Multi-Pool IPAM is now compatible with tunneling, update the IPAM modes
feature compatibility table accordingly.

Related: cilium#38483

Signed-off-by: Fabio Falzoi <[email protected]>

Thanks to the VinE support added in #37723, when in tunnel mode we
encrypt the traffic after the encapsulation, at the native egress
device. Therefore, the only entries (policies and states) needed for the
XFRM framework to encrypt the traffic are the ones related to the remote
nodes, not the ones related to the remote pod CIDRs.

As a consequence, the multi-pool IPAM mode is now supported when IPSec
is enabled in tunnel mode, therefore, update the related startup check
to stop the agent only when multi-pool IPAM and IPSec transparent
encryption are enabled in native routing mode.

Related: #38483, #37723

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling, update the IPAM modes
feature compatibility table accordingly.

Related: #38483

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling, update the IPAM modes
feature compatibility table accordingly.

Related: cilium#38483

Signed-off-by: Fabio Falzoi <[email protected]>

Thanks to the VinE support added in #37723, when in tunnel mode we
encrypt the traffic after the encapsulation, at the native egress
device. Therefore, the only entries (policies and states) needed for the
XFRM framework to encrypt the traffic are the ones related to the remote
nodes, not the ones related to the remote pod CIDRs.

As a consequence, the multi-pool IPAM mode is now supported when IPSec
is enabled in tunnel mode, therefore, update the related startup check
to stop the agent only when multi-pool IPAM and IPSec transparent
encryption are enabled in native routing mode.

Related: #38483, #37723

Signed-off-by: Fabio Falzoi <[email protected]>

Thanks to the VinE support added in #37723, when in tunnel mode we
encrypt the traffic after the encapsulation, at the native egress
device. Therefore, the only entries (policies and states) needed for the
XFRM framework to encrypt the traffic are the ones related to the remote
nodes, not the ones related to the remote pod CIDRs.

As a consequence, the multi-pool IPAM mode is now supported when IPSec
is enabled in tunnel mode, therefore, update the related startup check
to stop the agent only when multi-pool IPAM and IPSec transparent
encryption are enabled in native routing mode.

Related: #38483, #37723

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling too and it does not
require native routing mode anymore. Therefore, in order to simplify the
Multi-Pool IPAM tutorial in the docs, remove the options related to
native routing.

Related: #38483

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling too and it does not
require native routing mode anymore. Therefore, in order to simplify the
Multi-Pool IPAM tutorial in the docs, remove the options related to
native routing.

Related: #38483

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling too and it does not
require native routing mode anymore. Therefore, in order to simplify the
Multi-Pool IPAM tutorial in the docs, remove the options related to
native routing.

Related: #38483

Signed-off-by: Fabio Falzoi <[email protected]>

Multi-Pool IPAM is now compatible with tunneling too and it does not
require native routing mode anymore. Therefore, in order to simplify the
Multi-Pool IPAM tutorial in the docs, remove the options related to
native routing.

Related: cilium#38483

Signed-off-by: Fabio Falzoi <[email protected]>

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | HelmChart |
minor | `1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/chezmoidotsh/arcane).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsidHlwZTogZGVwZW5kZW5jaWVzIl19-->

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | helm_release |
minor | `1.17.6` -> `1.18.0` |
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | | minor |
`1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about these
updates again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/lambchop4prez/network).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOltdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

…ilium ( 1.17.6 → 1.18.0 ) (#709)

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [ghcr.io/home-operations/charts-mirror/cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium
(ghcr.io/home-operations/charts-mirror/cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://redirect.github.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40NS4wIiwidXBkYXRlZEluVmVyIjoiNDEuNDUuMCIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->

Co-authored-by: bot-nicole[bot] <205127124+bot-nicole[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Enabled.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/rupaschomaker/home-cluster).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40My41IiwidXBkYXRlZEluVmVyIjoiNDEuNDMuNSIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvY29udGFpbmVyIiwidHlwZS9taW5vciJdfQ==-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | minor | `1.17.6` -> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

### [`v1.18.0`](https://github.com/cilium/cilium/releases/tag/v1.18.0): 1.18.0

[Compare Source](cilium/cilium@1.17.6...1.18.0)

We are excited to announce the **[Cilium 1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0)** release!

A total of **3298 new commits** have been contributed to this release by a growing community of over **955 developers** and over **22,000 GitHub stars**! ⭐

To keep up to date with all the latest Cilium releases, see [Announcements](https://github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in [v1.18.0](https://github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing control-plane in the Cilium agent has been redesigned to reduce memory usage and improve future extensibility of load-balancing features ([cilium/cilium#38469](cilium/cilium#38469), [@&#8203;joamaki](https://github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels ([cilium/cilium#37723](cilium/cilium#37723), [@&#8203;ldelossa](https://github.com/ldelossa); [cilium/cilium#37346](cilium/cilium#37346), [@&#8203;gyutaeb](https://github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now direct traffic towards multiple gateway nodes ([cilium/cilium#39304](cilium/cilium#39304), [@&#8203;carlos-abad](https://github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports ingress rate limiting ([cilium/cilium#36351](cilium/cilium#36351), [@&#8203;l1b0k](https://github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature now supports multiple devices ([cilium/cilium#38198](cilium/cilium#38198), [@&#8203;dylandreimerink](https://github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more resilient through a new system that reconciles desired neighbor entries with the kernel state ([cilium/cilium#39987](cilium/cilium#39987), [@&#8203;dylandreimerink](https://github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports using an IPv6 network underlay, including when configured with IPsec transparent encryption ([cilium/cilium#38296](cilium/cilium#38296), [cilium/cilium#39497](cilium/cilium#39497), [@&#8203;pchaigno](https://github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service translation when running on an IPv6 underlay ([cilium/cilium#39074](cilium/cilium#39074), [@&#8203;pchaigno](https://github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third party plugin, Cilium now configures IPv6 routes for connectivity if the plugin supports IPv6 ([cilium/cilium#38249](cilium/cilium#38249), [@&#8203;caorui-io](https://github.com/caorui-io), [@&#8203;kadevu](https://github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments to apply policy and routing functionality ([cilium/cilium#38110](cilium/cilium#38110), [@&#8203;gentoo-root](https://github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges ([cilium/cilium#38452](cilium/cilium#38452), [@&#8203;rgo3](https://github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that allowed or denied traffic when monitoring flows in Hubble ([cilium/cilium#39453](cilium/cilium#39453), [@&#8203;antonipp](https://github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to policies, which is exposed in Hubble flows for easy correlation and searching ([cilium/cilium#39902](cilium/cilium#39902), [@&#8203;squeed](https://github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated traffic for deeper introspection into traffic flows ([cilium/cilium#37634](cilium/cilium#37634), [@&#8203;kaworu](https://github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the **cluster** entity to apply only to the local cluster in ClusterMesh environment ([cilium/cilium#39338](cilium/cilium#39338), [@&#8203;MrFreezeex](https://github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium Grafana dashboard has been improved to show more relevant graphs, including policy drops in both directions ([cilium/cilium#36492](cilium/cilium#36492), [cilium/cilium#37445](cilium/cilium#37445), [@&#8203;squeed](https://github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up to 45% faster in higher scale environments (Various; [@&#8203;marseel](https://github.com/marseel), [cilium/cilium#40227](cilium/cilium#40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on arm64 architecture images ([cilium/cilium#40005](cilium/cilium#40005), [@&#8203;marseel](https://github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large numbers of IPs faster, and the EndpointSelector match implementation has been optimized ([cilium/cilium#39340](cilium/cilium#39340), [@&#8203;squeed](https://github.com/squeed); [cilium/cilium#40414](cilium/cilium#40414), [@&#8203;marseel](https://github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh mirrors EndpointSlice from the local cluster instead of copying the Service selectors when using the MCS-API controller ([cilium/cilium#38596](cilium/cilium#38596), [@&#8203;MrFreezeex](https://github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is optimized by only synchronizing identities keyed by ID, not by value ([cilium/cilium#36471](cilium/cilium#36471), [@&#8203;HadrienPatte](https://github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is significantly improved when matching a large number of pods ([cilium/cilium#37714](cilium/cilium#37714), [@&#8203;giorio94](https://github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium leverages batched iterators for CTMap GC ([cilium/cilium#36288](cilium/cilium#36288), [@&#8203;tommyp1ckles](https://github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver connections behavior at scale through failover and setting better jitter and backoff configurations ([cilium/cilium#37601](cilium/cilium#37601), [@&#8203;aditighag](https://github.com/aditighag); [cilium/cilium#38031](cilium/cilium#38031), [@&#8203;orange30](https://github.com/orange30); [cilium/cilium#36648](cilium/cilium#36648), [@&#8203;wedaly](https://github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically synchronize ConfigMap changes into the agent and report metrics for when the effective configuration is different from the desired configuration ([cilium/cilium#36510](cilium/cilium#36510), [@&#8203;ovidiutirla](https://github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**, **CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API ([cilium/cilium#38940](cilium/cilium#38940), [@&#8203;christarazi](https://github.com/christarazi); [cilium/cilium#39090](cilium/cilium#39090), [@&#8203;pippolo84](https://github.com/pippolo84); [cilium/cilium#37765](cilium/cilium#37765), [@&#8203;rastislavs](https://github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new default set of taints which avoids deploying to a drained node ([cilium/cilium#40137](cilium/cilium#40137), [@&#8203;Murat](https://github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for all components ([cilium/cilium#39664](cilium/cilium#39664), [@&#8203;aanm](https://github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy v1.34, LLVM 19.1, and CNI v1.1 ([cilium/cilium#39124](cilium/cilium#39124), [cilium/cilium#40175](cilium/cilium#40175), [cilium/cilium#39632](cilium/cilium#39632), [@&#8203;sayboras](https://github.com/sayboras); [cilium/cilium#38868](cilium/cilium#38868), [@&#8203;squeed](https://github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this release series is Linux v5.10 or similar, such as RHEL 8.6 ([cilium/cilium#38308](cilium/cilium#38308), [@&#8203;julianwiedmann](https://github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0 ([cilium/cilium#39590](cilium/cilium#39590), [@&#8203;sayboras](https://github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new CiliumGatewayClassConfig object adds service type validation allows the configuration of extra settings on a per-GatewayClass level: LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium to reconcile multiple GatewayClasses with different configurations ([cilium/cilium#37792](cilium/cilium#37792), [cilium/cilium#37402](cilium/cilium#37402), [cilium/cilium#40138](cilium/cilium#40138), [@&#8203;sayboras](https://github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching multiple HTTPRoutes to the same Service ([cilium/cilium#39922](cilium/cilium#39922), [@&#8203;youngnick](https://github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all changes to routes. This allows label updates to trigger reconciliation correctly, amongst other things ([cilium/cilium#37798](cilium/cilium#37798), [@&#8203;sayboras](https://github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal instances is now supported natively in Cilium's AWS ENI IPAM mode ([cilium/cilium#39678](cilium/cilium#39678), [@&#8203;41ks](https://github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in external KVstore mode ([cilium/cilium#39638](cilium/cilium#39638), [@&#8203;pippolo84](https://github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode with IPSec transparent encryption in tunnel routing mode ([cilium/cilium#39442](cilium/cilium#39442), [@&#8203;pippolo84](https://github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in multi-pool IPAM mode ([cilium/cilium#38483](cilium/cilium#38483), [@&#8203;pippolo84](https://github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the control plane ([cilium/cilium#37275](cilium/cilium#37275), [@&#8203;romanspb80](https://github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector matches in **CiliumBGPAdvertisement** resources ([cilium/cilium#36414](cilium/cilium#36414), [@&#8203;dswaffordcw](https://github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC addresses, or from an IP address pool ([cilium/cilium#36451](cilium/cilium#36451), [@&#8203;yushoyamaguchi](https://github.com/yushoyamaguchi); [cilium/cilium#38300](cilium/cilium#38300), [@&#8203;liyihuang](https://github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow results to make it easier to connect with other developers on tricky problems ([cilium/cilium#37027](cilium/cilium#37027), [@&#8203;Joe](https://github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local unix socket is deprecated. The other mechanisms to configure policy via Kubernetes resources or the local filesystem are preferred ([cilium/cilium#40212](cilium/cilium#40212), [@&#8203;squeed](https://github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom Calls, Recorder API and External Workloads ([cilium/cilium#38480](cilium/cilium#38480), [cilium/cilium#39642](cilium/cilium#39642), [cilium/cilium#37418](cilium/cilium#37418), [@&#8203;brb](https://github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback!
  - [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB Schenker](https://www.cncf.io/case-studies/db-schenker/), [eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY), [ECCO](https://www.cncf.io/case-studies/ecco/), [G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social Network Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/), and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2025-EU) in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/) and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG Community](https://github.com/cilium/community/tree/main/sig-community) now meets every first and third Thursday to foster, grow, and sustain the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found [here](https://github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium that helped directly and indirectly with the project. The success of Cilium could not happen without all of you. ❤️ :people\_holding\_hands:  ❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update again.

---

 - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box

---

This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xLjMiLCJ1cGRhdGVkSW5WZXIiOiI0MS4xLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19-->

Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/1062
Co-authored-by: Renovate Bot <[email protected]>
Co-committed-by: Renovate Bot <[email protected]>

This PR contains the following updates:

| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/)
([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.6`
-> `1.18.0` |

---

### Release Notes

<details>
<summary>cilium/cilium (cilium)</summary>

###
[`v1.18.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):
1.18.0

[Compare
Source](https://redirect.github.com/cilium/cilium/compare/1.17.6...1.18.0)

We are excited to announce the **[Cilium
1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0)**
release!

A total of **3298 new commits** have been contributed to this release by
a growing community of over **955 developers** and over **22,000 GitHub
stars**! ⭐

To keep up to date with all the latest Cilium releases, see
[Announcements](https://redirect.github.com/cilium/cilium/discussions/categories/announcements)

Here's what's new in
[v1.18.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.0):

#### 🚠 Networking

- **⚖️ Load Balancing Redesign**: The service load-balancing
control-plane in the Cilium agent has been redesigned to reduce memory
usage and improve future extensibility of load-balancing features
([cilium/cilium#38469](https://redirect.github.com/cilium/cilium/pull/38469),
[@&#8203;joamaki](https://redirect.github.com/joamaki))
- **🔌 Virtual Network Devices**: Added support for new virtual network
device configurations such as VXLAN in IPsec (VinE) and IPIP tunnels
([cilium/cilium#37723](https://redirect.github.com/cilium/cilium/pull/37723),
[@&#8203;ldelossa](https://redirect.github.com/ldelossa);
[cilium/cilium#37346](https://redirect.github.com/cilium/cilium/pull/37346),
[@&#8203;gyutaeb](https://redirect.github.com/gyutaeb))
- **Ⓜ️ Multiple Egress Gateways**: Egress Gateways policies can now
direct traffic towards multiple gateway nodes
([cilium/cilium#39304](https://redirect.github.com/cilium/cilium/pull/39304),
[@&#8203;carlos-abad](https://redirect.github.com/carlos-abad))
- **🚦 Ingress Rate Limiting**: The bandwidth manager now supports
ingress rate limiting
([cilium/cilium#36351](https://redirect.github.com/cilium/cilium/pull/36351),
[@&#8203;l1b0k](https://redirect.github.com/l1b0k))
- **📢 Multi-Device L2 Announcements**: The L2 pod announcement feature
now supports multiple devices
([cilium/cilium#38198](https://redirect.github.com/cilium/cilium/pull/38198),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))
- **🏢 Neighbor Subsystem Rework**: The neighbor subsystem was made more
resilient through a new system that reconciles desired neighbor entries
with the kernel state
([cilium/cilium#39987](https://redirect.github.com/cilium/cilium/pull/39987),
[@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink))

