lbipam: do not reallocate IPs on operator restart by marseel · Pull Request #41147 · cilium/cilium

marseel · 2025-08-14T09:12:01Z

If there was a pool that was filled and had unsatisfied Services, on
operator restart there was a high chance that we will reshuffle
assignement of IPs for that pool. This resulted in previously safisfied
services to either become unsatisfied or get a new IP.

Issue is fixed by not performing any operation on services until full
sync happens. After that, first we try to reuse IPs for already
satisfied services and only after that we try to assign additional IPs
to unsatisfied services.

Additionally, add test that covers this case, simulating restart of
operator.

Related: #40358
Depends on: #41122

lbipam: do not reallocate IPs in LB IPAM on operator restart

joamaki

LGTM

If there was a pool that was filled and had unsatisfied Services, on operator restart there was a high chance that we will reshuffle assignement of IPs for that pool. This resulted in previously safisfied services to either become unsatisfied or get a new IP. Issue is fixed by not performing any operation on services until full sync happens. After that, first we try to reuse IPs for already satisfied services and only after that we try to assign additional IPs to unsatisfied services. Additionally, add test that covers this case, simulating restart of operator. Related: #40358 Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com>

marseel · 2025-08-14T09:42:02Z

Fixed golang lint + rebased on main

marseel · 2025-08-14T10:07:05Z

/test

marseel · 2025-08-14T11:16:50Z

Gateway API seems to be failing quite a lot after rebasing, open related issue: #41150
It seems it has been failing pretty consistently for last 2 days: https://github.com/cilium/cilium/actions/workflows/conformance-gateway-api.yaml?query=branch%3Amain+event%3Apush

lbipam: do not reallocate IPs on operator restart If there was a pool that was filled and had unsatisfied Services, on operator restart there was a high chance that we will reshuffle assignement of IPs for that pool. This resulted in previously safisfied services to either become unsatisfied or get a new IP. Issue is fixed by not performing any operation on services until full sync happens. After that, first we try to reuse IPs for already satisfied services and only after that we try to assign additional IPs to unsatisfied services. Additionally, add test that covers this case, simulating restart of operator. Related: cilium#40358 Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com>

* backport cilium/pull/41122 Signed-off-by: terashima <tomoya-terashima@cybozu.co.jp> * backport cilium/pull/41147 lbipam: do not reallocate IPs on operator restart If there was a pool that was filled and had unsatisfied Services, on operator restart there was a high chance that we will reshuffle assignement of IPs for that pool. This resulted in previously safisfied services to either become unsatisfied or get a new IP. Issue is fixed by not performing any operation on services until full sync happens. After that, first we try to reuse IPs for already satisfied services and only after that we try to assign additional IPs to unsatisfied services. Additionally, add test that covers this case, simulating restart of operator. Related: cilium#40358 Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> --------- Signed-off-by: terashima <tomoya-terashima@cybozu.co.jp> Signed-off-by: Marcel Zieba <marcel.zieba@isovalent.com> Co-authored-by: Marcel Zieba <marcel.zieba@isovalent.com>

