Merged
Conversation
This was referenced Sep 22, 2025
Member
Author
|
/test |
Member
Author
|
@bersoare I see that ci-integration is failing consistently on |
pchaigno
approved these changes
Sep 22, 2025
aanm
approved these changes
Sep 23, 2025
Member
aanm
left a comment
There was a problem hiding this comment.
LGTM thank you. @pippolo84 can we add #41822 as well since it fixes a change made by #41681?
giorio94
approved these changes
Sep 23, 2025
Member
giorio94
left a comment
There was a problem hiding this comment.
My commit looks good, thanks!
tklauser
approved these changes
Sep 23, 2025
Member
tklauser
left a comment
There was a problem hiding this comment.
Looks good for my change, thanks!
joamaki
approved these changes
Sep 23, 2025
HadrienPatte
approved these changes
Sep 23, 2025
yushoyamaguchi
approved these changes
Sep 25, 2025
[ upstream commit ec09a3a ] This GH action is missing some extraEnv that we should run in our CI. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit c6823a3 ] we stored the port name in the frontend mapping struct, but we didn't add it to the frontend params. if we have this type of lrp apiVersion: "cilium.io/v2" kind: CiliumLocalRedirectPolicy metadata: name: "lrp-addr" spec: redirectFrontend: addressMatcher: ip: "169.254.169.254" toPorts: - port: "8080" name: "test" protocol: TCP - port: "8081" name: "test1" protocol: TCP redirectBackend: localEndpointSelector: matchLabels: app: proxy toPorts: - port: "80" name: "test" protocol: TCP - port: "81" name: "test1" protocol: TCP and pod apiVersion: v1 kind: Pod metadata: name: lrp-pod labels: app: proxy spec: containers: - name: lrp-pod image: nginx ports: - containerPort: 80 name: test protocol: TCP - containerPort: 81 name: test1 protocol: TCP we will end up with 6 169.254.169.254:8080/TCP LocalRedirect 1 => 10.244.1.75:80/TCP (active) 2 => 10.244.1.75:81/TCP (active) 7 169.254.169.254:8081/TCP LocalRedirect 1 => 10.244.1.75:80/TCP (active) 2 => 10.244.1.75:81/TCP (active) with this PR, we will get the correct backend 8 169.254.169.254:8080/TCP LocalRedirect 1 => 10.244.1.30:80/TCP (active) 9 169.254.169.254:8081/TCP LocalRedirect 1 => 10.244.1.30:81/TCP (active) Signed-off-by: Liyi Huang <liyi.huang@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit bbac9d0 ] Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit a3e1f8f ] `n.k8sObj.Spec.ENI.SubnetIDs` is read from custom CNI config where `for _, subnetID := range n.k8sObj.Spec.ENI.SubnetIDs` should read all subnets in the route table with the node's subnet. Here is the example of the ENI spec block where the `SubnetIDs` is empty. ``` eni: availability-zone: us-east-1d disable-prefix-delegation: false first-interface-index: 0 instance-type: m5.large node-subnet-id: subnet-0a8316618efd8ca86 use-primary-address: false vpc-id: vpc-0101a04a3c189edb5 ``` Signed-off-by: Liyi Huang <liyi.huang@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit fcac566 ] This IPIP example for the DSR dispatch isn't enough to have IPIP work. It can create confusion as readers assume it's sufficient to make it work. So let's remove until we have a proper full example of how IPIP DSR dispatch might work. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 3642fc4 ] This PR does the same thing as #41360. The initial issue has been resolved with cilium/image-tools#386 but other PRs (cilium/image-tools#387 and cilium/image-tools#383) have been merged before the fix PR, causing the issue to happen again. Signed-off-by: Hadrien Patte <hadrien.patte@datadoghq.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 99a6c65 ] The desired-skiplbs table may not have been correctly marked initialized in cases where multiple initializers to the frontends table existed. This would've prevented the skiplbmap from being pruned by the reconciler. Fix is easy: keep the 'initWatches' non-nil until we've marked the table initialized. Signed-off-by: Jussi Maki <jussi@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 406f3dd ] Add dependency on lint-images-base workflow completion before building CI images. This prevents wasting CI resources by ensuring base image validation succeeds before proceeding with expensive image builds. Uses a reusable workflow (wait-for-status-check.yaml) that leverages the GitHub CLI to poll for lint workflow completion, avoiding unnecessary resource consumption when base image checks fail. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit b02aaad ] After commit 9695b59 ("Support triggering Makefiles from outside the tree"), the overrides to the hubble build are no longer considered if hubble is built from outside the tree. Fix that by sourcing Makefile.override from $(CURR_DIR), like other includes Makefiles. Fixes: 9695b59 ("Support triggering Makefiles from outside the tree") Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit a711b8b ] This list is not intended to be comprehensive, but some of these other Linux capabilities also introduce some of the STRIDE threats described in the section below. Add them to clarify how these capabilities are treated in the threat model. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 88fdc2f ] Adding config for websocket upgrades allows Envoy HTTP filter to pass-through websocket upgrades, while having no effect on non-websocket connections. Fixes: #11672 Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 92ec20b ] When deleting services that have an IP assigned from a LoadBalancerIPPool, the cilium.io/IPsUsed condition is not decremented properly. This commit adds a test for this behaviour. Additionally, when shrinking an IP pool, the IPsAvailable condition is not decremented properly. Both issues have the same root cause of setPoolCondition() being chained with ||, leading to short-circuit execution of only the conditions up to the first "true" return. Signed-off-by: alimehrabikoshki <79400736+alimehrabikoshki@users.noreply.github.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit ea3dbb8 ] [ Quentin: squashed and rebased commits ] Signed-off-by: Yash Israni <yashisrani52@gmail.com> Signed-off-by: Quentin Monnet <qmo@qmon.net> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 6f2e1f0 ] The auto-committer[bot] triggers review requests when it builds and pushes the images into the PR. To prevent more notification noise for those reviewers, and if the ciliumbot is going to approve the PR, we should remove the reviewers from that PR automatically. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 587027d ] We sometimes see CI failures caused by warnings along the lines of: > msg="Error getting CEP" [...] error="Get \"https://10.245.0.1:443/apis/cilium.io/v2/namespaces/.../ciliumendpoints/...?resourceVersion=0\": context canceled" In case the get operation gets interrupted because the endpoint is terminating, and the controller's context gets canceled. Let's silence them, as completely legitimate, so that they don't get flagged causing failures. Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit c8d05c9 ] The calculation of the L3 checksum (IP checksum) does not depend on changes to the L4 header or payload, so it should be performed before processing the L4 header. The `snat_v4_rewrite_headers()` function also rewrites the headers of the inner packet contained in the payload of an ICMP error packet. #33844 #40194 As mentioned in above issue/PR, nodes that comply with the RFC1191 may send ICMP error packets where the inner packet’s TCP header is truncated and does not include the checksum. In such cases, the L4 checksum (in the TCP header) of the inner packet cannot be recalculated. In this case, `snat_v4_rewrite_headers()` returns an error by early-return, and the L3 checksum update is skipped, but the packets are not dropped by error handling by the code of above PR. (ref: 30a6dd2) According to the RFC, if the inner packet’s IP header checksum is invalid, the packet should be dropped. ref: REQ3-a of https://datatracker.ietf.org/doc/html/rfc5508#section-4.1 To prevent this, this commit ensures that the L4 checksum update is always performed. Signed-off-by: Yusho Yamaguchi <ysh.824@outlook.jp> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
…anges [ upstream commit 50bbaab ] The changes in question were introduced in https://lkml.org/lkml/2018/6/8/425 namely the removal of the net-next branch in iproute2, and moving towards an iproute2-next repository Signed-off-by: Dimitar Kanaliev <dimitar.kanaliev@siteground.com> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
[ upstream commit 2884a09 ] Fork PRs cannot update base images and require explicit approval for first-time contributors. Waiting for base image updates in these cases breaks the CI build process unnecessarily. Skip the wait-for-base-images job when PRs are opened from forks to allow the build process to proceed normally. Fixes: 406f3dd (".github/workflows: stop build CI images until base images are built") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Fabio Falzoi <fabio.falzoi@isovalent.com>
8c6eee5 to
7091435
Compare
Member
Author
Skipped for now, thanks for the help! 🙏 |
Member
Author
|
/test |
Member
Author
|
@jrajahalme can you please take a quick look? Thanks in advance! 🙏 |
schwarlex
pushed a commit
to la-demos/vcluster-workshop-prep
that referenced
this pull request
Feb 11, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | patch | `1.18.2` -> `1.18.3` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.18.3`](https://github.com/cilium/cilium/releases/tag/v1.18.3): 1.18.3 [Compare Source](cilium/cilium@1.18.2...1.18.3) ## Summary of Changes :information\_source: The images in this release were signed with cosign v3. Please use cosign v3 tooling to validate signatures with the following command syntax: ``` cosign verify --certificate-github-workflow-repository cilium/cilium --certificate-oidc-issuer https://token.actions.githubusercontent.com --certificate-github-workflow-name 'Image Release Build' --certificate-github-workflow-ref refs/tags/v1.18.3 --certificate-identity https://github.com/cilium/cilium/.github/workflows/build-images-releases.yaml@refs/tags/v1.18.3 quay.io/cilium/operator-aws:v1.18.3 | jq -r '.[].critical.image' ``` **Minor Changes:** - Fix a complexity issue for the bpf\_xdp program (Backport PR [#​42198](cilium/cilium#42198), Upstream PR [#​42193](cilium/cilium#42193), [@​aspsk](https://github.com/aspsk)) - hubble: mark kafka l7 visibility as deprecated (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41072](cilium/cilium#41072), [@​kaworu](https://github.com/kaworu)) **Bugfixes:** - add the port name for address based LRP so frontend can pick the right backend (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41602](cilium/cilium#41602), [@​liyihuang](https://github.com/liyihuang)) - Avoid scenario where ENI device configuration can be skipped. (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41760](cilium/cilium#41760), [@​jasonaliyetti](https://github.com/jasonaliyetti)) - Cilium now configures Envoy to allow websocket connections to be passed through with HTTP policies. (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41729](cilium/cilium#41729), [@​jrajahalme](https://github.com/jrajahalme)) - Fix a bug that was preventing Cilium to delete stale pod CIDRs routes when changing routing mode to native (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41819](cilium/cilium#41819), [@​pippolo84](https://github.com/pippolo84)) - Fix a fatal error when accessing multicast map using cilium-dbg bpf multicast (Backport PR [#​42151](cilium/cilium#42151), Upstream PR [#​42080](cilium/cilium#42080), [@​tklauser](https://github.com/tklauser)) - Fix BGP auto discovery not sending community info (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41920](cilium/cilium#41920), [@​jiashengz](https://github.com/jiashengz)) - Fix bug in ENI routing where Cilium would chose the wrong subnet for routing traffic on secondary interfaces (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​40860](cilium/cilium#40860), [@​liyihuang](https://github.com/liyihuang)) - Fix bug that could cause ICMP error packets to have an incorrect inner IP checksum when KPR is enabled. (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41551](cilium/cilium#41551), [@​yushoyamaguchi](https://github.com/yushoyamaguchi)) - Fix bug with delegated IPAM where IPv6 traffic was routed via the wrong interface (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41598](cilium/cilium#41598), [@​NihaNallappagari](https://github.com/NihaNallappagari)) - Fix failing node health check on dual stack cluster if NodeInternalIPs are not configured for both families. (Backport PR [#​42055](cilium/cilium#42055), Upstream PR [#​41633](cilium/cilium#41633), [@​Dennor](https://github.com/Dennor)) - Fix increase in memory usage when service names are looked up at high rate during Hubble flow creation (Backport PR [#​42151](cilium/cilium#42151), Upstream PR [#​41965](cilium/cilium#41965), [@​joamaki](https://github.com/joamaki)) - Fix panic at startup in IPsec subsystem with Multi-Pool IPAM mode ([#​41725](cilium/cilium#41725), [@​pippolo84](https://github.com/pippolo84)) - Fix race condition preventing the skiplbmap BPF map from sometimes being pruned after restart. (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41529](cilium/cilium#41529), [@​joamaki](https://github.com/joamaki)) - Fixes a rare bug where endpoints may have incomplete policies in large clusters. (Backport PR [#​42151](cilium/cilium#42151), Upstream PR [#​42049](cilium/cilium#42049), [@​squeed](https://github.com/squeed)) - hostfw: also exclude non-transparent proxy traffic when BPF masq is enabled (Backport PR [#​41989](cilium/cilium#41989), Upstream PR [#​41915](cilium/cilium#41915), [@​julianwiedmann](https://github.com/julianwiedmann)) - Ignore expected error in neighbor reconciliation (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41815](cilium/cilium#41815), [@​dylandreimerink](https://github.com/dylandreimerink)) - loadbalancer: allow HostPort for multiple protos on same port (Backport PR [#​41913](cilium/cilium#41913), Upstream PR [#​41521](cilium/cilium#41521), [@​bersoare](https://github.com/bersoare)) - operator/pkg/lbipam: fix LoadBalancerIPPool conditions update logic (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41322](cilium/cilium#41322), [@​alimehrabikoshki](https://github.com/alimehrabikoshki)) **CI Changes:** - .actions/cilium-config: add missing extraEnv in GH action (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41420](cilium/cilium#41420), [@​aanm](https://github.com/aanm)) - .github/workflows: add variable for renovate bot username (Backport PR [#​41843](cilium/cilium#41843), Upstream PR [#​41818](cilium/cilium#41818), [@​aanm](https://github.com/aanm)) - .github/workflows: automatically add /test for renovate PRs (Backport PR [#​41843](cilium/cilium#41843), Upstream PR [#​41770](cilium/cilium#41770), [@​aanm](https://github.com/aanm)) - .github/workflows: do not wait on linters form forks (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41822](cilium/cilium#41822), [@​aanm](https://github.com/aanm)) - .github/workflows: remove reviewers requested by auto-committer\[bot] (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41759](cilium/cilium#41759), [@​aanm](https://github.com/aanm)) - cli: Fix unreliable tests due to error emitted in Cilium logs "retrieving device lxc\*: Link not found" (Backport PR [#​42200](cilium/cilium#42200), Upstream PR [#​42146](cilium/cilium#42146), [@​fristonio](https://github.com/fristonio)) - gha: Correct k8s version for f12-datapath-service-ns-misc (Backport PR [#​41756](cilium/cilium#41756), Upstream PR [#​41753](cilium/cilium#41753), [@​sayboras](https://github.com/sayboras)) - ginkgo: add test ownership for ginkgo tests (Backport PR [#​42055](cilium/cilium#42055), Upstream PR [#​41950](cilium/cilium#41950), [@​aanm](https://github.com/aanm)) - Streamline ci-multi-pool workflow (Backport PR [#​41631](cilium/cilium#41631), Upstream PR [#​40658](cilium/cilium#40658), [@​pippolo84](https://github.com/pippolo84)) - workflows: fix GCP OIDC authentication's project ID ([#​42173](cilium/cilium#42173), [@​nbusseneau](https://github.com/nbusseneau)) **Misc Changes:** - .github/workflows: stop build CI images until base images are built (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41681](cilium/cilium#41681), [@​aanm](https://github.com/aanm)) - agent: Add Cilium health config cell (Backport PR [#​42055](cilium/cilium#42055), Upstream PR [#​41627](cilium/cilium#41627), [@​aditighag](https://github.com/aditighag)) - bpf/nat: Move `ipv6_nat_entry` to map (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41902](cilium/cilium#41902), [@​pchaigno](https://github.com/pchaigno)) - bpf: hostfw: have from-host always pass the ipcache-based src identity (Backport PR [#​42113](cilium/cilium#42113), Upstream PR [#​42093](cilium/cilium#42093), [@​julianwiedmann](https://github.com/julianwiedmann)) - bpf: Only send fillup signal to agent on ENOMEM error (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41864](cilium/cilium#41864), [@​borkmann](https://github.com/borkmann)) - chore(deps): update all github action dependencies (v1.18) ([#​41795](cilium/cilium#41795), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​41931](cilium/cilium#41931), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​42028](cilium/cilium#42028), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​42136](cilium/cilium#42136), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​42264](cilium/cilium#42264), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#​41716](cilium/cilium#41716), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#​41793](cilium/cilium#41793), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#​42035](cilium/cilium#42035), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#​42116](cilium/cilium#42116), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/little-vm-helper to v0.0.27 (v1.18) ([#​42263](cilium/cilium#42263), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency protocolbuffers/protobuf to v33 (v1.18) ([#​42265](cilium/cilium#42265), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.7 docker digest to [`2c5f7a0`](cilium/cilium@2c5f7a0) (v1.18) ([#​42026](cilium/cilium#42026), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.7 docker digest to [`87916ac`](cilium/cilium@87916ac) (v1.18) ([#​41792](cilium/cilium#41792), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.9 docker digest to [`02ce1d7`](cilium/cilium@02ce1d7) (v1.18) ([#​42253](cilium/cilium#42253), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.8 (v1.18) ([#​42062](cilium/cilium#42062), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.9 (v1.18) ([#​42166](cilium/cilium#42166), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.7-1759058812-49b096a457d6e7f6d650229cbf95c63d59759331 (v1.18) ([#​41933](cilium/cilium#41933), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​41730](cilium/cilium#41730), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​41794](cilium/cilium#41794), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​41930](cilium/cilium#41930), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​42027](cilium/cilium#42027), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​42135](cilium/cilium#42135), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​42300](cilium/cilium#42300), [@​cilium-renovate](https://github.com/cilium-renovate)\[bot]) - doc: add note on hostfw and ipsec interaction (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41810](cilium/cilium#41810), [@​darox](https://github.com/darox)) - docs/dsr: Remove IPIP example configuration (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41701](cilium/cilium#41701), [@​pchaigno](https://github.com/pchaigno)) - docs: Clarify list of capabilities in threat model (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41682](cilium/cilium#41682), [@​joestringer](https://github.com/joestringer)) - docs: fix broken Chainguard SBOM link (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41719](cilium/cilium#41719), [@​yashisrani](https://github.com/yashisrani)) - docs: remove stale kernel requirements (Backport PR [#​42151](cilium/cilium#42151), Upstream PR [#​42081](cilium/cilium#42081), [@​julianwiedmann](https://github.com/julianwiedmann)) - docs: Update iproute2 compile steps in reference guide. (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41638](cilium/cilium#41638), [@​dkanaliev](https://github.com/dkanaliev)) - endpoint: reduce missed-policy-update log severity for restoring eps (Backport PR [#​42055](cilium/cilium#42055), Upstream PR [#​41095](cilium/cilium#41095), [@​fristonio](https://github.com/fristonio)) - endpointsynchronizer: suppress warning log when endpoint is terminating (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41755](cilium/cilium#41755), [@​giorio94](https://github.com/giorio94)) - gateway-api: Fix incorrect `Owns` call in refactor (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41807](cilium/cilium#41807), [@​youngnick](https://github.com/youngnick)) - hubble: allow overrrides if building from outside the tree (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41726](cilium/cilium#41726), [@​tklauser](https://github.com/tklauser)) - ipsec: add support for using remote PodCIDR entries (Backport PR [#​42073](cilium/cilium#42073), Upstream PR [#​41519](cilium/cilium#41519), [@​julianwiedmann](https://github.com/julianwiedmann)) - Make kubeProxyReplacement available in the reference and documentation (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41535](cilium/cilium#41535), [@​liyihuang](https://github.com/liyihuang)) - redirectpolicy: Always OpenOrCreate SkipLB map to avoid loader race (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41707](cilium/cilium#41707), [@​joamaki](https://github.com/joamaki)) - redirectpolicy: Fix comparison of BackendParams (Backport PR [#​41848](cilium/cilium#41848), Upstream PR [#​41705](cilium/cilium#41705), [@​joamaki](https://github.com/joamaki)) - Remove kiam documentation from Local Redirect Policy (Backport PR [#​41968](cilium/cilium#41968), Upstream PR [#​41644](cilium/cilium#41644), [@​liyihuang](https://github.com/liyihuang)) - Update `checkpatch` and `startup-script` image digest (Backport PR [#​41828](cilium/cilium#41828), Upstream PR [#​41710](cilium/cilium#41710), [@​HadrienPatte](https://github.com/HadrienPatte)) **Other Changes:** - \[v1.18] gateway-api: Refactor Gateway API reconciler ([#​41720](cilium/cilium#41720), [@​youngnick](https://github.com/youngnick)) - \[v1.18] workflows/release: add secrets for step 4 and 5 ([#​41733](cilium/cilium#41733), [@​jrajahalme](https://github.com/jrajahalme)) - install: Update image digests for v1.18.2 ([#​41722](cilium/cilium#41722), [@​cilium-release-bot](https://github.com/cilium-release-bot)\[bot]) - proxy: Bump cilium-envoy to 1.34.10 ([#​42251](cilium/cilium#42251), [@​sayboras](https://github.com/sayboras)) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.18.3@​sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15` `quay.io/cilium/cilium:stable@sha256:5649db451c88d928ea585514746d50d91e6210801b300c897283ea319d68de15` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.18.3@​sha256:0d15efc992a85003759232598bf05fb1a4cd3c9fa28fb96bee1789ffe27cc50d` `quay.io/cilium/clustermesh-apiserver:stable@sha256:0d15efc992a85003759232598bf05fb1a4cd3c9fa28fb96bee1789ffe27cc50d` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.18.3@​sha256:996d9fa5747175b1806ce01dd90dc586a5f52a32b7da409937a1f42714827d67` `quay.io/cilium/docker-plugin:stable@sha256:996d9fa5747175b1806ce01dd90dc586a5f52a32b7da409937a1f42714827d67` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.18.3@​sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3` `quay.io/cilium/hubble-relay:stable@sha256:e53e00c47fe4ffb9c086bad0c1c77f23cb968be4385881160683d9e15aa34dc3` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.18.3@​sha256:df8b6830ef0545199cffc5fb9fbf14c9dc8d92093b0e6355d8659705227f89ef` `quay.io/cilium/operator-alibabacloud:stable@sha256:df8b6830ef0545199cffc5fb9fbf14c9dc8d92093b0e6355d8659705227f89ef` ##### operator-aws `quay.io/cilium/operator-aws:v1.18.3@​sha256:ef39d61183b3bdf0e235650461b6c4d9ec7aa5f61a6c770f33c47a6bc5165e24` `quay.io/cilium/operator-aws:stable@sha256:ef39d61183b3bdf0e235650461b6c4d9ec7aa5f61a6c770f33c47a6bc5165e24` ##### operator-azure `quay.io/cilium/operator-azure:v1.18.3@​sha256:10a8a83ca6f0b02432c1ca0e67af98a48fdbefb684af44a399f58184ab174143` `quay.io/cilium/operator-azure:stable@sha256:10a8a83ca6f0b02432c1ca0e67af98a48fdbefb684af44a399f58184ab174143` ##### operator-generic `quay.io/cilium/operator-generic:v1.18.3@​sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797` `quay.io/cilium/operator-generic:stable@sha256:b5a0138e1a38e4437c5215257ff4e35373619501f4877dbaf92c89ecfad81797` ##### operator `quay.io/cilium/operator:v1.18.3@​sha256:e350cea751afeae2f226a1bc275649c77a04a1e1ff50e61d782a371eae6fb2ff` `quay.io/cilium/operator:stable@sha256:e350cea751afeae2f226a1bc275649c77a04a1e1ff50e61d782a371eae6fb2ff` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTguMyIsInVwZGF0ZWRJblZlciI6IjQxLjE1OS4zIiwidGFyZ2V0QnJhbmNoIjoibWFzdGVyIiwibGFiZWxzIjpbXX0=--> Reviewed-on: https://kubara.git.onstackit.cloud/STACKIT/kubara/pulls/140
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
17 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
checkpatchandstartup-scriptimage digest #41710 (@HadrienPatte)PRs skipped due to conflicts:
Once this PR is merged, a GitHub action will update the labels of these PRs: