Merged
Conversation
[ upstream commit 6c96257 ] Add circuit breaker configuration to both the egress and ingress Envoy clusters to limit retry attempts. Signed-off-by: Liyi Huang <liyi.huang@isovalent.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit c3f731d ] Signed-off-by: Antony Reynaud <antony.reynaud@isovalent.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit e2728a8 ] Available in preview since Feb 2026 Signed-off-by: Antony Reynaud <antony.reynaud@isovalent.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 61e04f7 ] The InterfaceMAC field is not filled from the tunnel dev's MAC address. Because of this the BPF program for the overlay resolves to 00:00:00:00:00:00, sending this broken response to the VTEP ARP lookup request. Fixes: #44453 Signed-off-by: akos011221 <orbanakos2001@gmail.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 2f29851 ] The 'loadBalancer' option conditional in the Helm template was missing its closing statement, creating a potential issue where omitting this configuration section could prevent half of the available option configurations from being applied to Cilium. While this issue was not encountered in practice due to default values always being present for loadBalancer configuration, it represents a logical error in the template structure that should be corrected to ensure a valid and robust Helm chart. Signed-off-by: Matej Líner <matej.liner@lablabs.io> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 3ee4e0f ] This option was previously hidden from user documentation due to being commented out in the Helm template. The default Helm value aligns with the default value in the Cilium binary, ensuring no functional changes when enabled. Exposing this configuration improves discoverability for users who need to modify this setting. Signed-off-by: Matej Líner <matej.liner@lablabs.io> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 4fae8ec ] Added Labyrinth Labs to USERS.md Signed-off-by: Matej Líner <matej.liner@lablabs.io> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit f38aa1b ] During investigation of a memory leak in v1.18, one of the pprof profiles showed a high amount of memory usage in `netlink/nl.(*NetlinkSocket).Receive`. #41623 (comment) This is most likely due to a lack of rate limiting in the desired neighbor calculation which does a lot of netlink requests to get next hops. So this commit limits desired neighbor calculation to once every 15 seconds. In the worst case scenario where the default gateway changes, XDP might not be able to forward traffic for up to 15 seconds. Such a scenario should only happen when configuration changes are made or when the network topology changes, and thus this seems an acceptable tradeoff. Signed-off-by: Dylan Reimerink <dylan.reimerink@isovalent.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 055bef2 ] Set up XFRM states before updating LocalNode.EncryptionKey to ensure ingress is ready before peers learn about the new key via CiliumNode CRD. Fixes packet drops during rotation under CPU contention where AllNodeValidateImplementation() takes longer than CRD propagation. Signed-off-by: Daan Vinken <daanvinken@tythus.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
[ upstream commit 4b1f0b2 ] Add Info log when keyfile is loaded, Info logs for XFRM state conflict resolution in xfrmStateReplace, and a Debug log when the BPF encrypt map is updated. Signed-off-by: Daan Vinken <daanvinken@tythus.com> Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com>
Contributor
Author
|
/test |
liyihuang
approved these changes
Mar 9, 2026
Contributor
|
/ci-gke |
Contributor
|
/ci-aks |
dylandreimerink
approved these changes
Mar 12, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Once this PR is merged, a GitHub action will update the labels of these PRs: