This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | HelmChart |
minor | `1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/chezmoidotsh/arcane).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZTogZGVwZW5kZW5jaWVzIl19-->

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | helm_release |
minor | `1.17.6` -> `1.18.0` |
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | | minor |
`1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/lambchop4prez/network).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

…ilium ( 1.17.6 → 1.18.0 ) (#709)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/home-operations/charts-mirror/cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium
(ghcr.io/home-operations/charts-mirror/cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40NS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->

Co-authored-by: bot-nicole[bot] <205127124+bot-nicole[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/rupaschomaker/home-cluster).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | minor | `1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

### [`v1.18.0`](https://github.com/cilium/cilium/releases/tag/v1.18.0): 1.18.0

[Compare Source](cilium/cilium@1.17.6...1.18.0)

We are excited to announce the **[Cilium 1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0)** release!

A total of **3298 new commits** have been contributed to this release by a growing community of over **955 developers** and over **22,000 GitHub stars**! ⭐

To keep up to date with all the latest Cilium releases, see [Announcements](https://github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in [v1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing control-plane in the Cilium agent has been redesigned to reduce memory usage and improve future extensibility of load-balancing features ([cilium/cilium#38469](cilium/cilium#38469), [@&#8203;joamaki](https://github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels ([cilium/cilium#37723](cilium/cilium#37723), [@&#8203;ldelossa](https://github.com/ldelossa); [cilium/cilium#37346](cilium/cilium#37346), [@&#8203;gyutaeb](https://github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now direct traffic towards multiple gateway nodes ([cilium/cilium#39304](cilium/cilium#39304), [@&#8203;carlos-abad](https://github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports ingress rate limiting ([cilium/cilium#36351](cilium/cilium#36351), [@&#8203;l1b0k](https://github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature now supports multiple devices ([cilium/cilium#38198](cilium/cilium#38198), [@&#8203;dylandreimerink](https://github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more resilient through a new system that reconciles desired neighbor entries with the kernel state ([cilium/cilium#39987](cilium/cilium#39987), [@&#8203;dylandreimerink](https://github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports using an IPv6 network underlay, including when configured with IPsec transparent encryption ([cilium/cilium#38296](cilium/cilium#38296), [cilium/cilium#39497](cilium/cilium#39497), [@&#8203;pchaigno](https://github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service translation when running on an IPv6 underlay ([cilium/cilium#39074](cilium/cilium#39074), [@&#8203;pchaigno](https://github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third party plugin, Cilium now configures IPv6 routes for connectivity if the plugin supports IPv6 ([cilium/cilium#38249](cilium/cilium#38249), [@&#8203;caorui-io](https://github.com/caorui-io), [@&#8203;kadevu](https://github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments to apply policy and routing functionality ([cilium/cilium#38110](cilium/cilium#38110), [@&#8203;gentoo-root](https://github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges ([cilium/cilium#38452](cilium/cilium#38452), [@&#8203;rgo3](https://github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that allowed or denied traffic when monitoring flows in Hubble ([cilium/cilium#39453](cilium/cilium#39453), [@&#8203;antonipp](https://github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to policies, which is exposed in Hubble flows for easy correlation and searching ([cilium/cilium#39902](cilium/cilium#39902), [@&#8203;squeed](https://github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated traffic for deeper introspection into traffic flows ([cilium/cilium#37634](cilium/cilium#37634), [@&#8203;kaworu](https://github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the **cluster** entity to apply only to the local cluster in ClusterMesh environment ([cilium/cilium#39338](cilium/cilium#39338), [@&#8203;MrFreezeex](https://github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium Grafana dashboard has been improved to show more relevant graphs, including policy drops in both directions ([cilium/cilium#36492](cilium/cilium#36492), [cilium/cilium#37445](cilium/cilium#37445), [@&#8203;squeed](https://github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up to 45% faster in higher scale environments (Various; [@&#8203;marseel](https://github.com/marseel), [cilium/cilium#40227](cilium/cilium#40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on arm64 architecture images ([cilium/cilium#40005](cilium/cilium#40005), [@&#8203;marseel](https://github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large numbers of IPs faster, and the EndpointSelector match implementation has been optimized ([cilium/cilium#39340](cilium/cilium#39340), [@&#8203;squeed](https://github.com/squeed); [cilium/cilium#40414](cilium/cilium#40414), [@&#8203;marseel](https://github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh mirrors EndpointSlice from the local cluster instead of copying the Service selectors when using the MCS-API controller ([cilium/cilium#38596](cilium/cilium#38596), [@&#8203;MrFreezeex](https://github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is optimized by only synchronizing identities keyed by ID, not by value ([cilium/cilium#36471](cilium/cilium#36471), [@&#8203;HadrienPatte](https://github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is significantly improved when matching a large number of pods ([cilium/cilium#37714](cilium/cilium#37714), [@&#8203;giorio94](https://github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium leverages batched iterators for CTMap GC ([cilium/cilium#36288](cilium/cilium#36288), [@&#8203;tommyp1ckles](https://github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver connections behavior at scale through failover