fix(helm): update cilium ( 1.16.5 → 1.16.6 ) #1840

renovate · 2025-01-22T05:01:10Z

This PR contains the following updates:

Package	Update	Change
cilium (source)	patch	`1.16.5` -> `1.16.6`

Release Notes

cilium/cilium (cilium)

`v1.16.6`: 1.16.6

Compare Source

Summary of Changes

Major Changes:

Add feature tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #35852, @aanm)
Add feature tracking in Cilium Operator as prometheus metrics (Backport PR #36263, Upstream PR #36077, @aanm)

Minor Changes:

envoy: Use yaml format for bootstrap config (Backport PR #36782, Upstream PR #36820, @sayboras)
Reject CNP/CCNP with CIDR rules where CIDRGroupRef is used in combination with ExceptCIDRs (#36561, @pippolo84)
service: Cap number of backends included in monitor message (Backport PR #36635, Upstream PR #36394, @joamaki)

Bugfixes:

cilium: LB source ranges fixes (Backport PR #36635, Upstream PR #36517, @borkmann)
eni.subnetTagsFilter and eni.instanceTagsFilter are now templated to comma separated string (Backport PR #36872, Upstream PR #36617, @sderoe)
envoy: Configure internal address config based on IP family (Backport PR #36782, Upstream PR #36733, @sayboras)
Fix connectivity issue caused by stale cilium eBPF program when using --bpf-filter-priority (Backport PR #36635, Upstream PR #36176, @tamilmani1989)
metrics/features: remove reporting metrics' defaults by default (Backport PR #36263, Upstream PR #36298, @aanm)
pkg/redirectpolicy: Fix backend slices in processConfig (Backport PR #36872, Upstream PR #35496, @Sm0ckingBird)
ui: drop CORS headers from api response (Backport PR #36872, Upstream PR #35762, @geakstr)

CI Changes:

[v1.16] .github: Remove CI Fuzz workflow (#36641, @joestringer)
[v1.16] gh: e2e-upgrade: use 6.12 kernel for netkit test configs (#36620, @julianwiedmann)
[v1.16] gha: use /test to trigger tests in stable branches (#36673, @giorio94)
ci: fix job names for various ci workflows (Backport PR #36263, Upstream PR #36397, @marseel)
Extend the check-ipsec-leak bpftrace script to capture additional details of leaked packets (Backport PR #36872, Upstream PR #33398, @giorio94)
gh: e2e-upgrade: add coverage for 6.6 kernel (Backport PR #36988, Upstream PR #36626, @julianwiedmann)
gh: e2e-upgrade: de-renovate the config example (Backport PR #36635, Upstream PR #36463, @julianwiedmann)
gha: drop leftover token parameter in net-perf-gke workflow (#36684, @giorio94)
gha: fix merging of features-related artifacts (#36665, @giorio94)
gha: merge artifacts in net-perf-gke workflow (Backport PR #36263, Upstream PR #36236, @giorio94)
gha: Use ubuntu-24.04 for integration-test (Backport PR #36659, Upstream PR #36628, @sayboras)

Misc Changes:

.github/workflows: always install cilium-cli (Backport PR #36263, Upstream PR #36234, @aanm)
.github/workflows: do not fail ginkgo if unable to fetch features (Backport PR #36263, Upstream PR #36461, @aanm)
.github: fix conformance-k8s NP test (Backport PR #36263, Upstream PR #36355, @aanm)
[v1.16] Use bash syntax to consume env variable (#36636, @ferozsalam)
Add more features tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #36078, @aanm)
Add policy-related features tracking in Cilium agent as prometheus metrics (Backport PR #36263, Upstream PR #36203, @aanm)
Add the tls:// prefix in the Hubble TLS doc (Backport PR #36635, Upstream PR #36410, @liyihuang)
chore(deps): update all github action dependencies (v1.16) (#36612, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36762, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#36950, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#37099, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (patch) (#36760, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36707, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36787, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#36949, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#37033, @cilium-renovate[bot])
chore(deps): update dependency cilium/cilium-cli to v0.16.23 (v1.16) (#36895, @cilium-renovate[bot])
chore(deps): update docker.io/library/busybox:1.36.1 docker digest to 7c3c3ce (v1.16) (#36609, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.10 docker digest to 1a6e657 (v1.16) (#36850, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.10 docker digest to 9855006 (v1.16) (#36610, @cilium-renovate[bot])
chore(deps): update go to v1.22.11 (v1.16) (#37045, @cilium-renovate[bot])
chore(deps): update helm/kind-action action to v1.12.0 (v1.16) (#36839, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#36611, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#36699, @cilium-renovate[bot])
doc: fix typo on kubeproxy-free (CEV -> CVE) (Backport PR #36872, Upstream PR #36701, @alagoutte)
docs: Add missing default identity label in the description of identity-relevant labels' example (Backport PR #36635, Upstream PR #36558, @liyihuang)
docs: Clarify the behavior of CiliumNetworkPolicies toCIDRSet (Backport PR #36635, Upstream PR #36549, @verysonglaa)
Ensure debug symbols are generated for the debug image even when stripping symbols for the release image. (Backport PR #36635, Upstream PR #36417, @EricMountain)
Fix make -C Documentation update-cmdref when make uses --jobserver-style=fifo. (Backport PR #36872, Upstream PR #36788, @gentoo-root)
fix(deps): update module golang.org/x/net to v0.33.0 [security] (v1.16) (#36711, @cilium-renovate[bot])
ingress, gateway-api: Convert test fixtures to file based (Backport PR #36782, Upstream PR #36732, @sayboras)
metrics/features: enable ClusterMesh (Backport PR #36263, Upstream PR #36402, @aanm)
metrics/features: refactor metric names (Backport PR #36263, Upstream PR #36209, @aanm)
Prepare for release v1.16.6 (#36989, @cilium-release-bot[bot])
Remove reference to DNS polling (Backport PR #36872, Upstream PR #36679, @JacobHenner)

