fix: drop ipv4 wildcard when ipv6 wildcard present on node health check by Dennor · Pull Request #41633 · cilium/cilium

Dennor · 2025-09-11T13:40:59Z

Previously, on dual stack clusters node health check, if there's no internal ip for IPv4 and IPv6 stacks configured, health check will attempt to bind for both IPv4 wildcard (0.0.0.0) and IPv6 wildcard (::) ips. Unless IPV6_V6ONLY flag is set (defaults to value of /proc/sys/net/ipv6/bindv6only which in turn defaults to false) ipv6 wildcard will bind for both v4 and v6 stacks resulting in bind error due to address being already in use.

This commit checks for ipv4 and ipv6 wildcards and in case drops ipv4 one if both are present

Fixes: #41402

Fix failing node health check on dual stack cluster if NodeInternalIPs are not configured for both families.

Dennor · 2025-09-11T13:52:58Z

Just a note, some additional context, it seems like golang does not actually depend on the value of /proc/sys/net/ipv6/bindv6only for posix systems from what I'm seeing here:
https://github.com/golang/go/blob/253dd08f5df3a45eafc97eec388636fcabfe0174/src/net/ipsock_posix.go#L91

It just defaults to binding on both for dual stack?

giorio94

Thanks @Dennor for taking care of this fix.

I wonder if the logic could be further simplified by basically only returning a list of addresses if all desired internal IPs are found, and an empty list otherwise. If no addresses are provided, [responder.NewServers] would fallback to ":port", which effectively binds to all available addresses.

Based on a quick local test, both 0.0.0.0 and :: seem to anyhow listen on both address families (as you also mentioned above), so the behavior would be effectively the same at the end of the day.

Dennor · 2025-09-15T12:36:09Z

@giorio94 is this what you had in mind? Looking at the test here this should indeed be enough:

cilium/pkg/health/probe/responder/responder_test.go

Line 37 in 4756b18

{

Dennor · 2025-09-15T12:41:29Z

This does feel like a breaking change however somehow? In case of dual stack setup with internal ipv4 configured but without ipv6 configured? Or the reverse case?
Looking at current behaviour, with, for example internal ipv4 being 10.0.0.1, and ipv6 not being defined, for dual stack, that should attempt to bind 10.0.0.1:4240 and [::]:4240, that would error out of course in the same way as it does now. On the other hand, the reverse configuration, that is, undefined internal ipv4, but defined ipv6, for example [fc80::]:4240, we would get a bind at all ipv4 and also at [fc80::]:4240 for ipv6. With the change above, only ipv6 will be bound?

giorio94 · 2025-09-15T13:44:30Z

@giorio94 is this what you had in mind? Looking at the test here this should indeed be enough:

cilium/pkg/health/probe/responder/responder_test.go

Line 37 in 4756b18

{

Sort of. I was more thinking about something like the following, which should address the concern you mentioned in the last comment. Alternatively to nil (hence letting responder.NewServers do the defaulting), one may also directly return the empty address (return []string{""}), with the same end result. Does that make sense?

diff --git a/pkg/health/server/server.go b/pkg/health/server/server.go
index ed909c9cc22b..76323c33b840 100644
--- a/pkg/health/server/server.go
+++ b/pkg/health/server/server.go
@@ -455,8 +455,8 @@ func getAddresses(logger *slog.Logger) []string {
 		if ipv4 := node.GetInternalIPv4(logger); ipv4 != nil {
 			addresses = append(addresses, ipv4.String())
 		} else {
-			// if Get ipv4 fails, then listen on all ipv4 addr.
-			addresses = append(addresses, "0.0.0.0")
+			// if Get ipv4 fails, then listen on all addresses.
+			return nil
 		}
 	}
 
@@ -464,8 +464,8 @@ func getAddresses(logger *slog.Logger) []string {
 		if ipv6 := node.GetInternalIPv6(logger); ipv6 != nil {
 			addresses = append(addresses, ipv6.String())
 		} else {
-			// if Get ipv6 fails, then listen on all ipv6 addr.
-			addresses = append(addresses, "::")
+			// if Get ipv6 fails, then listen on all addresses.
+			return nil
 		}
 	}

