fix(helm): update cilium ( 1.16.3 → 1.16.4 ) (#5876) · coolguy1771/home-ops@02a60af

Commit

fix(helm): update cilium ( 1.16.3 → 1.16.4 ) (#5876)
This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | HelmChart |
patch | `1.16.3` -> `1.16.4` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.16.4`](https://redirect.github.com/cilium/cilium/releases/tag/v1.16.4):
1.16.4

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.16.3...1.16.4)

## Summary of Changes

**Minor Changes:**

- Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30
seconds) to override the Envoy default (15 seconds). (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35809](https://redirect.github.com/cilium/cilium/issues/35809),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- clustermesh: add guardrails for known broken ENI/aws-chaining +
cluster ID combination (Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;35349](https://redirect.github.com/cilium/cilium/issues/35349),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- helm: Lower default `hubble.tls.auto.certValidityDuration` to 365 days
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35630](https://redirect.github.com/cilium/cilium/issues/35630),
[@&#8203;chancez](https://redirect.github.com/chancez))
- helm: New socketLB.tracing flag (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35747](https://redirect.github.com/cilium/cilium/issues/35747),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- hubble-relay: Return underlying connection errors when connecting to
peer manager (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35632](https://redirect.github.com/cilium/cilium/issues/35632),
[@&#8203;chancez](https://redirect.github.com/chancez))
- netkit: Fix issue where traffic originating from the host namespace
fails to reach the pod when using endpoint routes and network policies.
(Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;35306](https://redirect.github.com/cilium/cilium/issues/35306),
[@&#8203;jrife](https://redirect.github.com/jrife))

**Bugfixes:**

- Avoid duplicate errors in health status for node-neighbor-link-updater
(Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35179](https://redirect.github.com/cilium/cilium/issues/35179),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- bgpv1: fix reconciliation of services with shared VIPs (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35333](https://redirect.github.com/cilium/cilium/issues/35333),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- bgpv2,operator: Fix the race condition in the nodeSelector conflict
detection logic (Backport PR
[#&#8203;35863](https://redirect.github.com/cilium/cilium/issues/35863),
Upstream PR
[#&#8203;35690](https://redirect.github.com/cilium/cilium/issues/35690),
[@&#8203;YutaroHayakawa](https://redirect.github.com/YutaroHayakawa))
- bgpv2: set local peering address when specified (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35552](https://redirect.github.com/cilium/cilium/issues/35552),
[@&#8203;harsimran-pabla](https://redirect.github.com/harsimran-pabla))
- Cilium datapath now gives precedence for the more specific allow rule
with L7 rules when rules with port ranges are present. (Backport PR
[#&#8203;35603](https://redirect.github.com/cilium/cilium/issues/35603),
Upstream PR
[#&#8203;35150](https://redirect.github.com/cilium/cilium/issues/35150),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- Cilium's DNS proxy no longer gets stuck for a specific five-tuple if
an `timeout waiting for response` error is encountered. (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35589](https://redirect.github.com/cilium/cilium/issues/35589),
[@&#8203;bimmlerd](https://redirect.github.com/bimmlerd))
- config: Remove superfluous warning on native routing CIDR (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35738](https://redirect.github.com/cilium/cilium/issues/35738),
[@&#8203;gandro](https://redirect.github.com/gandro))
- Fix missing flowlabel hash on SRv6 traffic. (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35498](https://redirect.github.com/cilium/cilium/issues/35498),
[@&#8203;akaliwod](https://redirect.github.com/akaliwod))
- Fix packet drops for pod-to-pod connections that pass through ingress
& egress proxy when using IPsec, caused by MTU misconfiguration.
(Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;35173](https://redirect.github.com/cilium/cilium/issues/35173),
[@&#8203;smagnani96](https://redirect.github.com/smagnani96))
- Fix possible disruption of long running pod to node traffic on agent
restart in kvstore mode (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35673](https://redirect.github.com/cilium/cilium/issues/35673),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- Fix redirect from L3 device to remote endpoint via overlay network.
(Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35165](https://redirect.github.com/cilium/cilium/issues/35165),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- Fixed a bug where replies for pod-originating connections came into
scope of HostFW Ingress Network policy. Applicable to configurations
that use iptables for Masquerading. (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35694](https://redirect.github.com/cilium/cilium/issues/35694),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- Fixes a bug where the operator incorrectly flagged
CiliumNetworkPolicies containing ICMP rules as invalid. (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35599](https://redirect.github.com/cilium/cilium/issues/35599),
[@&#8203;squeed](https://redirect.github.com/squeed))
- Fixes a performance regression when ingesting network policies in
clusters with large numbers of Services. (Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;35293](https://redirect.github.com/cilium/cilium/issues/35293),
[@&#8203;squeed](https://redirect.github.com/squeed))
- Fixes a potential deadlock when restarting cilium agent with pods with
DNS interception configured (Backport PR
[#&#8203;35906](https://redirect.github.com/cilium/cilium/issues/35906),
Upstream PR
[#&#8203;35890](https://redirect.github.com/cilium/cilium/issues/35890),
[@&#8203;squeed](https://redirect.github.com/squeed))
- Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure"
and "alibabacloud".
([#&#8203;35611](https://redirect.github.com/cilium/cilium/issues/35611),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries
(Backport PR
[#&#8203;35319](https://redirect.github.com/cilium/cilium/issues/35319),
Upstream PR
[#&#8203;35301](https://redirect.github.com/cilium/cilium/issues/35301),
[@&#8203;hox](https://redirect.github.com/hox))
- helm: fix duplicate configmap key for
`bpf-lb-sock-terminate-pod-connections` (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35703](https://redirect.github.com/cilium/cilium/issues/35703),
[@&#8203;solidDoWant](https://redirect.github.com/solidDoWant))
- helm: set automountServiceAccountToken to false for hubble-relay sa
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35674](https://redirect.github.com/cilium/cilium/issues/35674),
[@&#8203;ayuspin](https://redirect.github.com/ayuspin))
- hubble: fix endpoint cluster name (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35415](https://redirect.github.com/cilium/cilium/issues/35415),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- hubble: Lock exporters while gathering metrics (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35860](https://redirect.github.com/cilium/cilium/issues/35860),
[@&#8203;joestringer](https://redirect.github.com/joestringer))
- Ingress endpoint is now included in the lxcmap so that ARP and ND6
work for them. (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35143](https://redirect.github.com/cilium/cilium/issues/35143),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- ipam: Validate CiliumNode resource in ENI mode (Backport PR
[#&#8203;35792](https://redirect.github.com/cilium/cilium/issues/35792),
Upstream PR
[#&#8203;35784](https://redirect.github.com/cilium/cilium/issues/35784),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- l7lb: fix registration of flag loadbalancer-l7 (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35623](https://redirect.github.com/cilium/cilium/issues/35623),
[@&#8203;mhofstetter](https://redirect.github.com/mhofstetter))
- Log errors when reloading hubble exporter configuration dynamically
and do not attempt to close os.Stdout (Backport PR
[#&#8203;35319](https://redirect.github.com/cilium/cilium/issues/35319),
Upstream PR
[#&#8203;35069](https://redirect.github.com/cilium/cilium/issues/35069),
[@&#8203;chancez](https://redirect.github.com/chancez))
- option: Reduce log level for WG strict mode + IPv6 (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35763](https://redirect.github.com/cilium/cilium/issues/35763),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- Policy properly propagates proxy listener name and priority from a L3
wildcard rule with policies requiring authentication. (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35381](https://redirect.github.com/cilium/cilium/issues/35381),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- treewide: Add wrapper for `netlink` functions that may fail with
`ErrDumpInterrupted` (Backport PR
[#&#8203;35654](https://redirect.github.com/cilium/cilium/issues/35654),
Upstream PR
[#&#8203;35614](https://redirect.github.com/cilium/cilium/issues/35614),
[@&#8203;gandro](https://redirect.github.com/gandro))
- wireguard: Fix connectivity issues following node reboots. (Backport
PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35750](https://redirect.github.com/cilium/cilium/issues/35750),
[@&#8203;jrife](https://redirect.github.com/jrife))

