feat(helm): update chart cilium to 1.16.4 #734

chii-bot · 2022-08-16T18:26:15Z

This PR contains the following updates:

Package	Type	Update	Change
cilium (source)	HelmChart	minor	`1.13.2` -> `1.16.4`
cilium (source)		minor	`1.12.0` -> `1.16.4`

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.

Release Notes

cilium/cilium

`v1.16.4`

Compare Source

Summary of Changes

Minor Changes:

Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR #35908, Upstream PR #35809, @jrajahalme)
clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR #35543, Upstream PR #35349, @giorio94)
helm: Lower default hubble.tls.auto.certValidityDuration to 365 days (Backport PR #35781, Upstream PR #35630, @chancez)
helm: New socketLB.tracing flag (Backport PR #35781, Upstream PR #35747, @pchaigno)
hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR #35781, Upstream PR #35632, @chancez)
netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR #35543, Upstream PR #35306, @jrife)

Bugfixes:

Avoid duplicate errors in health status for node-neighbor-link-updater (Backport PR #35468, Upstream PR #35179, @wedaly)
bgpv1: fix reconciliation of services with shared VIPs (Backport PR #35468, Upstream PR #35333, @rastislavs)
bgpv2,operator: Fix the race condition in the nodeSelector conflict detection logic (Backport PR #35863, Upstream PR #35690, @YutaroHayakawa)
bgpv2: set local peering address when specified (Backport PR #35781, Upstream PR #35552, @harsimran-pabla)
Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. (Backport PR #35603, Upstream PR #35150, @jrajahalme)
Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an timeout waiting for response error is encountered. (Backport PR #35781, Upstream PR #35589, @bimmlerd)
config: Remove superfluous warning on native routing CIDR (Backport PR #35781, Upstream PR #35738, @gandro)
Fix missing flowlabel hash on SRv6 traffic. (Backport PR #35781, Upstream PR #35498, @akaliwod)
Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (Backport PR #35543, Upstream PR #35173, @smagnani96)
Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode (Backport PR #35781, Upstream PR #35673, @giorio94)
Fix redirect from L3 device to remote endpoint via overlay network. (Backport PR #35468, Upstream PR #35165, @julianwiedmann)
Fixed a bug where replies for pod-originating connections came into scope of HostFW Ingress Network policy. Applicable to configurations that use iptables for Masquerading. (Backport PR #35908, Upstream PR #35694, @julianwiedmann)
Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. (Backport PR #35781, Upstream PR #35599, @squeed)
Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. (Backport PR #35543, Upstream PR #35293, @squeed)
Fixes a potential deadlock when restarting cilium agent with pods with DNS interception configured (Backport PR #35906, Upstream PR #35890, @squeed)
Fixes BPF Masquerading exclusion CIDR for IPAM modes "eni", "azure" and "alibabacloud". (#35611, @pippolo84)
helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries (Backport PR #35319, Upstream PR #35301, @hox)
helm: fix duplicate configmap key for bpf-lb-sock-terminate-pod-connections (Backport PR #35781, Upstream PR #35703, @solidDoWant)
helm: set automountServiceAccountToken to false for hubble-relay sa (Backport PR #35781, Upstream PR #35674, @ayuspin)
hubble: fix endpoint cluster name (Backport PR #35781, Upstream PR #35415, @kaworu)
hubble: Lock exporters while gathering metrics (Backport PR #35908, Upstream PR #35860, @joestringer)
Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. (Backport PR #35781, Upstream PR #35143, @jrajahalme)
ipam: Validate CiliumNode resource in ENI mode (Backport PR #35792, Upstream PR #35784, @sayboras)
l7lb: fix registration of flag loadbalancer-l7 (Backport PR #35781, Upstream PR #35623, @mhofstetter)
Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout (Backport PR #35319, Upstream PR #35069, @chancez)
option: Reduce log level for WG strict mode + IPv6 (Backport PR #35908, Upstream PR #35763, @pchaigno)
Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. (Backport PR #35468, Upstream PR #35381, @jrajahalme)
treewide: Add wrapper for netlink functions that may fail with ErrDumpInterrupted (Backport PR #35654, Upstream PR #35614, @gandro)
wireguard: Fix connectivity issues following node reboots. (Backport PR #35908, Upstream PR #35750, @jrife)

