bgp: Remove BGPv1 CRD and functionality#42278
Merged
julianwiedmann merged 5 commits intocilium:mainfrom Oct 24, 2025
Merged
Conversation
maintainer-s-little-helper
bot
added
the
dont-merge/needs-release-note-label
github-actions
bot
added
the
cilium-cli
rastislavs
added
the
release-note/minor
maintainer-s-little-helper
bot
removed
the
dont-merge/needs-release-note-label
rastislavs
force-pushed
the
bgpv1-removal
branch
from
1e5cbc0 to
0b1a89d
Compare
rastislavs
force-pushed
the
bgpv1-removal
branch
2 times, most recently
from
d7640f2 to
dbb206f
Compare
Contributor
Author
|
/test |
rastislavs
force-pushed
the
bgpv1-removal
branch
2 times, most recently
from
4ca6777 to
dbb206f
Compare
rastislavs
requested review from
christarazi,
harsimran-pabla,
pippolo84,
qmonnet and
squeed
qmonnet
approved these changes
Oct 22, 2025
Member
qmonnet
left a comment
qmonnet
left a comment
There was a problem hiding this comment.
docs-structure changes look good to me, thank you!
rastislavs
force-pushed
the
bgpv1-removal
branch
from
dbb206f to
57054c3
Compare
Contributor
Author
Bumped the schema version, thanks for the reminder! |
Contributor
Author
|
/test |
Removes all legacy BGPv1 functionality from the BGP control plane. From this point on, there is just one BGP implementation, configurable via v2 BGP CRDs. Signed-off-by: Rastislav Szabo <[email protected]>
BGPv1 CRD is going to be removed, but we still need to support testing and sysdumping BGPv1 for the older releases (up to v1.18). In this change, we use generic k8s client to configure / retrieve CiliumBGPPeeringPolicy resources, so that we do not block CRD removal. Signed-off-by: Rastislav Szabo <[email protected]>
rastislavs
force-pushed
the
bgpv1-removal
branch
from
57054c3 to
a2a8c6b
Compare
Contributor
Author
|
rebased to resolve conflicts |
The previously deprecated CiliumBGPPeeringPolicy CRD is now removed. All users should be using BGPv2 CRDs only from this point on. Some common types from the removed CRD file are moved to the CRD files that are using them. Signed-off-by: Rastislav Szabo <[email protected]>
Since the BGPv1 CRDs and implemnetation have been removed, this removes all BGPv1 related documentation. Signed-off-by: Rastislav Szabo <[email protected]>
Documents that users should migrate to BGPv2 CRDs before proceeding with Cilium upgrade. Signed-off-by: Rastislav Szabo <[email protected]>
rastislavs
force-pushed
the
bgpv1-removal
branch
from
a2a8c6b to
5077fc6
Compare
Contributor
Author
|
/test |
christarazi
approved these changes
Oct 23, 2025
maintainer-s-little-helper
bot
added
the
ready-to-merge
This was referenced Oct 24, 2025
zocimek
added a commit
to zocimek/home-ops
that referenced
this pull request
Dec 9, 2025
… ) (#398) This PR contains the following updates: | Package | Update | Change | |---|---|---| | [aqua:cilium/cilium-cli](https://redirect.github.com/cilium/cilium-cli) | patch | `0.18.7` -> `0.18.9` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>cilium/cilium-cli (aqua:cilium/cilium-cli)</summary> ### [`v0.18.9`](https://redirect.github.com/cilium/cilium-cli/releases/tag/v0.18.9) [Compare Source](https://redirect.github.com/cilium/cilium-cli/compare/v0.18.8...v0.18.9) ## Summary of Changes **Major Changes:** - Operator prometheus support TLS/mTLS using existing secret ([cilium/cilium#42077](https://redirect.github.com/cilium/cilium/issues/42077), [@​phuhung273](https://redirect.github.com/phuhung273)) **Minor Changes:** - CLI: Allow users to set the default Cilium namespace via the CILIUM\_NAMESPACE environment variable ([cilium/cilium#41557](https://redirect.github.com/cilium/cilium/issues/41557), [@​td0ne](https://redirect.github.com/td0ne)) - Removed deprecated `CiliumBGPPeeringPolicy` CRD and its agent implementation. Use `cilium.io/v2` CRDs (`CiliumBGPClusterConfig`, `CiliumBGPPeerConfig`, `CiliumBGPAdvertisement`, `CiliumBGPNodeConfigOverride`) for configuring BGP. ([cilium/cilium#42278](https://redirect.github.com/cilium/cilium/issues/42278), [@​rastislavs](https://redirect.github.com/rastislavs)) **CI Changes:** - Add CCNP cilium connectivity tests ([cilium/cilium#42051](https://redirect.github.com/cilium/cilium/issues/42051), [@​karina-ranadive](https://redirect.github.com/karina-ranadive)) - Fix connectivity tests for access to link-local nodelocaldns classified as 'host' entity ([cilium/cilium#42984](https://redirect.github.com/cilium/cilium/issues/42984), [@​rptaylor](https://redirect.github.com/rptaylor)) **Misc Changes:** - bgp: Correct misleading error message in GetPeeringState ([cilium/cilium#42945](https://redirect.github.com/cilium/cilium/issues/42945), [@​hargrovee](https://redirect.github.com/hargrovee)) - bgp: Remove versions from bgp package names ([cilium/cilium#42503](https://redirect.github.com/cilium/cilium/issues/42503), [@​rastislavs](https://redirect.github.com/rastislavs)) - cilium-cli: add own type for root command parameters ([cilium/cilium#42609](https://redirect.github.com/cilium/cilium/issues/42609), [@​tklauser](https://redirect.github.com/tklauser)) - cli: cleanups for pre-v1.15 removal ([cilium/cilium#42757](https://redirect.github.com/cilium/cilium/issues/42757), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - cli: require Cilium v1.15 ([cilium/cilium#41538](https://redirect.github.com/cilium/cilium/issues/41538), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - go.mod, vendor: bump github.com/google/go-github to v79 ([cilium/cilium#42857](https://redirect.github.com/cilium/cilium/issues/42857), [@​tklauser](https://redirect.github.com/tklauser)) - Update lrp frontend IP address to avoid IMDS conflict in the cloud environment in cilium-cli ([cilium/cilium#42737](https://redirect.github.com/cilium/cilium/issues/42737), [@​liyihuang](https://redirect.github.com/liyihuang)) - Use modern Go constructs ([cilium/cilium#42525](https://redirect.github.com/cilium/cilium/issues/42525), [@​HadrienPatte](https://redirect.github.com/HadrienPatte)) - Update stable release to v0.18.8 by [@​michi-covalent](https://redirect.github.com/michi-covalent) in [#​3121](https://redirect.github.com/cilium/cilium-cli/pull/3121) - chore(deps): update actions/upload-artifact action to v5 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3124](https://redirect.github.com/cilium/cilium-cli/pull/3124) - chore(deps): update docker.io/library/golang:1.25.3 docker digest to [`8c945d3`](https://redirect.github.com/cilium/cilium-cli/commit/8c945d3) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3122](https://redirect.github.com/cilium/cilium-cli/pull/3122) - chore(deps): update dependency cilium/cilium to v1.18.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3123](https://redirect.github.com/cilium/cilium-cli/pull/3123) - chore(deps): update docker.io/library/golang:1.25.3 docker digest to [`6bac879`](https://redirect.github.com/cilium/cilium-cli/commit/6bac879) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3125](https://redirect.github.com/cilium/cilium-cli/pull/3125) - renovate: try to group dependency updates by [@​tklauser](https://redirect.github.com/tklauser) in [#​3126](https://redirect.github.com/cilium/cilium-cli/pull/3126) - chore(deps): update golangci/golangci-lint docker tag to v2.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3127](https://redirect.github.com/cilium/cilium-cli/pull/3127) - chore(deps): update helm/kind-action action to v1.13.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3128](https://redirect.github.com/cilium/cilium-cli/pull/3128) - chore(deps): update golangci/golangci-lint docker tag to v2.6.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3129](https://redirect.github.com/cilium/cilium-cli/pull/3129) - chore(deps): update golang docker tag to v1.25.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3130](https://redirect.github.com/cilium/cilium-cli/pull/3130) - chore(deps): update go to v1.25.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3131](https://redirect.github.com/cilium/cilium-cli/pull/3131) - chore(deps): update golang:1.25.4-alpine3.21 docker digest to [`3289aac`](https://redirect.github.com/cilium/cilium-cli/commit/3289aac) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3132](https://redirect.github.com/cilium/cilium-cli/pull/3132) - chore(deps): update docker.io/library/golang:1.25.4 docker digest to [`e68f6a0`](https://redirect.github.com/cilium/cilium-cli/commit/e68f6a0) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3135](https://redirect.github.com/cilium/cilium-cli/pull/3135) - chore(deps): update golangci/golangci-lint docker tag to v2.6.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3136](https://redirect.github.com/cilium/cilium-cli/pull/3136) - chore(deps): update golangci/golangci-lint-action action to v9 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3133](https://redirect.github.com/cilium/cilium-cli/pull/3133) - chore(deps): update dependency cilium/cilium to v1.18.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3134](https://redirect.github.com/cilium/cilium-cli/pull/3134) - chore(deps): update all github action dependencies by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3137](https://redirect.github.com/cilium/cilium-cli/pull/3137) - chore(deps): update actions/setup-go action to v6.1.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3138](https://redirect.github.com/cilium/cilium-cli/pull/3138) - chore(deps): update actions/checkout action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3139](https://redirect.github.com/cilium/cilium-cli/pull/3139) - chore(deps): update golangci/golangci-lint-action action to v9.1.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3141](https://redirect.github.com/cilium/cilium-cli/pull/3141) - chore(deps): update docker.io/library/golang:1.25.4 docker digest to [`f60eaa8`](https://redirect.github.com/cilium/cilium-cli/commit/f60eaa8) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3140](https://redirect.github.com/cilium/cilium-cli/pull/3140) - chore(deps): update docker.io/library/golang:1.25.4 docker digest to [`6981837`](https://redirect.github.com/cilium/cilium-cli/commit/6981837) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3143](https://redirect.github.com/cilium/cilium-cli/pull/3143) - chore(deps): update softprops/action-gh-release action to v2.5.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3144](https://redirect.github.com/cilium/cilium-cli/pull/3144) - chore(deps): update golang docker tag to v1.25.5 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3147](https://redirect.github.com/cilium/cilium-cli/pull/3147) - chore(deps): update actions/checkout action to v6.0.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3146](https://redirect.github.com/cilium/cilium-cli/pull/3146) - Prepare for v0.18.9 release by [@​michi-covalent](https://redirect.github.com/michi-covalent) in [#​3145](https://redirect.github.com/cilium/cilium-cli/pull/3145) **Full Changelog**: <cilium/cilium-cli@v0.18.8...v0.18.9> ### [`v0.18.8`](https://redirect.github.com/cilium/cilium-cli/releases/tag/v0.18.8) [Compare Source](https://redirect.github.com/cilium/cilium-cli/compare/v0.18.7...v0.18.8) ## Summary of Changes **Minor Changes:** - clustermesh: add endpoints metrics and change global service (and MCS ServiceExport) metrics to report per cluster metrics instead of a global count ([cilium/cilium#41323](https://redirect.github.com/cilium/cilium/issues/41323), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) **Bugfixes:** - cilium-cli: Fix CNI config file collection in sysdump ([cilium/cilium#42111](https://redirect.github.com/cilium/cilium/issues/42111), [@​pillai-ashwin](https://redirect.github.com/pillai-ashwin)) - cilium-cli: Prevent panic in `node-to-node-encryption` connectivity test ([cilium/cilium#41600](https://redirect.github.com/cilium/cilium/issues/41600), [@​HadrienPatte](https://redirect.github.com/HadrienPatte)) - connectivity-tests: limit IPv6 PodToIngress to Cilium >= v1.17 ([cilium/cilium#42148](https://redirect.github.com/cilium/cilium/issues/42148), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - Fix a fatal error when accessing multicast map using cilium-dbg bpf multicast ([cilium/cilium#42080](https://redirect.github.com/cilium/cilium/issues/42080), [@​tklauser](https://redirect.github.com/tklauser)) **CI Changes:** - Add integration test to validate IPsec key derivation consistency across nodes, ensuring tunnel keys are properly derived and identical between Cilium pods. ([cilium/cilium#40808](https://redirect.github.com/cilium/cilium/issues/40808), [@​pillai-ashwin](https://redirect.github.com/pillai-ashwin)) - ci: enable copyloopvar linter ([cilium/cilium#41893](https://redirect.github.com/cilium/cilium/issues/41893), [@​tklauser](https://redirect.github.com/tklauser)) - cilium-cli, netns: fix golangci-lint 2.5.0 errors ([cilium/cilium#41856](https://redirect.github.com/cilium/cilium/issues/41856), [@​tklauser](https://redirect.github.com/tklauser)) - cilium-cli: Bring back NodePort Acceleration feature detection ([cilium/cilium#41812](https://redirect.github.com/cilium/cilium/issues/41812), [@​brb](https://redirect.github.com/brb)) - cilium-cli: Reenable L7 IPv6 tests ([cilium/cilium#39662](https://redirect.github.com/cilium/cilium/issues/39662), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - cilium-cli: Specify TARGET for building release binaries ([cilium/cilium#42177](https://redirect.github.com/cilium/cilium/issues/42177), [@​michi-covalent](https://redirect.github.com/michi-covalent)) - cilium\_cli: Override GO\_BUILD Make variable ([cilium/cilium#42162](https://redirect.github.com/cilium/cilium/issues/42162), [@​michi-covalent](https://redirect.github.com/michi-covalent)) - cli, ipsec: Fix bidirectional IPsec tunnel check ([cilium/cilium#42047](https://redirect.github.com/cilium/cilium/issues/42047), [@​pchaigno](https://redirect.github.com/pchaigno)) - cli: Fix unreliable tests due to error emitted in Cilium logs "retrieving device lxc\*: Link not found" ([cilium/cilium#42146](https://redirect.github.com/cilium/cilium/issues/42146), [@​fristonio](https://redirect.github.com/fristonio)) **Misc Changes:** - chore(deps): update all-dependencies (main) ([cilium/cilium#41611](https://redirect.github.com/cilium/cilium/issues/41611), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (main) ([cilium/cilium#42018](https://redirect.github.com/cilium/cilium/issues/42018), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/alpine/socat:1.8.0.3 docker digest to [`0ce60b5`](https://redirect.github.com/cilium/cilium-cli/commit/0ce60b5) (main) ([cilium/cilium#41558](https://redirect.github.com/cilium/cilium/issues/41558), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.25.1 docker digest to [`8305f5f`](https://redirect.github.com/cilium/cilium-cli/commit/8305f5f) (main) ([cilium/cilium#41649](https://redirect.github.com/cilium/cilium/issues/41649), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.25.1 docker digest to [`d709837`](https://redirect.github.com/cilium/cilium-cli/commit/d709837) (main) ([cilium/cilium#42019](https://redirect.github.com/cilium/cilium/issues/42019), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.25.3 docker digest to [`6ea52a0`](https://redirect.github.com/cilium/cilium-cli/commit/6ea52a0) (main) ([cilium/cilium#42252](https://redirect.github.com/cilium/cilium/issues/42252), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.25.1 (main) ([cilium/cilium#41560](https://redirect.github.com/cilium/cilium/issues/41560), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update go to v1.25.3 (main) ([cilium/cilium#42061](https://redirect.github.com/cilium/cilium/issues/42061), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - cilium-cli/features: use common cmd metric list command ([cilium/cilium#41630](https://redirect.github.com/cilium/cilium/issues/41630), [@​aanm](https://redirect.github.com/aanm)) - cilium-cli: drop disabled IP cache check from connectivity tests ([cilium/cilium#42240](https://redirect.github.com/cilium/cilium/issues/42240), [@​tklauser](https://redirect.github.com/tklauser)) - cli/clustermesh: remove leftover global services status info ([cilium/cilium#41727](https://redirect.github.com/cilium/cilium/issues/41727), [@​giorio94](https://redirect.github.com/giorio94)) - Refactor policy engine to use PolicyEntry as the internal representation of policies, as described in CFP-39646. ([cilium/cilium#40213](https://redirect.github.com/cilium/cilium/issues/40213), [@​TheBeeZee](https://redirect.github.com/TheBeeZee)) - sysdump: add resource usage of nodes and pods ([cilium/cilium#41415](https://redirect.github.com/cilium/cilium/issues/41415), [@​darox](https://redirect.github.com/darox)) - chore(deps): update go to v1.25.1 (patch) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3097](https://redirect.github.com/cilium/cilium-cli/pull/3097) - chore(deps): update actions/setup-go action to v6 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3094](https://redirect.github.com/cilium/cilium-cli/pull/3094) - chore(deps): update docker.io/library/golang:1.25.1 docker digest to [`d6bdb04`](https://redirect.github.com/cilium/cilium-cli/commit/d6bdb04) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3096](https://redirect.github.com/cilium/cilium-cli/pull/3096) - chore(deps): update gcr.io/distroless/static:latest docker digest to [`87bce11`](https://redirect.github.com/cilium/cilium-cli/commit/87bce11) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3099](https://redirect.github.com/cilium/cilium-cli/pull/3099) - chore(deps): update softprops/action-gh-release action to v2.3.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3098](https://redirect.github.com/cilium/cilium-cli/pull/3098) - chore(deps): update golang docker tag to v1.25.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3093](https://redirect.github.com/cilium/cilium-cli/pull/3093) - chore(deps): update actions/stale action to v10 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3095](https://redirect.github.com/cilium/cilium-cli/pull/3095) - chore(deps): update golang:1.25.1-alpine3.21 docker digest to [`331bde4`](https://redirect.github.com/cilium/cilium-cli/commit/331bde4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3100](https://redirect.github.com/cilium/cilium-cli/pull/3100) - chore(deps): update dependency cilium/cilium to v1.18.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3102](https://redirect.github.com/cilium/cilium-cli/pull/3102) - chore(deps): update docker.io/library/golang:1.25.1 docker digest to [`8305f5f`](https://redirect.github.com/cilium/cilium-cli/commit/8305f5f) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3103](https://redirect.github.com/cilium/cilium-cli/pull/3103) - chore(deps): update golangci/golangci-lint docker tag to v2.5.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3104](https://redirect.github.com/cilium/cilium-cli/pull/3104) - chore(deps): update docker/login-action action to v3.6.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3105](https://redirect.github.com/cilium/cilium-cli/pull/3105) - chore(deps): update docker.io/library/golang:1.25.1 docker digest to [`ab1f5c4`](https://redirect.github.com/cilium/cilium-cli/commit/ab1f5c4) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3106](https://redirect.github.com/cilium/cilium-cli/pull/3106) - chore(deps): update actions/stale action to v10.1.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3108](https://redirect.github.com/cilium/cilium-cli/pull/3108) - chore(deps): update softprops/action-gh-release action to v2.3.4 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3107](https://redirect.github.com/cilium/cilium-cli/pull/3107) - chore(deps): update softprops/action-gh-release action to v2.4.0 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3109](https://redirect.github.com/cilium/cilium-cli/pull/3109) - chore(deps): update golang docker tag to v1.25.2 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3110](https://redirect.github.com/cilium/cilium-cli/pull/3110) - chore(deps): update go to v1.25.2 (patch) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3112](https://redirect.github.com/cilium/cilium-cli/pull/3112) - chore(deps): update golang:1.25.2-alpine3.21 docker digest to [`0134653`](https://redirect.github.com/cilium/cilium-cli/commit/0134653) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3113](https://redirect.github.com/cilium/cilium-cli/pull/3113) - RELEASE: also look for release-blockers in cilium/cilium by [@​julianwiedmann](https://redirect.github.com/julianwiedmann) in [#​3116](https://redirect.github.com/cilium/cilium-cli/pull/3116) - chore(deps): update golang docker tag to v1.25.3 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3117](https://redirect.github.com/cilium/cilium-cli/pull/3117) - chore(deps): update softprops/action-gh-release action to v2.4.1 by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3114](https://redirect.github.com/cilium/cilium-cli/pull/3114) - chore(deps): update go to v1.25.3 (patch) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3118](https://redirect.github.com/cilium/cilium-cli/pull/3118) - chore(deps): update golang:1.25.3-alpine3.21 docker digest to [`0c9f3e0`](https://redirect.github.com/cilium/cilium-cli/commit/0c9f3e0) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3115](https://redirect.github.com/cilium/cilium-cli/pull/3115) - Makefile: fix renovate depname for GO\_IMAGE\_\* updates by [@​tklauser](https://redirect.github.com/tklauser) in [#​3119](https://redirect.github.com/cilium/cilium-cli/pull/3119) - chore(deps): update docker.io/library/golang:1.25.3 docker digest to [`6ea52a0`](https://redirect.github.com/cilium/cilium-cli/commit/6ea52a0) by [@​renovate](https://redirect.github.com/renovate)\[bot] in [#​3111](https://redirect.github.com/cilium/cilium-cli/pull/3111) - Prepare for v0.18.8 release by [@​michi-covalent](https://redirect.github.com/michi-covalent) in [#​3120](https://redirect.github.com/cilium/cilium-cli/pull/3120) </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0MS4xNTcuMSIsInVwZGF0ZWRJblZlciI6IjQyLjMwLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInR5cGUvcGF0Y2giXX0=--> Co-authored-by: zocimek-renovate[bot] <134739422+zocimek-renovate[bot]@users.noreply.github.com> Co-authored-by: Łukasz Pospiech <[email protected]>
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Feb 5, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | minor | `1.18.6` → `1.19.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.19.0`](https://github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](cilium/cilium@1.18.6...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](cilium/cilium#43420), [@​fristonio](https://github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](cilium/cilium#39872), [@​aditighag](https://github.com/aditighag); [cilium/cilium#41949](cilium/cilium#41949), [@​kyounghunJang](https://github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](cilium/cilium#41406), [@​antonipp](https://github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](cilium/cilium#40609), [@​MrFreezeex](https://github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](cilium/cilium#39906), [@​vipul-21](https://github.com/vipul-21); [cilium/cilium#42784](cilium/cilium#42784), [cilium/cilium#42896](cilium/cilium#42896), [@​jrajahalme](https://github.com/jrajahalme)) -⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](cilium/cilium#43167), [@​sayboras](https://github.com/sayboras); [cilium/cilium#40967](cilium/cilium#40967), [@​TheBeeZee](https://github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](cilium/cilium#39239), [cilium/cilium#42115](cilium/cilium#42115), [@​rgo3](https://github.com/rgo3), [@​julianwiedmann](https://github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](cilium/cilium#42766), [cilium/cilium#42819](cilium/cilium#42819), [cilium/cilium#43227](cilium/cilium#43227) and others, [@​ldelossa](https://github.com/ldelossa), [@​rgo3](https://github.com/rgo3), [@​nddq](https://github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19.0/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](cilium/cilium#42665), [@​christarazi](https://github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](cilium/cilium#41997), [@​pchaigno](https://github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](cilium/cilium#43416), [@​gentoo-root](https://github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](cilium/cilium#42012), [cilium/cilium#43710](cilium/cilium#43710), [@​tommyp1ckles](https://github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](cilium/cilium#40324), [@​pchaigno](https://github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](cilium/cilium#40460), [cilium/cilium#42191](cilium/cilium#42191), [@​pippolo84](https://github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](cilium/cilium#37568), [@​behzad-mir](https://github.com/behzad-mir); [cilium/cilium#43380](cilium/cilium#43380), [@​alimehrabikoshki](https://github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](cilium/cilium#39648), [@​msune](https://github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](cilium/cilium#39594), [@​saiaunghlyanhtet](https://github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](cilium/cilium#41936), [@​youngnick](https://github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](cilium/cilium#42469), [@​rastislavs](https://github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](cilium/cilium#42583), [@​rastislavs](https://github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](cilium/cilium#40717), [@​oblazek](https://github.com/oblazek)) -⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](cilium/cilium#42278), [@​rastislavs](https://github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](cilium/cilium#41306), [@​Bigdelle](https://github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](cilium/cilium#43096), [@​SRodi](https://github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](cilium/cilium#41693), [@​41ks](https://github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](cilium/cilium#42008), [@​jrajahalme](https://github.com/jrajahalme); [cilium/cilium#42580](cilium/cilium#42580), [@​odinuge](https://github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](cilium/cilium#38782), [@​BenoitKnecht](https://github.com/BenoitKnecht); [cilium/cilium#41990](cilium/cilium#41990), [@​bersoare](https://github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](cilium/cilium#42529), [@​liyihuang](https://github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](cilium/cilium#43624), [@​aanm](https://github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](cilium/cilium#42077), [@​phuhung273](https://github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](cilium/cilium#40729), [@​MrFreezeex](https://github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](cilium/cilium#42298), [@​MrFreezeex](https://github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](cilium/cilium#43422), [@​aanm](https://github.com/aanm); [cilium/cilium#40569](cilium/cilium#40569), [@​sayboras](https://github.com/sayboras); [cilium/cilium#41936](cilium/cilium#41936), [@​youngnick](https://github.com/youngnick); [cilium/cilium#42824](cilium/cilium#42824), [@​rastislavs](https://github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4wLjIiLCJ1cGRhdGVkSW5WZXIiOiI0My4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/3699 Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
alexlebens
pushed a commit
to alexlebens/infrastructure
that referenced
this pull request
Feb 5, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium/cilium](https://github.com/cilium/cilium) | minor | `1.18.6` → `1.19.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium/cilium)</summary> ### [`v1.19.0`](https://github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](cilium/cilium@1.18.6...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](cilium/cilium#43420), [@​fristonio](https://github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](cilium/cilium#39872), [@​aditighag](https://github.com/aditighag); [cilium/cilium#41949](cilium/cilium#41949), [@​kyounghunJang](https://github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](cilium/cilium#41406), [@​antonipp](https://github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](cilium/cilium#40609), [@​MrFreezeex](https://github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](cilium/cilium#39906), [@​vipul-21](https://github.com/vipul-21); [cilium/cilium#42784](cilium/cilium#42784), [cilium/cilium#42896](cilium/cilium#42896), [@​jrajahalme](https://github.com/jrajahalme)) -⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](cilium/cilium#43167), [@​sayboras](https://github.com/sayboras); [cilium/cilium#40967](cilium/cilium#40967), [@​TheBeeZee](https://github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](cilium/cilium#39239), [cilium/cilium#42115](cilium/cilium#42115), [@​rgo3](https://github.com/rgo3), [@​julianwiedmann](https://github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](cilium/cilium#42766), [cilium/cilium#42819](cilium/cilium#42819), [cilium/cilium#43227](cilium/cilium#43227) and others, [@​ldelossa](https://github.com/ldelossa), [@​rgo3](https://github.com/rgo3), [@​nddq](https://github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19.0/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](cilium/cilium#42665), [@​christarazi](https://github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](cilium/cilium#41997), [@​pchaigno](https://github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](cilium/cilium#43416), [@​gentoo-root](https://github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](cilium/cilium#42012), [cilium/cilium#43710](cilium/cilium#43710), [@​tommyp1ckles](https://github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](cilium/cilium#40324), [@​pchaigno](https://github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](cilium/cilium#40460), [cilium/cilium#42191](cilium/cilium#42191), [@​pippolo84](https://github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](cilium/cilium#37568), [@​behzad-mir](https://github.com/behzad-mir); [cilium/cilium#43380](cilium/cilium#43380), [@​alimehrabikoshki](https://github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](cilium/cilium#39648), [@​msune](https://github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](cilium/cilium#39594), [@​saiaunghlyanhtet](https://github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](cilium/cilium#41936), [@​youngnick](https://github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](cilium/cilium#42469), [@​rastislavs](https://github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](cilium/cilium#42583), [@​rastislavs](https://github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](cilium/cilium#40717), [@​oblazek](https://github.com/oblazek)) -⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](cilium/cilium#42278), [@​rastislavs](https://github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](cilium/cilium#41306), [@​Bigdelle](https://github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](cilium/cilium#43096), [@​SRodi](https://github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](cilium/cilium#41693), [@​41ks](https://github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](cilium/cilium#42008), [@​jrajahalme](https://github.com/jrajahalme); [cilium/cilium#42580](cilium/cilium#42580), [@​odinuge](https://github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](cilium/cilium#38782), [@​BenoitKnecht](https://github.com/BenoitKnecht); [cilium/cilium#41990](cilium/cilium#41990), [@​bersoare](https://github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](cilium/cilium#42529), [@​liyihuang](https://github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](cilium/cilium#43624), [@​aanm](https://github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](cilium/cilium#42077), [@​phuhung273](https://github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](cilium/cilium#40729), [@​MrFreezeex](https://github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](cilium/cilium#42298), [@​MrFreezeex](https://github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](cilium/cilium#43422), [@​aanm](https://github.com/aanm); [cilium/cilium#40569](cilium/cilium#40569), [@​sayboras](https://github.com/sayboras); [cilium/cilium#41936](cilium/cilium#41936), [@​youngnick](https://github.com/youngnick); [cilium/cilium#42824](cilium/cilium#42824), [@​rastislavs](https://github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4wLjMiLCJ1cGRhdGVkSW5WZXIiOiI0My4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19--> Reviewed-on: https://gitea.alexlebens.dev/alexlebens/infrastructure/pulls/3715 Co-authored-by: Renovate Bot <[email protected]> Co-committed-by: Renovate Bot <[email protected]>
lumiere-bot bot
added a commit
to coolguy1771/home-ops
that referenced
this pull request
Feb 6, 2026
This PR contains the following updates: | Package | Type | Update | Change | |---|---|---|---| | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | HelmChart | minor | `1.18.6` → `1.19.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.19.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.6...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://redirect.github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://redirect.github.com/cilium/cilium/pull/43420), [@​fristonio](https://redirect.github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://redirect.github.com/cilium/cilium/pull/39872), [@​aditighag](https://redirect.github.com/aditighag); [cilium/cilium#41949](https://redirect.github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://redirect.github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://redirect.github.com/cilium/cilium/pull/41406), [@​antonipp](https://redirect.github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://redirect.github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://redirect.github.com/cilium/cilium/pull/39906), [@​vipul-21](https://redirect.github.com/vipul-21); [cilium/cilium#42784](https://redirect.github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://redirect.github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://redirect.github.com/jrajahalme)) -⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://redirect.github.com/cilium/cilium/pull/43167), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#40967](https://redirect.github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://redirect.github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://redirect.github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://redirect.github.com/cilium/cilium/pull/42115), [@​rgo3](https://redirect.github.com/rgo3), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://redirect.github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://redirect.github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://redirect.github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://redirect.github.com/ldelossa), [@​rgo3](https://redirect.github.com/rgo3), [@​nddq](https://redirect.github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://redirect.github.com/cilium/cilium/pull/42665), [@​christarazi](https://redirect.github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://redirect.github.com/cilium/cilium/pull/41997), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://redirect.github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://redirect.github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://redirect.github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://redirect.github.com/cilium/cilium/pull/40324), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://redirect.github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://redirect.github.com/cilium/cilium/pull/42191), [@​pippolo84](https://redirect.github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://redirect.github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://redirect.github.com/behzad-mir); [cilium/cilium#43380](https://redirect.github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://redirect.github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://redirect.github.com/cilium/cilium/pull/39648), [@​msune](https://redirect.github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://redirect.github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://redirect.github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://redirect.github.com/cilium/cilium/pull/42469), [@​rastislavs](https://redirect.github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://redirect.github.com/cilium/cilium/pull/42583), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://redirect.github.com/cilium/cilium/pull/40717), [@​oblazek](https://redirect.github.com/oblazek)) -⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://redirect.github.com/cilium/cilium/pull/42278), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://redirect.github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://redirect.github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://redirect.github.com/cilium/cilium/pull/43096), [@​SRodi](https://redirect.github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://redirect.github.com/cilium/cilium/pull/41693), [@​41ks](https://redirect.github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://redirect.github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://redirect.github.com/jrajahalme); [cilium/cilium#42580](https://redirect.github.com/cilium/cilium/pull/42580), [@​odinuge](https://redirect.github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://redirect.github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://redirect.github.com/BenoitKnecht); [cilium/cilium#41990](https://redirect.github.com/cilium/cilium/pull/41990), [@​bersoare](https://redirect.github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://redirect.github.com/cilium/cilium/pull/42529), [@​liyihuang](https://redirect.github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://redirect.github.com/cilium/cilium/pull/43624), [@​aanm](https://redirect.github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://redirect.github.com/cilium/cilium/pull/42077), [@​phuhung273](https://redirect.github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://redirect.github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://redirect.github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://redirect.github.com/cilium/cilium/pull/43422), [@​aanm](https://redirect.github.com/aanm); [cilium/cilium#40569](https://redirect.github.com/cilium/cilium/pull/40569), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick); [cilium/cilium#42824](https://redirect.github.com/cilium/cilium/pull/42824), [@​rastislavs](https://redirect.github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yLjYiLCJ1cGRhdGVkSW5WZXIiOiI0My4zLjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInJlbm92YXRlL2hlbG0iLCJ0eXBlL21pbm9yIl19--> Co-authored-by: lumiere-bot[bot] <98047013+lumiere-bot[bot]@users.noreply.github.com>
nicolerenee
pushed a commit
to nicolerenee/infra
that referenced
this pull request
Feb 7, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | minor | `1.18.6` → `1.19.0` | --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.19.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.6...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://redirect.github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://redirect.github.com/cilium/cilium/pull/43420), [@​fristonio](https://redirect.github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://redirect.github.com/cilium/cilium/pull/39872), [@​aditighag](https://redirect.github.com/aditighag); [cilium/cilium#41949](https://redirect.github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://redirect.github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://redirect.github.com/cilium/cilium/pull/41406), [@​antonipp](https://redirect.github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://redirect.github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://redirect.github.com/cilium/cilium/pull/39906), [@​vipul-21](https://redirect.github.com/vipul-21); [cilium/cilium#42784](https://redirect.github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://redirect.github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://redirect.github.com/jrajahalme)) -⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://redirect.github.com/cilium/cilium/pull/43167), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#40967](https://redirect.github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://redirect.github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://redirect.github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://redirect.github.com/cilium/cilium/pull/42115), [@​rgo3](https://redirect.github.com/rgo3), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://redirect.github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://redirect.github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://redirect.github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://redirect.github.com/ldelossa), [@​rgo3](https://redirect.github.com/rgo3), [@​nddq](https://redirect.github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://redirect.github.com/cilium/cilium/pull/42665), [@​christarazi](https://redirect.github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://redirect.github.com/cilium/cilium/pull/41997), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://redirect.github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://redirect.github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://redirect.github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://redirect.github.com/cilium/cilium/pull/40324), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://redirect.github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://redirect.github.com/cilium/cilium/pull/42191), [@​pippolo84](https://redirect.github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://redirect.github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://redirect.github.com/behzad-mir); [cilium/cilium#43380](https://redirect.github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://redirect.github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://redirect.github.com/cilium/cilium/pull/39648), [@​msune](https://redirect.github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://redirect.github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://redirect.github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://redirect.github.com/cilium/cilium/pull/42469), [@​rastislavs](https://redirect.github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://redirect.github.com/cilium/cilium/pull/42583), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://redirect.github.com/cilium/cilium/pull/40717), [@​oblazek](https://redirect.github.com/oblazek)) -⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://redirect.github.com/cilium/cilium/pull/42278), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://redirect.github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://redirect.github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://redirect.github.com/cilium/cilium/pull/43096), [@​SRodi](https://redirect.github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://redirect.github.com/cilium/cilium/pull/41693), [@​41ks](https://redirect.github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://redirect.github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://redirect.github.com/jrajahalme); [cilium/cilium#42580](https://redirect.github.com/cilium/cilium/pull/42580), [@​odinuge](https://redirect.github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://redirect.github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://redirect.github.com/BenoitKnecht); [cilium/cilium#41990](https://redirect.github.com/cilium/cilium/pull/41990), [@​bersoare](https://redirect.github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://redirect.github.com/cilium/cilium/pull/42529), [@​liyihuang](https://redirect.github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://redirect.github.com/cilium/cilium/pull/43624), [@​aanm](https://redirect.github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://redirect.github.com/cilium/cilium/pull/42077), [@​phuhung273](https://redirect.github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://redirect.github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://redirect.github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://redirect.github.com/cilium/cilium/pull/43422), [@​aanm](https://redirect.github.com/aanm); [cilium/cilium#40569](https://redirect.github.com/cilium/cilium/pull/40569), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick); [cilium/cilium#42824](https://redirect.github.com/cilium/cilium/pull/42824), [@​rastislavs](https://redirect.github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` </details> --- ### Configuration 📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR has been generated by [Renovate Bot](https://redirect.github.com/renovatebot/renovate). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4yLjYiLCJ1cGRhdGVkSW5WZXIiOiI0My4zLjQiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbInJlbm92YXRlL2hlbG0iLCJ0eXBlL21pbm9yIl19--> Co-authored-by: bot-nicole[bot] <205127124+bot-nicole[bot]@users.noreply.github.com>
enchantednatures
pushed a commit
to enchantednatures/HomeCluster
that referenced
this pull request
Feb 9, 2026
This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | minor | `1.18.6` → `1.19.0` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.19.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.6...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://redirect.github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://redirect.github.com/cilium/cilium/pull/43420), [@​fristonio](https://redirect.github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://redirect.github.com/cilium/cilium/pull/39872), [@​aditighag](https://redirect.github.com/aditighag); [cilium/cilium#41949](https://redirect.github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://redirect.github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://redirect.github.com/cilium/cilium/pull/41406), [@​antonipp](https://redirect.github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://redirect.github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://redirect.github.com/cilium/cilium/pull/39906), [@​vipul-21](https://redirect.github.com/vipul-21); [cilium/cilium#42784](https://redirect.github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://redirect.github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://redirect.github.com/jrajahalme)) -⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://redirect.github.com/cilium/cilium/pull/43167), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#40967](https://redirect.github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://redirect.github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://redirect.github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://redirect.github.com/cilium/cilium/pull/42115), [@​rgo3](https://redirect.github.com/rgo3), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://redirect.github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://redirect.github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://redirect.github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://redirect.github.com/ldelossa), [@​rgo3](https://redirect.github.com/rgo3), [@​nddq](https://redirect.github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://redirect.github.com/cilium/cilium/pull/42665), [@​christarazi](https://redirect.github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://redirect.github.com/cilium/cilium/pull/41997), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://redirect.github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://redirect.github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://redirect.github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://redirect.github.com/cilium/cilium/pull/40324), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://redirect.github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://redirect.github.com/cilium/cilium/pull/42191), [@​pippolo84](https://redirect.github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://redirect.github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://redirect.github.com/behzad-mir); [cilium/cilium#43380](https://redirect.github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://redirect.github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://redirect.github.com/cilium/cilium/pull/39648), [@​msune](https://redirect.github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://redirect.github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://redirect.github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://redirect.github.com/cilium/cilium/pull/42469), [@​rastislavs](https://redirect.github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://redirect.github.com/cilium/cilium/pull/42583), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://redirect.github.com/cilium/cilium/pull/40717), [@​oblazek](https://redirect.github.com/oblazek)) -⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://redirect.github.com/cilium/cilium/pull/42278), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://redirect.github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://redirect.github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://redirect.github.com/cilium/cilium/pull/43096), [@​SRodi](https://redirect.github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://redirect.github.com/cilium/cilium/pull/41693), [@​41ks](https://redirect.github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://redirect.github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://redirect.github.com/jrajahalme); [cilium/cilium#42580](https://redirect.github.com/cilium/cilium/pull/42580), [@​odinuge](https://redirect.github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://redirect.github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://redirect.github.com/BenoitKnecht); [cilium/cilium#41990](https://redirect.github.com/cilium/cilium/pull/41990), [@​bersoare](https://redirect.github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://redirect.github.com/cilium/cilium/pull/42529), [@​liyihuang](https://redirect.github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://redirect.github.com/cilium/cilium/pull/43624), [@​aanm](https://redirect.github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://redirect.github.com/cilium/cilium/pull/42077), [@​phuhung273](https://redirect.github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://redirect.github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://redirect.github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://redirect.github.com/cilium/cilium/pull/43422), [@​aanm](https://redirect.github.com/aanm); [cilium/cilium#40569](https://redirect.github.com/cilium/cilium/pull/40569), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick); [cilium/cilium#42824](https://redirect.github.com/cilium/cilium/pull/42824), [@​rastislavs](https://redirect.github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` </details> --- ### Configuration 📅 **Schedule**: Branch creation - "every weekend" in timezone America/New_York, Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about this update again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/enchantednatures/HomeCluster). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0Mi45NS4yIiwidXBkYXRlZEluVmVyIjoiNDIuOTUuMiIsInRhcmdldEJyYW5jaCI6Im1haW4iLCJsYWJlbHMiOlsicmVub3ZhdGUvaGVsbSIsInR5cGUvbWlub3IiXX0=--> --------- Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
sp3nx0r
pushed a commit
to sp3nx0r/homelab
that referenced
this pull request
Mar 1, 2026
> ℹ️ **Note** > > This PR body was truncated due to platform limits. This PR contains the following updates: | Package | Update | Change | |---|---|---| | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | minor | `1.14.6` → `1.19.1` | | [cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | minor | `1.17.5` → `1.19.1` | --- > [!WARNING] > Some dependencies could not be looked up. Check the Dependency Dashboard for more information. --- ### Release Notes <details> <summary>cilium/cilium (cilium)</summary> ### [`v1.19.1`](https://redirect.github.com/cilium/cilium/compare/1.19.0...1.19.1) [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.19.0...1.19.1) ### [`v1.19.0`](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.7...1.19.0) 🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.0) release! A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩 ⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details. The full changelog can be found [here](https://redirect.github.com/cilium/cilium/blob/v1.19/CHANGELOG.md). Here are some of the highlights: - 🛡️ **Network Policy** - 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://redirect.github.com/cilium/cilium/pull/43420), [@​fristonio](https://redirect.github.com/fristonio)) - 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://redirect.github.com/cilium/cilium/pull/39872), [@​aditighag](https://redirect.github.com/aditighag); [cilium/cilium#41949](https://redirect.github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://redirect.github.com/kyounghunJang)) - ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://redirect.github.com/cilium/cilium/pull/41406), [@​antonipp](https://redirect.github.com/antonipp)) - 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://redirect.github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://redirect.github.com/cilium/cilium/pull/39906), [@​vipul-21](https://redirect.github.com/vipul-21); [cilium/cilium#42784](https://redirect.github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://redirect.github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - ⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://redirect.github.com/cilium/cilium/pull/43167), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#40967](https://redirect.github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://redirect.github.com/TheBeeZee)) - 🔒 **Encryption & Authentication** - 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://redirect.github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://redirect.github.com/cilium/cilium/pull/42115), [@​rgo3](https://redirect.github.com/rgo3), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://redirect.github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://redirect.github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://redirect.github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://redirect.github.com/ldelossa), [@​rgo3](https://redirect.github.com/rgo3), [@​nddq](https://redirect.github.com/nddq)) - 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://redirect.github.com/cilium/cilium/pull/42665), [@​christarazi](https://redirect.github.com/christarazi)) - ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://redirect.github.com/cilium/cilium/pull/41997), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🚠 **Networking** - 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://redirect.github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://redirect.github.com/gentoo-root)) - 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://redirect.github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://redirect.github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://redirect.github.com/cilium/cilium/pull/40324), [@​pchaigno](https://redirect.github.com/pchaigno)) - 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://redirect.github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://redirect.github.com/cilium/cilium/pull/42191), [@​pippolo84](https://redirect.github.com/pippolo84)) - 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://redirect.github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://redirect.github.com/behzad-mir); [cilium/cilium#43380](https://redirect.github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://redirect.github.com/alimehrabikoshki)) - 🕸️ **Services and Service Mesh** - 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://redirect.github.com/cilium/cilium/pull/39648), [@​msune](https://redirect.github.com/msune)) - 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://redirect.github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://redirect.github.com/saiaunghlyanhtet)) - ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick)) - 🛣️ **Border Gateway Protocol (BGP)** - 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://redirect.github.com/cilium/cilium/pull/42469), [@​rastislavs](https://redirect.github.com/rastislavs)) - ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://redirect.github.com/cilium/cilium/pull/42583), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://redirect.github.com/cilium/cilium/pull/40717), [@​oblazek](https://redirect.github.com/oblazek)) - ⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://redirect.github.com/cilium/cilium/pull/42278), [@​rastislavs](https://redirect.github.com/rastislavs)) - 🛰️ **Observability** - 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://redirect.github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://redirect.github.com/Bigdelle)) - 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://redirect.github.com/cilium/cilium/pull/43096), [@​SRodi](https://redirect.github.com/SRodi)) - 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://redirect.github.com/cilium/cilium/pull/41693), [@​41ks](https://redirect.github.com/41ks)) - 🌅 **Performance and Scale** - ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://redirect.github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://redirect.github.com/jrajahalme); [cilium/cilium#42580](https://redirect.github.com/cilium/cilium/pull/42580), [@​odinuge](https://redirect.github.com/odinuge)) - 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://redirect.github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://redirect.github.com/BenoitKnecht); [cilium/cilium#41990](https://redirect.github.com/cilium/cilium/pull/41990), [@​bersoare](https://redirect.github.com/bersoare)) - 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://redirect.github.com/cilium/cilium/pull/42529), [@​liyihuang](https://redirect.github.com/liyihuang)) - ⚙️ **Operations** - 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://redirect.github.com/cilium/cilium/pull/43624), [@​aanm](https://redirect.github.com/aanm)) - 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://redirect.github.com/cilium/cilium/pull/42077), [@​phuhung273](https://redirect.github.com/phuhung273)) - 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://redirect.github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://redirect.github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://redirect.github.com/cilium/cilium/pull/43422), [@​aanm](https://redirect.github.com/aanm); [cilium/cilium#40569](https://redirect.github.com/cilium/cilium/pull/40569), [@​sayboras](https://redirect.github.com/sayboras); [cilium/cilium#41936](https://redirect.github.com/cilium/cilium/pull/41936), [@​youngnick](https://redirect.github.com/youngnick); [cilium/cilium#42824](https://redirect.github.com/cilium/cilium/pull/42824), [@​rastislavs](https://redirect.github.com/rastislavs)). - 🏠 **Community** - ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback! - 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/). - 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta. - 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://redirect.github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show. - 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit. To keep up to date with all the latest Cilium releases, join #release 🎉 :birthday::heart::heart::heart::birthday: This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today. :birthday::heart::heart::heart::birthday: ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648` ##### operator `quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65` ### [`v1.18.7`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.7): 1.18.7 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.6...1.18.7) ## Summary of Changes **Minor Changes:** - Exclude topology.kubernetes.io labels from security labels by default (Backport PR [#​43777](https://redirect.github.com/cilium/cilium/issues/43777), Upstream PR [#​43725](https://redirect.github.com/cilium/cilium/issues/43725), [@​moscicky](https://redirect.github.com/moscicky)) - hubble-relay: Add `hubble.relay.logOptions.format` and `hubble.relay.logOptions.level` Helm values to configure log format (text, text-ts, json, json-ts) and level (debug, info, warn, error) (Backport PR [#​44004](https://redirect.github.com/cilium/cilium/issues/44004), Upstream PR [#​43644](https://redirect.github.com/cilium/cilium/issues/43644), [@​puwun](https://redirect.github.com/puwun)) **Bugfixes:** - Add permissions to the cilium-operator so that it can create EndpointSlices when the admission plugin OwnerReferencesPermissionEnforcement is activated (Backport PR [#​44034](https://redirect.github.com/cilium/cilium/issues/44034), Upstream PR [#​43912](https://redirect.github.com/cilium/cilium/issues/43912), [@​fgiloux](https://redirect.github.com/fgiloux)) - bpf: Correct refinement of inner packet L4 checksum detection (Backport PR [#​43923](https://redirect.github.com/cilium/cilium/issues/43923), Upstream PR [#​43868](https://redirect.github.com/cilium/cilium/issues/43868), [@​br4243](https://redirect.github.com/br4243)) - bpf: Fix marker to skip nodeport when punting to proxy (Backport PR [#​43886](https://redirect.github.com/cilium/cilium/issues/43886), Upstream PR [#​43069](https://redirect.github.com/cilium/cilium/issues/43069), [@​borkmann](https://redirect.github.com/borkmann)) - clustermesh: correctly phase out not ready/not service endpoints from global services (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​43807](https://redirect.github.com/cilium/cilium/issues/43807), [@​MrFreezeex](https://redirect.github.com/MrFreezeex)) - Fix a bug with local redirect service entries being created when backend pods weren't ready. (Backport PR [#​43756](https://redirect.github.com/cilium/cilium/issues/43756), Upstream PR [#​43095](https://redirect.github.com/cilium/cilium/issues/43095), [@​aditighag](https://redirect.github.com/aditighag)) - Fix ICMP error packet handling by adding the missing checksum recalculation performed during RevNAT for SNATed load-balanced traffic. (Backport PR [#​43861](https://redirect.github.com/cilium/cilium/issues/43861), Upstream PR [#​43196](https://redirect.github.com/cilium/cilium/issues/43196), [@​yushoyamaguchi](https://redirect.github.com/yushoyamaguchi)) - Grant permissions to the cilium-operator so that it can reconcile ingresses when the when the admission plugin OwnerReferencesPermissionEnforcement is activated (Backport PR [#​44034](https://redirect.github.com/cilium/cilium/issues/44034), Upstream PR [#​43949](https://redirect.github.com/cilium/cilium/issues/43949), [@​giorio94](https://redirect.github.com/giorio94)) - helm: Fixed RBAC errors with `operator.enabled=false` by aligning cilium-tlsinterception-secrets Role/RoleBinding conditionals (Backport PR [#​44281](https://redirect.github.com/cilium/cilium/issues/44281), Upstream PR [#​44159](https://redirect.github.com/cilium/cilium/issues/44159), [@​puwun](https://redirect.github.com/puwun)) - loadbalancer: Fix GetInstancesOfService to avoid removing an endpoint from Service A causes all requests to Service B to fail if the name of Service A is the prefix of Service B (Backport PR [#​43777](https://redirect.github.com/cilium/cilium/issues/43777), Upstream PR [#​43620](https://redirect.github.com/cilium/cilium/issues/43620), [@​imroc](https://redirect.github.com/imroc)) - Reduces rtnl\_mutex contention on SR-IOV nodes by not requesting VF information in netlink RTM\_GETLINK operations (Backport PR [#​44281](https://redirect.github.com/cilium/cilium/issues/44281), Upstream PR [#​43517](https://redirect.github.com/cilium/cilium/issues/43517), [@​pasteley](https://redirect.github.com/pasteley)) **CI Changes:** - fix(ctmap/gc): fix race conditions and flakiness in TestGCEnableRatchet (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​42009](https://redirect.github.com/cilium/cilium/issues/42009), [@​AritraDey-Dev](https://redirect.github.com/AritraDey-Dev)) - gh: ariane: don't run cloud workflows for LVH kernel updates (Backport PR [#​44148](https://redirect.github.com/cilium/cilium/issues/44148), Upstream PR [#​44109](https://redirect.github.com/cilium/cilium/issues/44109), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - gh: ariane: skip more workflows for LVH kernel updates (Backport PR [#​44148](https://redirect.github.com/cilium/cilium/issues/44148), Upstream PR [#​44115](https://redirect.github.com/cilium/cilium/issues/44115), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - gha: let CiliumEndpointSlice migration be run nightly on stable branches (Backport PR [#​44004](https://redirect.github.com/cilium/cilium/issues/44004), Upstream PR [#​43921](https://redirect.github.com/cilium/cilium/issues/43921), [@​giorio94](https://redirect.github.com/giorio94)) - gke: lower scope of ESP firewall rule (Backport PR [#​43865](https://redirect.github.com/cilium/cilium/issues/43865), Upstream PR [#​43691](https://redirect.github.com/cilium/cilium/issues/43691), [@​marseel](https://redirect.github.com/marseel)) **Misc Changes:** - .github/workflows: use proper directory structure for GH actions ([#​43760](https://redirect.github.com/cilium/cilium/issues/43760), [@​aanm](https://redirect.github.com/aanm)) - chore(deps): update all github action dependencies (v1.18) ([#​43845](https://redirect.github.com/cilium/cilium/issues/43845), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​43984](https://redirect.github.com/cilium/cilium/issues/43984), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​44099](https://redirect.github.com/cilium/cilium/issues/44099), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​44253](https://redirect.github.com/cilium/cilium/issues/44253), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all-dependencies (v1.18) ([#​43839](https://redirect.github.com/cilium/cilium/issues/43839), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.18) ([#​43840](https://redirect.github.com/cilium/cilium/issues/43840), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.18) ([#​43983](https://redirect.github.com/cilium/cilium/issues/43983), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.18) ([#​44098](https://redirect.github.com/cilium/cilium/issues/44098), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency cilium/cilium-cli to v0.19.0 (v1.18) ([#​43844](https://redirect.github.com/cilium/cilium/issues/43844), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/alpine docker tag to v3.22.3 (v1.18) ([#​44096](https://redirect.github.com/cilium/cilium/issues/44096), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/busybox:1.37.0 docker digest to [`b3255e7`](https://redirect.github.com/cilium/cilium/commit/b3255e7) (v1.18) ([#​44249](https://redirect.github.com/cilium/cilium/issues/44249), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/busybox:1.37.0 docker digest to [`e226d63`](https://redirect.github.com/cilium/cilium/commit/e226d63) (v1.18) ([#​43979](https://redirect.github.com/cilium/cilium/issues/43979), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/ubuntu:24.04 docker digest to [`cd1dba6`](https://redirect.github.com/cilium/cilium/commit/cd1dba6) (v1.18) ([#​43980](https://redirect.github.com/cilium/cilium/issues/43980), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update gcr.io/distroless/static:nonroot docker digest to [`f9f84bd`](https://redirect.github.com/cilium/cilium/commit/f9f84bd) (v1.18) ([#​44250](https://redirect.github.com/cilium/cilium/issues/44250), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/certgen docker tag to v0.3.2 (v1.18) ([#​43841](https://redirect.github.com/cilium/cilium/issues/43841), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1768610924-2528359430c6adba1ab20fc8396b4effe491ed96 (v1.18) ([#​43842](https://redirect.github.com/cilium/cilium/issues/43842), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1768828720-c6e4827ebca9c47af2a3a6540c563c30947bae29 (v1.18) ([#​43981](https://redirect.github.com/cilium/cilium/issues/43981), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1770265024-9828c064a10df81f1939b692b01203d88bb439e4 (v1.18) ([#​44251](https://redirect.github.com/cilium/cilium/issues/44251), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1770554954-8ce3bb4eca04188f4a0a1bfbd0a06a40f90883de (v1.18) ([#​44260](https://redirect.github.com/cilium/cilium/issues/44260), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43843](https://redirect.github.com/cilium/cilium/issues/43843), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43982](https://redirect.github.com/cilium/cilium/issues/43982), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​44097](https://redirect.github.com/cilium/cilium/issues/44097), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - docs: add helm underlayProtocol value to documentation (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​43934](https://redirect.github.com/cilium/cilium/issues/43934), [@​aanm](https://redirect.github.com/aanm)) - docs: adjust URL to latest stable Hubble CLI version (Backport PR [#​43777](https://redirect.github.com/cilium/cilium/issues/43777), Upstream PR [#​43745](https://redirect.github.com/cilium/cilium/issues/43745), [@​tklauser](https://redirect.github.com/tklauser)) - docs: Document hubble requirement on kernels with BPF\_EVENTS compiled in (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​44042](https://redirect.github.com/cilium/cilium/issues/44042), [@​EmilyShepherd](https://redirect.github.com/EmilyShepherd)) - docs: Update docsearch to v4.5.4 (Backport PR [#​44273](https://redirect.github.com/cilium/cilium/issues/44273), Upstream PR [#​44233](https://redirect.github.com/cilium/cilium/issues/44233), [@​joestringer](https://redirect.github.com/joestringer)) - Documentation: Added Helm configuration instructions for enabling and customizing metrics. (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​43481](https://redirect.github.com/cilium/cilium/issues/43481), [@​suunj](https://redirect.github.com/suunj)) - gitattributes: make install/kubernetes driver match more specific. (Backport PR [#​44056](https://redirect.github.com/cilium/cilium/issues/44056), Upstream PR [#​43943](https://redirect.github.com/cilium/cilium/issues/43943), [@​tommyp1ckles](https://redirect.github.com/tommyp1ckles)) - multicast: fix nil assignment to node configuration cell.Out map (Backport PR [#​43865](https://redirect.github.com/cilium/cilium/issues/43865), Upstream PR [#​40859](https://redirect.github.com/cilium/cilium/issues/40859), [@​ldelossa](https://redirect.github.com/ldelossa)) - workflows: Add id-token permission to call-publish-helm job (Backport PR [#​43777](https://redirect.github.com/cilium/cilium/issues/43777), Upstream PR [#​43717](https://redirect.github.com/cilium/cilium/issues/43717), [@​aanm](https://redirect.github.com/aanm)) **Other Changes:** - .github/workflows: remove stable from v1.18 branch ([#​44153](https://redirect.github.com/cilium/cilium/issues/44153), [@​aanm](https://redirect.github.com/aanm)) - \[v1.18] Backport setup gke cluster ([#​43793](https://redirect.github.com/cilium/cilium/issues/43793), [@​Artyop](https://redirect.github.com/Artyop)) - install: Update image digests for v1.18.6 ([#​43714](https://redirect.github.com/cilium/cilium/issues/43714), [@​cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.18.7@​sha256:99b029a0a7c2224dac8c1cc3b6b3ba52af00e2ff981d927e84260ee781e9753c` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.18.7@​sha256:3d4512153afc5d8ceda3517f9b243619b55a67f9abaebcc92c4be2df94d43cfa` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.18.7@​sha256:e9f15016c7247dffeb2a9216cccc2ab6d36345a2504d34e319c6e9a7873bf3e9` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.18.7@​sha256:9bb9b2b1a4f4bef12a77738756cfbf970daa701e536e42f0a9c64a621bc7c9d5` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.18.7@​sha256:ca3f0dd26a4b447524dce51ee8ef82485a08187b840c21ce4a1398c02b5174a0` ##### operator-aws `quay.io/cilium/operator-aws:v1.18.7@​sha256:fe56a6289afea7f6420f8de0218710ccaaa7af891df5fc180ddd33e6c7509b45` ##### operator-azure `quay.io/cilium/operator-azure:v1.18.7@​sha256:5fb753344c84ab0989d525f789738c874f3fa8f07fbb5cfce06034d027c9728f` ##### operator-generic `quay.io/cilium/operator-generic:v1.18.7@​sha256:244306c5e7c6b73dc7193424f46ed8a0530767b03f03baac80dd717a3a3f0ad7` ##### operator `quay.io/cilium/operator:v1.18.7@​sha256:8aa2bb32df776b8e8f6cfb57ab3eaed5a451bc9f20f1d62a2393840fc072678f` ### [`v1.18.6`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.6): 1.18.6 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.5...1.18.6) ## Summary of Changes **Major Changes:** - Publish Helm charts to OCI registries (Backport PR [#​43689](https://redirect.github.com/cilium/cilium/issues/43689), Upstream PR [#​43624](https://redirect.github.com/cilium/cilium/issues/43624), [@​aanm](https://redirect.github.com/aanm)) **Minor Changes:** - Cilium Preflight check no longer includes Envoy Configmaps, making it easier to correctly run. (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43153](https://redirect.github.com/cilium/cilium/issues/43153), [@​youngnick](https://redirect.github.com/youngnick)) - runtime: Add libatomic1 for cilium-envoy dependency (Backport PR [#​43642](https://redirect.github.com/cilium/cilium/issues/43642), Upstream PR [#​43292](https://redirect.github.com/cilium/cilium/issues/43292), [@​sayboras](https://redirect.github.com/sayboras)) **Bugfixes:** - bpf:wireguard: delivery host packets to bpf\_host for ingress policies (Backport PR [#​43690](https://redirect.github.com/cilium/cilium/issues/43690), Upstream PR [#​42892](https://redirect.github.com/cilium/cilium/issues/42892), [@​smagnani96](https://redirect.github.com/smagnani96)) - cgroup: don't start watch if KPRConfig.EnableSocketLB is disabled (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43256](https://redirect.github.com/cilium/cilium/issues/43256), [@​mhofstetter](https://redirect.github.com/mhofstetter)) - Fix a bug with local redirect service entries being created when backend pods weren't ready. (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​43095](https://redirect.github.com/cilium/cilium/issues/43095), [@​aditighag](https://redirect.github.com/aditighag)) - Fix an issue in proxy NOTRACK iptables rule for aws-cni chaining mode which causes proxy->upstream(outside cluster) traffic not being SNAT'd. (Backport PR [#​43676](https://redirect.github.com/cilium/cilium/issues/43676), Upstream PR [#​43566](https://redirect.github.com/cilium/cilium/issues/43566), [@​fristonio](https://redirect.github.com/fristonio)) - Fix GC of possible duplicated identities in kvstore mode (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​43287](https://redirect.github.com/cilium/cilium/issues/43287), [@​giorio94](https://redirect.github.com/giorio94)) - Fixes a deadlock that was causing endpoint to be stuck without progressing with any updates. (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43242](https://redirect.github.com/cilium/cilium/issues/43242), [@​marseel](https://redirect.github.com/marseel)) - gateway-api: correctly handle CiliumGatewayClassConfig as a namespaced resource. (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43254](https://redirect.github.com/cilium/cilium/issues/43254), [@​youngnick](https://redirect.github.com/youngnick)) - xds: fix nil-pointer in `processRequestStream` (Backport PR [#​43612](https://redirect.github.com/cilium/cilium/issues/43612), Upstream PR [#​43609](https://redirect.github.com/cilium/cilium/issues/43609), [@​mhofstetter](https://redirect.github.com/mhofstetter)) **CI Changes:** - bpf: tests: egressgw: enable HostFW (Backport PR [#​43337](https://redirect.github.com/cilium/cilium/issues/43337), Upstream PR [#​42955](https://redirect.github.com/cilium/cilium/issues/42955), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: tests: egressgw: install ipcache\_v6\_add\_world\_entry() (Backport PR [#​43337](https://redirect.github.com/cilium/cilium/issues/43337), Upstream PR [#​42988](https://redirect.github.com/cilium/cilium/issues/42988), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - chore: comment job to use generated token instead of PAT (Backport PR [#​43612](https://redirect.github.com/cilium/cilium/issues/43612), Upstream PR [#​43148](https://redirect.github.com/cilium/cilium/issues/43148), [@​sekhar-isovalent](https://redirect.github.com/sekhar-isovalent)) - ci: Use newer lvh image for privileged tests (Backport PR [#​43490](https://redirect.github.com/cilium/cilium/issues/43490), Upstream PR [#​41082](https://redirect.github.com/cilium/cilium/issues/41082), [@​rastislavs](https://redirect.github.com/rastislavs)) **Misc Changes:** - .github/workflows: remove auto-requested reviewers (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​42952](https://redirect.github.com/cilium/cilium/issues/42952), [@​aanm](https://redirect.github.com/aanm)) - Add documentation and examples for using the egressDeny field in CiliumNetworkPolicy (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​40272](https://redirect.github.com/cilium/cilium/issues/40272), [@​syedazeez337](https://redirect.github.com/syedazeez337)) - bpf: clear mark content before storing the cluster ID (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43159](https://redirect.github.com/cilium/cilium/issues/43159), [@​giorio94](https://redirect.github.com/giorio94)) - bpf: prevent cluster ID from being incorrectly retrieved from mark when aliased (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43258](https://redirect.github.com/cilium/cilium/issues/43258), [@​giorio94](https://redirect.github.com/giorio94)) - chore(deps): update all github action dependencies (v1.18) ([#​43467](https://redirect.github.com/cilium/cilium/issues/43467), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.18) ([#​43665](https://redirect.github.com/cilium/cilium/issues/43665), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update anchore/sbom-action action to v0.21.0 (v1.18) ([#​43512](https://redirect.github.com/cilium/cilium/issues/43512), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.18) ([#​43543](https://redirect.github.com/cilium/cilium/issues/43543), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.18) ([#​43664](https://redirect.github.com/cilium/cilium/issues/43664), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/busybox:1.37.0 docker digest to [`2383baa`](https://redirect.github.com/cilium/cilium/commit/2383baa) (v1.18) ([#​43662](https://redirect.github.com/cilium/cilium/issues/43662), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update docker.io/library/golang:1.24.11 docker digest to [`54528d1`](https://redirect.github.com/cilium/cilium/commit/54528d1) (v1.18) ([#​43464](https://redirect.github.com/cilium/cilium/issues/43464), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.6.7 (v1.18) ([#​43465](https://redirect.github.com/cilium/cilium/issues/43465), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.34.12-1767177245-7935d4d711cb6f8020385a50c996b90896e16a71 (v1.18) ([#​43539](https://redirect.github.com/cilium/cilium/issues/43539), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1767794330-db497dd19e346b39d81d7b5c0dedf6c812bcc5c9 (v1.18) ([#​43638](https://redirect.github.com/cilium/cilium/issues/43638), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update rhysd/actionlint docker tag to v1.7.10 (v1.18) ([#​43541](https://redirect.github.com/cilium/cilium/issues/43541), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43466](https://redirect.github.com/cilium/cilium/issues/43466), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43542](https://redirect.github.com/cilium/cilium/issues/43542), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43571](https://redirect.github.com/cilium/cilium/issues/43571), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update stable lvh-images (v1.18) (patch) ([#​43663](https://redirect.github.com/cilium/cilium/issues/43663), [@​cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - cmapisrv/test: miscellaneous fixes to the ciliumidentities script test (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​43372](https://redirect.github.com/cilium/cilium/issues/43372), [@​giorio94](https://redirect.github.com/giorio94)) - docs: Add missing IPv6 fragmentation BPF map reference (Backport PR [#​43290](https://redirect.github.com/cilium/cilium/issues/43290), Upstream PR [#​43161](https://redirect.github.com/cilium/cilium/issues/43161), [@​doniacld](https://redirect.github.com/doniacld)) - Fix a regression in the new services control plane where loadBalancerSourceRanges was applied by default to all service types. (Backport PR [#​43575](https://redirect.github.com/cilium/cilium/issues/43575), Upstream PR [#​42351](https://redirect.github.com/cilium/cilium/issues/42351), [@​borkmann](https://redirect.github.com/borkmann)) - operator: the K8s Secret synchronization process now resynchronizes after an hour for synced Secrets. (Backport PR [#​43425](https://redirect.github.com/cilium/cilium/issues/43425), Upstream PR [#​42414](https://redirect.github.com/cilium/cilium/issues/42414), [@​youngnick](https://redirect.github.com/youngnick)) - release: change OCI registry (Backport PR [#​43689](https://redirect.github.com/cilium/cilium/issues/43689), Upstream PR [#​43646](https://redirect.github.com/cilium/cilium/issues/43646), [@​aanm](https://redirect.github.com/aanm)) - route: install ingress proxy routes with WireGuard and L7Proxy (Backport PR [#​43434](https://redirect.github.com/cilium/cilium/issues/43434), Upstream PR [#​42835](https://redirect.github.com/cilium/cilium/issues/42835), [@​smagnani96](https://redirect.github.com/smagnani96)) **Other Changes:** - \[v1.18] bpf:hubble: support policy verdict from L3 devices ([#​43381](https://redirect.github.com/cilium/cilium/issues/43381), [@​smagnani96](https://redirect.github.com/smagnani96)) - \[v1.18] deps: bump CNI plugins version to v1.9.0 ([#​43593](https://redirect.github.com/cilium/cilium/issues/43593), [@​diyi0926](https://redirect.github.com/diyi0926)) - install: Update image digests for v1.18.5 ([#​43400](https://redirect.github.com/cilium/cilium/issues/43400), [@​cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) #### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.18.6@​sha256:42ec562a5ff6c8a860c0639f5a7611685e253fd9eb2d2fcdade693724c9166a4` `quay.io/cilium/cilium:stable@sha256:42ec562a5ff6c8a860c0639f5a7611685e253fd9eb2d2fcdade693724c9166a4` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.18.6@​sha256:8ee142912a0e261850c0802d9256ddbe3729e1cd35c6bea2d93077f334c3cf3b` `quay.io/cilium/clustermesh-apiserver:stable@sha256:8ee142912a0e261850c0802d9256ddbe3729e1cd35c6bea2d93077f334c3cf3b` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.18.6@​sha256:7931555ad713a48a28e4bf097402e0e398461dbf51b81cb8192558c5cb0dc48f` `quay.io/cilium/docker-plugin:stable@sha256:7931555ad713a48a28e4bf097402e0e398461dbf51b81cb8192558c5cb0dc48f` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.18.6@​sha256:fb6135e34c31e5f175cb5e75f86cea52ef2ff12b49bcefb7088ed93f5009eb8e` `quay.io/cilium/hubble-relay:stable@sha256:fb6135e34c31e5f175cb5e75f86cea52ef2ff12b49bcefb7088ed93f5009eb8e` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.18.6@​sha256:212c4cbe27da3772bcb952b8f8cbaa0b0eef72488b52edf90ad2b32072a3ca4c` `quay.io/cilium/operator-alibabacloud:stable@sha256:212c4cbe27da3772bcb952b8f8cbaa0b0eef72488b52edf90ad2b32072a3ca4c` ##### operator-aws `quay.io/cilium/operator-aws:v1.18.6@​sha256:47dbc1a5bd483fec170dab7fb0bf2cca3585a4893675b0324d41d97bac8be5eb` `quay.io/cilium/operator-aws:stable@sha256:47dbc1a5bd483fec170dab7fb0bf2cca3585a4893675b0324d41d97bac8be5eb` ##### operator-azure `quay.io/cilium/operator-azure:v1.18.6@​sha256:a57aff47aeb32eccfedaa2a49d1af984d996d6d6de79609c232e0c4cf9ce97a1` `quay.io/cilium/operator-azure:stable@sha256:a57aff47aeb32eccfedaa2a49d1af984d996d6d6de79609c232e0c4cf9ce97a1` ##### operator-generic `quay.io/cilium/operator-generic:v1.18.6@​sha256:34a827ce9ed021c8adf8f0feca131f53b3c54a3ef529053d871d0347ec4d69af` `quay.io/cilium/operator-generic:stable@sha256:34a827ce9ed021c8adf8f0feca131f53b3c54a3ef529053d871d0347ec4d69af` ##### operator `quay.io/cilium/operator:v1.18.6@​sha256:0e8903aa092025918761d24ae9a91af35baa5b6910b5d0e3feac91ab8a2bc65b` `quay.io/cilium/operator:stable@sha256:0e8903aa092025918761d24ae9a91af35baa5b6910b5d0e3feac91ab8a2bc65b` ### [`v1.18.5`](https://redirect.github.com/cilium/cilium/releases/tag/v1.18.5): 1.18.5 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.18.4...1.18.5) ## Summary of Changes **Minor Changes:** - \[v1.18] proxy: Bump envoy version to v1.34.11 ([#​43143](https://redirect.github.com/cilium/cilium/issues/43143), [@​sayboras](https://redirect.github.com/sayboras)) - Change the sidecar etcd instance of the Cluster Mesh API Server listen on all IP addresses (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42818](https://redirect.github.com/cilium/cilium/issues/42818), [@​giorio94](https://redirect.github.com/giorio94)) **Bugfixes:** - allow missing verbs for cilium-agent cluster role when readSecretsOnlyFromSecretsNamespace is false (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42790](https://redirect.github.com/cilium/cilium/issues/42790), [@​kraashen](https://redirect.github.com/kraashen)) - AWS EC2: Fix ENI attachment on multi-network card instances with high-performance networking (EFA) setups (Backport PR [#​42745](https://redirect.github.com/cilium/cilium/issues/42745), Upstream PR [#​42512](https://redirect.github.com/cilium/cilium/issues/42512), [@​41ks](https://redirect.github.com/41ks)) - CiliumEnvoyConfig proxy ports are now restored on agent restarts. (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​43108](https://redirect.github.com/cilium/cilium/issues/43108), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - Cleanup FQDNs that have leaked into the global FQDN cache (Backport PR [#​42864](https://redirect.github.com/cilium/cilium/issues/42864), Upstream PR [#​42485](https://redirect.github.com/cilium/cilium/issues/42485), [@​sjohnsonpal](https://redirect.github.com/sjohnsonpal)) - Do not opt-out Endpoint ID 1 from dnsproxy transparent mode. (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42887](https://redirect.github.com/cilium/cilium/issues/42887), [@​jrajahalme](https://redirect.github.com/jrajahalme)) - ENI: Fix panic on nil subnet (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​43023](https://redirect.github.com/cilium/cilium/issues/43023), [@​HadrienPatte](https://redirect.github.com/HadrienPatte)) - Ensure cilium-agent gracefully does fallbacks when etcd is in a bad state. (Backport PR [#​43059](https://redirect.github.com/cilium/cilium/issues/43059), Upstream PR [#​42977](https://redirect.github.com/cilium/cilium/issues/42977), [@​odinuge](https://redirect.github.com/odinuge)) - Fix a bug that would cause Cilium to not report L4 checksum update errors when the length attribute is missing in ICMP Error messages with TCP inner packets. (Backport PR [#​42828](https://redirect.github.com/cilium/cilium/issues/42828), Upstream PR [#​42426](https://redirect.github.com/cilium/cilium/issues/42426), [@​yushoyamaguchi](https://redirect.github.com/yushoyamaguchi)) - Fix a bug that would cause IPsec logs to incorrectly report the XFRM rules being processed as "Ingress" rules. (Backport PR [#​42828](https://redirect.github.com/cilium/cilium/issues/42828), Upstream PR [#​42640](https://redirect.github.com/cilium/cilium/issues/42640), [@​sjohnsonpal](https://redirect.github.com/sjohnsonpal)) - Fix agent local identity leak (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​42662](https://redirect.github.com/cilium/cilium/issues/42662), [@​odinuge](https://redirect.github.com/odinuge)) - Fix bug that could cause the agent to fail to add XFRM states when IPsec is enabled, thus preventing a proper startup. (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42666](https://redirect.github.com/cilium/cilium/issues/42666), [@​pchaigno](https://redirect.github.com/pchaigno)) - Fix GC of per-cluster ctmap entries (Backport PR [#​43294](https://redirect.github.com/cilium/cilium/issues/43294), Upstream PR [#​43160](https://redirect.github.com/cilium/cilium/issues/43160), [@​giorio94](https://redirect.github.com/giorio94)) - Fix ipcache issues causing severe issues with the fqdn subsystem (Backport PR [#​42864](https://redirect.github.com/cilium/cilium/issues/42864), Upstream PR [#​42815](https://redirect.github.com/cilium/cilium/issues/42815), [@​odinuge](https://redirect.github.com/odinuge)) - Fix issue where endpoints got stuck in "waiting-to-regenerate" (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42856](https://redirect.github.com/cilium/cilium/issues/42856), [@​odinuge](https://redirect.github.com/odinuge)) - Fix leak in the policy subsystem (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​42661](https://redirect.github.com/cilium/cilium/issues/42661), [@​odinuge](https://redirect.github.com/odinuge)) - Fix rare kvstore issue where cilium continues to use an expired lease causing kvstore operations to fail consistently (Backport PR [#​42745](https://redirect.github.com/cilium/cilium/issues/42745), Upstream PR [#​42709](https://redirect.github.com/cilium/cilium/issues/42709), [@​odinuge](https://redirect.github.com/odinuge)) - fqdn: Fix fqdn subsystem correctness issues causing packet drops and inconsistent ipcache (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​42500](https://redirect.github.com/cilium/cilium/issues/42500), [@​odinuge](https://redirect.github.com/odinuge)) - In rare cases, the cilium-operator losing the lead of the HA deployment could continue acting as if leading for at most a minute, leading to split-brain problems such as double allocation of pod CIDRs. (Backport PR [#​43059](https://redirect.github.com/cilium/cilium/issues/43059), Upstream PR [#​42920](https://redirect.github.com/cilium/cilium/issues/42920), [@​bimmlerd](https://redirect.github.com/bimmlerd)) - KVStoreMesh now correctly respects the CA bundle setting when validating remote cluster certificates (Backport PR [#​42828](https://redirect.github.com/cilium/cilium/issues/42828), Upstream PR [#​42726](https://redirect.github.com/cilium/cilium/issues/42726), [@​giorio94](https://redirect.github.com/giorio94)) - policy: Fix rare Endpoint Selector Policy Deadlock causing policies to not be updated with new identities (Backport PR [#​42864](https://redirect.github.com/cilium/cilium/issues/42864), Upstream PR [#​42306](https://redirect.github.com/cilium/cilium/issues/42306), [@​odinuge](https://redirect.github.com/odinuge)) - Recreate CiliumEndpoints (k8s resource) if they are accidentally deleted. (Backport PR [#​43117](https://redirect.github.com/cilium/cilium/issues/43117), Upstream PR [#​42877](https://redirect.github.com/cilium/cilium/issues/42877), [@​aanm](https://redirect.github.com/aanm)) - redirectpolicy: Avoid recomputing on pod changes that do not change resulting redirect backends (Backport PR [#​42948](https://redirect.github.com/cilium/cilium/issues/42948), Upstream PR [#​42814](https://redirect.github.com/cilium/cilium/issues/42814), [@​joamaki](https://redirect.github.com/joamaki)) **CI Changes:** - bpf: test: add BPF Masq tests for unknown / handled protocols (Backport PR [#​42711](https://redirect.github.com/cilium/cilium/issues/42711), Upstream PR [#​42144](https://redirect.github.com/cilium/cilium/issues/42144), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: test: egressgw: fix up ENABLE\_MASQUERADE (Backport PR [#​42966](https://redirect.github.com/cilium/cilium/issues/42966), Upstream PR [#​42912](https://redirect.github.com/cilium/cilium/issues/42912), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: tests: add BPF MASQ test for ICMP ECHOs (Backport PR [#​42711](https://redirect.github.com/cilium/cilium/issues/42711), Upstream PR [#​42656](https://redirect.github.com/cilium/cilium/issues/42656), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: tests: set ENABLE\_MASQUERADE\_IPV6 for EGW XDP test (Backport PR [#​43059](https://redirect.github.com/cilium/cilium/issues/43059), Upstream PR [#​42962](https://redirect.github.com/cilium/cilium/issues/42962), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf:test: cover host endpoint case in tc\_nodeport\_l3\_dev.h (Backport PR [#​43059](https://redirect.github.com/cilium/cilium/issues/43059), Upstream PR [#​42983](https://redirect.github.com/cilium/cilium/issues/42983), [@​smagnani96](https://redirect.github.com/smagnani96)) - Delete .github/workflows/build-images-hotfixes.yaml (Backport PR [#​42966](https://redirect.github.com/cilium/cilium/issues/42966), Upstream PR [#​42958](https://redirect.github.com/cilium/cilium/issues/42958), [@​sekhar-isovalent](https://redirect.github.com/sekhar-isovalent)) - gh: conn-disrupt: fix XFRM error checks (Backport PR [#​42764](https://redirect.github.com/cilium/cilium/issues/42764), Upstream PR [#​42724](https://redirect.github.com/cilium/cilium/issues/42724), [@​julianwiedmann](https://redirect.github.com/julianwiedmann)) - gh: ipsec-e2e: fix flaky connection disruptivity test (Backport PR [#​42823](https://redirect.github.com/cilium/cilium/issues/42823), </details> --- ### Configuration 📅 **Schedule**: Branch creation - "on saturday" (UTC), Automerge - At any time (no schedule defined). 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/sp3nx0r/homelab). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy4xNzMuMCIsInVwZGF0ZWRJblZlciI6IjQzLjIyLjAiLCJ0YXJnZXRCcmFuY2giOiJtYWluIn0=--> Co-authored-by: renovate[bot] <29139614+renovate[bot]@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
8 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
In v1.18 (#38397 ) we deprecated the
CiliumBGPPeeringPolicyCRD in favor of new CRDs to configure BGP (CiliumBGPClusterConfig,CiliumBGPPeerConfig,CiliumBGPAdvertisement,CiliumBGPNodeConfigOverride) introduced in v1.16 and promoted to stable API version (v2) in v1.18.This PR finally removes the deprecated
CiliumBGPPeeringPolicyCRD (also called as BGPv1) and the agent implementation handling it. It also removes its references from the documentation, as well as all references to BGPv1 vs BGPv2 - we will have only one BGP implementation from this point on.In cilium-cli, we now use unstructured k8s client to access
CiliumBGPPeeringPolicy, so that we can still test it for the previous releases and keep the deleted CRD in the sysdump for older cilium versions.Note:
contrib/containerlabcleanup will be done as a separate follow-up PR to not make this changeset even bigger.