Other Changes:

[v1.16] author backport: helm: avoid setting bpf-lb-sock-terminate-pod-connections (#36650, @ysksuzuki)
install: Update image digests for v1.16.5 (#36671, @cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
quay.io/cilium/cilium:stable@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.6@sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a
quay.io/cilium/clustermesh-apiserver:stable@sha256:ab2070ea48a52a55d961b81b7b5fbac7d40a3f428be9b1b6b9071d47f194456a

docker-plugin

quay.io/cilium/docker-plugin:v1.16.6@sha256:f8f5833a60900b0264fd8982b11329e130c1a326afe2e4653e9f2d2e3fb2af66
quay.io/cilium/docker-plugin:stable@sha256:f8f5833a60900b0264fd8982b11329e130c1a326afe2e4653e9f2d2e3fb2af66

hubble-relay

quay.io/cilium/hubble-relay:v1.16.6@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b
quay.io/cilium/hubble-relay:stable@sha256:ca8dcaa5a81a37743b1397ba2221d16d5d63e4a47607584f1bf50a3b0882bf3b

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.6@sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9
quay.io/cilium/operator-alibabacloud:stable@sha256:0e3c7fbcb6bde9a247cd2dd3d25230e2859d40d2eb58aba6265a2aab216775a9

operator-aws

quay.io/cilium/operator-aws:v1.16.6@sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d
quay.io/cilium/operator-aws:stable@sha256:d11ee1cfa3465defe2df7ec1c6e8a77bcaf280b44d2c61aa7496c58b29550f6d

operator-azure

quay.io/cilium/operator-azure:v1.16.6@sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd
quay.io/cilium/operator-azure:stable@sha256:0a05d7aea760923897aabd715213ab11a706051673d41fab3874a37f897c1bdd

operator-generic

quay.io/cilium/operator-generic:v1.16.6@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc
quay.io/cilium/operator-generic:stable@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc

operator

quay.io/cilium/operator:v1.16.6@sha256:09ab2878e103fa32a00fd1fe4469f7042cfb053627b44c82fa03a04a820c0b46
quay.io/cilium/operator:stable@sha256:09ab2878e103fa32a00fd1fe4469f7042cfb053627b44c82fa03a04a820c0b46

Configuration

📅 Schedule: Branch creation - "on monday,on wednesday,on friday" in timezone Europe/Berlin, Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

github-actions · 2025-01-22T05:01:49Z

`kustomization` changes in `kubernetes/main`

--- kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

+++ kubernetes/main/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium

@@ -13,13 +13,13 @@

     spec:
       chart: cilium
       sourceRef:
         kind: HelmRepository
         name: cilium
         namespace: flux-system
-      version: 1.16.5
+      version: 1.16.6
   install:
     remediation:
       retries: 3
   interval: 2h
   maxHistory: 2
   uninstall:

github-actions · 2025-01-22T05:01:51Z

`helmrelease` changes in `kubernetes/main`

--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config

@@ -55,13 +55,12 @@

   ipv4-native-routing-cidr: 10.42.0.0/16
   enable-runtime-device-detection: 'true'
   kube-proxy-replacement: 'true'
   kube-proxy-replacement-healthz-bind-address: 0.0.0.0:10256
   bpf-lb-sock: 'false'
   bpf-lb-sock-hostns-only: 'true'
-  bpf-lb-sock-terminate-pod-connections: 'false'
   nodeport-addresses: ''
   enable-health-check-nodeport: 'true'
   enable-health-check-loadbalancer-ip: 'false'
   node-port-bind-protection: 'true'
   enable-auto-protect-node-port-range: 'true'
   bpf-lb-mode: dsr
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config