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | patch | `1.18.1` -> `1.18.2` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.18.2`](https://github.com/cilium/cilium/releases/tag/v1.18.2): 1.18.2 [Compare Source](cilium/cilium@1.18.1...1.18.2) ## Summary of Changes **Minor Changes:** - Fix validation bug where namespaced CiliumNetworkPolicies with nodeSelector in specs array were silently accepted but ignored. Now properly rejected with validation error. (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#40702](cilium/cilium#40702), [@pillai-ashwin](https://github.com/pillai-ashwin)) - lbipam: do not reallocate IPs in LB IPAM on operator restart (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41147](cilium/cilium#41147), [@marseel](https://github.com/marseel)) - lbipam: widening CIDR range or updating selector of CiliumLoadBalancerIPPool does no longer reassign IPs (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41122](cilium/cilium#41122), [@marseel](https://github.com/marseel)) **Bugfixes:** - Add option to configure BGP origin attribute for LoadBalancer IPs in BGP Control Plane v2, allowing smoother migration from MetalLB integration. (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41231](cilium/cilium#41231), [@hanapedia](https://github.com/hanapedia)) - Add toleration for 'node.cloudprovider.kubernetes.io/uninitialized' to Cilium Operator (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41098](cilium/cilium#41098), [@guettli](https://github.com/guettli)) - bgpv2: Avoid modifying CiliumBGPPeerConfig in resource store (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41088](cilium/cilium#41088), [@rastislavs](https://github.com/rastislavs)) - bpf: add support for delinearized ARP packets (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41233](cilium/cilium#41233), [@vsinitsyn](https://github.com/vsinitsyn)) - ctmap/gc: continue interval time on partial GC pass. (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41258](cilium/cilium#41258), [@tommyp1ckles](https://github.com/tommyp1ckles)) - Disable unnecessary headless service watching to reduce API server load in clusters not using the Gateway API or Ingress features. (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#40844](cilium/cilium#40844), [@moscicky](https://github.com/moscicky)) - Fix "Error while correcting L4 checksum" dropped packets for ICMP destination unreachable error packets. (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#40194](cilium/cilium#40194), [@br4243](https://github.com/br4243)) - Fix "No mapping for NAT masquerade" flakes in the CI, make NAT LRU fallbacks more robust. (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#40971](cilium/cilium#40971), [@gentoo-root](https://github.com/gentoo-root)) - Fix --exclude-local-address with eBPF Host-Routing (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41275](cilium/cilium#41275), [@antonipp](https://github.com/antonipp)) - Fix a BGP bug where the routerID specified in a CiliumBGPNodeConfigOverride was not correctly updated in RouterIDIPPool mode. (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#40340](cilium/cilium#40340), [@liyihuang](https://github.com/liyihuang)) - Fix a bug that would cause NodePort requests to be sent to the wrong backends when using KPR and Clustermesh with two identical, non-global NodePort services on different clusters. (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41337](cilium/cilium#41337), [@pchaigno](https://github.com/pchaigno)) - Fix a bug where cilium-agent would report "Link not found" for an endpoint deleted during state restore after cilium-agent restart. (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#40568](cilium/cilium#40568), [@fristonio](https://github.com/fristonio)) - Fix a regression where enabling unknown Hubble metrics would crash the cilium agent (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41368](cilium/cilium#41368), [@devodev](https://github.com/devodev)) - Fix agent config initContainer unable to hit apiservers in apiServerURLs by passing as container arg (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41110](cilium/cilium#41110), [@JJGadgets](https://github.com/JJGadgets)) - Fix bug that would cause error messages when disabling agent health checks (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41297](cilium/cilium#41297), [@HadrienPatte](https://github.com/HadrienPatte)) - Fix issue in Local Redirect Policies where traffic was dropped when no local pods were available to be redirected to. In these scenarios the traffic should have been processed as if the Local Redirect Policy did not exist. (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41463](cilium/cilium#41463), [@joamaki](https://github.com/joamaki)) - Fix issue where Local Redirect Policy (LRP) services with a single named port did not create a local redirect service entry. (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41534](cilium/cilium#41534), [@aditighag](https://github.com/aditighag)) - Fix the bug local redirect policy not doing filter based