CI Changes:

.github/conformance-ginkgo: replace deprecated jq flag (Backport PR #35468, Upstream PR #35399, @aanm)
.github: extend timeout for tests-ipsec-upgrade workflow (Backport PR #35781, Upstream PR #35657, @rastislavs)
.github: remove libncurses5 from integration tests (Backport PR #35468, Upstream PR #35408, @aanm)
[v1.16] gh: e2e-upgrade: restart LRP backend pod after upgrade (#35329, @ysksuzuki)
[v1.16] github: update rhel8 LVH image to rhel8.6 (#35733, @julianwiedmann)
Additionally test KVStore mode in E2E/IPSec workflows (Backport PR #35905, Upstream PR #35679, @giorio94)
ci: conformance-kind: re-enable flaky Aggregator test (Backport PR #35582, Upstream PR #35286, @julianwiedmann)
ci: datapath-verifier: bump lvh images (Backport PR #35648, Upstream PR #35456, @julianwiedmann)
gha: Update chmod command (Backport PR #35468, Upstream PR #35400, @sayboras)
github: Pass the workflow step timeout to go test (Backport PR #35908, Upstream PR #35814, @jrajahalme)
Refactor and set a default for GH_RUNNER_EXTRA_POWER (Backport PR #35319, Upstream PR #35267, @aanm)
workflows/gateway-api: Cover IPsec with GatewayAPI (Backport PR #35908, Upstream PR #35584, @pchaigno)
workflows/ingress: Run basic checks (Backport PR #35908, Upstream PR #35683, @pchaigno)
workflows/ipsec: Cover Ingress (Backport PR #35908, Upstream PR #35476, @pchaigno)
workflows: Extend IPsec tests to cover egress gateway (Backport PR #35540, Upstream PR #35323, @pchaigno)

Misc Changes:

.github/build-images-base: checkout base branch to get scripts (Backport PR #35319, Upstream PR #35236, @aanm)
.github: remove retention days for image digests (Backport PR #35468, Upstream PR #35457, @aanm)
bpf: vxlan helper improvements (Backport PR #35543, Upstream PR #34755, @julianwiedmann)
chore(deps): update all github action dependencies (v1.16) (#35382, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35439, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35573, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35710, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#35438, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.8 docker digest to 0ca97f4 (v1.16) (#35730, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.8 docker digest to b274ff1 (v1.16) (#35379, @cilium-renovate[bot])
chore(deps): update go to v1.22.9 (v1.16) (#35854, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1729635771-fa4efeff33a344a45e14a4068c61dc438b3d2270 (v1.16) (#35491, @cilium-renovate[bot])
chore(deps): update stable lvh-images (v1.16) (patch) (#35731, @cilium-renovate[bot])
cilium, docs: Extend requirements for L7 proxy (Backport PR #35781, Upstream PR #35669, @borkmann)
cilium: add probe for netkit for more user friendly error when not supported (Backport PR #35781, Upstream PR #35551, @borkmann)
ctrl-runtime: lower severity of retryable reconcile errors (Backport PR #35592, Upstream PR #35364, @giorio94)
daemon: Reduce level of socket LB tracing warning (Backport PR #35908, Upstream PR #35798, @pchaigno)
datapath: move policy map value prefix length to flags (Backport PR #35603, Upstream PR #35534, @jrajahalme)
dnsproxy: fix error when sessionUDPFactory fails (Backport PR #35543, Upstream PR #33998, @marseel)
docs/ipsec: Remove KPR limitation (Backport PR #35908, Upstream PR #35743, @pchaigno)
docs/xfrm: Fix incorrect statement regarding XFRM IN policies (Backport PR #35781, Upstream PR #35626, @pchaigno)
docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation (Backport PR #35319, Upstream PR #35288, @oneumyvakin)
docs: clean up stale kernel requirements (Backport PR #35582, Upstream PR #35575, @julianwiedmann)
docs: Fix incorrect link to RFC 4271 for BGP control plane timers. (Backport PR #35781, Upstream PR #35725, @nvibert)
docs: kpr: update error message regarding SocketLB tracing (Backport PR #35468, Upstream PR #35337, @julianwiedmann)
docs: tuning: XDP LB also supports tunnel routing (Backport PR #35582, Upstream PR #35574, @julianwiedmann)
docs: update 1.16 upgrade note for LRP (#35944, @ysksuzuki)
docs: update default identity label filters (Backport PR #35468, Upstream PR #35422, @marseel)
docs: XFRM reference guide for IPsec development (Backport PR #35582, Upstream PR #35322, @pchaigno)
Envoy simplify listener setup (Backport PR #35764, Upstream PR #35642, @jrajahalme)
envoy: Configure internal_address_config to avoid warning log (Backport PR #35471, Upstream PR #35090, @sayboras)
envoy: Limit started serving logging to the typeURL of the stream (Backport PR #35781, Upstream PR #35736, @jrajahalme)
Fix wrongly spelled config option in error message (Backport PR #35543, Upstream PR #35390, @baurmatt)
helm: clarify text for serviceNoBackendResponse (Backport PR #35908, Upstream PR #35734, @julianwiedmann)
hubble: Add 'release' Make target (Backport PR #35781, Upstream PR #35561, @michi-covalent)
image: Use cilium-builder instead of golang as operator builder image (Backport PR #35781, Upstream PR #35351, @learnitall)
iptables: always warn about missing xt_socket module (Backport PR #35781, Upstream PR #35591, @julianwiedmann)
makefile: add target to install Cilium in kvstore mode (Backport PR #35905, Upstream PR #35646, @giorio94)
proxy: Ensure proxy ports are written on shutdown (Backport PR #35908, Upstream PR #35839, @jrajahalme)
Silence spurious clustermesh-related warnings (Backport PR #35850, Upstream PR #35867, @giorio94)