#### 🌐 IPv6

- **🚇 Tunneling Underlay**: The tunneling datapath mode now supports
using an IPv6 network underlay, including when configured with IPsec
transparent encryption
([cilium/cilium#38296](https://redirect.github.com/cilium/cilium/pull/38296),
[cilium/cilium#39497](https://redirect.github.com/cilium/cilium/pull/39497),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **💬 Kube Proxy Replacement**: Cilium now implements service
translation when running on an IPv6 underlay
([cilium/cilium#39074](https://redirect.github.com/cilium/cilium/pull/39074),
[@&#8203;pchaigno](https://redirect.github.com/pchaigno))
- **📋 Delegated IPAM**: When delegating IP address management to a third
party plugin, Cilium now configures IPv6 routes for connectivity if the
plugin supports IPv6
([cilium/cilium#38249](https://redirect.github.com/cilium/cilium/pull/38249),
[@&#8203;caorui-io](https://redirect.github.com/caorui-io),
[@&#8203;kadevu](https://redirect.github.com/kadevu))
- **📦 IP Fragment Support**: Cilium now processes ordered IPv6 fragments
to apply policy and routing functionality
([cilium/cilium#38110](https://redirect.github.com/cilium/cilium/pull/38110),
[@&#8203;gentoo-root](https://redirect.github.com/gentoo-root))
- **🚪 Egress gateway policies** can now match IPv6 address ranges
([cilium/cilium#38452](https://redirect.github.com/cilium/cilium/pull/38452),
[@&#8203;rgo3](https://redirect.github.com/rgo3))

#### 🛡️ Policy & Observability

- **🏷️ Policy Names in Hubble-CLI**: Show the names of (C)CNPs that
allowed or denied traffic when monitoring flows in Hubble
([cilium/cilium#39453](https://redirect.github.com/cilium/cilium/pull/39453),
[@&#8203;antonipp](https://redirect.github.com/antonipp))
- **📝 Policy Log Fields**: A new free-text log field is added to
policies, which is exposed in Hubble flows for easy correlation and
searching
([cilium/cilium#39902](https://redirect.github.com/cilium/cilium/pull/39902),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🛰️ Encapsulated Traffic Decoding**: Hubble decodes encapsulated
traffic for deeper introspection into traffic flows
([cilium/cilium#37634](https://redirect.github.com/cilium/cilium/pull/37634),
[@&#8203;kaworu](https://redirect.github.com/kaworu))
- **🏰 ClusterMesh Policy Restriction**: A new option allows the
**cluster** entity to apply only to the local cluster in ClusterMesh
environment
([cilium/cilium#39338](https://redirect.github.com/cilium/cilium/pull/39338),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **✨ Enhanced Policy Dashboard**: The Policy section of the Cilium
Grafana dashboard has been improved to show more relevant graphs,
including policy drops in both directions
([cilium/cilium#36492](https://redirect.github.com/cilium/cilium/pull/36492),
[cilium/cilium#37445](https://redirect.github.com/cilium/cilium/pull/37445),
[@&#8203;squeed](https://redirect.github.com/squeed))