destination port (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41411](cilium/cilium#41411), [@liyihuang](https://github.com/liyihuang)) - Fixes a cosmetic bug where the cilium\_bpf\_map\_ops\_total error count was incorrectly being incremented for map cilium\_lb\_affinity\_match. (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41378](cilium/cilium#41378), [@squeed](https://github.com/squeed)) - Fixes an issue in NodeManager where restored cluster nodes can be pruned before the initial node listing completes. (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41039](cilium/cilium#41039), [@0xch4z](https://github.com/0xch4z)) - Helm: Ensure consistent default labels for all ServiceMonitor resources (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41240](cilium/cilium#41240), [@baurmatt](https://github.com/baurmatt)) - iptables: Fix IPv6 SNAT for L7 proxy upstream traffic (Backport PR [#41249](cilium/cilium#41249), Upstream PR [#41034](cilium/cilium#41034), [@gentoo-root](https://github.com/gentoo-root)) - loadbalancer/writer: add support for SetIsServiceHealthCheckedFunc (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41092](cilium/cilium#41092), [@mhofstetter](https://github.com/mhofstetter)) - neighbor: Fix bug where neighbor discovery subsystem reports unhealthy when it is healthy (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41186](cilium/cilium#41186), [@mhofstetter](https://github.com/mhofstetter)) - pkg/ipam: fix nil dereference during pool shrink operation (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41198](cilium/cilium#41198), [@alimehrabikoshki](https://github.com/alimehrabikoshki)) - policy: fix agent crash due to policy cache update-delete race (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41079](cilium/cilium#41079), [@fristonio](https://github.com/fristonio)) **CI Changes:** - .github/actions: fix boolean condition check in post-logic action (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41395](cilium/cilium#41395), [@aanm](https://github.com/aanm)) - .github/worfklows: copy cilium-cli binary from container (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41524](cilium/cilium#41524), [@aanm](https://github.com/aanm)) - .github/workflows: add proper suffix for scale-test-egw (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41477](cilium/cilium#41477), [@aanm](https://github.com/aanm)) - .github/workflows: add timeout to Install node local DNS step (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41120](cilium/cilium#41120), [@aanm](https://github.com/aanm)) - .github/workflows: separate feature json files in different dirs (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41403](cilium/cilium#41403), [@aanm](https://github.com/aanm)) - .github/workflows: simplify ginkgo workflow (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41396](cilium/cilium#41396), [@aanm](https://github.com/aanm)) - .github/workflows: simplify ginkgo workflow (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41396](cilium/cilium#41396), [@aanm](https://github.com/aanm)) - .github: fix upload artifacts for features.json (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41119](cilium/cilium#41119), [@aanm](https://github.com/aanm)) - add missing extraArgs in CI (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41005](cilium/cilium#41005), [@aanm](https://github.com/aanm)) - checkpatch: bump checkpatch version, and minor adaptations (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41290](cilium/cilium#41290), [@giorio94](https://github.com/giorio94)) - ci: Re-enable go caches for privileged tests (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41102](cilium/cilium#41102), [@rastislavs](https://github.com/rastislavs)) - ci: simplify scheduled test (Backport PR [#41262](cilium/cilium#41262), Upstream PR [#41261](cilium/cilium#41261), [@brlbil](https://github.com/brlbil)) - Fix multiple workflows with missing features and steps (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41398](cilium/cilium#41398), [@aanm](https://github.com/aanm)) - gh: e2e-upgrade: skip even more steps when not downgrading (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41468](cilium/cilium#41468), [@julianwiedmann](https://github.com/julianwiedmann)) - gha: run checkpatch check only on PR events (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41308](cilium/cilium#41308), [@giorio94](https://github.com/giorio94)) - ipsec: fix xfrm privileged tests (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41279](cilium/cilium#41279), [@smagnani96](https://github.com/smagnani96)) - node:tests: fix privileged ([#41281](cilium/cilium#41281), [@smagnani96](https://github.com/smagnani96)) - operator/bgpv2: Avoid race in TestRouterIDAllocation test (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41499](cilium/cilium#41499), [@rastislavs](https://github.com/rastislavs)) - pkg/metrics: define default CIDR policies values (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41422](cilium/cilium#41422), [@aanm](https://github.com/aanm)) - testutils: differentiate {Test,Benchmark}Privileged and fix benchmarks (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41007](cilium/cilium#41007), [@smagnani96](https://github.com/smagnani96)) - workflows/ipsec: yet another fix for downgrade (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41260](cilium/cilium#41260), [@smagnani96](https://github.com/smagnani96)) **Misc Changes:** - .github/workflows: add step 5 as part of the image build process (Backport PR [#41177](cilium/cilium#41177), Upstream PR [#41113](cilium/cilium#41113), [@aanm](https://github.com/aanm)) - bpf: fix svc annotation handling (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41310](cilium/cilium#41310), [@borkmann](https://github.com/borkmann)) - bpf: wireguard: re-add IPv6 fragment check in from-wireguard (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41451](cilium/cilium#41451), [@julianwiedmann](https://github.com/julianwiedmann)) - build-images-release: specify main branch on reusable jobs (Backport PR [#41177](cilium/cilium#41177), Upstream PR [#41530](cilium/cilium#41530), [@aanm](https://github.com/aanm)) - checkpatch: Update image digest (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41360](cilium/cilium#41360), [@HadrienPatte](https://github.com/HadrienPatte)) - chore(deps): update actions/labeler action to v6.0.1 (v1.18) ([#41565](cilium/cilium#41565), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#41351](cilium/cilium#41351), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#41660](cilium/cilium#41660), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41126](cilium/cilium#41126), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41350](cilium/cilium#41350), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41439](cilium/cilium#41439), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41509](cilium/cilium#41509), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41612](cilium/cilium#41612), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency protocolbuffers/protobuf to v32.1 (v1.18) ([#41659](cilium/cilium#41659), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.6 docker digest to [`714ad64`](cilium/cilium@714ad64) (v1.18) ([#41349](cilium/cilium#41349), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.6 docker digest to [`8d9e57c`](cilium/cilium@8d9e57c) (v1.18) ([#41437](cilium/cilium#41437), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.7 docker digest to [`5e9d14d`](cilium/cilium@5e9d14d) (v1.18) ([#41656](cilium/cilium#41656), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.7 (v1.18) ([#41566](cilium/cilium#41566), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update module github.com/go-viper/mapstructure/v2 to v2.4.0 \[security] (v1.18) ([#41319](cilium/cilium#41319), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.6-1756960514-59def10827e2fdea04b289bb00128526bde9d3c1 (v1.18) ([#41516](cilium/cilium#41516), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.6-1757072375-ebd79127b3d1f27212d5426619daccdd15ad9e28 (v1.18) ([#41567](cilium/cilium#41567), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.7-1757592137-1a52bb680a956879722f48c591a2ca90f7791324 (v1.18) ([#41657](cilium/cilium#41657), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#41438](cilium/cilium#41438), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#41658](cilium/cilium#41658), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - ci: Update workflow permissions (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41383](cilium/cilium#41383), [@kyle-c-simmons](https://github.com/kyle-c-simmons)) - doc: use correct policy-default-local-cluster inspect command in example (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41118](cilium/cilium#41118), [@Preisschild](https://github.com/Preisschild)) - docs: Add missing dsrDispatch parameter to annotation-based DSR examples (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#40873](cilium/cilium#40873), [@gitsofaryan](https://github.com/gitsofaryan)) - docs: add table DSR Dispatch Mode following Routing Mode (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41431](cilium/cilium#41431), [@alagoutte](https://github.com/alagoutte)) - docs: document portmap binary requirements (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41300](cilium/cilium#41300), [@nbusseneau](https://github.com/nbusseneau)) - Fix release script steps (Backport PR [#41177](cilium/cilium#41177), Upstream PR [#41502](cilium/cilium#41502), [@aanm](https://github.com/aanm)) - Helm: Only insert nodePort for cilium-ingress-service if specified (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41107](cilium/cilium#41107), [@baurmatt](https://github.com/baurmatt)) - install: bump startup script version (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41299](cilium/cilium#41299), [@Artyop](https://github.com/Artyop)) - kvstore: fix overly verbose debug log and error message (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41148](cilium/cilium#41148), [@giorio94](https://github.com/giorio94)) - loadbalancer: Fixes to test flakes (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41085](cilium/cilium#41085), [@joamaki](https://github.com/joamaki)) - Log kube-proxy replacement config before starting kube-proxy replacement (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41133](cilium/cilium#41133), [@liyihuang](https://github.com/liyihuang)) - lower log severity for stale metadata to avoid CI issue (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41389](cilium/cilium#41389), [@liyihuang](https://github.com/liyihuang)) - metrics/features: Fix counter metrics to use Set() instead of Add() (Backport PR [#41479](cilium/cilium#41479), Upstream PR [#41382](cilium/cilium#41382), [@aanm](https://github.com/aanm)) - metrics/features: remove aws-vpc-cni (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41498](cilium/cilium#41498), [@aanm](https://github.com/aanm)) - node/manager: Do not prune the local node on restart (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41544](cilium/cilium#41544), [@joamaki](https://github.com/joamaki)) - Prevent `cilium-dbg` from panicing when `/sys` is not mounted (Backport PR [#41365](cilium/cilium#41365), Upstream PR [#41287](cilium/cilium#41287), [@HadrienPatte](https://github.com/HadrienPatte)) - Support extending cilium-agent dnsPolicy as a downstream packager (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41010](cilium/cilium#41010), [@devodev](https://github.com/devodev)) - Update all github action dependencies (v1.18) ([#41216](cilium/cilium#41216), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - Update dependency protocolbuffers/protobuf to v32 (v1.18) ([#41217](cilium/cilium#41217), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - Update docker.io/library/golang:1.24.6 Docker digest to [`a18e9e0`](cilium/cilium@a18e9e0) (v1.18) ([#41214](cilium/cilium#41214), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - Update stable lvh-images (v1.18) (patch) ([#41215](cilium/cilium#41215), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - workflows/conformance-ginkgo: fix steps for stable branches (Backport PR [#41591](cilium/cilium#41591), Upstream PR [#41599](cilium/cilium#41599), [@aanm](https://github.com/aanm)) - xds: fix NACK logging after slog migration (Backport PR [#41267](cilium/cilium#41267), Upstream PR [#41171](cilium/cilium#41171), [@mhofstetter](https://github.com/mhofstetter)) **Other Changes:** - \[v1.18] envoy: Start serving listeners only after clusters have been ACKed ([#41605](cilium/cilium#41605), [@jrajahalme](https://github.com/jrajahalme)) - docs: Add new IAM permissions requirements to upgrade notes ([#41374](cilium/cilium#41374), [@HadrienPatte](https://github.com/HadrienPatte)) - install: Update image digests for v1.18.1 ([#41182](cilium/cilium#41182), [@cilium-release-bot](https://github.com/cilium-release-bot)\[bot]) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.18.2@sha256:858f807ea4e20e85e3ea3240a762e1f4b29f1cb5bbd0463b8aa77e7b097c0667` `quay.io/cilium/cilium:stable@sha256:858f807ea4e20e85e3ea3240a762e1f4b29f1cb5bbd0463b8aa77e7b097c0667` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.18.2@sha256:cd689a07bfc7622e812fef023cb277fdc695b60a960d36f32f93614177a7a0f6` `quay.io/cilium/clustermesh-apiserver:stable@sha256:cd689a07bfc7622e812fef023cb277fdc695b60a960d36f32f93614177a7a0f6` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.18.2@sha256:be578aaae7274ef7155bd0a6d2f7c2d91085642aea4fdb24451ee9cab4ca2e5d` `quay.io/cilium/docker-plugin:stable@sha256:be578aaae7274ef7155bd0a6d2f7c2d91085642aea4fdb24451ee9cab4ca2e5d` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.18.2@sha256:6079308ee15e44dff476fb522612732f7c5c4407a1017bc3470916242b0405ac` `quay.io/cilium/hubble-relay:stable@sha256:6079308ee15e44dff476fb522612732f7c5c4407a1017bc3470916242b0405ac` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.18.2@sha256:612b1d94c179cd8ae239e571e96ebd95662bb5cccb62aacfdf79355aa9cdddc8` `quay.io/cilium/operator-alibabacloud:stable@sha256:612b1d94c179cd8ae239e571e96ebd95662bb5cccb62aacfdf79355aa9cdddc8` ##### operator-aws `quay.io/cilium/operator-aws:v1.18.2@sha256:1cb856fbe265dfbcfe816bd6aa4acaf006ecbb22dcc989116a1a81bb269ea328` `quay.io/cilium/operator-aws:stable@sha256:1cb856fbe265dfbcfe816bd6aa4acaf006ecbb22dcc989116a1a81bb269ea328` ##### operator-azure `quay.io/cilium/operator-azure:v1.18.2@sha256:9696e9b8219b9a5c16987e072eda2da378d42a32f9305375e56d7380a0c2ba8e` `quay.io/cilium/operator-azure:stable@sha256:9696e9b8219b9a5c16987e072eda2da378d42a32f9305375e56d7380a0c2ba8e` ##### operator-generic `quay.io/cilium/operator-generic:v1.18.2@sha256:cb4e4ffc5789fd5ff6a534e3b1460623df61cba00f5ea1c7b40153b5efb81805` `quay.io/cilium/operator-generic:stable@sha256:cb4e4ffc5789fd5ff6a534e3b1460623df61cba00f5ea1c7b40153b5efb81805` ##### operator `quay.io/cilium/operator:v1.18.2@sha256:0f234ce2ab0f30c09f4f9fe1b9c6323f0c6b66d789bef5e958fce7cff85960f3` `quay.io/cilium/operator:stable@sha256:0f234ce2ab0f30c09f4f9fe1b9c6323f0c6b66d789bef5e958fce7cff85960f3` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://kubara.git.onstackit.cloud/STACKIT/kubara/pulls/78