@@ -3,373 +3,8 @@

 kind: ConfigMap
 metadata:
   name: cilium-envoy-config
   namespace: kube-system
 data:
   bootstrap-config.json: |
-    {
-      "node": {
-        "id": "host~127.0.0.1~no-id~localdomain",
-        "cluster": "ingress-cluster"
-      },
-      "staticResources": {
-        "listeners": [
-          {
-            "name": "envoy-prometheus-metrics-listener",
-            "address": {
-              "socket_address": {
-                "address": "0.0.0.0",
-                "port_value": 9964
-              }
-            },
-            "filter_chains": [
-              {
-                "filters": [
-                  {
-                    "name": "envoy.filters.network.http_connection_manager",
-                    "typed_config": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                      "stat_prefix": "envoy-prometheus-metrics-listener",
-                      "route_config": {
-                        "virtual_hosts": [
-                          {
-                            "name": "prometheus_metrics_route",
-                            "domains": [
-                              "*"
-                            ],
-                            "routes": [
-                              {
-                                "name": "prometheus_metrics_route",
-                                "match": {
-                                  "prefix": "/metrics"
-                                },
-                                "route": {
-                                  "cluster": "/envoy-admin",
-                                  "prefix_rewrite": "/stats/prometheus"
-                                }
-                              }
-                            ]
-                          }
-                        ]
-                      },
-                      "http_filters": [
-                        {
-                          "name": "envoy.filters.http.router",
-                          "typed_config": {
-                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                          }
-                        }
-                      ],
-                      "internal_address_config": {
-                        "cidr_ranges": [
-                          {
-                            "address_prefix": "10.0.0.0",
-                            "prefix_len": 8
-                          },
-                          {
-                            "address_prefix": "172.16.0.0",
-                            "prefix_len": 12
-                          },
-                          {
-                            "address_prefix": "192.168.0.0",
-                            "prefix_len": 16
-                          },
-                          {
-                            "address_prefix": "127.0.0.1",
-                            "prefix_len": 32
-                          },
-                          {
-                            "address_prefix": "::1",
-                            "prefix_len": 128
-                          }
-                        ]
-                      },
-                      "stream_idle_timeout": "0s"
-                    }
-                  }
-                ]
-              }
-            ]
-          },
-          {
-            "name": "envoy-health-listener",
-            "address": {
-              "socket_address": {
-                "address": "127.0.0.1",
-                "port_value": 9878
-              }
-            },
-            "filter_chains": [
-              {
-                "filters": [
-                  {
-                    "name": "envoy.filters.network.http_connection_manager",
-                    "typed_config": {
-                      "@type": "type.googleapis.com/envoy.extensions.filters.network.http_connection_manager.v3.HttpConnectionManager",
-                      "stat_prefix": "envoy-health-listener",
-                      "route_config": {
-                        "virtual_hosts": [
-                          {
-                            "name": "health",
-                            "domains": [
-                              "*"
-                            ],
-                            "routes": [
-                              {
-                                "name": "health",
-                                "match": {
-                                  "prefix": "/healthz"
-                                },
-                                "route": {
-                                  "cluster": "/envoy-admin",
-                                  "prefix_rewrite": "/ready"
-                                }
-                              }
-                            ]
-                          }
-                        ]
-                      },
-                      "http_filters": [
-                        {
-                          "name": "envoy.filters.http.router",
-                          "typed_config": {
-                            "@type": "type.googleapis.com/envoy.extensions.filters.http.router.v3.Router"
-                          }
-                        }
-                      ],
-                      "internal_address_config": {
-                        "cidr_ranges": [
-                          {
-                            "address_prefix": "10.0.0.0",
-                            "prefix_len": 8
-                          },
-                          {
-                            "address_prefix": "172.16.0.0",
-                            "prefix_len": 12
-                          },
-                          {
-                            "address_prefix": "192.168.0.0",
-                            "prefix_len": 16
-                          },
-                          {
-                            "address_prefix": "127.0.0.1",
-                            "prefix_len": 32
-                          },
-                          {
-                            "address_prefix": "::1",
-                            "prefix_len": 128
-                          }
-                        ]
-                      },
-                      "stream_idle_timeout": "0s"
-                    }
-                  }
-                ]
-              }
-            ]
-          }
-        ],
-        "clusters": [
-          {
-            "name": "ingress-cluster",
-            "type": "ORIGINAL_DST",
-            "connectTimeout": "2s",
-            "lbPolicy": "CLUSTER_PROVIDED",
-            "typedExtensionProtocolOptions": {
-              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
-                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-                "commonHttpProtocolOptions": {
-                  "idleTimeout": "60s",
-                  "maxConnectionDuration": "0s",
-                  "maxRequestsPerConnection": 0
-                },
-                "useDownstreamProtocolConfig": {}
-              }
-            },
-            "cleanupInterval": "2.500s"
-          },
-          {
-            "name": "egress-cluster-tls",
-            "type": "ORIGINAL_DST",
-            "connectTimeout": "2s",
-            "lbPolicy": "CLUSTER_PROVIDED",
-            "typedExtensionProtocolOptions": {
-              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
-                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-                "commonHttpProtocolOptions": {
-                  "idleTimeout": "60s",
-                  "maxConnectionDuration": "0s",
-                  "maxRequestsPerConnection": 0
-                },
-                "upstreamHttpProtocolOptions": {},
-                "useDownstreamProtocolConfig": {}
-              }
-            },
-            "cleanupInterval": "2.500s",
-            "transportSocket": {
-              "name": "cilium.tls_wrapper",
-              "typedConfig": {
-                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
-              }
-            }
-          },
-          {
-            "name": "egress-cluster",
-            "type": "ORIGINAL_DST",
-            "connectTimeout": "2s",
-            "lbPolicy": "CLUSTER_PROVIDED",
-            "typedExtensionProtocolOptions": {
-              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
-                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-                "commonHttpProtocolOptions": {
-                  "idleTimeout": "60s",
-                  "maxConnectionDuration": "0s",
-                  "maxRequestsPerConnection": 0
-                },
-                "useDownstreamProtocolConfig": {}
-              }
-            },
-            "cleanupInterval": "2.500s"
-          },
-          {
-            "name": "ingress-cluster-tls",
-            "type": "ORIGINAL_DST",
-            "connectTimeout": "2s",
-            "lbPolicy": "CLUSTER_PROVIDED",
-            "typedExtensionProtocolOptions": {
-              "envoy.extensions.upstreams.http.v3.HttpProtocolOptions": {
-                "@type": "type.googleapis.com/envoy.extensions.upstreams.http.v3.HttpProtocolOptions",
-                "commonHttpProtocolOptions": {
-                  "idleTimeout": "60s",
-                  "maxConnectionDuration": "0s",
-                  "maxRequestsPerConnection": 0
-                },
-                "upstreamHttpProtocolOptions": {},
-                "useDownstreamProtocolConfig": {}
-              }
-            },
-            "cleanupInterval": "2.500s",
-            "transportSocket": {
-              "name": "cilium.tls_wrapper",
-              "typedConfig": {
-                "@type": "type.googleapis.com/cilium.UpstreamTlsWrapperContext"
-              }
-            }
-          },
-          {
-            "name": "xds-grpc-cilium",
-            "type": "STATIC",
[Diff truncated by flux-local]
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -16,24 +16,24 @@

     rollingUpdate:
       maxUnavailable: 2
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 03da2c1cd70e1fde6b7128a1f8c1d92cb79325432a1726b2c28cc4dacfcf2809
+        cilium.io/cilium-configmap-checksum: 9d68ed6860d1835eb1b8a2e7cc21f2eb5950a697045f19e203709dae2806da66
       labels:
         k8s-app: cilium
         app.kubernetes.io/name: cilium-agent
         app.kubernetes.io/part-of: cilium
     spec:
       securityContext:
         appArmorProfile:
           type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -149,12 +149,15 @@

           readOnly: false
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
         - name: cilium-run
           mountPath: /var/run/cilium
+        - name: cilium-netns
+          mountPath: /var/run/cilium/netns
+          mountPropagation: HostToContainer
         - name: etc-cni-netd
           mountPath: /host/etc/cni/net.d
         - name: clustermesh-secrets
           mountPath: /var/lib/cilium/clustermesh
           readOnly: true
         - name: lib-modules
@@ -163,13 +166,13 @@

         - name: xtables-lock
           mountPath: /run/xtables.lock
         - name: tmp
           mountPath: /tmp
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         command:
         - cilium-dbg
         - build-config
         env:
         - name: K8S_NODE_NAME
@@ -188,13 +191,13 @@

           value: '6444'
         volumeMounts:
         - name: tmp
           mountPath: /tmp
         terminationMessagePolicy: FallbackToLogsOnError
       - name: mount-cgroup
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         env:
         - name: CGROUP_ROOT
           value: /run/cilium/cgroupv2
         - name: BIN_PATH
           value: /opt/cni/bin
@@ -211,13 +214,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - sh
@@ -232,13 +235,13 @@

         - name: cni-path
           mountPath: /hostbin
         terminationMessagePolicy: FallbackToLogsOnError
         securityContext:
           privileged: true
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -271,13 +274,13 @@

         - name: cilium-cgroup
           mountPath: /run/cilium/cgroupv2
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.16.5@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
+        image: quay.io/cilium/cilium:v1.16.6@sha256:1e0896b1c4c188b4812c7e0bed7ec3f5631388ca88325c1391a0ef9172c448da
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           requests:
             cpu: 100m
@@ -312,12 +315,16 @@

       - name: tmp
         emptyDir: {}
       - name: cilium-run
         hostPath:
           path: /var/run/cilium
           type: DirectoryOrCreate
+      - name: cilium-netns
+        hostPath:
+          path: /var/run/netns
+          type: DirectoryOrCreate
       - name: bpf-maps
         hostPath:
           path: /sys/fs/bpf
           type: DirectoryOrCreate
       - name: hostproc
         hostPath:
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

@@ -28,13 +28,13 @@

     spec:
       securityContext:
         appArmorProfile:
           type: Unconfined
       containers:
       - name: cilium-envoy
-        image: quay.io/cilium/cilium-envoy:v1.30.8-1733837904-eaae5aca0fb988583e5617170a65ac5aa51c0aa8@sha256:709c08ade3d17d52da4ca2af33f431360ec26268d288d9a6cd1d98acc9a1dced
+        image: quay.io/cilium/cilium-envoy:v1.30.9-1737073743-40a016d11c0d863b772961ed0168eea6fe6b10a5@sha256:a69dfe0e54b24b0ff747385c8feeae0612cfbcae97bfcc8ee42a773bb3f69c88
         imagePullPolicy: IfNotPresent
         command:
         - /usr/bin/cilium-envoy-starter
         args:
         - --
         - -c /var/run/cilium/envoy/bootstrap-config.json
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -20,22 +20,22 @@

       maxSurge: 25%
       maxUnavailable: 100%
     type: RollingUpdate
   template:
     metadata:
       annotations:
-        cilium.io/cilium-configmap-checksum: 03da2c1cd70e1fde6b7128a1f8c1d92cb79325432a1726b2c28cc4dacfcf2809
+        cilium.io/cilium-configmap-checksum: 9d68ed6860d1835eb1b8a2e7cc21f2eb5950a697045f19e203709dae2806da66
       labels:
         io.cilium/app: operator
         name: cilium-operator
         app.kubernetes.io/part-of: cilium
         app.kubernetes.io/name: cilium-operator
     spec:
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.16.5@sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039
+        image: quay.io/cilium/operator-generic:v1.16.6@sha256:13d32071d5a52c069fb7c35959a56009c6914439adc73e99e098917646d154fc
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=$(CILIUM_DEBUG)

fix(helm): update cilium ( 1.16.5 → 1.16.6 )

1ee3d48

renovate bot requested a review from martinohmann as a code owner January 22, 2025 05:01

renovate bot added renovate/helm type/patch labels Jan 22, 2025

github-actions bot added area/ansible Changes made in the ansible directory area/kubernetes Changes made in the kubernetes directory cluster/main labels Jan 22, 2025

martinohmann merged commit b801892 into main Jan 22, 2025
7 checks passed

renovate bot deleted the renovate/main-cilium-1.x branch January 22, 2025 19:29

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

fix(helm): update cilium ( 1.16.5 → 1.16.6 ) #1840

fix(helm): update cilium ( 1.16.5 → 1.16.6 ) #1840

renovate bot commented Jan 22, 2025

github-actions bot commented Jan 22, 2025

github-actions bot commented Jan 22, 2025

fix(helm): update cilium ( 1.16.5 → 1.16.6 ) #1840

fix(helm): update cilium ( 1.16.5 → 1.16.6 ) #1840

Conversation

renovate bot commented Jan 22, 2025

Release Notes

v1.16.6: 1.16.6

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

Configuration

github-actions bot commented Jan 22, 2025

kustomization changes in kubernetes/main

github-actions bot commented Jan 22, 2025

helmrelease changes in kubernetes/main

`v1.16.6`: 1.16.6

`kustomization` changes in `kubernetes/main`

`helmrelease` changes in `kubernetes/main`