Dennor · 2025-09-27T10:19:56Z

Yeah, makes sense. I've updated the PR.

giorio94 · 2025-09-29T07:35:14Z

Thanks! The patch looks good to me. Could you please rebase onto main to get rid of the merge commit, and update the last sentence of the commit message which still refers to the previous approach? Then I'll do a final review pass and trigger the tests.

giorio94 · 2025-10-03T09:35:23Z

Force pushed to fix a linting issue.

giorio94 · 2025-10-03T09:35:38Z

/test

giorio94 · 2025-10-03T15:54:43Z

Tried rebasing, to see if CI is happier.

giorio94 · 2025-10-03T15:54:53Z

/test

Dennor · 2025-10-03T17:31:47Z

Oh, @giorio94 sorry, I saw emails about lint CI errors and did not check the PR before force pushing, didn't see your change 🙇

Previously, on dual stack clusters node health check, if there's no internal ip for IPv4 and IPv6 stacks configured, health check will attempt to bind for both IPv4 wildcard (0.0.0.0) and IPv6 wildcard (::) ips. Unless IPV6_V6ONLY flag is set (defaults to value of /proc/sys/net/ipv6/bindv6only which in turn defaults to false) ipv6 wildcard will bind for both v4 and v6 stacks resulting in bind error due to address being already in use. This commit checks for ipv4 and ipv6 configuration value and if they are missing returns empty values that will force healthcheck to listen on all interfaces. Fixes: cilium#41402 Signed-off-by: Kamil Matysiewicz <kamil.matysiewicz@pm.me>

giorio94 · 2025-10-06T07:29:19Z

Oh, @giorio94 sorry, I saw emails about lint CI errors and did not check the PR before force pushing, didn't see your change 🙇

No problem, rerunning the tests.

giorio94 · 2025-10-06T09:05:05Z

/test

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | patch | `1.18.2` -> `1.18.3` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.18.3`](https://github.com/cilium/cilium/releases/tag/v1.18.3): 1.18.3 [Compare Source](cilium/cilium@1.18.2...1.18.3) ## Summary of Changes :information\_source: The images in this release were signed with cosign v3. Please use cosign v3 tooling to validate signatures with the following command syntax: ``` cosign verify --certificate-github-workflow-repository cilium/cilium --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-github-workflow-name 'Image Release Build' --certificate-github-workflow-ref refs/tags/v1.18.3 --certificate-identity https://github.com/cilium/cilium/.github/workflows/build-images-releases.yaml@refs/tags/v1.18.3 quay.io/cilium/operator-aws:v1.18.3 | jq -r '.[].critical.image' ``` **Minor Changes:** - Fix a complexity issue for the bpf\_xdp program (Backport PR [#42198](cilium/cilium#42198), Upstream PR [#42193](cilium/cilium#42193), [@aspsk](https://github.com/aspsk)) - hubble: mark kafka l7 visibility as deprecated (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41072](cilium/cilium#41072), [@kaworu](https://github.com/kaworu)) **Bugfixes:** - add the port name for address based LRP so frontend can pick the right backend (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41602](cilium/cilium#41602), [@liyihuang](https://github.com/liyihuang)) - Avoid scenario where ENI device configuration can be skipped. (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41760](cilium/cilium#41760), [@jasonaliyetti](https://github.com/jasonaliyetti)) - Cilium now configures Envoy to allow websocket connections to be passed through with HTTP policies. (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41729](cilium/cilium#41729), [@jrajahalme](https://github.com/jrajahalme)) - Fix a bug that was preventing Cilium to delete stale pod CIDRs routes when changing routing mode to native (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41819](cilium/cilium#41819), [@pippolo84](https://github.com/pippolo84)) - Fix a fatal error when accessing multicast map using cilium-dbg bpf multicast (Backport PR [#42151](cilium/cilium#42151), Upstream PR [#42080](cilium/cilium#42080), [@tklauser](https://github.com/tklauser)) - Fix BGP auto discovery not sending community info (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41920](cilium/cilium#41920), [@jiashengz](https://github.com/jiashengz)) - Fix bug in ENI routing where Cilium would chose the wrong subnet for routing traffic on secondary interfaces (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#40860](cilium/cilium#40860), [@liyihuang](https://github.com/liyihuang)) - Fix bug that could cause ICMP error packets to have an incorrect inner IP checksum when KPR is enabled. (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41551](cilium/cilium#41551), [@yushoyamaguchi](https://github.com/yushoyamaguchi)) - Fix bug with delegated IPAM where IPv6 traffic was routed via the wrong interface (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41598](cilium/cilium#41598), [@NihaNallappagari](https://github.com/NihaNallappagari)) - Fix failing node health check on dual stack cluster if NodeInternalIPs are not configured for both families. (Backport PR [#42055](cilium/cilium#42055), Upstream PR [#41633](cilium/cilium#41633), [@Dennor](https://github.com/Dennor)) - Fix increase in memory usage when service names are looked up at high rate during Hubble flow creation (Backport PR [#42151](cilium/cilium#42151), Upstream PR [#41965](cilium/cilium#41965), [@joamaki](https://github.com/joamaki)) - Fix panic at startup in IPsec subsystem with Multi-Pool IPAM mode ([#41725](cilium/cilium#41725), [@pippolo84](https://github.com/pippolo84)) - Fix race condition preventing the skiplbmap BPF map from sometimes being pruned after restart. (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41529](cilium/cilium#41529), [@joamaki](https://github.com/joamaki)) - Fixes a rare bug where endpoints may have incomplete policies in large clusters. (Backport PR [#42151](cilium/cilium#42151), Upstream PR [#42049](cilium/cilium#42049), [@squeed](https://github.com/squeed)) - hostfw: also exclude non-transparent proxy traffic when BPF masq is enabled (Backport PR [#41989](cilium/cilium#41989), Upstream PR [#41915](cilium/cilium#41915), [@julianwiedmann](https://github.com/julianwiedmann)) - Ignore expected error in neighbor reconciliation (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41815](cilium/cilium#41815), [@dylandreimerink](https://github.com/dylandreimerink)) - loadbalancer: allow HostPort for multiple protos on same port (Backport PR [#41913](cilium/cilium#41913), Upstream PR [#41521](cilium/cilium#41521), [@bersoare](https://github.com/bersoare)) - operator/pkg/lbipam: fix LoadBalancerIPPool conditions update logic (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41322](cilium/cilium#41322), [@alimehrabikoshki](https://github.com/alimehrabikoshki)) **CI Changes:** - .actions/cilium-config: add missing extraEnv in GH action (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41420](cilium/cilium#41420), [@aanm](https://github.com/aanm)) - .github/workflows: add variable for renovate bot username (Backport PR [#41843](cilium/cilium#41843), Upstream PR [#41818](cilium/cilium#41818), [@aanm](https://github.com/aanm)) - .github/workflows: automatically add /test for renovate PRs (Backport PR [#41843](cilium/cilium#41843), Upstream PR [#41770](cilium/cilium#41770), [@aanm](https://github.com/aanm)) - .github/workflows: do not wait on linters form forks (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41822](cilium/cilium#41822), [@aanm](https://github.com/aanm)) - .github/workflows: remove reviewers requested by auto-committer\[bot] (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41759](cilium/cilium#41759), [@aanm](https://github.com/aanm)) - cli: Fix unreliable tests due to error emitted in Cilium logs "retrieving device lxc\*: Link not found" (Backport PR [#42200](cilium/cilium#42200), Upstream PR [#42146](cilium/cilium#42146), [@fristonio](https://github.com/fristonio)) - gha: Correct k8s version for f12-datapath-service-ns-misc (Backport PR [#41756](cilium/cilium#41756), Upstream PR [#41753](cilium/cilium#41753), [@sayboras](https://github.com/sayboras)) - ginkgo: add test ownership for ginkgo tests (Backport PR [#42055](cilium/cilium#42055), Upstream PR [#41950](cilium/cilium#41950), [@aanm](https://github.com/aanm)) - Streamline ci-multi-pool workflow (Backport PR [#41631](cilium/cilium#41631), Upstream PR [#40658](cilium/cilium#40658), [@pippolo84](https://github.com/pippolo84)) - workflows: fix GCP OIDC authentication's project ID ([#42173](cilium/cilium#42173), [@nbusseneau](https://github.com/nbusseneau)) **Misc Changes:** - .github/workflows: stop build CI images until base images are built (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41681](cilium/cilium#41681), [@aanm](https://github.com/aanm)) - agent: Add Cilium health config cell (Backport PR [#42055](cilium/cilium#42055), Upstream PR [#41627](cilium/cilium#41627), [@aditighag](https://github.com/aditighag)) - bpf/nat: Move `ipv6_nat_entry` to map (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41902](cilium/cilium#41902), [@pchaigno](https://github.com/pchaigno)) - bpf: hostfw: have from-host always pass the ipcache-based src identity (Backport PR [#42113](cilium/cilium#42113), Upstream PR [#42093](cilium/cilium#42093), [@julianwiedmann](https://github.com/julianwiedmann)) - bpf: Only send fillup signal to agent on ENOMEM error (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41864](cilium/cilium#41864), [@borkmann](https://github.com/borkmann)) - chore(deps): update all github action dependencies (v1.18) ([#41795](cilium/cilium#41795), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#41931](cilium/cilium#41931), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#42028](cilium/cilium#42028), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#42136](cilium/cilium#42136), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#42264](cilium/cilium#42264), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41716](cilium/cilium#41716), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#41793](cilium/cilium#41793), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#42035](cilium/cilium#42035), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#42116](cilium/cilium#42116), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/little-vm-helper to v0.0.27 (v1.18) ([#42263](cilium/cilium#42263), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency protocolbuffers/protobuf to v33 (v1.18) ([#42265](cilium/cilium#42265), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.7 docker digest to [`2c5f7a0`](cilium/cilium@2c5f7a0) (v1.18) ([#42026](cilium/cilium#42026), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.7 docker digest to [`87916ac`](cilium/cilium@87916ac) (v1.18) ([#41792](cilium/cilium#41792), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.9 docker digest to [`02ce1d7`](cilium/cilium@02ce1d7) (v1.18) ([#42253](cilium/cilium#42253), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.8 (v1.18) ([#42062](cilium/cilium#42062), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.9 (v1.18) ([#42166](cilium/cilium#42166), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.7-1759058812-49b096a457d6e7f6d650229cbf95c63d59759331 (v1.18) ([#41933](cilium/cilium#41933), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#41730](cilium/cilium#41730), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#41794](cilium/cilium#41794), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#41930](cilium/cilium#41930), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#42027](cilium/cilium#42027), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#42135](cilium/cilium#42135), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#42300](cilium/cilium#42300), [@cilium-renovate](https://github.com/cilium-renovate)\[bot]) - doc: add note on hostfw and ipsec interaction (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41810](cilium/cilium#41810), [@darox](https://github.com/darox)) - docs/dsr: Remove IPIP example configuration (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41701](cilium/cilium#41701), [@pchaigno](https://github.com/pchaigno)) - docs: Clarify list of capabilities in threat model (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41682](cilium/cilium#41682), [@joestringer](https://github.com/joestringer)) - docs: fix broken Chainguard SBOM link (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41719](cilium/cilium#41719), [@yashisrani](https://github.com/yashisrani)) - docs: remove stale kernel requirements (Backport PR [#42151](cilium/cilium#42151), Upstream PR [#42081](cilium/cilium#42081), [@julianwiedmann](https://github.com/julianwiedmann)) - docs: Update iproute2 compile steps in reference guide. (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41638](cilium/cilium#41638), [@dkanaliev](https://github.com/dkanaliev)) - endpoint: reduce missed-policy-update log severity for restoring eps (Backport PR [#42055](cilium/cilium#42055), Upstream PR [#41095](cilium/cilium#41095), [@fristonio](https://github.com/fristonio)) - endpointsynchronizer: suppress warning log when endpoint is terminating (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41755](cilium/cilium#41755), [@giorio94](https://github.com/giorio94)) - gateway-api: Fix incorrect `Owns` call in refactor (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41807](cilium/cilium#41807), [@youngnick](https://github.com/youngnick)) - hubble: allow overrrides if building from outside the tree (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41726](cilium/cilium#41726), [@tklauser](https://github.com/tklauser)) - ipsec: add support for using remote PodCIDR entries (Backport PR [#42073](cilium/cilium#42073), Upstream PR [#41519](cilium/cilium#41519), [@julianwiedmann](https://github.com/julianwiedmann)) - Make kubeProxyReplacement available in the reference and documentation (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41535](cilium/cilium#41535), [@liyihuang](https://github.com/liyihuang)) - redirectpolicy: Always OpenOrCreate SkipLB map to avoid loader race (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41707](cilium/cilium#41707), [@joamaki](https://github.com/joamaki)) - redirectpolicy: Fix comparison of BackendParams (Backport PR [#41848](cilium/cilium#41848), Upstream PR [#41705](cilium/cilium#41705), [@joamaki](https://github.com/joamaki)) - Remove kiam documentation from Local Redirect Policy (Backport PR [#41968](cilium/cilium#41968), Upstream PR [#41644](cilium/cilium#41644), [@liyihuang](https://github.com/liyihuang)) - Update `checkpatch` and `startup-script` image digest (Backport PR [#41828](cilium/cilium#41828), Upstream PR [#41710](cilium/cilium#41710), [@HadrienPatte](https://github.com/HadrienPatte)) **Other Changes:** - \[v1.18] gateway-api: Refactor Gateway API reconciler ([#41720](cilium/cilium#41720), [@youngnick](https://github.com/youngnick)) - \[v1.18] workflows/release: add secrets for step 4 and 5 ([#41733](cilium/cilium#41733), [@jrajahalme](https://github.com/jrajahalme)) - install: Update image digests for v1.18.2 ([#41722](cilium/cilium#41722), [@cilium-release-bot](https://github.com/cilium-release-bot)\[bot]) - proxy: Bump cilium-envoy to 1.34.10 ([#42251](cilium/cilium#42251), [@sayboras](https://github.com/sayboras)) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.18.3@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15` `quay.io/cilium/cilium:stable@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.18.3@sha256:0d15efc992a85003759232598bf05fb1a4cd3c9fa28fb96bee1789ffe27cc50d` `quay.io/cilium/clustermesh-apiserver:stable@sha256:0d15efc992a85003759232598bf05fb1a4cd3c9fa28fb96bee1789ffe27cc50d` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.18.3@sha256:996d9fa5747175b1806ce01dd90dc586a5f52a32b7da409937a1f42714827d67` `quay.io/cilium/docker-plugin:stable@sha256:996d9fa5747175b1806ce01dd90dc586a5f52a32b7da409937a1f42714827d67` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.18.3@sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3` `quay.io/cilium/hubble-relay:stable@sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.18.3@sha256:df8b6830ef0545199cffc5fb9fbf14c9dc8d92093b0e6355d8659705227f89ef` `quay.io/cilium/operator-alibabacloud:stable@sha256:df8b6830ef0545199cffc5fb9fbf14c9dc8d92093b0e6355d8659705227f89ef` ##### operator-aws `quay.io/cilium/operator-aws:v1.18.3@sha256:ef39d61183b3bdf0e235650461b6c4d9ec7aa5f61a6c770f33c47a6bc5165e24` `quay.io/cilium/operator-aws:stable@sha256:ef39d61183b3bdf0e235650461b6c4d9ec7aa5f61a6c770f33c47a6bc5165e24` ##### operator-azure `quay.io/cilium/operator-azure:v1.18.3@sha256:10a8a83ca6f0b02432c1ca0e67af98a48fdbefb684af44a399f58184ab174143` `quay.io/cilium/operator-azure:stable@sha256:10a8a83ca6f0b02432c1ca0e67af98a48fdbefb684af44a399f58184ab174143` ##### operator-generic `quay.io/cilium/operator-generic:v1.18.3@sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797` `quay.io/cilium/operator-generic:stable@sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797` ##### operator `quay.io/cilium/operator:v1.18.3@sha256:e350cea751afeae2f226a1bc275649c77a04a1e1ff50e61d782a371eae6fb2ff` `quay.io/cilium/operator:stable@sha256:e350cea751afeae2f226a1bc275649c77a04a1e1ff50e61d782a371eae6fb2ff` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).  Reviewed-on: https://kubara.git.onstackit.cloud/STACKIT/kubara/pulls/140

Dennor requested a review from a team as a code owner September 11, 2025 13:40

Dennor requested a review from giorio94 September 11, 2025 13:41

maintainer-s-little-helper Bot added the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Sep 11, 2025

github-actions Bot added the kind/community-contribution This was a contribution made by a community member. label Sep 11, 2025

giorio94 reviewed Sep 15, 2025

View reviewed changes

giorio94 added kind/bug This is a bug in the Cilium logic. release-note/bug This PR fixes an issue in a previous release of Cilium. needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Sep 15, 2025

maintainer-s-little-helper Bot removed dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. labels Sep 15, 2025

giorio94 added dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. area/agent Cilium agent related. labels Sep 15, 2025

maintainer-s-little-helper Bot removed the dont-merge/needs-release-note-label The author needs to describe the release impact of these changes. label Sep 15, 2025

Dennor force-pushed the main branch from add3b6e to 4cc0f42 Compare September 15, 2025 12:34

Dennor force-pushed the main branch from 4cc0f42 to 445a5c9 Compare September 27, 2025 10:18

Dennor force-pushed the main branch from 24bff42 to 23740a8 Compare October 2, 2025 09:46

giorio94 approved these changes Oct 3, 2025

View reviewed changes

giorio94 force-pushed the main branch from 23740a8 to e5b121e Compare October 3, 2025 09:34

giorio94 enabled auto-merge October 3, 2025 12:27

giorio94 force-pushed the main branch from e5b121e to 4cf18a3 Compare October 3, 2025 15:54

auto-merge was automatically disabled October 3, 2025 17:06
Head branch was pushed to by a user without write access

Dennor force-pushed the main branch 2 times, most recently from 408d63e to 5496e09 Compare October 3, 2025 17:18

Dennor force-pushed the main branch from 5496e09 to dd6aae1 Compare October 5, 2025 11:08

giorio94 enabled auto-merge October 6, 2025 09:05

giorio94 added this pull request to the merge queue Oct 6, 2025

maintainer-s-little-helper Bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Oct 6, 2025

Merged via the queue into cilium:main with commit 1b6b86a Oct 6, 2025
73 checks passed

tklauser mentioned this pull request Oct 7, 2025

v1.18 Backports 2025-10-07 #42055

Merged

4 tasks

tklauser added backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. and removed needs-backport/1.18 This PR / issue needs backporting to the v1.18 branch labels Oct 7, 2025

github-actions Bot added backport-done/1.18 The backport for Cilium 1.18.x for this PR is done. and removed backport-pending/1.18 The backport for Cilium 1.18.x for this PR is in progress. labels Oct 7, 2025

cilium-release-bot Bot added this to cilium v1.19.0 Feb 3, 2026

cilium-release-bot Bot moved this to Released in cilium v1.19.0 Feb 3, 2026

Conversation

Dennor commented Sep 11, 2025 • edited by giorio94 Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Dennor commented Sep 11, 2025

Uh oh!

giorio94 left a comment • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Dennor commented Sep 15, 2025

Uh oh!

Dennor commented Sep 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

giorio94 commented Sep 15, 2025

Uh oh!

Dennor commented Sep 27, 2025

Uh oh!

giorio94 commented Sep 29, 2025

Uh oh!

giorio94 commented Oct 3, 2025

Uh oh!

giorio94 commented Oct 3, 2025

Uh oh!

giorio94 commented Oct 3, 2025

Uh oh!

giorio94 commented Oct 3, 2025

Uh oh!

Dennor commented Oct 3, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

giorio94 commented Oct 6, 2025

Uh oh!

giorio94 commented Oct 6, 2025

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Dennor commented Sep 11, 2025 •

edited by giorio94

Loading

giorio94 left a comment •

edited

Loading

Dennor commented Sep 15, 2025 •

edited

Loading

Dennor commented Oct 3, 2025 •

edited

Loading