marseel added kind/bug This is a bug in the Cilium logic. needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Aug 14, 2025

maintainer-s-little-helper Bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 14, 2025

marseel added the release-note/minor This PR changes functionality that users may find relevant to operating Cilium. label Aug 14, 2025

maintainer-s-little-helper Bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Aug 14, 2025

joamaki approved these changes Aug 14, 2025

View reviewed changes

marseel force-pushed the pr/marseel/fix_lbipam_restart branch from 9520435 to d6d6a16 Compare August 14, 2025 09:29

Base automatically changed from pr/marseel/improve_lbipam to main August 14, 2025 09:37

marseel force-pushed the pr/marseel/fix_lbipam_restart branch from d6d6a16 to 31ce600 Compare August 14, 2025 09:41

marseel marked this pull request as ready for review August 14, 2025 11:19

marseel requested a review from a team as a code owner August 14, 2025 11:19

marseel requested review from aditighag and removed request for aditighag August 14, 2025 11:20

joamaki approved these changes Aug 14, 2025

View reviewed changes

joamaki added this pull request to the merge queue Aug 14, 2025

Merged via the queue into main with commit b904b9f Aug 14, 2025
391 of 401 checks passed

joamaki deleted the pr/marseel/fix_lbipam_restart branch August 14, 2025 11:40

maintainer-s-little-helper Bot added ready-to-merge This PR has passed all tests and received consensus from code owners to merge. labels Aug 14, 2025

marseel mentioned this pull request Aug 14, 2025

Updating an ip-pool will cause all services using that pool to get new IP addresses #40358

Closed

3 tasks

joamaki mentioned this pull request Aug 19, 2025

v1.18 Backports 2025-08-19 #41267

Merged

19 tasks

joamaki added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Aug 19, 2025

github-actions Bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Aug 21, 2025

dylandreimerink mentioned this pull request Sep 2, 2025

Shrinking LB IP Pool caused reassigning LB Service IP addresses #41458

Closed

3 tasks

terassyi mentioned this pull request Dec 4, 2025

LBIPAM reallocates External IPs for existing LBs when restarting operator under the situation kube-apiserver delay #43131

Closed

3 tasks

terassyi mentioned this pull request Dec 12, 2025

V1.16.12 cybozu lbipam with 41147 and 41122 cybozu-go/cilium#3

Merged

cilium-release-bot Bot moved this to Released in cilium v1.19.0 Feb 3, 2026

cilium-release-bot Bot added this to cilium v1.19.0 Feb 3, 2026

terassyi mentioned this pull request Apr 23, 2026

V1.16.12 cybozu lbipam with 41147 and 41122 cybozu-go/cilium#7

Open

8 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

lbipam: do not reallocate IPs on operator restart#41147

lbipam: do not reallocate IPs on operator restart#41147
joamaki merged 1 commit intomainfrom
pr/marseel/fix_lbipam_restart

marseel commented Aug 14, 2025

Uh oh!

joamaki left a comment

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Conversation

marseel commented Aug 14, 2025

Uh oh!

joamaki left a comment

Choose a reason for hiding this comment

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

marseel commented Aug 14, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants