

[v1.16] docs: egress masquerade selector (#36333, @viktor-kurchenko)
[v1.16] images: bump cni plugins to v1.6.0 (#36092, @ferozsalam)
bugtool: dump tail-call map for bpf_wireguard (Backport PR #36286, Upstream PR #36183, @julianwiedmann)
chore(deps): update all github action dependencies (v1.16) (#36155, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36275, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36443, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (patch) (#36277, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#35546, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36152, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36279, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36444, @cilium-renovate[bot])
chore(deps): update cilium/little-vm-helper action to v0.0.19 (v1.16) (#36153, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.9 docker digest to 147f428 (v1.16) (#36222, @cilium-renovate[bot])
chore(deps): update go to v1.22.10 (v1.16) (#36441, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.7-1732605705-2aa20ee3acb68cd38d57669af19508bea8f0ba62 (v1.16) (#36180, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8 (v1.16) (#36495, @cilium-renovate[bot])
chore(deps): update quay.io/lvh-images/kind docker tag to bpf-20241129.013349 (v1.16) (#36278, @cilium-renovate[bot])
chore(deps): update quay.io/lvh-images/kind docker tag to bpf-20241206.013345 (v1.16) (#36442, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#36154, @cilium-renovate[bot])
docs: Add the tls:// prefix before the IP address (Backport PR #36286, Upstream PR #36118, @liyihuang)
docs: Fix typo in multi-pool section title (Backport PR #36312, Upstream PR #36305, @joestringer)
docs: In k0s guide, remove dashes to fix invalid Bash variable names. (Backport PR #36066, Upstream PR #35923, @yilas)
docs: lrp: fix kernel version requirement for skipRedirectFromBackend (Backport PR #36066, Upstream PR #35921, @ysksuzuki)
docs: system-requirements: require 5.4 kernel (Backport PR #36462, Upstream PR #36386, @julianwiedmann)
docs: WireGuard doesn't require overlay port in Network Firewalls (Backport PR #36286, Upstream PR #36208, @julianwiedmann)
Endpoint populate new policymap early if empty (Backport PR #36479, Upstream PR #36361, @jrajahalme)
envoy: Configure internal_address_config to avoid warning log (Backport PR #36015, Upstream PR #35943, @sayboras)
envoy: Pass tofqdns-proxy-response-max-delay to Envoy (Backport PR #36468, Upstream PR #36330, @jrajahalme)
fix(deps): update module golang.org/x/crypto to v0.31.0 [security] (v1.16) (#36530, @cilium-renovate[bot])
Fixed BGP documentation (Backport PR #36066, Upstream PR #35953, @seadog007)
images: Use cilium-builder image instead of golang to build hubble (Backport PR #36312, Upstream PR #35697, @learnitall)
lrp: fix kernel version requirement in warning log (Backport PR #36286, Upstream PR #36141, @ysksuzuki)
Makefile: fix swagger definition for automatic renovate updates (Backport PR #36066, Upstream PR #35979, @aanm)
proxy: Take proxy port reference for new redirects immediately (Backport PR #36468, Upstream PR #36435, @jrajahalme)
proxyports: Resolve data races in test (Backport PR #36468, Upstream PR #36399, @jrajahalme)
proxyports: Sleep a bit longer in tests (Backport PR #36468, Upstream PR #36389, @jrajahalme)
Remove duplicated watch on services and endpoint in the cilium-agent (Backport PR #36066, Upstream PR #35838, @MrFreezeex)
Rework error handling logic in neighbor discovery (Backport PR #36093, Upstream PR #35144, @pippolo84)
Silence spurious clustermesh-related warnings (Backport PR #36225, Upstream PR #35867, @giorio94)
Update documentation for egress masquerading behavior (Backport PR #36462, Upstream PR #36267, @liyihuang)

Other Changes:

[1.16] ci/ipsec-upgrade: increase cilium status wait duration (#36082, @harsimran-pabla)
[v1.16] cilium, service: Fix checkLBSrcRange propagation to LB map (#36511, @borkmann)
install: Update image digests for v1.16.4 (#36047, @cilium-release-bot[bot])
jrajahalme/v1.16 cilium cli (#36541, @jrajahalme)
Revert "workflows/ipsec: Cover Ingress" (#36116, @harsimran-pabla)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
quay.io/cilium/cilium:stable@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.5@sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958
quay.io/cilium/clustermesh-apiserver:stable@sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958

docker-plugin

quay.io/cilium/docker-plugin:v1.16.5@sha256:d6b4ed076ae921535c2a543d4b5b63af474288ee4501653a1f442c935beb5768
quay.io/cilium/docker-plugin:stable@sha256:d6b4ed076ae921535c2a543d4b5b63af474288ee4501653a1f442c935beb5768

hubble-relay

quay.io/cilium/hubble-relay:v1.16.5@sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00
quay.io/cilium/hubble-relay:stable@sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.5@sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0
quay.io/cilium/operator-alibabacloud:stable@sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0

operator-aws

quay.io/cilium/operator-aws:v1.16.5@sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476
quay.io/cilium/operator-aws:stable@sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476

operator-azure

quay.io/cilium/operator-azure:v1.16.5@sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9
quay.io/cilium/operator-azure:stable@sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9

operator-generic

quay.io/cilium/operator-generic:v1.16.5@sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039
quay.io/cilium/operator-generic:stable@sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039

operator

quay.io/cilium/operator:v1.16.5@sha256:617896e1b23a2c4504ab2c84f17964e24dade3b5845f733b11847202230ca940
quay.io/cilium/operator:stable@sha256:617896e1b23a2c4504ab2c84f17964e24dade3b5845f733b11847202230ca940

`v1.16.4`: 1.16.4

Compare Source

Security Advisories

This release addresses GHSA-xg58-75qf-9r67.

Summary of Changes

Minor Changes:

Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR #35908, Upstream PR #35809, @jrajahalme)
clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR #35543, Upstream PR #35349, @giorio94)
helm: Lower default hubble.tls.auto.certValidityDuration to 365 days (Backport PR #35781, Upstream PR #35630, @chancez)
helm: New socketLB.tracing flag (Backport PR #35781, Upstream PR #35747, @pchaigno)
hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR #35781, Upstream PR #35632, @chancez)
netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR #35543, Upstream PR #35306, @jrife)

Bugfixes:

Avoid duplicate errors in health status for node-neighbor-link-updater (Backport PR #35468, Upstream PR #35179, @wedaly)
bgpv1: fix reconciliation of services with shared VIPs (Backport PR #35468, Upstream PR #35333, @rastislavs)
bgpv2,operator: Fix the race condition in the nodeSelector conflict detection logic (Backport PR #35863, Upstream PR #35690, @YutaroHayakawa)
bgpv2: set local peering address when specified (Backport PR #35781, Upstream PR #35552, @harsimran-pabla)
Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. (Backport PR #35603, Upstream PR #35150, @jrajahalme)
Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an timeout waiting for response error is encountered. (Backport PR #35781, Upstream PR #35589, @bimmlerd)
config: Remove superfluous warning on native routing CIDR (Backport PR #35781, Upstream PR #35738, @gandro)
Fix missing flowlabel hash on SRv6 traffic. (Backport PR #35781, Upstream PR #35498, @akaliwod)
Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (Backport PR #35543, Upstream PR #35173, @smagnani96)
Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode (Backport PR #35781, Upstream PR #35673, @giorio94)
Fix redirect from L3 device to remote endpoint via overlay network. (Backport PR #35468, Upstream PR #35165, @julianwiedmann)
Fixed a bug where replies for pod-originating connections came into scope of HostFW Ingress Network policy. Applicable to configurations that use iptables for Masquerading. (Backport PR #35908, Upstream PR #35694, @julianwiedmann)
Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. (Backport PR #35781, Upstream PR #35599, @squeed)
Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. (Backport PR #35543, Upstream PR #35293, @squeed)
Fixes a potential deadlock when restarting cilium agent with pods with DNS interception configured (Backport PR #35906, Upstream PR #35890, @squeed)
Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure" and "alibabacloud". (#35611, @pippolo84)
helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries (Backport PR #35319, Upstream PR #35301, @hox)
helm: fix duplicate configmap key for bpf-lb-sock-terminate-pod-connections (Backport PR #35781, Upstream PR #35703, @solidDoWant)
helm: set automountServiceAccountToken to false for hubble-relay sa (Backport PR #35781, Upstream PR #35674, @ayuspin)
hubble: fix endpoint cluster name (Backport PR #35781, Upstream PR #35415, @kaworu)
hubble: Lock exporters while gathering metrics (Backport PR #35908, Upstream PR #35860, @joestringer)
Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. (Backport PR #35781, Upstream PR #35143, @jrajahalme)
ipam: Validate CiliumNode resource in ENI mode (Backport PR #35792, Upstream PR #35784, @sayboras)
l7lb: fix registration of flag loadbalancer-l7 (Backport PR #35781, Upstream PR #35623, @mhofstetter)
Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout (Backport PR #35319, Upstream PR #35069, @chancez)
option: Reduce log level for WG strict mode + IPv6 (Backport PR #35908, Upstream PR #35763, @pchaigno)
Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. (Backport PR #35468, Upstream PR #35381, @jrajahalme)
treewide: Add wrapper for netlink functions that may fail with ErrDumpInterrupted (Backport PR #35654, Upstream PR #35614, @gandro)
wireguard: Fix connectivity issues following node reboots. (Backport PR #35908, Upstream PR #35750, @jrife)

CI Changes:

