yolokube/core-deployments
yolokube/core-deployments
2
3
Fork 0
Code Issues 2 Pull requests 8 Projects Wiki Activity

Update Helm release cilium to v1.18.0 #1160

Open
renovate wants to merge 1 commit from renovate/cilium-1.x into main
pull from: renovate/cilium-1.x
merge into: yolokube:main
Conversation 0 Commits 1 Files changed 1 +1 -1
renovate commented 2025-07-16 14:03:07 +02:00
Collaborator
Copy link

This PR contains the following updates:

Package Update Change
cilium (source) minor 1.17.5 -> 1.18.0

Release Notes

cilium/cilium (cilium)

v1.18.0: 1.18.0

Compare Source

We are excited to announce the Cilium 1.18.0 release!

A total of 3298 new commits have been contributed to this release by a growing community of over 955 developers and over 22,000 GitHub stars!

To keep up to date with all the latest Cilium releases, see Announcements

Here's what's new in v1.18.0:

🚠 Networking

🌐 IPv6

🛡️ Policy & Observability

  • 🏷️ Policy Names in Hubble-CLI: Show the names of (C)CNPs that allowed or denied traffic when monitoring flows in Hubble (cilium/cilium#39453, @​antonipp)
  • 📝 Policy Log Fields: A new free-text log field is added to policies, which is exposed in Hubble flows for easy correlation and searching (cilium/cilium#39902, @​squeed)
  • 🛰️ Encapsulated Traffic Decoding: Hubble decodes encapsulated traffic for deeper introspection into traffic flows (cilium/cilium#37634, @​kaworu)
  • 🏰 ClusterMesh Policy Restriction: A new option allows the cluster entity to apply only to the local cluster in ClusterMesh environment (cilium/cilium#39338, @​MrFreezeex)
  • Enhanced Policy Dashboard: The Policy section of the Cilium Grafana dashboard has been improved to show more relevant graphs, including policy drops in both directions (cilium/cilium#36492, cilium/cilium#37445, @​squeed)

🌅 Performance

⚙️ Operations

🕸️ Service Mesh & Gateway API

  • ⛩️ Gateway API v1.3.0: Gateway API support is bumped to v1.3.0 (cilium/cilium#39590, @​sayboras)
  • 🔗 Improved GatewayClass Configuration: The new CiliumGatewayClassConfig object adds service type validation allows the configuration of extra settings on a per-GatewayClass level: LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium to reconcile multiple GatewayClasses with different configurations (cilium/cilium#37792, cilium/cilium#37402, cilium/cilium#40138, @​sayboras)
  • 🚏 Multiple HTTPRoutes: GAMMA reconciler now supports attaching multiple HTTPRoutes to the same Service (cilium/cilium#39922, @​youngnick)
  • 🪄 Route Changes Reconciliation: Reconcile Gateway API based on all changes to routes. This allows label updates to trigger reconciliation correctly, amongst other things (cilium/cilium#37798, @​sayboras)

🏷️ IP Address Management

🛣️ BGP

🧑‍💻 Development Experience

  • 🧪 Test attribution: Identify owners of test in GitHub workflow results to make it easier to connect with other developers on tricky problems (cilium/cilium#37027, @​Joe Stringer)
  • 🛏️ Policy REST API: The Cilium policy API exposed over a local unix socket is deprecated. The other mechanisms to configure policy via Kubernetes resources or the local filesystem are preferred (cilium/cilium#40212, @​squeed)
  • 🏗️ Feature Deprecation: Deprecate underused features like Custom Calls, Recorder API and External Workloads (cilium/cilium#38480, cilium/cilium#39642, cilium/cilium#37418, @​brb)

🏢 Community

📔 Full CHANGELOG

  • Full CHANGELOG.md can be found here.

And finally, we would like to thank you to all contributors of Cilium that helped directly and indirectly with the project. The success of Cilium could not happen without all of you. ❤️ 🧑‍🤝‍🧑 ❤️

v1.17.6: 1.17.6

Compare Source

Summary of Changes

Minor Changes:

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests

cilium

quay.io/cilium/cilium:v1.17.6@​sha256:544de3d4fed7acba72758413812780a4972d47c39035f2a06d6145d8644a3353
quay.io/cilium/cilium:stable@sha256:544de3d4fed7acba72758413812780a4972d47c39035f2a06d6145d8644a3353

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.17.6@​sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df
quay.io/cilium/clustermesh-apiserver:stable@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df

docker-plugin

quay.io/cilium/docker-plugin:v1.17.6@​sha256:2d6175582c036dde241448b2b937353ce304d7a30eec9b66e96279b4b39c4f36
quay.io/cilium/docker-plugin:stable@sha256:2d6175582c036dde241448b2b937353ce304d7a30eec9b66e96279b4b39c4f36

hubble-relay

quay.io/cilium/hubble-relay:v1.17.6@​sha256:7d17ec10b3d37341c18ca56165b2f29a715cb8ee81311fd07088d8bf68c01e60
quay.io/cilium/hubble-relay:stable@sha256:7d17ec10b3d37341c18ca56165b2f29a715cb8ee81311fd07088d8bf68c01e60

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.17.6@​sha256:5352e670719dc61f059c1e1a04bc0563c2144738386fa7236dc167ff3fef4c64
quay.io/cilium/operator-alibabacloud:stable@sha256:5352e670719dc61f059c1e1a04bc0563c2144738386fa7236dc167ff3fef4c64

operator-aws

quay.io/cilium/operator-aws:v1.17.6@​sha256:24db5c811e24e51e7ce166e8e056967875bf3544cc2ead6984f34f705fe71847
quay.io/cilium/operator-aws:stable@sha256:24db5c811e24e51e7ce166e8e056967875bf3544cc2ead6984f34f705fe71847

operator-azure

quay.io/cilium/operator-azure:v1.17.6@​sha256:1b7e193ccbc718f723993a0f11eb8fbf16376e822fe8c4dc792d7696701d57c8
quay.io/cilium/operator-azure:stable@sha256:1b7e193ccbc718f723993a0f11eb8fbf16376e822fe8c4dc792d7696701d57c8

operator-generic

quay.io/cilium/operator-generic:v1.17.6@​sha256:91ac3bf7be7bed30e90218f219d4f3062a63377689ee7246062fa0cc3839d096
quay.io/cilium/operator-generic:stable@sha256:91ac3bf7be7bed30e90218f219d4f3062a63377689ee7246062fa0cc3839d096

operator

quay.io/cilium/operator:v1.17.6@​sha256:e7b41cdba20875f8a6595eca1baf1cff1b8367417cffa99be7b1b9b0a11ab677
quay.io/cilium/operator:stable@sha256:e7b41cdba20875f8a6595eca1baf1cff1b8367417cffa99be7b1b9b0a11ab677

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

  • If you want to rebase/retry this PR, check this box

This PR has been generated by Renovate Bot.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | minor | `1.17.5` -> `1.18.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.18.0`](https://github.com/cilium/cilium/releases/tag/v1.18.0): 1.18.0 [Compare Source](https://github.com/cilium/cilium/compare/1.17.6...1.18.0) We are excited to announce the **[Cilium 1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0)** release! A total of **3298 new commits** have been contributed to this release by a growing community of over **955 developers** and over **22,000 GitHub stars**! ⭐ To keep up to date with all the latest Cilium releases, see [Announcements](https://github.com/cilium/cilium/discussions/categories/announcements) Here's what's new in [v1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0): #### 🚠 Networking - **⚖️ Load Balancing Redesign**: The service load-balancing control-plane in the Cilium agent has been redesigned to reduce memory usage and improve future extensibility of load-balancing features ([cilium/cilium#38469](https://github.com/cilium/cilium/pull/38469), [@&#8203;joamaki](https://github.com/joamaki)) - **🔌 Virtual Network Devices**: Added support for new virtual network device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels ([cilium/cilium#37723](https://github.com/cilium/cilium/pull/37723), [@&#8203;ldelossa](https://github.com/ldelossa); [cilium/cilium#37346](https://github.com/cilium/cilium/pull/37346), [@&#8203;gyutaeb](https://github.com/gyutaeb)) - **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now direct traffic towards multiple gateway nodes ([cilium/cilium#39304](https://github.com/cilium/cilium/pull/39304), [@&#8203;carlos-abad](https://github.com/carlos-abad)) - **🚦 Ingress Rate Limiting**: The bandwidth manager now supports ingress rate limiting ([cilium/cilium#36351](https://github.com/cilium/cilium/pull/36351), [@&#8203;l1b0k](https://github.com/l1b0k)) - **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature now supports multiple devices ([cilium/cilium#38198](https://github.com/cilium/cilium/pull/38198), [@&#8203;dylandreimerink](https://github.com/dylandreimerink)) - **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more resilient through a new system that reconciles desired neighbor entries with the kernel state ([cilium/cilium#39987](https://github.com/cilium/cilium/pull/39987), [@&#8203;dylandreimerink](https://github.com/dylandreimerink)) #### 🌐 IPv6 - **🚇 Tunneling Underlay**: The tunneling datapath mode now supports using an IPv6 network underlay, including when configured with IPsec transparent encryption ([cilium/cilium#38296](https://github.com/cilium/cilium/pull/38296), [cilium/cilium#39497](https://github.com/cilium/cilium/pull/39497), [@&#8203;pchaigno](https://github.com/pchaigno)) - **💬 Kube Proxy Replacement**: Cilium now implements service translation when running on an IPv6 underlay ([cilium/cilium#39074](https://github.com/cilium/cilium/pull/39074), [@&#8203;pchaigno](https://github.com/pchaigno)) - **📋 Delegated IPAM**: When delegating IP address management to a third party plugin, Cilium now configures IPv6 routes for connectivity if the plugin supports IPv6 ([cilium/cilium#38249](https://github.com/cilium/cilium/pull/38249), [@&#8203;caorui-io](https://github.com/caorui-io), [@&#8203;kadevu](https://github.com/kadevu)) - **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments to apply policy and routing functionality ([cilium/cilium#38110](https://github.com/cilium/cilium/pull/38110), [@&#8203;gentoo-root](https://github.com/gentoo-root)) - **🚪 Egress gateway policies** can now match IPv6 address ranges ([cilium/cilium#38452](https://github.com/cilium/cilium/pull/38452), [@&#8203;rgo3](https://github.com/rgo3)) #### 🛡️ Policy & Observability - **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that allowed or denied traffic when monitoring flows in Hubble ([cilium/cilium#39453](https://github.com/cilium/cilium/pull/39453), [@&#8203;antonipp](https://github.com/antonipp)) - **📝 Policy Log Fields**: A new free-text log field is added to policies, which is exposed in Hubble flows for easy correlation and searching ([cilium/cilium#39902](https://github.com/cilium/cilium/pull/39902), [@&#8203;squeed](https://github.com/squeed)) - **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated traffic for deeper introspection into traffic flows ([cilium/cilium#37634](https://github.com/cilium/cilium/pull/37634), [@&#8203;kaworu](https://github.com/kaworu)) - **🏰 ClusterMesh Policy Restriction**: A new option allows the **cluster** entity to apply only to the local cluster in ClusterMesh environment ([cilium/cilium#39338](https://github.com/cilium/cilium/pull/39338), [@&#8203;MrFreezeex](https://github.com/MrFreezeex)) - **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium Grafana dashboard has been improved to show more relevant graphs, including policy drops in both directions ([cilium/cilium#36492](https://github.com/cilium/cilium/pull/36492), [cilium/cilium#37445](https://github.com/cilium/cilium/pull/37445), [@&#8203;squeed](https://github.com/squeed)) #### 🌅 Performance - **📊 Scale Test Results**: Cilium implements policies and services up to 45% faster in higher scale environments (Various; [@&#8203;marseel](https://github.com/marseel), [cilium/cilium#40227](https://github.com/cilium/cilium/pull/40227)) - **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on arm64 architecture images ([cilium/cilium#40005](https://github.com/cilium/cilium/pull/40005), [@&#8203;marseel](https://github.com/marseel)) - **⚡ Improved Policy Performance**: The DNS proxy can process large numbers of IPs faster, and the EndpointSelector match implementation has been optimized ([cilium/cilium#39340](https://github.com/cilium/cilium/pull/39340), [@&#8203;squeed](https://github.com/squeed); [cilium/cilium#40414](https://github.com/cilium/cilium/pull/40414), [@&#8203;marseel](https://github.com/marseel)) - **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh mirrors EndpointSlice from the local cluster instead of copying the Service selectors when using the MCS-API controller ([cilium/cilium#38596](https://github.com/cilium/cilium/pull/38596), [@&#8203;MrFreezeex](https://github.com/MrFreezeex)) - **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is optimized by only synchronizing identities keyed by ID, not by value ([cilium/cilium#36471](https://github.com/cilium/cilium/pull/36471), [@&#8203;HadrienPatte](https://github.com/HadrienPatte)) - **🧠 Egress Gateway Processing**: Egress gateway policy processing is significantly improved when matching a large number of pods ([cilium/cilium#37714](https://github.com/cilium/cilium/pull/37714), [@&#8203;giorio94](https://github.com/giorio94)) - **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium leverages batched iterators for CTMap GC ([cilium/cilium#36288](https://github.com/cilium/cilium/pull/36288), [@&#8203;tommyp1ckles](https://github.com/tommyp1ckles)) #### ⚙️ Operations - **📈 API Server Connections at Scale**: Improve kube-apiserver connections behavior at scale through failover and setting better jitter and backoff configurations ([cilium/cilium#37601](https://github.com/cilium/cilium/pull/37601), [@&#8203;aditighag](https://github.com/aditighag); [cilium/cilium#38031](https://github.com/cilium/cilium/pull/38031), [@&#8203;orange30](https://github.com/orange30); [cilium/cilium#36648](https://github.com/cilium/cilium/pull/36648), [@&#8203;wedaly](https://github.com/wedaly)) - **🔄 ConfigMap Synchronization**: New option to automatically synchronize ConfigMap changes into the agent and report metrics for when the effective configuration is different from the desired configuration ([cilium/cilium#36510](https://github.com/cilium/cilium/pull/36510), [@&#8203;ovidiutirla](https://github.com/ovidiutirla)) - **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**, **CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API ([cilium/cilium#38940](https://github.com/cilium/cilium/pull/38940), [@&#8203;christarazi](https://github.com/christarazi); [cilium/cilium#39090](https://github.com/cilium/cilium/pull/39090), [@&#8203;pippolo84](https://github.com/pippolo84); [cilium/cilium#37765](https://github.com/cilium/cilium/pull/37765), [@&#8203;rastislavs](https://github.com/rastislavs)) - **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new default set of taints which avoids deploying to a drained node ([cilium/cilium#40137](https://github.com/cilium/cilium/pull/40137), [@&#8203;Murat](https://github.com/Murat) Parlakisik) - **:wood: Migrate to Slog**: Cilium now uses slog as log library for all components ([cilium/cilium#39664](https://github.com/cilium/cilium/pull/39664), [@&#8203;aanm](https://github.com/aanm)) - **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy v1.34, LLVM 19.1, and CNI v1.1 ([cilium/cilium#39124](https://github.com/cilium/cilium/pull/39124), [cilium/cilium#40175](https://github.com/cilium/cilium/pull/40175), [cilium/cilium#39632](https://github.com/cilium/cilium/pull/39632), [@&#8203;sayboras](https://github.com/sayboras); [cilium/cilium#38868](https://github.com/cilium/cilium/pull/38868), [@&#8203;squeed](https://github.com/squeed)) - **🐧 Minimum Linux Requirements**: The minimum kernel version for this release series is Linux v5.10 or similar, such as RHEL 8.6 ([cilium/cilium#38308](https://github.com/cilium/cilium/pull/38308), [@&#8203;julianwiedmann](https://github.com/julianwiedmann)) #### 🕸️ Service Mesh & Gateway API - **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0 ([cilium/cilium#39590](https://github.com/cilium/cilium/pull/39590), [@&#8203;sayboras](https://github.com/sayboras)) - **🔗 Improved GatewayClass Configuration**: The new CiliumGatewayClassConfig object adds service type validation allows the configuration of extra settings on a per-GatewayClass level: LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium to reconcile multiple GatewayClasses with different configurations ([cilium/cilium#37792](https://github.com/cilium/cilium/pull/37792), [cilium/cilium#37402](https://github.com/cilium/cilium/pull/37402), [cilium/cilium#40138](https://github.com/cilium/cilium/pull/40138), [@&#8203;sayboras](https://github.com/sayboras)) - **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching multiple HTTPRoutes to the same Service ([cilium/cilium#39922](https://github.com/cilium/cilium/pull/39922), [@&#8203;youngnick](https://github.com/youngnick)) - **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all changes to routes. This allows label updates to trigger reconciliation correctly, amongst other things ([cilium/cilium#37798](https://github.com/cilium/cilium/pull/37798), [@&#8203;sayboras](https://github.com/sayboras)) #### 🏷️ IP Address Management - **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal instances is now supported natively in Cilium's AWS ENI IPAM mode ([cilium/cilium#39678](https://github.com/cilium/cilium/pull/39678), [@&#8203;41ks](https://github.com/41ks)) - **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in external KVstore mode ([cilium/cilium#39638](https://github.com/cilium/cilium/pull/39638), [@&#8203;pippolo84](https://github.com/pippolo84)) - **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode with IPSec transparent encryption in tunnel routing mode ([cilium/cilium#39442](https://github.com/cilium/cilium/pull/39442), [@&#8203;pippolo84](https://github.com/pippolo84)) - **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in multi-pool IPAM mode ([cilium/cilium#38483](https://github.com/cilium/cilium/pull/38483), [@&#8203;pippolo84](https://github.com/pippolo84)) #### 🛣️ BGP - **📇 Route Aggregation**: Add support for BGP route aggregation in the control plane ([cilium/cilium#37275](https://github.com/cilium/cilium/pull/37275), [@&#8203;romanspb80](https://github.com/romanspb80)) - **🎯 Overlapping Selector Matches**: Support overlapping selector matches in **CiliumBGPAdvertisement** resources ([cilium/cilium#36414](https://github.com/cilium/cilium/pull/36414), [@&#8203;dswaffordcw](https://github.com/dswaffordcw)) - **🆔 New Router ID generation modes**: Generate router-id based on MAC addresses, or from an IP address pool ([cilium/cilium#36451](https://github.com/cilium/cilium/pull/36451), [@&#8203;yushoyamaguchi](https://github.com/yushoyamaguchi); [cilium/cilium#38300](https://github.com/cilium/cilium/pull/38300), [@&#8203;liyihuang](https://github.com/liyihuang)) #### 🧑‍💻 Development Experience - **🧪 Test attribution**: Identify owners of test in GitHub workflow results to make it easier to connect with other developers on tricky problems ([cilium/cilium#37027](https://github.com/cilium/cilium/pull/37027), [@&#8203;Joe](https://github.com/Joe) Stringer) - **🛏️ Policy REST API**: The Cilium policy API exposed over a local unix socket is deprecated. The other mechanisms to configure policy via Kubernetes resources or the local filesystem are preferred ([cilium/cilium#40212](https://github.com/cilium/cilium/pull/40212), [@&#8203;squeed](https://github.com/squeed)) - **🏗️ Feature Deprecation**: Deprecate underused features like Custom Calls, Recorder API and External Workloads ([cilium/cilium#38480](https://github.com/cilium/cilium/pull/38480), [cilium/cilium#39642](https://github.com/cilium/cilium/pull/39642), [cilium/cilium#37418](https://github.com/cilium/cilium/pull/37418), [@&#8203;brb](https://github.com/brb)) #### 🏢 Community - **❤️ Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB Schenker](https://www.cncf.io/case-studies/db-schenker/), [eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY), [ECCO](https://www.cncf.io/case-studies/ecco/), [G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social Network Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/), and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M) - **🇬🇧 London Events**: The community gathered at [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2025-EU) in London - **🇺🇸 Atlanta Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/) and Cilium Developers Summit in Atlanta, Georgia - **👥 SIG Community Meetings**: [SIG Community](https://github.com/cilium/community/tree/main/sig-community) now meets every first and third Thursday to foster, grow, and sustain the Cilium open source community #### 📔 Full CHANGELOG - Full CHANGELOG.md can be found [here](https://github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md). And finally, we would like to thank you to all contributors of Cilium that helped directly and indirectly with the project. The success of Cilium could not happen without all of you. ❤️ :people\_holding\_hands: ❤️ ### [`v1.17.6`](https://github.com/cilium/cilium/releases/tag/v1.17.6): 1.17.6 [Compare Source](https://github.com/cilium/cilium/compare/1.17.5...1.17.6) ## Summary of Changes **Minor Changes:** - helm: KPR subflag changes (Backport PR [#&#8203;40222](https://github.com/cilium/cilium/issues/40222), Upstream PR [#&#8203;39721](https://github.com/cilium/cilium/issues/39721), [@&#8203;brb](https://github.com/brb)) **Bugfixes:** - Deny policies are now synced to Envoy so that they can be enforced for Ingress policies. (Backport PR [#&#8203;40187](https://github.com/cilium/cilium/issues/40187), Upstream PR [#&#8203;39736](https://github.com/cilium/cilium/issues/39736), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - Do not fail the agent startup in case IPv6 support is enabled and the node does not have an IPv6 address assigned yet (Backport PR [#&#8203;40205](https://github.com/cilium/cilium/issues/40205), Upstream PR [#&#8203;40143](https://github.com/cilium/cilium/issues/40143), [@&#8203;pippolo84](https://github.com/pippolo84)) - Fix bug preventing a global service from including remote backends, if the local service has no selector, and the remote one gets removed and then added again. ([#&#8203;40361](https://github.com/cilium/cilium/issues/40361), [@&#8203;giorio94](https://github.com/giorio94)) - Fix data race involving DumpReliablyWithCallback map operation. (Backport PR [#&#8203;40094](https://github.com/cilium/cilium/issues/40094), Upstream PR [#&#8203;38590](https://github.com/cilium/cilium/issues/38590), [@&#8203;aditighag](https://github.com/aditighag)) - Fix IPAM IP release racing condition when IP reassigned back to ENI (Backport PR [#&#8203;40289](https://github.com/cilium/cilium/issues/40289), Upstream PR [#&#8203;40019](https://github.com/cilium/cilium/issues/40019), [@&#8203;victorcq](https://github.com/victorcq)) - hubble automatically pick the `hubble-prefer-ipv6` to `true` if ipv4 not enabled (Backport PR [#&#8203;40289](https://github.com/cilium/cilium/issues/40289), Upstream PR [#&#8203;40210](https://github.com/cilium/cilium/issues/40210), [@&#8203;chengjoey](https://github.com/chengjoey)) - LBIPAM: Fix deletion of CiliumLoadBalancerIPPool with multiple IP blocks that led to an operator crash (Backport PR [#&#8203;40094](https://github.com/cilium/cilium/issues/40094), Upstream PR [#&#8203;40013](https://github.com/cilium/cilium/issues/40013), [@&#8203;pippolo84](https://github.com/pippolo84)) - pkg/egressgateway: ensure gateway IP is IPv4 (Backport PR [#&#8203;40332](https://github.com/cilium/cilium/issues/40332), Upstream PR [#&#8203;40209](https://github.com/cilium/cilium/issues/40209), [@&#8203;rgo3](https://github.com/rgo3)) - policy: fix error handling for selector policy resolution ([#&#8203;40404](https://github.com/cilium/cilium/issues/40404), [@&#8203;fristonio](https://github.com/fristonio)) **CI Changes:** - ci: do not run north-south conn disrupt tests for 5.4 kernels ([#&#8203;39443](https://github.com/cilium/cilium/issues/39443), [@&#8203;ldelossa](https://github.com/ldelossa)) - ci: fix north-south conn disrupt for 5.4 kernel ([#&#8203;40434](https://github.com/cilium/cilium/issues/40434), [@&#8203;smagnani96](https://github.com/smagnani96)) **Misc Changes:** - .github/workflows: remove reviewers if ciliumbot approved PR (Backport PR [#&#8203;40094](https://github.com/cilium/cilium/issues/40094), Upstream PR [#&#8203;39989](https://github.com/cilium/cilium/issues/39989), [@&#8203;aanm](https://github.com/aanm)) - auto-approve: add repository as part command (Backport PR [#&#8203;40094](https://github.com/cilium/cilium/issues/40094), Upstream PR [#&#8203;40050](https://github.com/cilium/cilium/issues/40050), [@&#8203;aanm](https://github.com/aanm)) - auto-approve: add repository as part command (Backport PR [#&#8203;40332](https://github.com/cilium/cilium/issues/40332), Upstream PR [#&#8203;40089](https://github.com/cilium/cilium/issues/40089), [@&#8203;aanm](https://github.com/aanm)) - chore(deps): update all github action dependencies (v1.17) ([#&#8203;40158](https://github.com/cilium/cilium/issues/40158), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.17) ([#&#8203;40044](https://github.com/cilium/cilium/issues/40044), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.17) ([#&#8203;40458](https://github.com/cilium/cilium/issues/40458), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.18.5 (v1.17) ([#&#8203;39948](https://github.com/cilium/cilium/issues/39948), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.24.5 (v1.17) ([#&#8203;40424](https://github.com/cilium/cilium/issues/40424), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.33.4-1752151664-7c2edb0b44cf95f326d628b837fcdd845102ba68 (v1.17) ([#&#8203;40466](https://github.com/cilium/cilium/issues/40466), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.17) (patch) ([#&#8203;40157](https://github.com/cilium/cilium/issues/40157), [@&#8203;cilium-renovate](https://github.com/cilium-renovate)\[bot]) - cilium: fix socket termination for v4-in-v6 clients (Backport PR [#&#8203;40295](https://github.com/cilium/cilium/issues/40295), Upstream PR [#&#8203;39994](https://github.com/cilium/cilium/issues/39994), [@&#8203;borkmann](https://github.com/borkmann)) - contrib/git: add merge drivers to automate post-merge commands (Backport PR [#&#8203;40289](https://github.com/cilium/cilium/issues/40289), Upstream PR [#&#8203;40189](https://github.com/cilium/cilium/issues/40189), [@&#8203;aanm](https://github.com/aanm)) - disk-cleanup: parallelize cleanup process to speed up step (Backport PR [#&#8203;40094](https://github.com/cilium/cilium/issues/40094), Upstream PR [#&#8203;40054](https://github.com/cilium/cilium/issues/40054), [@&#8203;aanm](https://github.com/aanm)) - doc:ipsec:kvstore: explicit limitations that could lead to staling XFRM states and no connectivity (Backport PR [#&#8203;40176](https://github.com/cilium/cilium/issues/40176), Upstream PR [#&#8203;39719](https://github.com/cilium/cilium/issues/39719), [@&#8203;smagnani96](https://github.com/smagnani96)) - docs/ipsec: Fix incorrect statement on hostns encryption (Backport PR [#&#8203;40176](https://github.com/cilium/cilium/issues/40176), Upstream PR [#&#8203;40133](https://github.com/cilium/cilium/issues/40133), [@&#8203;pchaigno](https://github.com/pchaigno)) - Makefile: Require API generation commands to succeed (Backport PR [#&#8203;40205](https://github.com/cilium/cilium/issues/40205), Upstream PR [#&#8203;40199](https://github.com/cilium/cilium/issues/40199), [@&#8203;joestringer](https://github.com/joestringer)) - operator/secretsync: silence reconciliation logs (Backport PR [#&#8203;40289](https://github.com/cilium/cilium/issues/40289), Upstream PR [#&#8203;40217](https://github.com/cilium/cilium/issues/40217), [@&#8203;tklauser](https://github.com/tklauser)) - proxy: Use upstream envoy control plane API (Backport PR [#&#8203;40216](https://github.com/cilium/cilium/issues/40216), Upstream PR [#&#8203;39672](https://github.com/cilium/cilium/issues/39672), [@&#8203;sayboras](https://github.com/sayboras)) - v1.17: helm: Restore hostPort.enabled flag ([#&#8203;40480](https://github.com/cilium/cilium/issues/40480), [@&#8203;brb](https://github.com/brb)) **Other Changes:** - \[v1.17] deps: Update cilium-envoy image to 1.33.x ([#&#8203;40088](https://github.com/cilium/cilium/issues/40088), [@&#8203;sayboras](https://github.com/sayboras)) - Backport: kube-proxy-healthz to return 503 if node terminating ([#&#8203;40317](https://github.com/cilium/cilium/issues/40317), [@&#8203;tamilmani1989](https://github.com/tamilmani1989)) - Bpf datapath TCP conntrack entries are (re)created only in the forward direction, solving an issue with freezing proxy connections when backend connection is re-opened. ([#&#8203;40448](https://github.com/cilium/cilium/issues/40448), [@&#8203;jrajahalme](https://github.com/jrajahalme)) - envoy: Bump cilium-envoy to the latest v1.33.x ([#&#8203;40368](https://github.com/cilium/cilium/issues/40368), [@&#8203;sayboras](https://github.com/sayboras)) - install: Update image digests for v1.17.5 ([#&#8203;40117](https://github.com/cilium/cilium/issues/40117), [@&#8203;cilium-release-bot](https://github.com/cilium-release-bot)\[bot]) - proxy: Bump envoy version to the latest v1.33.x ([#&#8203;40181](https://github.com/cilium/cilium/issues/40181), [@&#8203;sayboras](https://github.com/sayboras)) - v1.17: docs: Document encapsulation options ([#&#8203;40471](https://github.com/cilium/cilium/issues/40471), [@&#8203;pchaigno](https://github.com/pchaigno)) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.17.6@&#8203;sha256:544de3d4fed7acba72758413812780a4972d47c39035f2a06d6145d8644a3353` `quay.io/cilium/cilium:stable@sha256:544de3d4fed7acba72758413812780a4972d47c39035f2a06d6145d8644a3353` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.17.6@&#8203;sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df` `quay.io/cilium/clustermesh-apiserver:stable@sha256:f619e97432db427e1511bf91af3be8ded418c53a353a09629e04c5880659d1df` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.17.6@&#8203;sha256:2d6175582c036dde241448b2b937353ce304d7a30eec9b66e96279b4b39c4f36` `quay.io/cilium/docker-plugin:stable@sha256:2d6175582c036dde241448b2b937353ce304d7a30eec9b66e96279b4b39c4f36` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.17.6@&#8203;sha256:7d17ec10b3d37341c18ca56165b2f29a715cb8ee81311fd07088d8bf68c01e60` `quay.io/cilium/hubble-relay:stable@sha256:7d17ec10b3d37341c18ca56165b2f29a715cb8ee81311fd07088d8bf68c01e60` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.17.6@&#8203;sha256:5352e670719dc61f059c1e1a04bc0563c2144738386fa7236dc167ff3fef4c64` `quay.io/cilium/operator-alibabacloud:stable@sha256:5352e670719dc61f059c1e1a04bc0563c2144738386fa7236dc167ff3fef4c64` ##### operator-aws `quay.io/cilium/operator-aws:v1.17.6@&#8203;sha256:24db5c811e24e51e7ce166e8e056967875bf3544cc2ead6984f34f705fe71847` `quay.io/cilium/operator-aws:stable@sha256:24db5c811e24e51e7ce166e8e056967875bf3544cc2ead6984f34f705fe71847` ##### operator-azure `quay.io/cilium/operator-azure:v1.17.6@&#8203;sha256:1b7e193ccbc718f723993a0f11eb8fbf16376e822fe8c4dc792d7696701d57c8` `quay.io/cilium/operator-azure:stable@sha256:1b7e193ccbc718f723993a0f11eb8fbf16376e822fe8c4dc792d7696701d57c8` ##### operator-generic `quay.io/cilium/operator-generic:v1.17.6@&#8203;sha256:91ac3bf7be7bed30e90218f219d4f3062a63377689ee7246062fa0cc3839d096` `quay.io/cilium/operator-generic:stable@sha256:91ac3bf7be7bed30e90218f219d4f3062a63377689ee7246062fa0cc3839d096` ##### operator `quay.io/cilium/operator:v1.17.6@&#8203;sha256:e7b41cdba20875f8a6595eca1baf1cff1b8367417cffa99be7b1b9b0a11ab677` `quay.io/cilium/operator:stable@sha256:e7b41cdba20875f8a6595eca1baf1cff1b8367417cffa99be7b1b9b0a11ab677` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4zNi4yIiwidXBkYXRlZEluVmVyIjoiNDEuNDUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->
Update Helm release cilium to v1.17.6
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Details
e5b78b06bc
renovate force-pushed renovate/cilium-1.x from e5b78b06bc to cbcc959e86 2025-07-29 18:03:25 +02:00 Compare
renovate changed title from Update Helm release cilium to v1.17.6 to Update Helm release cilium to v1.18.0 2025-07-29 18:03:33 +02:00
All checks were successful
ci/woodpecker/push/yamllint Pipeline was successful
Required
Details
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/cilium-1.x:renovate/cilium-1.x
git switch renovate/cilium-1.x
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
state
stale

  
state
to-do

  
state
waiting

  
system
argo

  
system
cni

  
system
dashboard

  
system
ingress

  
system
monitoring

  
system
sso

  
system
storage

  
system
woodpecker

  
type
bug
Something is not working

  
type
enhancement
New feature

  
type
update
Software needs an update

  
type
dependency-dashboard
Only for Renovate Dependency Dashboard

No labels
state
stale
state
to-do
state
waiting
system
argo
system
cni
system
dashboard
system
ingress
system
monitoring
system
sso
system
storage
system
woodpecker
type
bug
type
enhancement
type
update
type
dependency-dashboard
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: yolokube/core-deployments#1160
No description provided.
Delete branch "renovate/cilium-1.x"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?