**CI Changes:**

- .github/conformance-ginkgo: replace deprecated jq flag (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35399](https://redirect.github.com/cilium/cilium/issues/35399),
[@&#8203;aanm](https://redirect.github.com/aanm))
- .github: extend timeout for tests-ipsec-upgrade workflow (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35657](https://redirect.github.com/cilium/cilium/issues/35657),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- .github: remove libncurses5 from integration tests (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35408](https://redirect.github.com/cilium/cilium/issues/35408),
[@&#8203;aanm](https://redirect.github.com/aanm))
- \[v1.16] gh: e2e-upgrade: restart LRP backend pod after upgrade
([#&#8203;35329](https://redirect.github.com/cilium/cilium/issues/35329),
[@&#8203;ysksuzuki](https://redirect.github.com/ysksuzuki))
- \[v1.16] github: update rhel8 LVH image to rhel8.6
([#&#8203;35733](https://redirect.github.com/cilium/cilium/issues/35733),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- Additionally test KVStore mode in E2E/IPSec workflows (Backport PR
[#&#8203;35905](https://redirect.github.com/cilium/cilium/issues/35905),
Upstream PR
[#&#8203;35679](https://redirect.github.com/cilium/cilium/issues/35679),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- ci: conformance-kind: re-enable flaky Aggregator test (Backport PR
[#&#8203;35582](https://redirect.github.com/cilium/cilium/issues/35582),
Upstream PR
[#&#8203;35286](https://redirect.github.com/cilium/cilium/issues/35286),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- ci: datapath-verifier: bump lvh images (Backport PR
[#&#8203;35648](https://redirect.github.com/cilium/cilium/issues/35648),
Upstream PR
[#&#8203;35456](https://redirect.github.com/cilium/cilium/issues/35456),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- gha: Update chmod command (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35400](https://redirect.github.com/cilium/cilium/issues/35400),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- github: Pass the workflow step timeout to go test (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35814](https://redirect.github.com/cilium/cilium/issues/35814),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR
[#&#8203;35319](https://redirect.github.com/cilium/cilium/issues/35319),
Upstream PR
[#&#8203;35267](https://redirect.github.com/cilium/cilium/issues/35267),
[@&#8203;aanm](https://redirect.github.com/aanm))
- workflows/gateway-api: Cover IPsec with GatewayAPI (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35584](https://redirect.github.com/cilium/cilium/issues/35584),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- workflows/ingress: Run basic checks (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35683](https://redirect.github.com/cilium/cilium/issues/35683),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- workflows/ipsec: Cover Ingress (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35476](https://redirect.github.com/cilium/cilium/issues/35476),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- workflows: Extend IPsec tests to cover egress gateway (Backport PR
[#&#8203;35540](https://redirect.github.com/cilium/cilium/issues/35540),
Upstream PR
[#&#8203;35323](https://redirect.github.com/cilium/cilium/issues/35323),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))