.github/conformance-ginkgo: replace deprecated jq flag (Backport PR #35468, Upstream PR #35399, @aanm)
.github: extend timeout for tests-ipsec-upgrade workflow (Backport PR #35781, Upstream PR #35657, @rastislavs)
.github: remove libncurses5 from integration tests (Backport PR #35468, Upstream PR #35408, @aanm)
[v1.16] gh: e2e-upgrade: restart LRP backend pod after upgrade (#35329, @ysksuzuki)
[v1.16] github: update rhel8 LVH image to rhel8.6 (#35733, @julianwiedmann)
Additionally test KVStore mode in E2E/IPSec workflows (Backport PR #35905, Upstream PR #35679, @giorio94)
ci: conformance-kind: re-enable flaky Aggregator test (Backport PR #35582, Upstream PR #35286, @julianwiedmann)
ci: datapath-verifier: bump lvh images (Backport PR #35648, Upstream PR #35456, @julianwiedmann)
gha: Update chmod command (Backport PR #35468, Upstream PR #35400, @sayboras)
github: Pass the workflow step timeout to go test (Backport PR #35908, Upstream PR #35814, @jrajahalme)
Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR #35319, Upstream PR #35267, @aanm)
workflows/gateway-api: Cover IPsec with GatewayAPI (Backport PR #35908, Upstream PR #35584, @pchaigno)
workflows/ingress: Run basic checks (Backport PR #35908, Upstream PR #35683, @pchaigno)
workflows/ipsec: Cover Ingress (Backport PR #35908, Upstream PR #35476, @pchaigno)
workflows: Extend IPsec tests to cover egress gateway (Backport PR #35540, Upstream PR #35323, @pchaigno)

Misc Changes:

.github/build-images-base: checkout base branch to get scripts (Backport PR #35319, Upstream PR #35236, @aanm)
.github: remove retention days for image digests (Backport PR #35468, Upstream PR #35457, @aanm)
bpf: vxlan helper improvements (Backport PR #35543, Upstream PR #34755, @julianwiedmann)
chore(deps): update all github action dependencies (v1.16) (#35382, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35439, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35573, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35710, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#35438, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.8 docker digest to 0ca97f4 (v1.16) (#35730, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.8 docker digest to b274ff1 (v1.16) (#35379, @cilium-renovate[bot])
chore(deps): update go to v1.22.9 (v1.16) ([#35854](https://redirect.github.com/cilium/cilium/issues/3585

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2024-02-01T15:34:46Z

--- kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

+++ kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

@@ -13,13 +13,13 @@

     spec:
       chart: cilium
       sourceRef:
         kind: HelmRepository
         name: cilium
         namespace: flux-system
-      version: 1.14.6
+      version: 1.16.6
   install:
     remediation:
       retries: 3
   interval: 30m
   maxHistory: 2
   uninstall:

github-actions · 2024-02-01T15:34:48Z

--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-dashboard

@@ -39,13 +39,16 @@

             "error": "#890f02",
             "warning": "#c15c17"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -143,13 +146,16 @@

           "aliasColors": {
             "avg": "#cffaff"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -283,13 +289,16 @@

             "MAX_virtual_memory_bytes": "#e5ac0e",
             "Max Virtual Memory": "#584477"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -406,13 +415,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -523,13 +535,16 @@

           "aliasColors": {
             "all nodes": "#e5a8e2"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -648,13 +663,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "description": "BPF memory usage in the entire system including components not managed by Cilium.",
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -771,13 +789,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "description": "Fill percentage of BPF maps, tagged by map name",
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -882,13 +903,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -983,13 +1007,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1084,13 +1111,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1185,13 +1215,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1286,13 +1319,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1387,13 +1423,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1523,13 +1562,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1624,13 +1666,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "decimals": 2,
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -1727,13 +1772,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1828,13 +1876,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -1927,13 +1978,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2028,13 +2082,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2129,13 +2186,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -2251,13 +2311,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "decimals": 2,
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
@@ -2354,13 +2417,16 @@

         },
         {
           "aliasColors": {},
           "bars": true,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

@@ -7,18 +7,18 @@

 data:
   identity-allocation-mode: crd
   identity-heartbeat-timeout: 30m0s
   identity-gc-interval: 15m0s
   cilium-endpoint-gc-interval: 5m0s
   nodes-gc-interval: 5m0s
-  skip-cnp-status-startup-clean: 'false'
   debug: 'false'
   debug-verbose: ''
   enable-policy: always
+  policy-cidr-match-mode: ''
   prometheus-serve-addr: :9962
-  proxy-prometheus-port: '9964'
+  controller-group-metrics: write-cni-file sync-host-ips sync-lb-maps-with-k8s-services
   operator-prometheus-serve-addr: :9963
   enable-metrics: 'true'
   enable-ipv4: 'true'
   enable-ipv6: 'false'
   custom-cni-conf: 'false'
   enable-bpf-clock-probe: 'false'
@@ -26,99 +26,125 @@

   monitor-aggregation-interval: 5s
   monitor-aggregation-flags: all
   bpf-map-dynamic-size-ratio: '0.0025'
   bpf-policy-map-max: '16384'
   bpf-lb-map-max: '65536'
   bpf-lb-external-clusterip: 'false'
+  bpf-events-drop-enabled: 'true'
+  bpf-events-policy-verdict-enabled: 'true'
+  bpf-events-trace-enabled: 'true'
   preallocate-bpf-maps: 'false'
-  sidecar-istio-proxy-image: cilium/istio_proxy
   cluster-name: home-cluster
   cluster-id: '1'
-  routing-mode: native
+  routing-mode: tunnel
+  tunnel-protocol: vxlan
+  service-no-backend-response: reject
   enable-l7-proxy: 'true'
   enable-ipv4-masquerade: 'true'
   enable-ipv4-big-tcp: 'false'
   enable-ipv6-big-tcp: 'false'
   enable-ipv6-masquerade: 'true'
+  enable-tcx: 'true'
+  datapath-mode: veth
   enable-bpf-masquerade: 'true'
+  enable-masquerade-to-route-source: 'false'
   enable-xt-socket-fallback: 'true'
   install-no-conntrack-iptables-rules: 'false'
   auto-direct-node-routes: 'true'
+  direct-routing-skip-unreachable: 'false'
   enable-local-redirect-policy: 'true'
   ipv4-native-routing-cidr: ${CLUSTER_CIDR}
   enable-host-firewall: 'true'
   devices: eth0
+  enable-runtime-device-detection: 'true'
   kube-proxy-replacement: 'true'
   kube-proxy-replacement-healthz-bind-address: 0.0.0.0:10256
   bpf-lb-sock: 'false'
+  bpf-lb-sock-terminate-pod-connections: 'false'
+  nodeport-addresses: ''
   enable-health-check-nodeport: 'true'
+  enable-health-check-loadbalancer-ip: 'false'
   node-port-bind-protection: 'true'
   enable-auto-protect-node-port-range: 'true'
   bpf-lb-mode: dsr
   bpf-lb-algorithm: maglev
+  bpf-lb-acceleration: disabled
   enable-svc-source-range-check: 'true'
   enable-l2-neigh-discovery: 'true'
   arping-refresh-period: 30s
+  k8s-require-ipv4-pod-cidr: 'false'
+  k8s-require-ipv6-pod-cidr: 'false'
   enable-endpoint-routes: 'true'
   enable-k8s-networkpolicy: 'true'
   write-cni-conf-when-ready: /host/etc/cni/net.d/05-cilium.conflist
   cni-exclusive: 'true'
   cni-log-file: /var/run/cilium/cilium-cni.log
   enable-endpoint-health-checking: 'true'
   enable-health-checking: 'true'
   enable-well-known-identities: 'false'
-  enable-remote-node-identity: 'true'
+  enable-node-selector-labels: 'false'
   synchronize-k8s-nodes: 'true'
   policy-audit-mode: 'true'
   operator-api-serve-addr: 127.0.0.1:9234
   enable-hubble: 'true'
   hubble-socket-path: /var/run/cilium/hubble.sock
   hubble-metrics-server: :9965
+  hubble-metrics-server-enable-tls: 'false'
   hubble-metrics: dns:query drop tcp flow port-distribution icmp http
   enable-hubble-open-metrics: 'false'
+  hubble-export-file-max-size-mb: '10'
+  hubble-export-file-max-backups: '5'
   hubble-listen-address: :4244
   hubble-disable-tls: 'false'
   hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
   hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
   hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
   ipam: kubernetes
   ipam-cilium-node-update-rate: 15s
-  disable-cnp-status-updates: 'true'
-  cnp-node-status-gc-interval: 0s
   egress-gateway-reconciliation-trigger-interval: 1s
   enable-vtep: 'false'
   vtep-endpoint: ''
   vtep-cidr: ''
   vtep-mask: ''
   vtep-mac: ''
   enable-l2-announcements: 'true'
   l2-announcements-lease-duration: 120s
   l2-announcements-renew-deadline: 60s
   l2-announcements-retry-period: 1s
-  enable-bgp-control-plane: 'false'
   bpf-root: /sys/fs/bpf
   cgroup-root: /run/cilium/cgroupv2
   enable-k8s-terminating-endpoint: 'true'
   enable-sctp: 'false'
-  k8s-client-qps: '5'
-  k8s-client-burst: '10'
+  k8s-client-qps: '10'
+  k8s-client-burst: '20'
   remove-cilium-node-taints: 'true'
   set-cilium-node-taints: 'true'
   set-cilium-is-up-condition: 'true'
   unmanaged-pod-watcher-interval: '15'
   dnsproxy-enable-transparent-mode: 'true'
+  dnsproxy-socket-linger-timeout: '10'
   tofqdns-dns-reject-response-code: refused
   tofqdns-enable-dns-compression: 'true'
   tofqdns-endpoint-max-ip-per-hostname: '50'
   tofqdns-idle-connection-grace-period: 0s
   tofqdns-max-deferred-connection-deletes: '10000'
   tofqdns-proxy-response-max-delay: 100ms
   agent-not-ready-taint-key: node.cilium.io/agent-not-ready
   mesh-auth-enabled: 'true'
   mesh-auth-queue-size: '1024'
   mesh-auth-rotated-identities-queue-size: '1024'
   mesh-auth-gc-interval: 5m0s
+  proxy-xff-num-trusted-hops-ingress: '0'
+  proxy-xff-num-trusted-hops-egress: '0'
   proxy-connect-timeout: '2'
   proxy-max-requests-per-connection: '0'
   proxy-max-connection-duration-seconds: '0'
-  external-envoy-proxy: 'false'
+  proxy-idle-timeout-seconds: '60'
+  external-envoy-proxy: 'true'
+  envoy-base-id: '0'
+  envoy-keep-cap-netbindservice: 'false'
+  max-connected-clusters: '255'
+  clustermesh-enable-endpoint-sync: 'false'
+  clustermesh-enable-mcs-api: 'false'
+  nat-map-stats-entries: '32'
+  nat-map-stats-interval: 30s
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-operator-dashboard

