-
Notifications
You must be signed in to change notification settings - Fork 2
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
chore(deps): update helm release cilium to v1.14.4 #2112
Merged
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
tyriis-automation
bot
added
renovate/flux
renovate flux manager
renovate/helm
renovate helm datasource
type/patch
a patch for a bug
labels
Nov 13, 2023
--- kubernetes HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay
+++ kubernetes HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay
@@ -34,13 +34,13 @@
capabilities:
drop:
- ALL
runAsGroup: 65532
runAsNonRoot: true
runAsUser: 65532
- image: quay.io/cilium/hubble-relay:v1.14.3@sha256:3f5c425faca4f8a38e29d4f86db2aadd8f33c9f05debd78a2bb2a24dd9e565d8
+ image: quay.io/cilium/hubble-relay:v1.14.4@sha256:ca81622fd9f04c1316bf4144bde5dbce613758810f6022f6c706b14c9c0815db
imagePullPolicy: IfNotPresent
command:
- hubble-relay
args:
- serve
ports:
--- kubernetes HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
+++ kubernetes HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
@@ -31,13 +31,13 @@
name: cilium-operator
app.kubernetes.io/part-of: cilium
app.kubernetes.io/name: cilium-operator
spec:
containers:
- name: cilium-operator
- image: quay.io/cilium/operator-generic:v1.14.3@sha256:c9613277b72103ed36e9c0d16b9a17cafd507461d59340e432e3e9c23468b5e2
+ image: quay.io/cilium/operator-generic:v1.14.4@sha256:f0f05e4ba3bb1fe0e4b91144fa4fea637701aba02e6c00b23bd03b4a7e1dfd55
imagePullPolicy: IfNotPresent
command:
- cilium-operator-generic
args:
- --config-dir=/tmp/cilium/config-map
- --debug=$(CILIUM_DEBUG)
--- kubernetes HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
+++ kubernetes HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
@@ -26,13 +26,13 @@
k8s-app: cilium
app.kubernetes.io/name: cilium-agent
app.kubernetes.io/part-of: cilium
spec:
containers:
- name: cilium-agent
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
command:
- cilium-agent
args:
- --config-dir=/tmp/cilium/config-map
startupProbe:
@@ -84,12 +84,37 @@
fieldRef:
apiVersion: v1
fieldPath: metadata.namespace
- name: CILIUM_CLUSTERMESH_CONFIG
value: /var/lib/cilium/clustermesh/
lifecycle:
+ postStart:
+ exec:
+ command:
+ - bash
+ - -c
+ - |
+ set -o errexit
+ set -o pipefail
+ set -o nounset
+
+ # When running in AWS ENI mode, it's likely that 'aws-node' has
+ # had a chance to install SNAT iptables rules. These can result
+ # in dropped traffic, so we should attempt to remove them.
+ # We do it using a 'postStart' hook since this may need to run
+ # for nodes which might have already been init'ed but may still
+ # have dangling rules. This is safe because there are no
+ # dependencies on anything that is part of the startup script
+ # itself, and can be safely run multiple times per node (e.g. in
+ # case of a restart).
+ if [[ "$(iptables-save | grep -c 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN')" != "0" ]];
+ then
+ echo 'Deleting iptables rules created by the AWS CNI VPC plugin'
+ iptables-save | grep -v 'AWS-SNAT-CHAIN|AWS-CONNMARK-CHAIN' | iptables-restore
+ fi
+ echo 'Done!'
preStop:
exec:
command:
- /cni-uninstall.sh
ports:
- name: peer-service
@@ -131,13 +156,13 @@
mountPath: /var/lib/cilium/tls/hubble
readOnly: true
- name: tmp
mountPath: /tmp
initContainers:
- name: config
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
command:
- cilium
- build-config
env:
- name: K8S_NODE_NAME
@@ -152,13 +177,13 @@
fieldPath: metadata.namespace
volumeMounts:
- name: tmp
mountPath: /tmp
terminationMessagePolicy: FallbackToLogsOnError
- name: mount-cgroup
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
env:
- name: CGROUP_ROOT
value: /run/cilium/cgroupv2
- name: BIN_PATH
value: /opt/cni/bin
@@ -175,13 +200,13 @@
- name: cni-path
mountPath: /hostbin
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
privileged: true
- name: apply-sysctl-overwrites
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
env:
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
@@ -196,13 +221,13 @@
- name: cni-path
mountPath: /hostbin
terminationMessagePolicy: FallbackToLogsOnError
securityContext:
privileged: true
- name: clean-cilium-state
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
command:
- /init-container.sh
env:
- name: CILIUM_ALL_STATE
valueFrom:
@@ -229,13 +254,13 @@
mountPath: /var/run/cilium
resources:
requests:
cpu: 100m
memory: 100Mi
- name: install-cni-binaries
- image: quay.io/cilium/cilium:v1.14.3@sha256:e5ca22526e01469f8d10c14e2339a82a13ad70d9a359b879024715540eef4ace
+ image: quay.io/cilium/cilium:v1.14.4@sha256:4981767b787c69126e190e33aee93d5a076639083c21f0e7c29596a519c64a2e
imagePullPolicy: IfNotPresent
command:
- /install-plugin.sh
resources:
requests:
cpu: 100m |
--- kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/apps-cilium HelmRelease: kube-system/cilium
+++ kubernetes/kube-nas/apps/kube-system/cilium/app Kustomization: flux-system/apps-cilium HelmRelease: kube-system/cilium
@@ -9,13 +9,13 @@
spec:
chart: cilium
sourceRef:
kind: HelmRepository
name: cilium-charts
namespace: flux-system
- version: 1.14.3
+ version: 1.14.4
install:
remediation:
retries: 3
interval: 30m
maxHistory: 2
uninstall: |
🦙 MegaLinter status: ✅ SUCCESS
See detailed report in MegaLinter reports MegaLinter is graciously provided by OX Security |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
renovate/flux
renovate flux manager
renovate/helm
renovate helm datasource
type/patch
a patch for a bug
0 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.14.3
->1.14.4
1.14.3
->1.14.4
Release Notes
cilium/cilium (cilium)
v1.14.4
Compare Source
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR has been generated by Renovate Bot.