**Misc Changes:**

- .github/build-images-base: checkout base branch to get scripts
(Backport PR
[#&#8203;35319](https://redirect.github.com/cilium/cilium/issues/35319),
Upstream PR
[#&#8203;35236](https://redirect.github.com/cilium/cilium/issues/35236),
[@&#8203;aanm](https://redirect.github.com/aanm))
- .github: remove retention days for image digests (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35457](https://redirect.github.com/cilium/cilium/issues/35457),
[@&#8203;aanm](https://redirect.github.com/aanm))
- bpf: vxlan helper improvements (Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;34755](https://redirect.github.com/cilium/cilium/issues/34755),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- chore(deps): update all github action dependencies (v1.16)
([#&#8203;35382](https://redirect.github.com/cilium/cilium/issues/35382),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all github action dependencies (v1.16)
([#&#8203;35439](https://redirect.github.com/cilium/cilium/issues/35439),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all github action dependencies (v1.16)
([#&#8203;35573](https://redirect.github.com/cilium/cilium/issues/35573),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all github action dependencies (v1.16)
([#&#8203;35710](https://redirect.github.com/cilium/cilium/issues/35710),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all-dependencies (v1.16)
([#&#8203;35438](https://redirect.github.com/cilium/cilium/issues/35438),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update docker.io/library/golang:1.22.8 docker digest to
[`0ca97f4`](https://redirect.github.com/cilium/cilium/commit/0ca97f4)
(v1.16)
([#&#8203;35730](https://redirect.github.com/cilium/cilium/issues/35730),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update docker.io/library/golang:1.22.8 docker digest to
[`b274ff1`](https://redirect.github.com/cilium/cilium/commit/b274ff1)
(v1.16)
([#&#8203;35379](https://redirect.github.com/cilium/cilium/issues/35379),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update go to v1.22.9 (v1.16)
([#&#8203;35854](https://redirect.github.com/cilium/cilium/issues/35854),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update quay.io/cilium/cilium-envoy docker tag to
v1.29.9-1729635771-fa4efeff33a344a45e14a4068c61dc438b3d2270 (v1.16)
([#&#8203;35491](https://redirect.github.com/cilium/cilium/issues/35491),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update stable lvh-images (v1.16) (patch)
([#&#8203;35731](https://redirect.github.com/cilium/cilium/issues/35731),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- cilium, docs: Extend requirements for L7 proxy (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35669](https://redirect.github.com/cilium/cilium/issues/35669),
[@&#8203;borkmann](https://redirect.github.com/borkmann))
- cilium: add probe for netkit for more user friendly error when not
supported (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35551](https://redirect.github.com/cilium/cilium/issues/35551),
[@&#8203;borkmann](https://redirect.github.com/borkmann))
- ctrl-runtime: lower severity of retryable reconcile errors (Backport
PR
[#&#8203;35592](https://redirect.github.com/cilium/cilium/issues/35592),
Upstream PR
[#&#8203;35364](https://redirect.github.com/cilium/cilium/issues/35364),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- daemon: Reduce level of socket LB tracing warning (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35798](https://redirect.github.com/cilium/cilium/issues/35798),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- datapath: move policy map value prefix length to flags (Backport PR
[#&#8203;35603](https://redirect.github.com/cilium/cilium/issues/35603),
Upstream PR
[#&#8203;35534](https://redirect.github.com/cilium/cilium/issues/35534),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- dnsproxy: fix error when sessionUDPFactory fails (Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;33998](https://redirect.github.com/cilium/cilium/issues/33998),
[@&#8203;marseel](https://redirect.github.com/marseel))
- docs/ipsec: Remove KPR limitation (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35743](https://redirect.github.com/cilium/cilium/issues/35743),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- docs/xfrm: Fix incorrect statement regarding XFRM IN policies
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35626](https://redirect.github.com/cilium/cilium/issues/35626),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- docs: Change invalid Helm option --agent.enabled with --agent=false in
upgrade documentation (Backport PR
[#&#8203;35319](https://redirect.github.com/cilium/cilium/issues/35319),
Upstream PR
[#&#8203;35288](https://redirect.github.com/cilium/cilium/issues/35288),
[@&#8203;oneumyvakin](https://redirect.github.com/oneumyvakin))
- docs: clean up stale kernel requirements (Backport PR
[#&#8203;35582](https://redirect.github.com/cilium/cilium/issues/35582),
Upstream PR
[#&#8203;35575](https://redirect.github.com/cilium/cilium/issues/35575),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- docs: Fix incorrect link to RFC 4271 for BGP control plane timers.
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35725](https://redirect.github.com/cilium/cilium/issues/35725),
[@&#8203;nvibert](https://redirect.github.com/nvibert))
- docs: kpr: update error message regarding SocketLB tracing (Backport
PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35337](https://redirect.github.com/cilium/cilium/issues/35337),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- docs: tuning: XDP LB also supports tunnel routing (Backport PR
[#&#8203;35582](https://redirect.github.com/cilium/cilium/issues/35582),
Upstream PR
[#&#8203;35574](https://redirect.github.com/cilium/cilium/issues/35574),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- docs: update 1.16 upgrade note for LRP
([#&#8203;35944](https://redirect.github.com/cilium/cilium/issues/35944),
[@&#8203;ysksuzuki](https://redirect.github.com/ysksuzuki))
- docs: update default identity label filters (Backport PR
[#&#8203;35468](https://redirect.github.com/cilium/cilium/issues/35468),
Upstream PR
[#&#8203;35422](https://redirect.github.com/cilium/cilium/issues/35422),
[@&#8203;marseel](https://redirect.github.com/marseel))
- docs: XFRM reference guide for IPsec development (Backport PR
[#&#8203;35582](https://redirect.github.com/cilium/cilium/issues/35582),
Upstream PR
[#&#8203;35322](https://redirect.github.com/cilium/cilium/issues/35322),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- Envoy simplify listener setup (Backport PR
[#&#8203;35764](https://redirect.github.com/cilium/cilium/issues/35764),
Upstream PR
[#&#8203;35642](https://redirect.github.com/cilium/cilium/issues/35642),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- envoy: Configure internal_address_config to avoid warning log
(Backport PR
[#&#8203;35471](https://redirect.github.com/cilium/cilium/issues/35471),
Upstream PR
[#&#8203;35090](https://redirect.github.com/cilium/cilium/issues/35090),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- envoy: Limit started serving logging to the typeURL of the stream
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35736](https://redirect.github.com/cilium/cilium/issues/35736),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- Fix wrongly spelled config option in error message (Backport PR
[#&#8203;35543](https://redirect.github.com/cilium/cilium/issues/35543),
Upstream PR
[#&#8203;35390](https://redirect.github.com/cilium/cilium/issues/35390),
[@&#8203;baurmatt](https://redirect.github.com/baurmatt))
- helm: clarify text for serviceNoBackendResponse (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35734](https://redirect.github.com/cilium/cilium/issues/35734),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- hubble: Add 'release' Make target (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35561](https://redirect.github.com/cilium/cilium/issues/35561),
[@&#8203;michi-covalent](https://redirect.github.com/michi-covalent))
- image: Use cilium-builder instead of golang as operator builder image
(Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35351](https://redirect.github.com/cilium/cilium/issues/35351),
[@&#8203;learnitall](https://redirect.github.com/learnitall))
- iptables: always warn about missing xt_socket module (Backport PR
[#&#8203;35781](https://redirect.github.com/cilium/cilium/issues/35781),
Upstream PR
[#&#8203;35591](https://redirect.github.com/cilium/cilium/issues/35591),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))
- makefile: add target to install Cilium in kvstore mode (Backport PR
[#&#8203;35905](https://redirect.github.com/cilium/cilium/issues/35905),
Upstream PR
[#&#8203;35646](https://redirect.github.com/cilium/cilium/issues/35646),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- proxy: Ensure proxy ports are written on shutdown (Backport PR
[#&#8203;35908](https://redirect.github.com/cilium/cilium/issues/35908),
Upstream PR
[#&#8203;35839](https://redirect.github.com/cilium/cilium/issues/35839),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))
- Silence spurious clustermesh-related warnings (Backport PR
[#&#8203;35850](https://redirect.github.com/cilium/cilium/issues/35850),
Upstream PR
[#&#8203;35867](https://redirect.github.com/cilium/cilium/issues/35867),
[@&#8203;giorio94](https://redirect.github.com/giorio94))