@@ -11,17 +11,30 @@

     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
   cilium-operator-dashboard.json: |
     {
+      "__inputs": [
+        {
+          "name": "DS_PROMETHEUS",
+          "label": "prometheus",
+          "description": "",
+          "type": "datasource",
+          "pluginId": "prometheus",
+          "pluginName": "Prometheus"
+        }
+      ],
       "annotations": {
         "list": [
           {
             "builtIn": 1,
-            "datasource": "-- Grafana --",
+            "datasource": {
+              "type": "datasource",
+              "uid": "grafana"
+            },
             "enable": true,
             "hide": true,
             "iconColor": "rgba(0, 211, 255, 1)",
             "name": "Annotations & Alerts",
             "type": "dashboard"
           }
@@ -37,13 +50,16 @@

           "aliasColors": {
             "avg": "#cffaff"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -163,13 +179,16 @@

           "aliasColors": {
             "MAX_resident_memory_bytes_max": "#e5ac0e"
           },
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -293,13 +312,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -390,13 +412,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -487,13 +512,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -584,13 +612,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -681,13 +712,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -778,13 +812,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
@@ -875,13 +912,16 @@

         },
         {
           "aliasColors": {},
           "bars": false,
           "dashLength": 10,
           "dashes": false,
-          "datasource": "prometheus",
+          "datasource": {
+            "type": "prometheus",
+            "uid": "${DS_PROMETHEUS}"
+          },
           "fieldConfig": {
             "defaults": {
               "custom": {}
             },
             "overrides": []
           },
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-relay-config

@@ -6,9 +6,9 @@

   namespace: kube-system
 data:
   config.yaml: "cluster-name: home-cluster\npeer-service: \"hubble-peer.kube-system.svc.cluster.local:443\"\
     \nlisten-address: :4245\ngops: true\ngops-port: \"9893\"\ndial-timeout: \nretry-timeout:\
     \ \nsort-buffer-len-max: \nsort-buffer-drain-timeout: \ntls-hubble-client-cert-file:\
     \ /var/lib/hubble-relay/tls/client.crt\ntls-hubble-client-key-file: /var/lib/hubble-relay/tls/client.key\n\
-    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\ndisable-server-tls:\
-    \ true\n"
+    tls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\n\n\
+    disable-server-tls: true\n"
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-ui-nginx

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-ui-nginx

@@ -15,8 +15,10 @@

     \ range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;\n\
     \        if ($request_method = OPTIONS) {\n            return 204;\n        }\n\
     \        # /CORS\n\n        location /api {\n            proxy_http_version 1.1;\n\
     \            proxy_pass_request_headers on;\n            proxy_hide_header Access-Control-Allow-Origin;\n\
     \            proxy_pass http://127.0.0.1:8090;\n        }\n        location /\
     \ {\n            # double `/index.html` is required here \n            try_files\
-    \ $uri $uri/ /index.html /index.html;\n        }\n    }\n}"
+    \ $uri $uri/ /index.html /index.html;\n        }\n\n        # Liveness probe\n\
+    \        location /healthz {\n            access_log off;\n            add_header\
+    \ Content-Type text/plain;\n            return 200 'ok';\n        }\n    }\n}"
 
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dashboard

@@ -9,3240 +9,1059 @@

     app.kubernetes.io/name: hubble
     app.kubernetes.io/part-of: cilium
     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
-  hubble-dashboard.json: |
-    {
-      "annotations": {
-        "list": [
-          {
-            "builtIn": 1,
-            "datasource": "-- Grafana --",
-            "enable": true,
-            "hide": true,
-            "iconColor": "rgba(0, 211, 255, 1)",
-            "name": "Annotations & Alerts",
-            "type": "dashboard"
-          }
-        ]
-      },
-      "editable": true,
-      "gnetId": null,
-      "graphTooltip": 0,
-      "id": 3,
-      "links": [],
-      "panels": [
-        {
-          "collapsed": false,
-          "gridPos": {
-            "h": 1,
-            "w": 24,
-            "x": 0,
-            "y": 0
-          },
-          "id": 14,
-          "panels": [],
-          "title": "General Processing",
-          "type": "row"
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 0,
-            "y": 1
-          },
-          "id": 12,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [
-            {
-              "alias": "max",
-              "fillBelowTo": "avg",
-              "lines": false
-            },
-            {
-              "alias": "avg",
-              "fill": 0,
-              "fillBelowTo": "min"
-            },
-            {
-              "alias": "min",
-              "lines": false
-            }
-          ],
-          "spaceLength": 10,
-          "stack": false,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "avg(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "avg",
-              "refId": "A"
-            },
-            {
-              "expr": "min(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "min",
-              "refId": "B"
-            },
-            {
-              "expr": "max(sum(rate(hubble_flows_processed_total[1m])) by (pod))",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "max",
-              "refId": "C"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Flows processed Per Node",
-          "tooltip": {
-            "shared": true,
-            "sort": 1,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 12,
-            "y": 1
-          },
-          "id": 32,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total[1m])) by (pod, type)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{type}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Flows Types",
-          "tooltip": {
-            "shared": true,
-            "sort": 2,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 0,
-            "y": 6
-          },
-          "id": 59,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total{type=\"L7\"}[1m])) by (pod, subtype)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{subtype}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "L7 Flow Distribution",
-          "tooltip": {
-            "shared": true,
-            "sort": 2,
-            "value_type": "individual"
-          },
-          "type": "graph",
-          "xaxis": {
-            "buckets": null,
-            "mode": "time",
-            "name": null,
-            "show": true,
-            "values": []
-          },
-          "yaxes": [
-            {
-              "format": "ops",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            },
-            {
-              "format": "short",
-              "label": null,
-              "logBase": 1,
-              "max": null,
-              "min": null,
-              "show": true
-            }
-          ],
-          "yaxis": {
-            "align": false,
-            "alignLevel": null
-          }
-        },
-        {
-          "aliasColors": {},
-          "bars": false,
-          "dashLength": 10,
-          "dashes": false,
-          "datasource": "prometheus",
-          "fill": 1,
-          "gridPos": {
-            "h": 5,
-            "w": 12,
-            "x": 12,
-            "y": 6
-          },
-          "id": 60,
-          "legend": {
-            "avg": false,
-            "current": false,
-            "max": false,
-            "min": false,
-            "show": true,
-            "total": false,
-            "values": false
-          },
-          "lines": true,
-          "linewidth": 1,
-          "links": [],
-          "nullPointMode": "null",
-          "options": {},
-          "percentage": false,
-          "pointradius": 2,
-          "points": false,
-          "renderer": "flot",
-          "seriesOverrides": [],
-          "spaceLength": 10,
-          "stack": true,
-          "steppedLine": false,
-          "targets": [
-            {
-              "expr": "sum(rate(hubble_flows_processed_total{type=\"Trace\"}[1m])) by (pod, subtype)",
-              "format": "time_series",
-              "intervalFactor": 1,
-              "legendFormat": "{{subtype}}",
-              "refId": "A"
-            }
-          ],
-          "thresholds": [],
-          "timeFrom": null,
-          "timeRegions": [],
-          "timeShift": null,
-          "title": "Trace Flow Distribution",
-          "tooltip": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-l7-http-metrics-by-workload

@@ -11,13 +11,22 @@

     grafana_dashboard: '1'
   annotations:
     grafana_folder: Cilium
 data:
   hubble-l7-http-metrics-by-workload.json: |
     {
-      "__inputs": [],
+      "__inputs": [
+        {
+          "name": "DS_PROMETHEUS",
+          "label": "prometheus",
+          "description": "",
+          "type": "datasource",
+          "pluginId": "prometheus",
+          "pluginName": "Prometheus"
+        }
+      ],
       "__elements": {},
       "__requires": [
         {
           "type": "grafana",
           "id": "grafana",
           "name": "Grafana",
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

@@ -54,12 +54,15 @@

   - get
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
   - ciliumbgppeeringpolicies
+  - ciliumbgpnodeconfigs
+  - ciliumbgpadvertisements
+  - ciliumbgppeerconfigs
   - ciliumclusterwideenvoyconfigs
   - ciliumclusterwidenetworkpolicies
   - ciliumegressgatewaypolicies
   - ciliumendpoints
   - ciliumendpointslices
   - ciliumenvoyconfigs
@@ -103,14 +106,13 @@

   verbs:
   - get
   - update
 - apiGroups:
   - cilium.io
   resources:
-  - ciliumnetworkpolicies/status
-  - ciliumclusterwidenetworkpolicies/status
   - ciliumendpoints/status
   - ciliumendpoints
   - ciliuml2announcementpolicies/status
+  - ciliumbgpnodeconfigs/status
   verbs:
   - patch
 