#### 🌅 Performance

- **📊 Scale Test Results**: Cilium implements policies and services up
to 45% faster in higher scale environments (Various;
[@&#8203;marseel](https://redirect.github.com/marseel),
[cilium/cilium#40227](https://redirect.github.com/cilium/cilium/pull/40227))
- **📦 Image Size Reduction**: Docker image sizes are reduced by 32% on
arm64 architecture images
([cilium/cilium#40005](https://redirect.github.com/cilium/cilium/pull/40005),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **⚡ Improved Policy Performance**: The DNS proxy can process large
numbers of IPs faster, and the EndpointSelector match implementation has
been optimized
([cilium/cilium#39340](https://redirect.github.com/cilium/cilium/pull/39340),
[@&#8203;squeed](https://redirect.github.com/squeed);
[cilium/cilium#40414](https://redirect.github.com/cilium/cilium/pull/40414),
[@&#8203;marseel](https://redirect.github.com/marseel))
- **🪞 EndpointSlice Mirroring for Multi-Cluster Services**: Clustermesh
mirrors EndpointSlice from the local cluster instead of copying the
Service selectors when using the MCS-API controller
([cilium/cilium#38596](https://redirect.github.com/cilium/cilium/pull/38596),
[@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex))
- **🌐 KVStoreMesh Optimization**: Cross-cluster state distribution is
optimized by only synchronizing identities keyed by ID, not by value
([cilium/cilium#36471](https://redirect.github.com/cilium/cilium/pull/36471),
[@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte))
- **🧠 Egress Gateway Processing**: Egress gateway policy processing is
significantly improved when matching a large number of pods
([cilium/cilium#37714](https://redirect.github.com/cilium/cilium/pull/37714),
[@&#8203;giorio94](https://redirect.github.com/giorio94))
- **🗑️ Optimized Garbage Collection for Connection Tracking**: Cilium
leverages batched iterators for CTMap GC
([cilium/cilium#36288](https://redirect.github.com/cilium/cilium/pull/36288),
[@&#8203;tommyp1ckles](https://redirect.github.com/tommyp1ckles))

#### ⚙️ Operations

- **📈 API Server Connections at Scale**: Improve kube-apiserver
connections behavior at scale through failover and setting better jitter
and backoff configurations
([cilium/cilium#37601](https://redirect.github.com/cilium/cilium/pull/37601),
[@&#8203;aditighag](https://redirect.github.com/aditighag);
[cilium/cilium#38031](https://redirect.github.com/cilium/cilium/pull/38031),
[@&#8203;orange30](https://redirect.github.com/orange30);
[cilium/cilium#36648](https://redirect.github.com/cilium/cilium/pull/36648),
[@&#8203;wedaly](https://redirect.github.com/wedaly))
- **🔄 ConfigMap Synchronization**: New option to automatically
synchronize ConfigMap changes into the agent and report metrics for when
the effective configuration is different from the desired configuration
([cilium/cilium#36510](https://redirect.github.com/cilium/cilium/pull/36510),
[@&#8203;ovidiutirla](https://redirect.github.com/ovidiutirla))
- **🎓 CRD Promotion to Stable**: Promote **CiliumCIDRGroup**,
**CiliumLoadBalancerIPPool** and all **BGP** CRDs to stable API
([cilium/cilium#38940](https://redirect.github.com/cilium/cilium/pull/38940),
[@&#8203;christarazi](https://redirect.github.com/christarazi);
[cilium/cilium#39090](https://redirect.github.com/cilium/cilium/pull/39090),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84);
[cilium/cilium#37765](https://redirect.github.com/cilium/cilium/pull/37765),
[@&#8203;rastislavs](https://redirect.github.com/rastislavs))
- **⛔ Node Taints Handling**: The cilium-operator Deployment uses a new
default set of taints which avoids deploying to a drained node
([cilium/cilium#40137](https://redirect.github.com/cilium/cilium/pull/40137),
[@&#8203;Murat](https://redirect.github.com/Murat) Parlakisik)
- **:wood: Migrate to Slog**: Cilium now uses slog as log library for
all components
([cilium/cilium#39664](https://redirect.github.com/cilium/cilium/pull/39664),
[@&#8203;aanm](https://redirect.github.com/aanm))
- **🔧 Cilium dependencies** were updated to Kubernetes v1.33, Envoy
v1.34, LLVM 19.1, and CNI v1.1
([cilium/cilium#39124](https://redirect.github.com/cilium/cilium/pull/39124),
[cilium/cilium#40175](https://redirect.github.com/cilium/cilium/pull/40175),
[cilium/cilium#39632](https://redirect.github.com/cilium/cilium/pull/39632),
[@&#8203;sayboras](https://redirect.github.com/sayboras);
[cilium/cilium#38868](https://redirect.github.com/cilium/cilium/pull/38868),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🐧 Minimum Linux Requirements**: The minimum kernel version for this
release series is Linux v5.10 or similar, such as RHEL 8.6
([cilium/cilium#38308](https://redirect.github.com/cilium/cilium/pull/38308),
[@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann))

#### 🕸️ Service Mesh & Gateway API

- **⛩️ Gateway API v1.3.0**: Gateway API support is bumped to v1.3.0
([cilium/cilium#39590](https://redirect.github.com/cilium/cilium/pull/39590),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🔗 Improved GatewayClass Configuration**: The new
CiliumGatewayClassConfig object adds service type validation allows the
configuration of extra settings on a per-GatewayClass level:
LoadBalancerSourceRangesPolicy, ParametersRef fields. This allows Cilium
to reconcile multiple GatewayClasses with different configurations
([cilium/cilium#37792](https://redirect.github.com/cilium/cilium/pull/37792),
[cilium/cilium#37402](https://redirect.github.com/cilium/cilium/pull/37402),
[cilium/cilium#40138](https://redirect.github.com/cilium/cilium/pull/40138),
[@&#8203;sayboras](https://redirect.github.com/sayboras))
- **🚏 Multiple HTTPRoutes**: GAMMA reconciler now supports attaching
multiple HTTPRoutes to the same Service
([cilium/cilium#39922](https://redirect.github.com/cilium/cilium/pull/39922),
[@&#8203;youngnick](https://redirect.github.com/youngnick))
- **🪄 Route Changes Reconciliation**: Reconcile Gateway API based on all
changes to routes. This allows label updates to trigger reconciliation
correctly, amongst other things
([cilium/cilium#37798](https://redirect.github.com/cilium/cilium/pull/37798),
[@&#8203;sayboras](https://redirect.github.com/sayboras))

#### 🏷️ IP Address Management

- **☁️ AWS Prefix Delegation**: Prefix delegation on AWS bare metal
instances is now supported natively in Cilium's AWS ENI IPAM mode
([cilium/cilium#39678](https://redirect.github.com/cilium/cilium/pull/39678),
[@&#8203;41ks](https://redirect.github.com/41ks))
- **🏬 Multi-Pool IPAM with KVStore**: Add support for Multi-Pool IPAM in
external KVstore mode
([cilium/cilium#39638](https://redirect.github.com/cilium/cilium/pull/39638),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **🔐 Multi-Pool IPAM with IPSec**: Add support for Multi-Pool IPAM mode
with IPSec transparent encryption in tunnel routing mode
([cilium/cilium#39442](https://redirect.github.com/cilium/cilium/pull/39442),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))
- **↪️ Multi-Pool Tunnel Routing**: Add support for tunnel routing in
multi-pool IPAM mode
([cilium/cilium#38483](https://redirect.github.com/cilium/cilium/pull/38483),
[@&#8203;pippolo84](https://redirect.github.com/pippolo84))

#### 🛣️ BGP

- **📇 Route Aggregation**: Add support for BGP route aggregation in the
control plane
([cilium/cilium#37275](https://redirect.github.com/cilium/cilium/pull/37275),
[@&#8203;romanspb80](https://redirect.github.com/romanspb80))
- **🎯 Overlapping Selector Matches**: Support overlapping selector
matches in **CiliumBGPAdvertisement** resources
([cilium/cilium#36414](https://redirect.github.com/cilium/cilium/pull/36414),
[@&#8203;dswaffordcw](https://redirect.github.com/dswaffordcw))
- **🆔 New Router ID generation modes**: Generate router-id based on MAC
addresses, or from an IP address pool
([cilium/cilium#36451](https://redirect.github.com/cilium/cilium/pull/36451),
[@&#8203;yushoyamaguchi](https://redirect.github.com/yushoyamaguchi);
[cilium/cilium#38300](https://redirect.github.com/cilium/cilium/pull/38300),
[@&#8203;liyihuang](https://redirect.github.com/liyihuang))

#### 🧑‍💻 Development Experience

- **🧪 Test attribution**: Identify owners of test in GitHub workflow
results to make it easier to connect with other developers on tricky
problems
([cilium/cilium#37027](https://redirect.github.com/cilium/cilium/pull/37027),
[@&#8203;Joe](https://redirect.github.com/Joe) Stringer)
- **🛏️ Policy REST API**: The Cilium policy API exposed over a local
unix socket is deprecated. The other mechanisms to configure policy via
Kubernetes resources or the local filesystem are preferred
([cilium/cilium#40212](https://redirect.github.com/cilium/cilium/pull/40212),
[@&#8203;squeed](https://redirect.github.com/squeed))
- **🏗️ Feature Deprecation**: Deprecate underused features like Custom
Calls, Recorder API and External Workloads
([cilium/cilium#38480](https://redirect.github.com/cilium/cilium/pull/38480),
[cilium/cilium#39642](https://redirect.github.com/cilium/cilium/pull/39642),
[cilium/cilium#37418](https://redirect.github.com/cilium/cilium/pull/37418),
[@&#8203;brb](https://redirect.github.com/brb))

#### 🏢 Community

- **❤️ Production Case Studies**: Many end-users have stepped forward to
tell their stories running Cilium in production. If your company wants
to submit their case studies let us know. We would love to hear your
feedback!
- [ByteDance](https://www.youtube.com/watch?v=cKPW67D7X10), [Canopus
Networks](https://www.youtube.com/watch?v=YXl9xuIxylY), [Corner
Banca](https://www.youtube.com/watch?v=HVPKSefazl4), [DB
Schenker](https://www.cncf.io/case-studies/db-schenker/),
[eBay](https://www.youtube.com/watch?v=xEa4KFf5FzY),
[ECCO](https://www.cncf.io/case-studies/ecco/),
[G-Research](https://www.youtube.com/watch?v=kjSFN34dROQ), [Social
Network
Company](https://cilium.io/blog/2025/04/15/tetragon-social-networking-user-story/),
and [Preferred Networks](https://www.youtube.com/watch?v=n7_I4zu6f_M)
- **🇬🇧 London Events**: The community gathered at
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/)
and the [Cilium Developer
Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2025-EU)
in London
- **🇺🇸 Atlanta Events**: Meet us at the upcoming
[CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-north-america/co-located-events/ciliumcon/)
and Cilium Developers Summit in Atlanta, Georgia
- **👥 SIG Community Meetings**: [SIG
Community](https://redirect.github.com/cilium/community/tree/main/sig-community)
now meets every first and third Thursday to foster, grow, and sustain
the Cilium open source community

#### 📔 Full CHANGELOG

- Full CHANGELOG.md can be found
[here](https://redirect.github.com/cilium/cilium/blob/v1.18.0/CHANGELOG.md).

And finally, we would like to thank you to all contributors of Cilium
that helped directly and indirectly with the project. The success of
Cilium could not happen without all of you. ❤️ :people\_holding\_hands:
❤️

</details>

---

### Configuration

📅 **Schedule**: Branch creation - "every weekend" in timezone
America/New_York, Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR was generated by [Mend Renovate](https://mend.io/renovate/).
View the [repository job
log](https://developer.mend.io/github/enchantednatures/HomeCluster).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS40Ni4zIiwidXBkYXRlZEluVmVyIjoiNDEuNDYuMyIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvbWlub3IiXX0=-->

Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>

Multi-Pool IPAM is now compatible with tunneling too and it does not
require native routing mode anymore. Therefore, in order to simplify the
Multi-Pool IPAM tutorial in the docs, remove the options related to
native routing.

Related: cilium#38483

Signed-off-by: Fabio Falzoi <[email protected]>