and setting better jitter and backoff configurations ([cilium/cilium#37601](cilium/cilium#37601), [@&#8203;aditighag](https://github.com/aditighag); [cilium/cilium#38031](cilium/cilium#38031), [@&#8203;orange30](https://github.com/orange30); [cilium/cilium#36648](cilium/cilium#36648), [@&#8203;wedaly](https://github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically synchronize ConfigMap changes into the agent and report metrics for when the effective configuration is different from the desired configuration ([cilium/cilium#36510](cilium/cilium#36510), [@&#8203;ovidiutirla](https://github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**, **CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API ([cilium/cilium#38940](cilium/cilium#38940), [@&#8203;christarazi](https://github.com/christarazi); [cilium/cilium#39090](cilium/cilium#39090), [@&#8203;pippolo84](https://github.com/pippolo84); [cilium/cilium#37765](cilium/cilium#37765), [@&#8203;rastislavs](https://github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new default set of taints which avoids deploying to a drained node ([cilium/cilium#40137](cilium/cilium#40137), [@&#8203;Murat](https://github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for all components ([cilium/cilium#39664](cilium/cilium#39664), [@&#8203;aanm](https://github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy v1.34, LLVM 19.1, and CNI v1.1 ([cilium/cilium#39124](cilium/cilium#39124), [cilium/cilium#40175](cilium/cilium#40175), [cilium/cilium#39632](cilium/cilium#39632), [@&#8203;sayboras](https://github.com/sayboras); [cilium/cilium#38868](cilium/cilium#38868), [@&#8203;squeed](https://github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this release series is Linux v5.10 or similar, such as RHEL 8.6 ([cilium/cilium#38308](cilium/cilium#38308), [@&#8203;julianwiedmann](https://github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0 ([cilium/cilium#39590](cilium/cilium#39590), [@&#8203;sayboras](https://github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new CiliumGatewayClassConfig object adds service type validation allows the configuration of extra settings on a per-GatewayClass level: LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium to reconcile multiple GatewayClasses with different configurations ([cilium/cilium#37792](cilium/cilium#37792), [cilium/cilium#37402](cilium/cilium#37402), [cilium/cilium#40138](cilium/cilium#40138), [@&#8203;sayboras](https://github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching multiple HTTPRoutes to the same Service ([cilium/cilium#39922](cilium/cilium#39922), [@&#8203;youngnick](https://github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all changes to routes. This allows label updates to trigger reconciliation correctly, amongst other things ([cilium/cilium#37798](cilium/cilium#37798), [@&#8203;sayboras](https://github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal instances is now supported natively in Cilium's AWS ENI IPAM mode ([cilium/cilium#39678](cilium/cilium#39678), [@&#8203;41ks](https://github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in external KVstore mode ([cilium/cilium#39638](cilium/cilium#39638), [@&#8203;pippolo84](https://github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode with IPSec transparent encryption in tunnel routing mode ([cilium/cilium#39442](cilium/cilium#39442), [@&#8203;pippolo84](https://github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in multi-pool IPAM mode ([cilium/cilium#38483](cilium/cilium#38483), [@&#8203;pippolo84](https://github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the control plane ([cilium/cilium#37275](cilium/cilium#37275), [@&#8203;romanspb80](https://github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector matches in **CiliumBGPAdvertisement** resources ([cilium/cilium#36414](cilium/cilium#36414), [@&#8203;dswaffordcw](https://github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC addresses, or from an IP address pool ([cilium/cilium#36451](cilium/cilium#36451), [@&#8203;yushoyamaguchi](https://github.com/yushoyamaguchi); [cilium/cilium#38300](cilium/cilium#38300), [@&#8203;liyihuang](https://github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow results to make it easier to connect with other developers on tricky problems ([cilium/cilium#37027](cilium/cilium#37027), [@&#8203;Joe](https://github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local unix socket is deprecated. The other mechanisms to configure policy via Kubernetes resources or the local filesystem are preferred ([cilium/cilium#40212](cilium/cilium#40212), [@&#8203;squeed](https://github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom Calls, Recorder API and External Workloads ([cilium/cilium#38480](cilium/cilium#38480), [cilium/cilium#39642](cilium/cilium#39642), [cilium/cilium#37418](cilium/cilium#37418), [@&#8203;brb](https://github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback!
  - [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB Schenker](https://www.cncf.io/case-studies/db-schenker/), [eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY), [ECCO](https://www.cncf.io/case-studies/ecco/), [G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social Network Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/), and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2025-EU) in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/) and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG Community](https://github.com/cilium/community/tree/main/sig-community) now meets every first and third Thursday to foster, grow, and sustain the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found [here](https://github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium that helped directly and indirectly with the project. The success of Cilium could not happen without all of you. ❤️ :people\_holding\_hands:  ❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1062
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" in timezone
America/New_York, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/enchantednatures/HomeCluster).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40Ni4zIiwidXBkYXRlZEluVmVyIjoiNDEuNDYuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvbWlub3IiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | HelmChart |
minor | `1.17.7` -> `1.18.1` |
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | | minor |
`1.17.7` -> `1.18.1` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.1`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.1):
1.18.1

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.18.0...1.18.1)

## Summary of Changes

**Minor Changes:**

- Add `kernel_version`, `endpoint_routes_enabled`, `strict_mode_enabled`
and `kubernetes_version` feature metrics. (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;41003](https://redirect.github.com/cilium/cilium/issues/41003),
[@&#8203;aanm](https://redirect.github.com/aanm))
- eni: improve logging and speed up ipam reconciliation in case of node
scale-downs (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40852](https://redirect.github.com/cilium/cilium/issues/40852),
[@&#8203;marseel](https://redirect.github.com/marseel))
- kvstore: Cilium Agent no longer fails health-check if operator is
unavailable (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40920](https://redirect.github.com/cilium/cilium/issues/40920),
[@&#8203;marseel](https://redirect.github.com/marseel))
- operator: CRDs are updated in series instead of in parallel now during
Cilium upgrades. This should lower the pressure on the k8s control plane
(Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40322](https://redirect.github.com/cilium/cilium/issues/40322),
[@&#8203;marseel](https://redirect.github.com/marseel))

**Bugfixes:**

- Add missing safeguards to topology-aware routing: use all backends
when no suitable one matching the zone hints are found or a backend
exists without a zone hint.
([#&#8203;41116](https://redirect.github.com/cilium/cilium/issues/41116),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- aws/eni: Don't use subnet tags to filter ENIs for GC (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40656](https://redirect.github.com/cilium/cilium/issues/40656),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- clustermesh: fix regression possibly causing cross-cluster connections
disruption if the clustermesh-apiserver is restarted at the same time as
Cilium agents. (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40786](https://redirect.github.com/cilium/cilium/issues/40786),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- clustermesh: fix regression preventing global services with unnamed
ports from including remote backends (Backport PR
[#&#8203;40865](https://redirect.github.com/cilium/cilium/issues/40865),
Upstream PR
[#&#8203;40848](https://redirect.github.com/cilium/cilium/issues/40848),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- Fix bug where the presence of a label called "ingress" causes
incorrect assignment of identities to workloads, affecting policy
enforcement. (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40791](https://redirect.github.com/cilium/cilium/issues/40791),
[@&#8203;christarazi](https://redirect.github.com/christarazi))
- Fix skipping of LoadBalancer services when IPMode is not set to VIP
(KEP-1860) (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40915](https://redirect.github.com/cilium/cilium/issues/40915),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
-
fix([GH-37724](https://redirect.github.com/cilium/cilium/issues/37724)):
Sync policies on startup (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40357](https://redirect.github.com/cilium/cilium/issues/40357),
[@&#8203;anubhabMajumdar](https://redirect.github.com/anubhabMajumdar))
- fix: create policy snapshot only for sdp (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40785](https://redirect.github.com/cilium/cilium/issues/40785),
[@&#8203;vipul-21](https://redirect.github.com/vipul-21))
- Fixes a bug where the Cilium agent may segfault when starting.
(Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40824](https://redirect.github.com/cilium/cilium/issues/40824),
[@&#8203;squeed](https://redirect.github.com/squeed))
- Fixes an error where the Ingress controller, when run in host network,
created an invalid Service. (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;40232](https://redirect.github.com/cilium/cilium/issues/40232),
[@&#8203;rtheobald](https://redirect.github.com/rtheobald))
- helm: Create envoy-config ConfigMap for preflight (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;40875](https://redirect.github.com/cilium/cilium/issues/40875),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- install/kubernetes: fix clustermesh-apiserver extraEnv (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;41021](https://redirect.github.com/cilium/cilium/issues/41021),
[@&#8203;aanm](https://redirect.github.com/aanm))
- loadbalancer: Fix backend state in REST API (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40780](https://redirect.github.com/cilium/cilium/issues/40780),
[@&#8203;mhofstetter](https://redirect.github.com/mhofstetter))

**CI Changes:**

- .github/actions: only upload files with features-tested prefix
(Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40975](https://redirect.github.com/cilium/cilium/issues/40975),
[@&#8203;aanm](https://redirect.github.com/aanm))
- Add TESTOWNERS file
([#&#8203;40864](https://redirect.github.com/cilium/cilium/issues/40864),
[@&#8203;joestringer](https://redirect.github.com/joestringer))
- ci: Add Cleanup Disk space step into conformance-runtime (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40973](https://redirect.github.com/cilium/cilium/issues/40973),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- ci: Fix CI-Fuzz Build failures (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40728](https://redirect.github.com/cilium/cilium/issues/40728),
[@&#8203;lomackie](https://redirect.github.com/lomackie))
- ci: Reuse connectivity test flags in proxy-embedded (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;41036](https://redirect.github.com/cilium/cilium/issues/41036),
[@&#8203;joestringer](https://redirect.github.com/joestringer))
- endpoint: Avoid unnecessarily logging a warning during endpoint
deletion (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40927](https://redirect.github.com/cilium/cilium/issues/40927),
[@&#8203;christarazi](https://redirect.github.com/christarazi))
- Fix GKE cluster creation failures when branch names exceed 63-byte
label limit by implementing automatic truncation with hash-based
uniqueness preservation. (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40725](https://redirect.github.com/cilium/cilium/issues/40725),
[@&#8203;pillai-ashwin](https://redirect.github.com/pillai-ashwin))
- Improved test failure attribution on stable branches by using
TESTOWNERS files to route failures to appropriate code quality teams
rather than generic CI infrastructure teams. (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40776](https://redirect.github.com/cilium/cilium/issues/40776),
[@&#8203;pillai-ashwin](https://redirect.github.com/pillai-ashwin))
- ipsec: fix privileged tests (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;41006](https://redirect.github.com/cilium/cilium/issues/41006),
[@&#8203;smagnani96](https://redirect.github.com/smagnani96))
- tools/testowners: de-duplicate error logs (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40778](https://redirect.github.com/cilium/cilium/issues/40778),
[@&#8203;tklauser](https://redirect.github.com/tklauser))
- workflows/ipsec: Fix leak detection for IPv6-only in e2e downgrade
(Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40881](https://redirect.github.com/cilium/cilium/issues/40881),
[@&#8203;smagnani96](https://redirect.github.com/smagnani96))

**Misc Changes:**

- .github/workflows: bump build-images-base timeout to 60 minutes
(Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40919](https://redirect.github.com/cilium/cilium/issues/40919),
[@&#8203;aanm](https://redirect.github.com/aanm))
- .github/workflows: print open file descriptors (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40941](https://redirect.github.com/cilium/cilium/issues/40941),
[@&#8203;aanm](https://redirect.github.com/aanm))
- .github: fix removal of all files in /mnt (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40818](https://redirect.github.com/cilium/cilium/issues/40818),
[@&#8203;aanm](https://redirect.github.com/aanm))
- .github: remove all contents of /mnt in build images CI (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40814](https://redirect.github.com/cilium/cilium/issues/40814),
[@&#8203;aanm](https://redirect.github.com/aanm))
- chore(deps): update actions/download-artifact action to v5 (v1.18)
([#&#8203;41055](https://redirect.github.com/cilium/cilium/issues/41055),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all github action dependencies (v1.18)
([#&#8203;40901](https://redirect.github.com/cilium/cilium/issues/40901),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all github action dependencies (v1.18)
([#&#8203;41056](https://redirect.github.com/cilium/cilium/issues/41056),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update all-dependencies (v1.18)
([#&#8203;40900](https://redirect.github.com/cilium/cilium/issues/40900),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update dependency cilium/cilium-cli to v0.18.6 (v1.18)
([#&#8203;40898](https://redirect.github.com/cilium/cilium/issues/40898),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update go to v1.24.6 (v1.18)
([#&#8203;40993](https://redirect.github.com/cilium/cilium/issues/40993),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update stable lvh-images (v1.18) (patch)
([#&#8203;40899](https://redirect.github.com/cilium/cilium/issues/40899),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- chore(deps): update stable lvh-images (v1.18) (patch)
([#&#8203;41054](https://redirect.github.com/cilium/cilium/issues/41054),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- ci: add/change runner labels (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40972](https://redirect.github.com/cilium/cilium/issues/40972),
[@&#8203;Artyop](https://redirect.github.com/Artyop))
- daemon/test: explicitly wait for identities synchronization (Backport
PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40811](https://redirect.github.com/cilium/cilium/issues/40811),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- docs: Remove references to v1.15 (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;41033](https://redirect.github.com/cilium/cilium/issues/41033),
[@&#8203;joestringer](https://redirect.github.com/joestringer))
- Fix loadbalancer handling of backends with ClusterID set (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;40968](https://redirect.github.com/cilium/cilium/issues/40968),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- Fix race condition issues (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40949](https://redirect.github.com/cilium/cilium/issues/40949),
[@&#8203;aanm](https://redirect.github.com/aanm))
- fix(deps): update module github.com/docker/docker to
v28.3.3+incompatible \[security] (v1.18)
([#&#8203;40793](https://redirect.github.com/cilium/cilium/issues/40793),
[@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot])
- loadbalancer: Raise default retry duration to 1 second (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;40997](https://redirect.github.com/cilium/cilium/issues/40997),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- loadbalancer: Use unique for L3n4Addr (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40633](https://redirect.github.com/cilium/cilium/issues/40633),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- Makefile: Fix multi codeowner detection (Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40923](https://redirect.github.com/cilium/cilium/issues/40923),
[@&#8203;joestringer](https://redirect.github.com/joestringer))
- Reduced memory usage by roughly 10% for large EndpointSlices by
sharing identical objects. (Backport PR
[#&#8203;41078](https://redirect.github.com/cilium/cilium/issues/41078),
Upstream PR
[#&#8203;40987](https://redirect.github.com/cilium/cilium/issues/40987),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- values(.yaml.tmpl): Add Geneve (Class Option) to dsrDispatch paramater
(Backport PR
[#&#8203;40847](https://redirect.github.com/cilium/cilium/issues/40847),
Upstream PR
[#&#8203;40625](https://redirect.github.com/cilium/cilium/issues/40625),
[@&#8203;alagoutte](https://redirect.github.com/alagoutte))
- vendor: Bump to StateDB v0.4.5 (Backport PR
[#&#8203;40979](https://redirect.github.com/cilium/cilium/issues/40979),
Upstream PR
[#&#8203;40783](https://redirect.github.com/cilium/cilium/issues/40783),
[@&#8203;joamaki](https://redirect.github.com/joamaki))