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

@@ -116,12 +116,15 @@

   - update
 - apiGroups:
   - cilium.io
   resources:
   - ciliumendpointslices
   - ciliumenvoyconfigs
+  - ciliumbgppeerconfigs
+  - ciliumbgpadvertisements
+  - ciliumbgpnodeconfigs
   verbs:
   - create
   - update
   - get
   - list
   - watch
@@ -142,12 +145,17 @@

   - customresourcedefinitions
   verbs:
   - update
   resourceNames:
   - ciliumloadbalancerippools.cilium.io
   - ciliumbgppeeringpolicies.cilium.io
+  - ciliumbgpclusterconfigs.cilium.io
+  - ciliumbgppeerconfigs.cilium.io
+  - ciliumbgpadvertisements.cilium.io
+  - ciliumbgpnodeconfigs.cilium.io
+  - ciliumbgpnodeconfigoverrides.cilium.io
   - ciliumclusterwideenvoyconfigs.cilium.io
   - ciliumclusterwidenetworkpolicies.cilium.io
   - ciliumegressgatewaypolicies.cilium.io
   - ciliumendpoints.cilium.io
   - ciliumendpointslices.cilium.io
   - ciliumenvoyconfigs.cilium.io
@@ -162,12 +170,15 @@

   - ciliumpodippools.cilium.io
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
   - ciliumpodippools
+  - ciliumbgppeeringpolicies
+  - ciliumbgpclusterconfigs
+  - ciliumbgpnodeconfigoverrides
   verbs:
   - get
   - list
   - watch
 - apiGroups:
   - cilium.io
--- HelmRelease: kube-system/cilium Service: kube-system/cilium-agent

+++ HelmRelease: kube-system/cilium Service: kube-system/cilium-agent

@@ -15,11 +15,7 @@

     k8s-app: cilium
   ports:
   - name: metrics
     port: 9962
     protocol: TCP
     targetPort: prometheus
-  - name: envoy-metrics
-    port: 9964
-    protocol: TCP
-    targetPort: envoy-metrics
 
--- HelmRelease: kube-system/cilium Service: kube-system/hubble-relay

+++ HelmRelease: kube-system/cilium Service: kube-system/hubble-relay

@@ -12,8 +12,8 @@

   type: ClusterIP
   selector:
     k8s-app: hubble-relay
   ports:
   - protocol: TCP
     port: 80
-    targetPort: 4245
+    targetPort: grpc
 
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -16,21 +16,24 @@

     rollingUpdate:
       maxUnavailable: 2
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 279c9c593b91f6224c3e0dd82cd16f7d787039c25365991b76640259a84586dd
+        cilium.io/cilium-configmap-checksum: 679d0fbe0d5453b4f304cd7b56defe833f351dfeb6ca9d0d67bfa4c1511ed3c2
       labels:
         k8s-app: cilium
         app.kubernetes.io/name: cilium-agent
         app.kubernetes.io/part-of: cilium
     spec:
+      securityContext:
+        appArmorProfile:
+          type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -42,12 +45,13 @@

             httpHeaders:
             - name: brief
               value: 'true'
           failureThreshold: 105
           periodSeconds: 2
           successThreshold: 1
+          initialDelaySeconds: 5
         livenessProbe:
           httpGet:
             host: 127.0.0.1
             path: /healthz
             port: 9879
             scheme: HTTP
@@ -81,12 +85,17 @@

           valueFrom:
             fieldRef:
               apiVersion: v1
               fieldPath: metadata.namespace
         - name: CILIUM_CLUSTERMESH_CONFIG
           value: /var/lib/cilium/clustermesh/
+        - name: GOMEMLIMIT
+          valueFrom:
+            resourceFieldRef:
+              resource: limits.memory
+              divisor: '1'
         - name: KUBERNETES_SERVICE_HOST
           value: ${KUBE_VIP_ADDR}
         - name: KUBERNETES_SERVICE_PORT
           value: '6443'
         lifecycle:
           postStart:
@@ -124,24 +133,23 @@

           hostPort: 4244
           protocol: TCP
         - name: prometheus
           containerPort: 9962
           hostPort: 9962
           protocol: TCP
-        - name: envoy-metrics
-          containerPort: 9964
-          hostPort: 9964
-          protocol: TCP
         - name: hubble-metrics
           containerPort: 9965
           hostPort: 9965
           protocol: TCP
         securityContext:
           privileged: true
         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
+        - name: envoy-sockets
+          mountPath: /var/run/cilium/envoy/sockets
+          readOnly: false
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
         - name: cilium-run
           mountPath: /var/run/cilium
         - name: etc-cni-netd
@@ -158,16 +166,16 @@

           mountPath: /var/lib/cilium/tls/hubble
           readOnly: true
         - name: tmp
           mountPath: /tmp
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
-        imagePullPolicy: IfNotPresent
-        command:
-        - cilium
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
+        imagePullPolicy: IfNotPresent
+        command:
+        - cilium-dbg
         - build-config
         env:
         - name: K8S_NODE_NAME
           valueFrom:
             fieldRef:
               apiVersion: v1
@@ -183,13 +191,13 @@

           value: '6443'
         volumeMounts:
         - name: tmp
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: mount-cgroup
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         env:
         - name: CGROUP_ROOT
           value: /run/cilium/cgroupv2
         - name: BIN_PATH
           value: /opt/cni/bin
@@ -206,13 +214,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - sh
@@ -227,13 +235,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -243,12 +251,18 @@

               optional: true
         - name: CILIUM_BPF_STATE
           valueFrom:
             configMapKeyRef:
               name: cilium-config
               key: clean-cilium-bpf-state
+              optional: true
+        - name: WRITE_CNI_CONF_WHEN_READY
+          valueFrom:
+            configMapKeyRef:
+              name: cilium-config
+              key: write-cni-conf-when-ready
               optional: true
         - name: KUBERNETES_SERVICE_HOST
           value: ${KUBE_VIP_ADDR}
         - name: KUBERNETES_SERVICE_PORT
           value: '6443'
         terminationMessagePolicy: FallbackToLogsOnError
@@ -260,13 +274,13 @@

         - name: cilium-cgroup
           mountPath: /run/cilium/cgroupv2
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.14.6@sha256:37a49f1abb333279a9b802ee8a21c61cde9dd9138b5ac55f77bdfca733ba852a
+        image: quay.io/cilium/cilium:v1.16.1@sha256:0b4a3ab41a4760d86b7fc945b8783747ba27f29dac30dd434d94f2c9e3679f39
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           requests:
             cpu: 100m
@@ -279,13 +293,12 @@

         terminationMessagePolicy: FallbackToLogsOnError
         volumeMounts:
         - name: cni-path
           mountPath: /host/opt/cni/bin
       restartPolicy: Always
       priorityClassName: system-node-critical
-      serviceAccount: cilium
       serviceAccountName: cilium
       automountServiceAccountToken: true
       terminationGracePeriodSeconds: 1
       hostNetwork: true
       affinity:
         podAntiAffinity:
@@ -329,12 +342,16 @@

         hostPath:
           path: /lib/modules
       - name: xtables-lock
         hostPath:
           path: /run/xtables.lock
           type: FileOrCreate
+      - name: envoy-sockets
+        hostPath:
+          path: /var/run/cilium/envoy/sockets
+          type: DirectoryOrCreate
       - name: clustermesh-secrets
         projected:
           defaultMode: 256
           sources:
           - secret:
               name: cilium-clustermesh
@@ -346,12 +363,22 @@

               - key: tls.key
                 path: common-etcd-client.key
               - key: tls.crt
                 path: common-etcd-client.crt
               - key: ca.crt
                 path: common-etcd-client-ca.crt
+          - secret:
+              name: clustermesh-apiserver-local-cert
+              optional: true
+              items:
+              - key: tls.key
+                path: local-etcd-client.key
+              - key: tls.crt
+                path: local-etcd-client.crt
+              - key: ca.crt
+                path: local-etcd-client-ca.crt
       - name: hubble-tls
         projected:
           defaultMode: 256
           sources:
           - secret:
               name: hubble-server-certs
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -20,22 +20,22 @@

       maxSurge: 25%
       maxUnavailable: 100%
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 279c9c593b91f6224c3e0dd82cd16f7d787039c25365991b76640259a84586dd
+        cilium.io/cilium-configmap-checksum: 679d0fbe0d5453b4f304cd7b56defe833f351dfeb6ca9d0d67bfa4c1511ed3c2
       labels:
         io.cilium/app: operator
         name: cilium-operator
         app.kubernetes.io/part-of: cilium
         app.kubernetes.io/name: cilium-operator
     spec:
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.14.6@sha256:2f0bf8fb8362c7379f3bf95036b90ad5b67378ed05cd8eb0410c1afc13423848
+        image: quay.io/cilium/operator-generic:v1.16.1@sha256:3bc7e7a43bc4a4d8989cb7936c5d96675dd2d02c306adf925ce0a7c35aa27dc4
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=$(CILIUM_DEBUG)
@@ -89,13 +89,12 @@

           mountPath: /tmp/cilium/config-map
           readOnly: true
         terminationMessagePolicy: FallbackToLogsOnError
       hostNetwork: true
       restartPolicy: Always
       priorityClassName: system-cluster-critical
-      serviceAccount: cilium-operator
       serviceAccountName: cilium-operator
       automountServiceAccountToken: true
       affinity:
         podAntiAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
           - labelSelector:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

@@ -17,13 +17,13 @@

     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/hubble-relay-configmap-checksum: 2377e902b05fcb5eab2f040823d96bf083593a39234638f79da89f0a3ba15121
+        cilium.io/hubble-relay-configmap-checksum: 69e30dec0c0be57e5f35be49d3b9dc513789c37c6c5976f288ad36a6cb24bfb7
       labels:
         k8s-app: hubble-relay
         app.kubernetes.io/name: hubble-relay
         app.kubernetes.io/part-of: cilium
     spec:
       securityContext:
@@ -34,38 +34,48 @@

           capabilities:
             drop:
             - ALL
           runAsGroup: 65532
           runAsNonRoot: true
           runAsUser: 65532
-        image: quay.io/cilium/hubble-relay:v1.14.6@sha256:adeb90adae481bb952211483f511afee40825707953ed7ac118902d3bc8dd37f
+        image: quay.io/cilium/hubble-relay:v1.16.1@sha256:2e1b4c739a676ae187d4c2bfc45c3e865bda2567cc0320a90cb666657fcfcc35
         imagePullPolicy: IfNotPresent
         command:
         - hubble-relay
         args:
         - serve
         ports:
         - name: grpc
           containerPort: 4245
         readinessProbe:
-          tcpSocket:
-            port: grpc
+          grpc:
+            port: 4222
+          timeoutSeconds: 3
         livenessProbe:
-          tcpSocket:
-            port: grpc
+          grpc:
+            port: 4222
+          timeoutSeconds: 10
+          initialDelaySeconds: 10
+          periodSeconds: 10
+          failureThreshold: 12
+        startupProbe:
+          grpc:
+            port: 4222
+          initialDelaySeconds: 10
+          failureThreshold: 20
+          periodSeconds: 3
         volumeMounts:
         - name: config
           mountPath: /etc/hubble-relay
           readOnly: true
         - name: tls
           mountPath: /var/lib/hubble-relay/tls
           readOnly: true
         terminationMessagePolicy: FallbackToLogsOnError
       restartPolicy: Always
       priorityClassName: null
-      serviceAccount: hubble-relay
       serviceAccountName: hubble-relay
       automountServiceAccountToken: false
       terminationGracePeriodSeconds: 1
       affinity:
         podAffinity:
           requiredDuringSchedulingIgnoredDuringExecution:
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui

+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-ui

@@ -17,38 +17,49 @@

     rollingUpdate:
       maxUnavailable: 1
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/hubble-ui-nginx-configmap-checksum: 02d6b04b131029fae39270192dcff10fa3a64af9d1d4d0049f1efbc3f5526a34
+        cilium.io/hubble-ui-nginx-configmap-checksum: e8acee96ed990156efd0291c8c33709d2c7902d2ec993eefa16c7cd3d1a9d84b
       labels:
         k8s-app: hubble-ui
         app.kubernetes.io/name: hubble-ui
         app.kubernetes.io/part-of: cilium
     spec:
+      securityContext:
+        fsGroup: 1001
+        runAsGroup: 1001
+        runAsUser: 1001
       priorityClassName: null
-      serviceAccount: hubble-ui
       serviceAccountName: hubble-ui
       automountServiceAccountToken: true
       containers:
       - name: frontend
-        image: quay.io/cilium/hubble-ui:v0.12.1@sha256:9e5f81ee747866480ea1ac4630eb6975ff9227f9782b7c93919c081c33f38267
+        image: quay.io/cilium/hubble-ui:v0.13.1@sha256:e2e9313eb7caf64b0061d9da0efbdad59c6c461f6ca1752768942bfeda0796c6
         imagePullPolicy: IfNotPresent
         ports:
         - name: http
           containerPort: 8081
+        livenessProbe:
+          httpGet:
+            path: /healthz
+            port: 8081
+        readinessProbe:
+          httpGet:
+            path: /
+            port: 8081
         volumeMounts:
         - name: hubble-ui-nginx-conf
           mountPath: /etc/nginx/conf.d/default.conf
           subPath: nginx.conf
         - name: tmp-dir
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: backend
-        image: quay.io/cilium/hubble-ui-backend:v0.12.1@sha256:1f86f3400827a0451e6332262467f894eeb7caf0eb8779bd951e2caa9d027cbe
+        image: quay.io/cilium/hubble-ui-backend:v0.13.1@sha256:0e0eed917653441fded4e7cdb096b7be6a3bddded5a2dd10812a27b1fc6ed95b
         imagePullPolicy: IfNotPresent
         env:
         - name: EVENTS_SERVER_PORT
           value: '8090'
         - name: FLOWS_API_ADDR
           value: hubble-relay:80
--- HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble

+++ HelmRelease: kube-system/cilium ServiceMonitor: kube-system/hubble

@@ -15,12 +15,13 @@

     - kube-system
   endpoints:
   - port: hubble-metrics
     interval: 10s
     honorLabels: true
     path: /metrics
+    scheme: http
     relabelings:
     - replacement: ${1}
       sourceLabels:
       - __meta_kubernetes_pod_node_name
       targetLabel: node
 
--- HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium ServiceAccount: kube-system/cilium-envoy

@@ -0,0 +1,7 @@

+---
+apiVersion: v1
+kind: ServiceAccount
+metadata:
+  name: cilium-envoy
+  namespace: kube-system
+
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

@@ -0,0 +1,326 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: cilium-envoy-config
+  namespace: kube-system
+data:
+  bootstrap-config.json: |
+    {
+      "node": {
+        "id": "host~127.0.0.1~no-id~localdomain",
+        "cluster": "ingress-cluster"
+      },
+      "staticResources": {
+        "listeners": [
+          {
+            "name": "envoy-prometheus-metrics-listener",
+            "address": {
+              "socket_address": {
+                "address": "0.0.0.0",
+                "port_value": 9964
+              }
+            },
+            "filter_chains": [
+              {
+                "filters": [
+                  {
+                    "name": "envoy.filters.network.http_connection_manager",
+                    "typed_config": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                      "stat_prefix": "envoy-prometheus-metrics-listener",
+                      "route_config": {
+                        "virtual_hosts": [
+                          {
+                            "name": "prometheus_metrics_route",
+                            "domains": [
+                              "*"
+                            ],
+                            "routes": [
+                              {
+                                "name": "prometheus_metrics_route",
+                                "match": {
+                                  "prefix": "/metrics"
+                                },
+                                "route": {
+                                  "cluster": "/envoy-admin",
+                                  "prefix_rewrite": "/stats/prometheus"
+                                }
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      "http_filters": [
+                        {
+                          "name": "envoy.filters.http.router",
+                          "typed_config": {
+                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                          }
+                        }
+                      ],
+                      "stream_idle_timeout": "0s"
+                    }
+                  }
+                ]
+              }
+            ]
+          },
+          {
+            "name": "envoy-health-listener",
+            "address": {
+              "socket_address": {
+                "address": "127.0.0.1",
+                "port_value": 9878
+              }
+            },
+            "filter_chains": [
+              {
+                "filters": [
+                  {
+                    "name": "envoy.filters.network.http_connection_manager",
+                    "typed_config": {
+                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
+                      "stat_prefix": "envoy-health-listener",
+                      "route_config": {
+                        "virtual_hosts": [
+                          {
+                            "name": "health",
+                            "domains": [
+                              "*"
+                            ],
+                            "routes": [
+                              {
+                                "name": "health",
+                                "match": {
+                                  "prefix": "/healthz"
+                                },
+                                "route": {
+                                  "cluster": "/envoy-admin",
+                                  "prefix_rewrite": "/ready"
+                                }
+                              }
+                            ]
+                          }
+                        ]
+                      },
+                      "http_filters": [
+                        {
+                          "name": "envoy.filters.http.router",
+                          "typed_config": {
+                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
+                          }
+                        }
+                      ],
+                      "stream_idle_timeout": "0s"
+                    }
+                  }
+                ]
+              }
+            ]
+          }
+        ],
+        "clusters": [
+          {
+            "name": "ingress-cluster",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s"
+          },
+          {
+            "name": "egress-cluster-tls",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "upstreamHttpProtocolOptions": {},
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s",
+            "transportSocket": {
+              "name": "cilium.tls_wrapper",
+              "typedConfig": {
+                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+              }
+            }
+          },
+          {
+            "name": "egress-cluster",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s"
+          },
+          {
+            "name": "ingress-cluster-tls",
+            "type": "ORIGINAL_DST",
+            "connectTimeout": "2s",
+            "lbPolicy": "CLUSTER_PROVIDED",
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "commonHttpProtocolOptions": {
+                  "idleTimeout": "60s",
+                  "maxConnectionDuration": "0s",
+                  "maxRequestsPerConnection": 0
+                },
+                "upstreamHttpProtocolOptions": {},
+                "useDownstreamProtocolConfig": {}
+              }
+            },
+            "cleanupInterval": "2.500s",
+            "transportSocket": {
+              "name": "cilium.tls_wrapper",
+              "typedConfig": {
+                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
+              }
+            }
+          },
+          {
+            "name": "xds-grpc-cilium",
+            "type": "STATIC",
+            "connectTimeout": "2s",
+            "loadAssignment": {
+              "clusterName": "xds-grpc-cilium",
+              "endpoints": [
+                {
+                  "lbEndpoints": [
+                    {
+                      "endpoint": {
+                        "address": {
+                          "pipe": {
+                            "path": "/var/run/cilium/envoy/sockets/xds.sock"
+                          }
+                        }
+                      }
+                    }
+                  ]
+                }
+              ]
+            },
+            "typedExtensionProtocolOptions": {
+              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
+                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
+                "explicitHttpConfig": {
+                  "http2ProtocolOptions": {}
+                }
+              }
+            }
+          },
+          {
+            "name": "/envoy-admin",
+            "type": "STATIC",
+            "connectTimeout": "2s",
+            "loadAssignment": {
+              "clusterName": "/envoy-admin",
+              "endpoints": [
+                {
+                  "lbEndpoints": [
+                    {
+                      "endpoint": {
+                        "address": {
+                          "pipe": {
+                            "path": "/var/run/cilium/envoy/sockets/admin.sock"
+                          }
+                        }
+                      }
+                    }
+                  ]
+                }
+              ]
+            }
+          }
+        ]
+      },
+      "dynamicResources": {
+        "ldsConfig": {
+          "apiConfigSource": {
+            "apiType": "GRPC",
+            "transportApiVersion": "V3",
+            "grpcServices": [
+              {
+                "envoyGrpc": {
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-dns-namespace