**Other Changes:**

- \[v1.16] envoy: Add configuration for OverloadManager
([#&#8203;35787](https://redirect.github.com/cilium/cilium/issues/35787),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- \[v1.16] envoy: Bump envoy version from 1.29.x to 1.30.x
([#&#8203;35563](https://redirect.github.com/cilium/cilium/issues/35563),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- \[v1.16] policy/correlation: Fix `PolicyMatch{L3Proto,L4Only}` case
([#&#8203;35681](https://redirect.github.com/cilium/cilium/issues/35681),
[@&#8203;gandro](https://redirect.github.com/gandro))
- chore(deps): update cilium-envoy dependency
([#&#8203;35920](https://redirect.github.com/cilium/cilium/issues/35920),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- install: Update image digests for v1.16.3
([#&#8203;35361](https://redirect.github.com/cilium/cilium/issues/35361),
[@&#8203;cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot])
- Policy add deny rule test and benchmark
([#&#8203;35714](https://redirect.github.com/cilium/cilium/issues/35714),
[@&#8203;jrajahalme](https://redirect.github.com/jrajahalme))

##### Docker Manifests

##### cilium


`quay.io/cilium/cilium:v1.16.4@&#8203;sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf`

`quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf`

##### clustermesh-apiserver


`quay.io/cilium/clustermesh-apiserver:v1.16.4@&#8203;sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2`

`quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2`

##### docker-plugin


`quay.io/cilium/docker-plugin:v1.16.4@&#8203;sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e`

`quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e`

##### hubble-relay


`quay.io/cilium/hubble-relay:v1.16.4@&#8203;sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2`

`quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2`

##### operator-alibabacloud


`quay.io/cilium/operator-alibabacloud:v1.16.4@&#8203;sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686`

`quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686`

##### operator-aws


`quay.io/cilium/operator-aws:v1.16.4@&#8203;sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be`

`quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be`

##### operator-azure


`quay.io/cilium/operator-azure:v1.16.4@&#8203;sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de`

`quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de`

##### operator-generic


`quay.io/cilium/operator-generic:v1.16.4@&#8203;sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5`

`quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5`

##### operator


`quay.io/cilium/operator:v1.16.4@&#8203;sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff`

`quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff`

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzOS4yMS4xIiwidXBkYXRlZEluVmVyIjoiMzkuMjEuMSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvcGF0Y2giXX0=-->

Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>
Loading branch information
lumiere-bot[bot] authored Nov 21, 2024
1 parent 193db4c commit 02a60af
talos/bootstrap/cni/kustomization.yaml
-Original file line number
+Diff line change
@@ Expand Up / @@ -6,7 +6,7 @@ helmCharts: @@
         releaseName: cilium
         repo: https://helm.cilium.io
         valuesFile: values.yaml
-        version: 1.16.3
+        version: 1.16.4
     commonAnnotations:
       meta.helm.sh/release-name: cilium
       meta.helm.sh/release-namespace: kube-system
@@ Expand Down @@
0 comments on commit `02a60af`

Please sign in to comment.
Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Commit

There are no files selected for viewing

0 comments on commit `02a60af`

Commit

There are no files selected for viewing

0 comments on commit 02a60af

0 comments on commit `02a60af`
