fix(helm): update chart cilium to 1.16.4 #456
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
--- kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
+++ kubernetes/apps/kube-system/cilium/app Kustomization: flux-system/cilium HelmRelease: kube-system/cilium
@@ -13,13 +13,13 @@
spec:
chart: cilium
sourceRef:
kind: HelmRepository
name: cilium
namespace: flux-system
- version: 1.16.3
+ version: 1.16.4
install:
remediation:
retries: 3
interval: 30m
upgrade:
cleanupOnFail: true |
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-config
@@ -53,14 +53,14 @@
enable-local-redirect-policy: 'true'
ipv4-native-routing-cidr: 10.69.0.0/16
enable-runtime-device-detection: 'true'
kube-proxy-replacement: 'true'
kube-proxy-replacement-healthz-bind-address: 0.0.0.0:10256
bpf-lb-sock: 'false'
+ bpf-lb-sock-hostns-only: 'true'
bpf-lb-sock-terminate-pod-connections: 'false'
- bpf-lb-sock-hostns-only: 'true'
nodeport-addresses: ''
enable-health-check-nodeport: 'true'
enable-health-check-loadbalancer-ip: 'false'
node-port-bind-protection: 'true'
enable-auto-protect-node-port-range: 'true'
bpf-lb-mode: snat
@@ -115,12 +115,13 @@
mesh-auth-queue-size: '1024'
mesh-auth-rotated-identities-queue-size: '1024'
mesh-auth-gc-interval: 5m0s
proxy-xff-num-trusted-hops-ingress: '0'
proxy-xff-num-trusted-hops-egress: '0'
proxy-connect-timeout: '2'
+ proxy-initial-fetch-timeout: '30'
proxy-max-requests-per-connection: '0'
proxy-max-connection-duration-seconds: '0'
proxy-idle-timeout-seconds: '60'
external-envoy-proxy: 'true'
envoy-base-id: '0'
envoy-keep-cap-netbindservice: 'false'
--- HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config
+++ HelmRelease: kube-system/cilium ConfigMap: kube-system/cilium-envoy-config
@@ -262,12 +262,13 @@
}
}
]
},
"dynamicResources": {
"ldsConfig": {
+ "initialFetchTimeout": "30s",
"apiConfigSource": {
"apiType": "GRPC",
"transportApiVersion": "V3",
"grpcServices": [
{
"envoyGrpc": {
@@ -277,12 +278,13 @@
],
"setNodeOnFirstMessageOnly": true
},
"resourceApiVersion": "V3"
},
"cdsConfig": {
+ "initialFetchTimeout": "30s",
"apiConfigSource": {
"apiType": "GRPC",
"transportApiVersion": "V3",
"grpcServices": [
{
"envoyGrpc": {
@@ -300,20 +302,19 @@
"name": "envoy.bootstrap.internal_listener",
"typed_config": {
"@type": "type.googleapis.com/envoy.extensions.bootstrap.internal_listener.v3.InternalListener"
}
}
],
- "layeredRuntime": {
- "layers": [
- {
- "name": "static_layer_0",
- "staticLayer": {
- "overload": {
- "global_downstream_max_connections": 50000
- }
+ "overload_manager": {
+ "resource_monitors": [
+ {
+ "name": "envoy.resource_monitors.global_downstream_max_connections",
+ "typed_config": {
+ "@type": "type.googleapis.com/envoy.extensions.resource_monitors.downstream_connections.v3.DownstreamConnectionsConfig",
+ "max_active_downstream_connections": "50000"
}
}
]
},
"admin": {
"address": {
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium
@@ -16,24 +16,24 @@
rollingUpdate:
maxUnavailable: 2
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 3a7ef8ad6282bd96bb977c3caeeff2f954388426b344348c2e7948cbf4684c90
+ cilium.io/cilium-configmap-checksum: 70bf63b30c1e3b3d3c32e85fe6ee44586c1dbfc87fce3bbc5589fffcb75bf2b6
labels:
k8s-app: cilium
app.kubernetes.io/name: cilium-agent
app.kubernetes.io/part-of: cilium
spec:
securityContext:
appArmorProfile:
type: Unconfined
containers:
- name: cilium-agent
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
command:
- cilium-agent
args:
- --config-dir=/tmp/cilium/config-map
startupProbe:
@@ -182,13 +182,13 @@
- name: xtables-lock
mountPath: /run/xtables.lock
- name: tmp
mountPath: /tmp
initContainers:
- name: config
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
command:
- cilium-dbg
- build-config
env:
- name: K8S_NODE_NAME
@@ -207,13 +207,13 @@
value: '7445'
volumeMounts:
- name: tmp
mountPath: /tmp
terminationMessagePolicy: FallbackToLogsOnError
- name: mount-cgroup
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
env:
- name: CGROUP_ROOT
value: /sys/fs/cgroup
- name: BIN_PATH
value: /opt/cni/bin
@@ -239,13 +239,13 @@
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
drop:
- ALL
- name: apply-sysctl-overwrites
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
env:
- name: BIN_PATH
value: /opt/cni/bin
command:
- sh
@@ -269,13 +269,13 @@
- SYS_ADMIN
- SYS_CHROOT
- SYS_PTRACE
drop:
- ALL
- name: mount-bpf-fs
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
args:
- mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf
command:
- /bin/bash
- -c
@@ -285,13 +285,13 @@
privileged: true
volumeMounts:
- name: bpf-maps
mountPath: /sys/fs/bpf
mountPropagation: Bidirectional
- name: clean-cilium-state
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
command:
- /init-container.sh
env:
- name: CILIUM_ALL_STATE
valueFrom:
@@ -333,13 +333,13 @@
- name: cilium-cgroup
mountPath: /sys/fs/cgroup
mountPropagation: HostToContainer
- name: cilium-run
mountPath: /var/run/cilium
- name: install-cni-binaries
- image: quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
+ image: quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
imagePullPolicy: IfNotPresent
command:
- /install-plugin.sh
resources:
requests:
cpu: 100m
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy
+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy
@@ -28,13 +28,13 @@
spec:
securityContext:
appArmorProfile:
type: Unconfined
containers:
- name: cilium-envoy
- image: quay.io/cilium/cilium-envoy:v1.29.9-1728346947-0d05e48bfbb8c4737ec40d5781d970a550ed2bbd@sha256:42614a44e508f70d03a04470df5f61e3cffd22462471a0be0544cf116f2c50ba
+ image: quay.io/cilium/cilium-envoy:v1.30.7-1731393961-97edc2815e2c6a174d3d12e71731d54f5d32ea16@sha256:0287b36f70cfbdf54f894160082f4f94d1ee1fb10389f3a95baa6c8e448586ed
imagePullPolicy: IfNotPresent
command:
- /usr/bin/cilium-envoy-starter
args:
- --
- -c /var/run/cilium/envoy/bootstrap-config.json
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator
@@ -20,24 +20,24 @@
maxSurge: 25%
maxUnavailable: 100%
type: RollingUpdate
template:
metadata:
annotations:
- cilium.io/cilium-configmap-checksum: 3a7ef8ad6282bd96bb977c3caeeff2f954388426b344348c2e7948cbf4684c90
+ cilium.io/cilium-configmap-checksum: 70bf63b30c1e3b3d3c32e85fe6ee44586c1dbfc87fce3bbc5589fffcb75bf2b6
prometheus.io/port: '9963'
prometheus.io/scrape: 'true'
labels:
io.cilium/app: operator
name: cilium-operator
app.kubernetes.io/part-of: cilium
app.kubernetes.io/name: cilium-operator
spec:
containers:
- name: cilium-operator
- image: quay.io/cilium/operator-generic:v1.16.3@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b
+ image: quay.io/cilium/operator-generic:v1.16.4@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5
imagePullPolicy: IfNotPresent
command:
- cilium-operator-generic
args:
- --config-dir=/tmp/cilium/config-map
- --debug=$(CILIUM_DEBUG) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
1.16.3->1.16.4Release Notes
cilium/cilium (cilium)
v1.16.4Compare Source
Configuration
📅 Schedule: Branch creation - "every weekend" (UTC), Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about these updates again.
This PR was generated by Mend Renovate. View the repository job log.