@@ -0,0 +1,240 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-dns-namespace
+  namespace: kube-system
+  labels:
+    k8s-app: hubble
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    grafana_dashboard: '1'
+  annotations:
+    grafana_folder: Cilium
+data:
+  hubble-dns-namespace.json: "{\n    \"__inputs\": [\n      {\n        \"name\": \"\
+    DS_PROMETHEUS\",\n        \"label\": \"Prometheus\",\n        \"description\"\
+    : \"\",\n        \"type\": \"datasource\",\n        \"pluginId\": \"prometheus\"\
+    ,\n        \"pluginName\": \"Prometheus\"\n      }\n    ],\n    \"__elements\"\
+    : {},\n    \"__requires\": [\n      {\n        \"type\": \"panel\",\n        \"\
+    id\": \"bargauge\",\n        \"name\": \"Bar gauge\",\n        \"version\": \"\
+    \"\n      },\n      {\n        \"type\": \"grafana\",\n        \"id\": \"grafana\"\
+    ,\n        \"name\": \"Grafana\",\n        \"version\": \"9.4.7\"\n      },\n\
+    \      {\n        \"type\": \"datasource\",\n        \"id\": \"prometheus\",\n\
+    \        \"name\": \"Prometheus\",\n        \"version\": \"1.0.0\"\n      },\n\
+    \      {\n        \"type\": \"panel\",\n        \"id\": \"timeseries\",\n    \
+    \    \"name\": \"Time series\",\n        \"version\": \"\"\n      }\n    ],\n\
+    \    \"annotations\": {\n      \"list\": [\n        {\n          \"builtIn\":\
+    \ 1,\n          \"datasource\": {\n            \"type\": \"datasource\",\n   \
+    \         \"uid\": \"grafana\"\n          },\n          \"enable\": true,\n  \
+    \        \"hide\": true,\n          \"iconColor\": \"rgba(0, 211, 255, 1)\",\n\
+    \          \"name\": \"Annotations & Alerts\",\n          \"target\": {\n    \
+    \        \"limit\": 100,\n            \"matchAny\": false,\n            \"tags\"\
+    : [],\n            \"type\": \"dashboard\"\n          },\n          \"type\":\
+    \ \"dashboard\"\n        }\n      ]\n    },\n    \"description\": \"\",\n    \"\
+    editable\": true,\n    \"fiscalYearStartMonth\": 0,\n    \"gnetId\": 16612,\n\
+    \    \"graphTooltip\": 0,\n    \"id\": null,\n    \"links\": [\n      {\n    \
+    \    \"asDropdown\": true,\n        \"icon\": \"external link\",\n        \"includeVars\"\
+    : true,\n        \"keepTime\": true,\n        \"tags\": [\n          \"cilium-overview\"\
+    \n        ],\n        \"targetBlank\": false,\n        \"title\": \"Cilium Overviews\"\
+    ,\n        \"tooltip\": \"\",\n        \"type\": \"dashboards\",\n        \"url\"\
+    : \"\"\n      },\n      {\n        \"asDropdown\": true,\n        \"icon\": \"\
+    external link\",\n        \"includeVars\": false,\n        \"keepTime\": true,\n\
+    \        \"tags\": [\n          \"hubble\"\n        ],\n        \"targetBlank\"\
+    : false,\n        \"title\": \"Hubble\",\n        \"tooltip\": \"\",\n       \
+    \ \"type\": \"dashboards\",\n        \"url\": \"\"\n      }\n    ],\n    \"liveNow\"\
+    : false,\n    \"panels\": [\n      {\n        \"collapsed\": false,\n        \"\
+    gridPos\": {\n          \"h\": 1,\n          \"w\": 24,\n          \"x\": 0,\n\
+    \          \"y\": 0\n        },\n        \"id\": 2,\n        \"panels\": [],\n\
+    \        \"title\": \"DNS\",\n        \"type\": \"row\"\n      },\n      {\n \
+    \       \"datasource\": {\n          \"type\": \"prometheus\",\n          \"uid\"\
+    : \"${DS_PROMETHEUS}\"\n        },\n        \"description\": \"\",\n        \"\
+    fieldConfig\": {\n          \"defaults\": {\n            \"color\": {\n      \
+    \        \"mode\": \"palette-classic\"\n            },\n            \"custom\"\
+    : {\n              \"axisCenteredZero\": false,\n              \"axisColorMode\"\
+    : \"text\",\n              \"axisLabel\": \"\",\n              \"axisPlacement\"\
+    : \"auto\",\n              \"barAlignment\": 0,\n              \"drawStyle\":\
+    \ \"line\",\n              \"fillOpacity\": 10,\n              \"gradientMode\"\
+    : \"none\",\n              \"hideFrom\": {\n                \"legend\": false,\n\
+    \                \"tooltip\": false,\n                \"viz\": false\n       \
+    \       },\n              \"lineInterpolation\": \"linear\",\n              \"\
+    lineWidth\": 1,\n              \"pointSize\": 5,\n              \"scaleDistribution\"\
+    : {\n                \"type\": \"linear\"\n              },\n              \"\
+    showPoints\": \"auto\",\n              \"spanNulls\": false,\n              \"\
+    stacking\": {\n                \"group\": \"A\",\n                \"mode\": \"\
+    normal\"\n              },\n              \"thresholdsStyle\": {\n           \
+    \     \"mode\": \"off\"\n              }\n            },\n            \"mappings\"\
+    : [],\n            \"min\": 0,\n            \"thresholds\": {\n              \"\
+    mode\": \"absolute\",\n              \"steps\": [\n                {\n       \
+    \           \"color\": \"green\",\n                  \"value\": null\n       \
+    \         },\n                {\n                  \"color\": \"red\",\n     \
+    \             \"value\": 80\n                }\n              ]\n            },\n\
+    \            \"unit\": \"reqps\"\n          },\n          \"overrides\": []\n\
+    \        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\": 12,\n\
+    \          \"x\": 0,\n          \"y\": 1\n        },\n        \"id\": 37,\n  \
+    \      \"options\": {\n          \"legend\": {\n            \"calcs\": [\n   \
+    \           \"mean\",\n              \"lastNotNull\"\n            ],\n       \
+    \     \"displayMode\": \"table\",\n            \"placement\": \"bottom\",\n  \
+    \          \"showLegend\": true\n          },\n          \"tooltip\": {\n    \
+    \        \"mode\": \"single\",\n            \"sort\": \"none\"\n          }\n\
+    \        },\n        \"targets\": [\n          {\n            \"datasource\":\
+    \ {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_dns_queries_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (source) > 0\",\n            \"legendFormat\": \"{{source}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"DNS queries\",\n        \"type\": \"timeseries\"\
+    \n      },\n      {\n        \"datasource\": {\n          \"type\": \"prometheus\"\
+    ,\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n        \"fieldConfig\"\
+    : {\n          \"defaults\": {\n            \"color\": {\n              \"mode\"\
+    : \"thresholds\"\n            },\n            \"mappings\": [],\n            \"\
+    min\": 0,\n            \"thresholds\": {\n              \"mode\": \"absolute\"\
+    ,\n              \"steps\": [\n                {\n                  \"color\"\
+    : \"green\",\n                  \"value\": null\n                }\n         \
+    \     ]\n            },\n            \"unit\": \"reqps\"\n          },\n     \
+    \     \"overrides\": []\n        },\n        \"gridPos\": {\n          \"h\":\
+    \ 9,\n          \"w\": 12,\n          \"x\": 12,\n          \"y\": 1\n       \
+    \ },\n        \"id\": 41,\n        \"options\": {\n          \"displayMode\":\
+    \ \"gradient\",\n          \"minVizHeight\": 10,\n          \"minVizWidth\": 0,\n\
+    \          \"orientation\": \"horizontal\",\n          \"reduceOptions\": {\n\
+    \            \"calcs\": [\n              \"lastNotNull\"\n            ],\n   \
+    \         \"fields\": \"\",\n            \"values\": false\n          },\n   \
+    \       \"showUnfilled\": true\n        },\n        \"pluginVersion\": \"9.4.7\"\
+    ,\n        \"targets\": [\n          {\n            \"datasource\": {\n      \
+    \        \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"topk(10, sum(rate(hubble_dns_queries_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])*60) by (query))\",\n            \"legendFormat\": \"{{query}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"Top 10 DNS queries\",\n        \"type\": \"bargauge\"\
+    \n      },\n      {\n        \"datasource\": {\n          \"type\": \"prometheus\"\
+    ,\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n        \"fieldConfig\"\
+    : {\n          \"defaults\": {\n            \"color\": {\n              \"mode\"\
+    : \"palette-classic\"\n            },\n            \"custom\": {\n           \
+    \   \"axisCenteredZero\": false,\n              \"axisColorMode\": \"text\",\n\
+    \              \"axisLabel\": \"\",\n              \"axisPlacement\": \"auto\"\
+    ,\n              \"barAlignment\": 0,\n              \"drawStyle\": \"line\",\n\
+    \              \"fillOpacity\": 10,\n              \"gradientMode\": \"none\"\
+    ,\n              \"hideFrom\": {\n                \"legend\": false,\n       \
+    \         \"tooltip\": false,\n                \"viz\": false\n              },\n\
+    \              \"lineInterpolation\": \"linear\",\n              \"lineWidth\"\
+    : 1,\n              \"pointSize\": 5,\n              \"scaleDistribution\": {\n\
+    \                \"type\": \"linear\"\n              },\n              \"showPoints\"\
+    : \"auto\",\n              \"spanNulls\": false,\n              \"stacking\":\
+    \ {\n                \"group\": \"A\",\n                \"mode\": \"normal\"\n\
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/hubble-network-overview-namespace

@@ -0,0 +1,396 @@

+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: hubble-network-overview-namespace
+  namespace: kube-system
+  labels:
+    k8s-app: hubble
+    app.kubernetes.io/name: hubble
+    app.kubernetes.io/part-of: cilium
+    grafana_dashboard: '1'
+  annotations:
+    grafana_folder: Cilium
+data:
+  hubble-network-overview-namespace.json: "{\n    \"__inputs\": [\n      {\n     \
+    \   \"name\": \"DS_PROMETHEUS\",\n        \"label\": \"Prometheus\",\n       \
+    \ \"description\": \"\",\n        \"type\": \"datasource\",\n        \"pluginId\"\
+    : \"prometheus\",\n        \"pluginName\": \"Prometheus\"\n      }\n    ],\n \
+    \   \"__elements\": {},\n    \"__requires\": [\n      {\n        \"type\": \"\
+    panel\",\n        \"id\": \"bargauge\",\n        \"name\": \"Bar gauge\",\n  \
+    \      \"version\": \"\"\n      },\n      {\n        \"type\": \"grafana\",\n\
+    \        \"id\": \"grafana\",\n        \"name\": \"Grafana\",\n        \"version\"\
+    : \"9.4.7\"\n      },\n      {\n        \"type\": \"datasource\",\n        \"\
+    id\": \"prometheus\",\n        \"name\": \"Prometheus\",\n        \"version\"\
+    : \"1.0.0\"\n      },\n      {\n        \"type\": \"panel\",\n        \"id\":\
+    \ \"timeseries\",\n        \"name\": \"Time series\",\n        \"version\": \"\
+    \"\n      }\n    ],\n    \"annotations\": {\n      \"list\": [\n        {\n  \
+    \        \"builtIn\": 1,\n          \"datasource\": {\n            \"type\": \"\
+    datasource\",\n            \"uid\": \"grafana\"\n          },\n          \"enable\"\
+    : true,\n          \"hide\": true,\n          \"iconColor\": \"rgba(0, 211, 255,\
+    \ 1)\",\n          \"name\": \"Annotations & Alerts\",\n          \"target\":\
+    \ {\n            \"limit\": 100,\n            \"matchAny\": false,\n         \
+    \   \"tags\": [],\n            \"type\": \"dashboard\"\n          },\n       \
+    \   \"type\": \"dashboard\"\n        }\n      ]\n    },\n    \"description\":\
+    \ \"\",\n    \"editable\": true,\n    \"fiscalYearStartMonth\": 0,\n    \"gnetId\"\
+    : 16612,\n    \"graphTooltip\": 0,\n    \"id\": null,\n    \"links\": [\n    \
+    \  {\n        \"asDropdown\": true,\n        \"icon\": \"external link\",\n  \
+    \      \"includeVars\": true,\n        \"keepTime\": true,\n        \"tags\":\
+    \ [\n          \"cilium-overview\"\n        ],\n        \"targetBlank\": false,\n\
+    \        \"title\": \"Cilium Overviews\",\n        \"tooltip\": \"\",\n      \
+    \  \"type\": \"dashboards\",\n        \"url\": \"\"\n      },\n      {\n     \
+    \   \"asDropdown\": true,\n        \"icon\": \"external link\",\n        \"includeVars\"\
+    : false,\n        \"keepTime\": true,\n        \"tags\": [\n          \"hubble\"\
+    \n        ],\n        \"targetBlank\": false,\n        \"title\": \"Hubble\",\n\
+    \        \"tooltip\": \"\",\n        \"type\": \"dashboards\",\n        \"url\"\
+    : \"\"\n      }\n    ],\n    \"liveNow\": false,\n    \"panels\": [\n      {\n\
+    \        \"collapsed\": false,\n        \"gridPos\": {\n          \"h\": 1,\n\
+    \          \"w\": 24,\n          \"x\": 0,\n          \"y\": 0\n        },\n \
+    \       \"id\": 8,\n        \"panels\": [],\n        \"title\": \"Flows processed\"\
+    ,\n        \"type\": \"row\"\n      },\n      {\n        \"datasource\": {\n \
+    \         \"type\": \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\n\
+    \        },\n        \"fieldConfig\": {\n          \"defaults\": {\n         \
+    \   \"color\": {\n              \"mode\": \"palette-classic\"\n            },\n\
+    \            \"custom\": {\n              \"axisCenteredZero\": false,\n     \
+    \         \"axisColorMode\": \"text\",\n              \"axisLabel\": \"\",\n \
+    \             \"axisPlacement\": \"auto\",\n              \"barAlignment\": 0,\n\
+    \              \"drawStyle\": \"line\",\n              \"fillOpacity\": 10,\n\
+    \              \"gradientMode\": \"none\",\n              \"hideFrom\": {\n  \
+    \              \"legend\": false,\n                \"tooltip\": false,\n     \
+    \           \"viz\": false\n              },\n              \"lineInterpolation\"\
+    : \"linear\",\n              \"lineWidth\": 1,\n              \"pointSize\": 5,\n\
+    \              \"scaleDistribution\": {\n                \"type\": \"linear\"\n\
+    \              },\n              \"showPoints\": \"auto\",\n              \"spanNulls\"\
+    : false,\n              \"stacking\": {\n                \"group\": \"A\",\n \
+    \               \"mode\": \"normal\"\n              },\n              \"thresholdsStyle\"\
+    : {\n                \"mode\": \"off\"\n              }\n            },\n    \
+    \        \"mappings\": [],\n            \"min\": 0,\n            \"thresholds\"\
+    : {\n              \"mode\": \"absolute\",\n              \"steps\": [\n     \
+    \           {\n                  \"color\": \"green\",\n                  \"value\"\
+    : null\n                },\n                {\n                  \"color\": \"\
+    red\",\n                  \"value\": 80\n                }\n              ]\n\
+    \            },\n            \"unit\": \"ops\"\n          },\n          \"overrides\"\
+    : []\n        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\"\
+    : 12,\n          \"x\": 0,\n          \"y\": 1\n        },\n        \"id\": 12,\n\
+    \        \"options\": {\n          \"legend\": {\n            \"calcs\": [],\n\
+    \            \"displayMode\": \"list\",\n            \"placement\": \"bottom\"\
+    ,\n            \"showLegend\": true\n          },\n          \"tooltip\": {\n\
+    \            \"mode\": \"single\",\n            \"sort\": \"none\"\n         \
+    \ }\n        },\n        \"targets\": [\n          {\n            \"datasource\"\
+    : {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_flows_processed_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (type, subtype)\",\n            \"legendFormat\": \"\
+    {{type}}/{{subtype}}\",\n            \"range\": true,\n            \"refId\":\
+    \ \"A\"\n          }\n        ],\n        \"title\": \"Flows processed by type\"\
+    ,\n        \"type\": \"timeseries\"\n      },\n      {\n        \"datasource\"\
+    : {\n          \"type\": \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\
+    \n        },\n        \"fieldConfig\": {\n          \"defaults\": {\n        \
+    \    \"color\": {\n              \"mode\": \"palette-classic\"\n            },\n\
+    \            \"custom\": {\n              \"axisCenteredZero\": false,\n     \
+    \         \"axisColorMode\": \"text\",\n              \"axisLabel\": \"\",\n \
+    \             \"axisPlacement\": \"auto\",\n              \"barAlignment\": 0,\n\
+    \              \"drawStyle\": \"line\",\n              \"fillOpacity\": 10,\n\
+    \              \"gradientMode\": \"none\",\n              \"hideFrom\": {\n  \
+    \              \"legend\": false,\n                \"tooltip\": false,\n     \
+    \           \"viz\": false\n              },\n              \"lineInterpolation\"\
+    : \"linear\",\n              \"lineWidth\": 1,\n              \"pointSize\": 5,\n\
+    \              \"scaleDistribution\": {\n                \"type\": \"linear\"\n\
+    \              },\n              \"showPoints\": \"auto\",\n              \"spanNulls\"\
+    : false,\n              \"stacking\": {\n                \"group\": \"A\",\n \
+    \               \"mode\": \"normal\"\n              },\n              \"thresholdsStyle\"\
+    : {\n                \"mode\": \"off\"\n              }\n            },\n    \
+    \        \"mappings\": [],\n            \"min\": 0,\n            \"thresholds\"\
+    : {\n              \"mode\": \"absolute\",\n              \"steps\": [\n     \
+    \           {\n                  \"color\": \"green\",\n                  \"value\"\
+    : null\n                },\n                {\n                  \"color\": \"\
+    red\",\n                  \"value\": 80\n                }\n              ]\n\
+    \            },\n            \"unit\": \"ops\"\n          },\n          \"overrides\"\
+    : []\n        },\n        \"gridPos\": {\n          \"h\": 9,\n          \"w\"\
+    : 12,\n          \"x\": 12,\n          \"y\": 1\n        },\n        \"id\": 35,\n\
+    \        \"options\": {\n          \"legend\": {\n            \"calcs\": [],\n\
+    \            \"displayMode\": \"list\",\n            \"placement\": \"bottom\"\
+    ,\n            \"showLegend\": true\n          },\n          \"tooltip\": {\n\
+    \            \"mode\": \"single\",\n            \"sort\": \"none\"\n         \
+    \ }\n        },\n        \"targets\": [\n          {\n            \"datasource\"\
+    : {\n              \"type\": \"prometheus\",\n              \"uid\": \"${DS_PROMETHEUS}\"\
+    \n            },\n            \"editorMode\": \"code\",\n            \"expr\"\
+    : \"sum(rate(hubble_flows_processed_total{cluster=~\\\"$cluster\\\", source_namespace=~\\\
+    \"$source_namespace\\\", destination_namespace=~\\\"$destination_namespace\\\"\
+    }[$__rate_interval])) by (verdict)\",\n            \"legendFormat\": \"{{verdict}}\"\
+    ,\n            \"range\": true,\n            \"refId\": \"A\"\n          }\n \
+    \       ],\n        \"title\": \"Flows processed by verdict\",\n        \"type\"\
+    : \"timeseries\"\n      },\n      {\n        \"datasource\": {\n          \"type\"\
+    : \"prometheus\",\n          \"uid\": \"${DS_PROMETHEUS}\"\n        },\n     \
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

@@ -0,0 +1,171 @@

+---
+apiVersion: apps/v1
+kind: DaemonSet
+metadata:
+  name: cilium-envoy
+  namespace: kube-system
+  labels:
+    k8s-app: cilium-envoy
+    app.kubernetes.io/part-of: cilium
+    app.kubernetes.io/name: cilium-envoy
+    name: cilium-envoy
+spec:
+  selector:
+    matchLabels:
+      k8s-app: cilium-envoy
+  updateStrategy:
+    rollingUpdate:
+      maxUnavailable: 2
+    type: RollingUpdate
+  template:
+    metadata:
+      annotations:
+        prometheus.io/port: '9964'
+        prometheus.io/scrape: 'true'
+      labels:
+        k8s-app: cilium-envoy
+        name: cilium-envoy
+        app.kubernetes.io/name: cilium-envoy
+        app.kubernetes.io/part-of: cilium
+    spec:
+      securityContext:
+        appArmorProfile:
+          type: Unconfined
+      containers:
+      - name: cilium-envoy
+        image: quay.io/cilium/cilium-envoy:v1.29.7-39a2a56bbd5b3a591f69dbca51d3e30ef97e0e51@sha256:bd5ff8c66716080028f414ec1cb4f7dc66f40d2fb5a009fff187f4a9b90b566b
+        imagePullPolicy: IfNotPresent
+        command:
+        - /usr/bin/cilium-envoy-starter
+        args:
+        - --
+        - -c /var/run/cilium/envoy/bootstrap-config.json
+        - --base-id 0
+        - --log-level info
+        - --log-format [%Y-%m-%d %T.%e][%t][%l][%n] [%g:%#] %v
+        startupProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          failureThreshold: 105
+          periodSeconds: 2
+          successThreshold: 1
+          initialDelaySeconds: 5
+        livenessProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 10
+          timeoutSeconds: 5
+        readinessProbe:
+          httpGet:
+            host: 127.0.0.1
+            path: /healthz
+            port: 9878
+            scheme: HTTP
+          periodSeconds: 30
+          successThreshold: 1
+          failureThreshold: 3
+          timeoutSeconds: 5
+        env:
+        - name: K8S_NODE_NAME
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: spec.nodeName
+        - name: CILIUM_K8S_NAMESPACE
+          valueFrom:
+            fieldRef:
+              apiVersion: v1
+              fieldPath: metadata.namespace
+        - name: KUBERNETES_SERVICE_HOST
+          value: ${KUBE_VIP_ADDR}
+        - name: KUBERNETES_SERVICE_PORT
+          value: '6443'
+        ports:
+        - name: envoy-metrics
+          containerPort: 9964
+          hostPort: 9964
+          protocol: TCP
+        securityContext:
+          seLinuxOptions:
+            level: s0
+            type: spc_t
+          capabilities:
+            add:
+            - NET_ADMIN
+            - SYS_ADMIN
+            drop:
+            - ALL
+        terminationMessagePolicy: FallbackToLogsOnError
+        volumeMounts:
+        - name: envoy-sockets
+          mountPath: /var/run/cilium/envoy/sockets
+          readOnly: false
+        - name: envoy-artifacts
+          mountPath: /var/run/cilium/envoy/artifacts
+          readOnly: true
+        - name: envoy-config
+          mountPath: /var/run/cilium/envoy/
+          readOnly: true
+        - name: bpf-maps
+          mountPath: /sys/fs/bpf
+          mountPropagation: HostToContainer
+      restartPolicy: Always
+      priorityClassName: system-node-critical
+      serviceAccountName: cilium-envoy
+      automountServiceAccountToken: true
+      terminationGracePeriodSeconds: 1
+      hostNetwork: true
+      affinity:
+        nodeAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+            nodeSelectorTerms:
+            - matchExpressions:
+              - key: cilium.io/no-schedule
+                operator: NotIn
+                values:
+                - 'true'
+        podAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                k8s-app: cilium
+            topologyKey: kubernetes.io/hostname
+        podAntiAffinity:
+          requiredDuringSchedulingIgnoredDuringExecution:
+          - labelSelector:
+              matchLabels:
+                k8s-app: cilium-envoy
+            topologyKey: kubernetes.io/hostname
+      nodeSelector:
+        kubernetes.io/os: linux
+      tolerations:
+      - operator: Exists
+      volumes:
+      - name: envoy-sockets
+        hostPath:
+          path: /var/run/cilium/envoy/sockets
+          type: DirectoryOrCreate
+      - name: envoy-artifacts
+        hostPath:
+          path: /var/run/cilium/envoy/artifacts
+          type: DirectoryOrCreate
+      - name: envoy-config
+        configMap:
+          name: cilium-envoy-config
+          defaultMode: 256
+          items:
+          - key: bootstrap-config.json
+            path: bootstrap-config.json
+      - name: bpf-maps
+        hostPath:
+          path: /sys/fs/bpf
+          type: DirectoryOrCreate
+

renovate bot added renovate/helm type/minor labels Feb 1, 2024

renovate bot assigned npawelek Feb 1, 2024

github-actions bot added area/bootstrap area/kubernetes area/ansible labels Feb 1, 2024

npawelek force-pushed the main branch 18 times, most recently from 9bb4730 to cc587a0 Compare February 11, 2024 19:24

renovate bot force-pushed the renovate/cilium-1.x branch from 0622ab1 to eb3d7f9 Compare February 15, 2024 03:52

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.0~~ feat(helm): update chart cilium to 1.15.1 Feb 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from eb3d7f9 to a0b4286 Compare March 13, 2024 18:10

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.1~~ feat(helm): update chart cilium to 1.15.2 Mar 13, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from a0b4286 to 3c00280 Compare March 26, 2024 17:23

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.2~~ feat(helm): update chart cilium to 1.15.3 Mar 26, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 3c00280 to 41d416c Compare April 12, 2024 00:47

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.3~~ feat(helm): update chart cilium to 1.15.4 Apr 12, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 41d416c to 5adf6cf Compare May 15, 2024 16:12

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.4~~ feat(helm): update chart cilium to 1.15.5 May 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 5adf6cf to c4fae3c Compare June 10, 2024 19:48

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.5~~ feat(helm): update chart cilium to 1.15.6 Jun 10, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from c4fae3c to 0a15a78 Compare July 11, 2024 19:15

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.6~~ feat(helm): update chart cilium to 1.15.7 Jul 11, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 0a15a78 to fd128cb Compare July 24, 2024 17:27

renovate bot changed the title ~~feat(helm): update chart cilium to 1.15.7~~ feat(helm): update chart cilium to 1.16.0 Jul 24, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from fd128cb to f64fa94 Compare August 14, 2024 17:54

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.0~~ feat(helm): update chart cilium to 1.16.1 Aug 14, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from f64fa94 to b15e6fd Compare September 26, 2024 13:22

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.1~~ feat(helm): update chart cilium to 1.16.2 Sep 26, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from b15e6fd to 0accb38 Compare October 15, 2024 11:16

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.2~~ feat(helm): update chart cilium to 1.16.3 Oct 15, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 0accb38 to b3d4ad6 Compare November 20, 2024 10:34

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.3~~ feat(helm): update chart cilium to 1.16.4 Nov 20, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from b3d4ad6 to 0de9ab4 Compare December 18, 2024 01:00

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.4~~ feat(helm): update chart cilium to 1.16.5 Dec 18, 2024

renovate bot force-pushed the renovate/cilium-1.x branch from 0de9ab4 to 9b2e73b Compare January 22, 2025 01:58

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.5~~ feat(helm): update chart cilium to 1.16.6 Jan 22, 2025

feat(helm): update chart cilium to 1.17.0

24ca6da

renovate bot force-pushed the renovate/cilium-1.x branch from 9b2e73b to 24ca6da Compare February 4, 2025 18:24

renovate bot changed the title ~~feat(helm): update chart cilium to 1.16.6~~ feat(helm): update chart cilium to 1.17.0 Feb 4, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm): update chart cilium to 1.17.0 #74

feat(helm): update chart cilium to 1.17.0 #74

renovate bot commented Feb 1, 2024 •

edited

Loading

github-actions bot commented Feb 1, 2024 •

edited

Loading

github-actions bot commented Feb 1, 2024 •

edited

Loading

feat(helm): update chart cilium to 1.17.0 #74

Are you sure you want to change the base?

feat(helm): update chart cilium to 1.17.0 #74

Conversation

renovate bot commented Feb 1, 2024 • edited Loading

Release Notes

v1.17.0

v1.16.6: 1.16.6

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.16.5: 1.16.5

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.16.4: 1.16.4

Security Advisories

Summary of Changes

Configuration

github-actions bot commented Feb 1, 2024 • edited Loading

github-actions bot commented Feb 1, 2024 • edited Loading

renovate bot commented Feb 1, 2024 •

edited

Loading

`v1.17.0`

`v1.16.6`: 1.16.6

`v1.16.5`: 1.16.5

`v1.16.4`: 1.16.4

github-actions bot commented Feb 1, 2024 •

edited

Loading

github-actions bot commented Feb 1, 2024 •

edited

Loading