**Other Changes:**

- ci: reduce gke failures
([#&#8203;41070](https://redirect.github.com/cilium/cilium/issues/41070),
[@&#8203;brlbil](https://redirect.github.com/brlbil))
- install: Update image digests for v1.18.0
([#&#8203;40782](https://redirect.github.com/cilium/cilium/issues/40782),
[@&#8203;cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot])

##### Docker Manifests

##### cilium


`quay.io/cilium/cilium:v1.18.1@&#8203;sha256:65ab17c052d8758b2ad157ce766285e04173722df59bdee1ea6d5fda7149f0e9`

`quay.io/cilium/cilium:stable@sha256:65ab17c052d8758b2ad157ce766285e04173722df59bdee1ea6d5fda7149f0e9`

##### clustermesh-apiserver


`quay.io/cilium/clustermesh-apiserver:v1.18.1@&#8203;sha256:87ab85f33dc7e895ed6257564bf1a255d12399d9e8a075a8fc400910ff94cbeb`

`quay.io/cilium/clustermesh-apiserver:stable@sha256:87ab85f33dc7e895ed6257564bf1a255d12399d9e8a075a8fc400910ff94cbeb`

##### docker-plugin


`quay.io/cilium/docker-plugin:v1.18.1@&#8203;sha256:fb1c6ecb6dc180c97488b8ea45d81275237db14d50e22a1eff3dbfaf9f6f93f3`

`quay.io/cilium/docker-plugin:stable@sha256:fb1c6ecb6dc180c97488b8ea45d81275237db14d50e22a1eff3dbfaf9f6f93f3`

##### hubble-relay


`quay.io/cilium/hubble-relay:v1.18.1@&#8203;sha256:7e2fd4877387c7e112689db7c2b153a4d5c77d125b8d50d472dbe81fc1b139b0`

`quay.io/cilium/hubble-relay:stable@sha256:7e2fd4877387c7e112689db7c2b153a4d5c77d125b8d50d472dbe81fc1b139b0`

##### operator-alibabacloud


`quay.io/cilium/operator-alibabacloud:v1.18.1@&#8203;sha256:e2bdc8236acec0d1ef1552c831a7cd2277624031066fbdfac884a31a4126a32a`

`quay.io/cilium/operator-alibabacloud:stable@sha256:e2bdc8236acec0d1ef1552c831a7cd2277624031066fbdfac884a31a4126a32a`

##### operator-aws


`quay.io/cilium/operator-aws:v1.18.1@&#8203;sha256:de522223ecd73bc06b48042fa59f78f7b3b8f2fff4f8f30a61687516798c5042`

`quay.io/cilium/operator-aws:stable@sha256:de522223ecd73bc06b48042fa59f78f7b3b8f2fff4f8f30a61687516798c5042`

##### operator-azure


`quay.io/cilium/operator-azure:v1.18.1@&#8203;sha256:682058e6734e397e7939e92bb463da3c1b5d8b7a7ce408c3b7a62aadb9ce4f06`

`quay.io/cilium/operator-azure:stable@sha256:682058e6734e397e7939e92bb463da3c1b5d8b7a7ce408c3b7a62aadb9ce4f06`

##### operator-generic


`quay.io/cilium/operator-generic:v1.18.1@&#8203;sha256:97f4553afa443465bdfbc1cc4927c93f16ac5d78e4dd2706736e7395382201bc`

`quay.io/cilium/operator-generic:stable@sha256:97f4553afa443465bdfbc1cc4927c93f16ac5d78e4dd2706736e7395382201bc`

##### operator


`quay.io/cilium/operator:v1.18.1@&#8203;sha256:f3b8d90f945167c1ac4324a0f02a9d381f83076d5ce828fab452014f9335a47e`

`quay.io/cilium/operator:stable@sha256:f3b8d90f945167c1ac4324a0f02a9d381f83076d5ce828fab452014f9335a47e`

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.7...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

##### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

##### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

##### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

##### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

##### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

##### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

##### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

##### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

##### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

##### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

##### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40NS4wIiwidXBkYXRlZEluVmVyIjoiNDEuODEuNCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvbWlub3IiXX0=-->