Other Changes:

[v1.16] envoy: Add configuration for OverloadManager (#35787, @sayboras)
[v1.16] envoy: Bump envoy version from 1.29.x to 1.30.x (#35563, @sayboras)
[v1.16] policy/correlation: Fix PolicyMatch{L3Proto,L4Only} case (#35681, @gandro)
chore(deps): update cilium-envoy dependency (#35920, @sayboras)
install: Update image digests for v1.16.3 (#35361, @cilium-release-bot[bot])
Policy add deny rule test and benchmark (#35714, @jrajahalme)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.4@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.4@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2
quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2

docker-plugin

quay.io/cilium/docker-plugin:v1.16.4@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e
quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e

hubble-relay

quay.io/cilium/hubble-relay:v1.16.4@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2
quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.4@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686
quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686

operator-aws

quay.io/cilium/operator-aws:v1.16.4@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be
quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be

operator-azure

quay.io/cilium/operator-azure:v1.16.4@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de
quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de

operator-generic

quay.io/cilium/operator-generic:v1.16.4@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5
quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5

operator

quay.io/cilium/operator:v1.16.4@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff
quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff

`v1.16.3`

Compare Source

Summary of Changes

Bugfixes:

bgpv2: fix reconciliation of services with shared VIPs (Backport PR #35274, Upstream PR #35166, @rastislavs)
bgpv2: Fix service reconciliation logic to update service advertisement metadata only after successful reconciliation (Backport PR #35036, Upstream PR #34976, @rastislavs)
bpf: nat: recreate a NAT entry if the packet hits the stale entry (Backport PR #35036, Upstream PR #34913, @ysksuzuki)
bugtool: fix cilium-health command (Backport PR #35274, Upstream PR #35068, @ayuspin)
Fix a low-probability issue where the DNS proxy could occasionally drop DNS queries due to "duplicate request id" errors. (Backport PR #35036, Upstream PR #34941, @bimmlerd)
Fix issue where bpf packet buffer mark would in some cases set incorrect mark value resulting in incorrectly SNATed traffic. (Backport PR #35036, Upstream PR #34789, @tommyp1ckles)
Fix parameter check to forbid IPAM ENI with TUNNEL routing, and prevent agent segfault when also IPSec is enabled. (Backport PR #34918, Upstream PR #34651, @smagnani96)
Fixed bug in LB-IPAM where restarting the operator would unshare previously shared IPs between services (Backport PR #35036, Upstream PR #34783, @dylandreimerink)
Fixed bug in tracking policy changes that could have resulted in revert not woking in failure cases as expected. (Backport PR #35274, Upstream PR #35109, @jrajahalme)
Fixed bug where service id allocator would loop infinity when out of service ids (Backport PR #35274, Upstream PR #35033, @WeeNews)
Fixes startup fatal error when updating CiliumNode resource. (Backport PR #34918, Upstream PR #34862, @harsimran-pabla)
gateway-api: Align GRPCRoute matchers with GEP specification (Backport PR #35274, Upstream PR #34808, @cfsnyder)
helm template function no longer errors when using k8sServiceHost: auto (Backport PR #35274, Upstream PR #35186, @kreeuwijk)
hubble: add printer for lost events (Backport PR #35274, Upstream PR #35208, @aanm)
ipcache: Yet another refcounting fix with mix of APIs (Backport PR #35036, Upstream PR #34715, @gandro)
netkit: Allow ARP packets through when using host firewall. (Backport PR #35274, Upstream PR #35070, @jrife)
wireguard: Fix issue where updates to a WireGuard device's configuration caused connectivity blips. (Backport PR #35115, Upstream PR #34612, @jrife)

CI Changes:

.github/lint-build-commits: fix workflow for push events (Backport PR #35274, Upstream PR #35264, @aanm)
.github: create cache directories on cache miss (Backport PR #35157, Upstream PR #35088, @aanm)
.github: do not push floating tag from PRs (Backport PR #35230, Upstream PR #35227, @aanm)
.github: install golang action after checkout (Backport PR #35157, Upstream PR #34843, @aanm)
.github: re-enable configurations in e2e-upgrade (Backport PR #35157, Upstream PR #34800, @aanm)
.github: specify cache-dependency-path in lint-workflows (Backport PR #35157, Upstream PR #34845, @aanm)
[1.16] test: Skip envoy internal_address_config warning log (#35053, @pippolo84)
[v1.16] gha: fix incorrect go version in lint-build-commits workflow (#35312, @giorio94)
ci: conformance-[gateway-api|ginkgo|ingress] wait for images before matrix generation (Backport PR #34918, Upstream PR #34820, @aanm)
fix: repository nil value handled on workflow_dispatch context for renovate updates (Backport PR #34918, Upstream PR #34902, @Artyop)
servicemesh, ci: run internal to NodePort test (Backport PR #35274, Upstream PR #35177, @marseel)

Misc Changes:

.github: add cache to cilium-cli and hubble-cli build workflows (Backport PR #35157, Upstream PR #34847, @aanm)
.github: clean up disk for lint-build workflow (Backport PR #35157, Upstream PR #35141, @aanm)
.github: fix build image process to commit changes (Backport PR #35274, Upstream PR #35262, @aanm)
.github: fix lvh-kind warnings (Backport PR #35157, Upstream PR #34811, @aanm)
.github: fix runtime image digests (Backport PR #35274, Upstream PR #35107, @aanm)
.github: push floating tag for push events for stable branches (#35235, @aanm)
[v1.16] .github: do not update github runners for bpf workflows (#35106, @aanm)
[v1.16] manually update dependency cilium/cilium-cli to v0.16.19 (v1.16) (#35310, @julianwiedmann)
bgpv2/docs: add ebgp multihop documentation (Backport PR #35036, Upstream PR #34951, @harsimran-pabla)
bgpv2: cleanup service reconciliation logic (Backport PR #35036, Upstream PR #34959, @rastislavs)
Change GH runners to GH's default (Backport PR #35157, Upstream PR #33451, @aanm)
chore(deps): update all github action dependencies (v1.16) (#35025, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35082, @cilium-renovate[bot])
chore(deps): update all github action dependencies (v1.16) (#35250, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#35005, @cilium-renovate[bot])
chore(deps): update all-dependencies (v1.16) (#35283, @cilium-renovate[bot])
chore(deps): update dependency cilium/cilium-cli to v0.16.18 (v1.16) (#34999, @cilium-renovate[bot])
chore(deps): update docker.io/library/golang:1.22.7 docker digest to ddad330 (v1.16) (#35101, @cilium-renovate[bot])
chore(deps): update go to v1.22.8 (v1.16) (#35201, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727741018-e3a7412f65722ebbe34254b3582b89d315765d0d (v1.16) (#35137, @cilium-renovate[bot])
chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.29.9-1727997080-b094128ed01b784b63ada19b54f8c7fdc3042e6e (v1.16) (#35218, @cilium-renovate[bot])
cilium-cli: Show config.cilium.io annotations on configmap (Backport PR #35155, Upstream PR #35020, @joamaki)
docs: Add known issue for netkit endpoint route issues (Backport PR #35274, Upstream PR #35126, @jrife)
docs: fix EKS Kubernetes compatibility link (Backport PR #35036, Upstream PR #34922, @fjvela)
docs: Improve warning on insecure global IPsec keys (Backport PR #34918, Upstream PR #34846, @pchaigno)
docs: move sig-policy to second Tuesday of the month (Backport PR #35115, Upstream PR #35040, @squeed)
fix: Assign PodStore from Pod resource until cell migration is completed (Backport PR #35274, Upstream PR #34090, @dlapcevic)
helm: add client auth to hubble server certificate (Backport PR #35036, Upstream PR #34934, @kaworu)
helm: set key usages for hubble certificates with cert-manager (Backport PR #35036, Upstream PR #34946, @kaworu)
Improve speed on lint commits GH workflow (Backport PR #35157, Upstream PR #34848, @aanm)
install/kubernetes: fix Operator's clusterrole for pods deletion (Backport PR #35274, Upstream PR #35193, @aanm)
Re-write GitHub cache usages across workflows (Backport PR #35157, Upstream PR #34866, @aanm)
Remove conformance-e2e tests (Backport PR #35157, Upstream PR #34742, @aanm)

Other Changes:

[v1.16] Add missing test coverage in v1.16 branch (#35223, @aanm)
[v1.16] author backport: fix ENABLE_LOCAL_REDIRECT_POLICY (#35129, @ysksuzuki)
[v1.16] author backport: LRP fixes (#35072, @ysksuzuki)
[v1.16] ginkgo: disable test for deprecated annotations-based L7 visibility (#35160, @tklauser)
[v1.16] test/k8s: replace L7 visibility Pod annotations by L7 visibility policy (#35151, @tklauser)
install: Update image digests for v1.16.2 (#35052, @cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.3@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28
quay.io/cilium/cilium:stable@sha256:62d2a09bbef840a46099ac4c69421c90f84f28d018d479749049011329aa7f28

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.3@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb
quay.io/cilium/clustermesh-apiserver:stable@sha256:598cb4fd30b47bf2bc229cd6a011e451cf14753e56a80bb9ef01a09a519f52fb

docker-plugin

quay.io/cilium/docker-plugin:v1.16.3@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae
quay.io/cilium/docker-plugin:stable@sha256:87af6722fdf73cd98123635108f1507d2c982aad82b89906a2925dc4e251acae

hubble-relay

quay.io/cilium/hubble-relay:v1.16.3@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089
quay.io/cilium/hubble-relay:stable@sha256:feb60efd767e0e7863a94689f4a8db56a0acc7c1d2b307dee66422e3dc25a089

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.3@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898
quay.io/cilium/operator-alibabacloud:stable@sha256:d80a785c0e807fc708264a3fcb19be404114f619fd756dd5214f4cad5a281898

operator-aws

quay.io/cilium/operator-aws:v1.16.3@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916
quay.io/cilium/operator-aws:stable@sha256:47f5abc5fa528472d3509c3199d7aab1e120833fb68df455e3b4476916385916

operator-azure

quay.io/cilium/operator-azure:v1.16.3@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542
quay.io/cilium/operator-azure:stable@sha256:2882aaf03c32525a99181b7c065b2bb19c03eba6626fc736aebe368d90791542

operator-generic

quay.io/cilium/operator-generic:v1.16.3@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b
quay.io/cilium/operator-generic:stable@sha256:6e2925ef47a1c76e183c48f95d4ce0d34a1e5e848252f910476c3e11ce1ec94b

operator

quay.io/cilium/operator:v1.16.3@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f
quay.io/cilium/operator:stable@sha256:11219d0027c7ab5fb5ac531d4456b570b51f0d871c52c69e5e70c164bb38af0f

`v1.16.2`

Compare Source

We are happy to release Cilium v1.16.2!

This release brings us improved validation for updating from v1.15, fixed panics, race conditions and deadlocks, CI fixes and many many more changes!

Check out the summary below for details.

Summary of Changes

Minor Changes:

Add validation to prevent users from using deprecated values that have been removed in v1.15 and v1.16 (Backport PR #34452, Upstream PR #34229, @chancez)
bgpv2: update status field of CiliumBGPNodeConfig CRD (Backport PR #34580, Upstream PR #33411, @harsimran-pabla)
docs: Update examples for CNP L7 Host (Backport PR #34644, Upstream PR #34578, @sayboras)
egressgw: drop traffic when gateway node is not configured for policy (Backport PR #34452, Upstream PR #33625, @julianwiedmann)

Bugfixes:

add support for validation of stringToString values in ConfigMap (Backport PR #34586, Upstream PR #34279, @alex-berger)
bgpv2: correct service reconciler initialization (Backport PR #34452, Upstream PR #34415, @harsimran-pabla)
bgpv2: fix cilium-dbg bgp filtering by ASN & route-policy dump format (Backport PR #34452, Upstream PR #34335, @rastislavs)
bpf: Fix Prune map operation leaking BPF map entries (Backport PR #34586, Upstream PR #34476, @gandro)
config: fix disabling config 'Debug' (Backport PR #34469, Upstream PR #34401, @mhofstetter)
daemon: Create IPsec and LRP maps early on startup (Backport PR #34452, Upstream PR #34388, @pchaigno)
daemon: Fix error logic flow for pod store being out of date (Backport PR #34586, Upstream PR #34389, @christarazi)
envoy: fix log level mapping when changing log level via API (Backport PR #34452, Upstream PR #34400, @mhofstetter)
Fix "invalid sysctl parameter" error when Cilium needs to modify a sysctl with capital letters in its name. (Backport PR #34586, Upstream PR #34298, @julianwiedmann)
Fix a bug in Cilium's kube-proxy replacement, where replies by a local backend are dropped with DROP_NO_FIB. (Backport PR #34452, Upstream PR #34303, @julianwiedmann)
Fix a race condition that would cause errors related to maps LB{4,6}_SKIP_MAP when loading programs. (Backport PR #34586, Upstream PR #34453, @pchaigno)
Fix agent panic when IPsec is enabled but XFRM stats are not exposed by the kernel. (Backport PR #34831, Upstream PR #34647, @chaunceyjiang)
Fix issue where a hostport service would be created on an incorrect node when cilium-agent is configured with disable-endpoint-crd (Backport PR #34644, Upstream PR #34385, @haozhangami)
Fix operator deployment connecting to clustermesh kvstoremesh when endpointslice sync or MCS-API Service exports is enabled (Backport PR #34586, Upstream PR #34295, @MrFreezeex)
Fix parsing of complex api-rate-limit options. The parsing failed when rate limits were configured for multiple API endpoints with multiple options, for example: "endpoint-create=rate-limit:1/s,rate-burst=1,endpoint-delete=rate-limit:2/s,rate-burst=2". The ability to also specify the rate limits as JSON strings was also returned. (Backport PR #34586, Upstream PR #34249, @joamaki)
Fix possible connection disruption on agent restart with WireGuard + native routing (Backport PR #34831, Upstream PR #34095, @giorio94)
Fix possible panic occurring in case errors are returned while updating/deleting IPv6 routes (Backport PR #34831, Upstream PR #34721, @giorio94)
Fix the Egress Gateway reconciliation logic to make progress after setting the rp_filter sysctl failed. (Backport PR #34831, Upstream PR #34775, @julianwiedmann)
Fixes broken pod-to-remote-hostport connectivity when IPsec is used with L7 ingress policy and KPR. (Backport PR #34586, Upstream PR #33805, @jschwinger233)
Fixes deadlock in identity watcher. This fixes an issue where a kvstore disconnect can cause the event receiver to exit and the event sender to get stuck forever. (Backport PR #34831, Upstream PR #34611, @dboslee)
helm: fix envoy prometheus metrics scraping with servicemonitor (Backport PR #34472, Upstream PR #34448, @mhofstetter)
ingress: Avoid opening of port 80 for TLSPassthrough only (Backport PR #34586, Upstream PR #34474, @sayboras)
ingress: Remove generated CEC if empty (Backport PR #34644, Upstream PR #34576, @sayboras)
lbipam: fix panic when changing the shared key & req. ip annotation (Backport PR #34452, Upstream PR #34236, @mhofstetter)
policy: Fixed CIDRGroupRef breaking the sanitization (Backport PR #34452, Upstream PR #34076, @chaunceyjiang)
Replace dotted sysctl names with string slices (Backport PR #34831, Upstream PR #34527, @dylandreimerink)

CI Changes:

.github: change nick-invision/retry -> nick-fields/retry. (#34735, @michi-covalent)
bgpv1/test: fix route matching in PodIPPoolAdvert test (Backport PR #34452, Upstream PR #34270, @rastislavs)
ci: clean disk only on ubuntu-latest runners (Backport PR #34831, Upstream PR #34711, @marseel)
ci: Confromance E2E wait for images before matrix generation (Backport PR #34831, Upstream PR #34707, @marseel)
ci: datapath-verifier: also run on 6.6 kernel (Backport PR #34452, Upstream PR #34420, @julianwiedmann)
ci: don't run AKS tests on LTS versions (Backport PR #34644, Upstream PR #34640, @marseel)
ci: Wait for images before generating test matrix (Backport PR #34831, Upstream PR #34727, @marseel)
Fix: push PR changes when renovate build images under the workflow_call context (Backport PR #34831, Upstream PR #34650, @Artyop)
gha: Add disk cleanup step f

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

chii-bot · 2022-08-16T18:27:10Z

Path: cluster/apps/kube-system/cilium/helm-release.yaml
Version: 1.12.0 -> 1.16.4

@@ -1,1309 +1 @@
----
-# Source: cilium/templates/cilium-agent/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "cilium"
- namespace: default
----
-# Source: cilium/templates/cilium-operator/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "cilium-operator"
- namespace: default
----
-# Source: cilium/templates/hubble-relay/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "hubble-relay"
- namespace: default
----
-# Source: cilium/templates/hubble-ui/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "hubble-ui"
- namespace: default
----
-# Source: cilium/templates/cilium-ca-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: cilium-ca
- namespace: default
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUtabE5hNDlZaXIvU3ZXQTEzdkxtN2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTVRFeU1ERXdNakUxTTFvWERUSTNNVEV5TURFdwpNakUxTTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF5a3RRWlUxclNTRWZxby84eUhISXFId0VBN1ZweTQyY1BaeHE4REt4cTFQcDU5VjQKc0hSaXF5YmNFdHE4TUs1aURJS01xNDBYdGRHR2FtS3JHcW5kaldFbzJ5NUR2Rk8vUHN6NEVnZDJGYnI0THUzYwpFSlFHbDBaN2VQb0NoWWNIN01NaTJCbjRuc2twdHhIWk8rb2prL2JNS2tTT3RKeENNSDkzTG85U1RISTlqblNZCnBGMXpCeTlpZ0hVZDF4aytKRDc1Sk1ZVzBKWU9NZy9RaitnbEFmdmd1RC9hMUxmOUdlZDJxaUdKRDlxdlJZVXoKMTRHTVEvWGlJd0VVVkZVMmJYdUxvYkQrN2kyK08rRDNublp5RkcxMUJPS3B6MnpFNGdjWUJKMkFma2dTRERkbQpJN3VQdGI5RE9GNFovMEZCYXNwSnd0OVA5NXZJNUZ2WU94TWNsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRUowRm11aC9yWnY5VUgwTUpXcjMydmliWlc2TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ2ViSzErZURWV0tPZWZReitaanUwUnl0T003WU14SW8vNWZaMWtycHFCUUt1TGx0QzRucldmCkVsR1NRNU1pK0ErU3k2Z2lYVEs1SDY5MllZK0xicG9BZHIvWDM5dU9zVHpJTklGaGVpdk8vcjdQeVg0NjFmSUoKM0NyRlRuRGd6UlVYdGIxWk9VaGF3ZHJwSjg1d0s0K3VLRTR6SFc4cUNTVm1KQThBaHl0M0cxRENVOGpxTWV4bApoS0dlYlltem9XVjZDSnU2NVM1b3lvbjZsME5hckljWjZna3YzditrTmRBcUZxSTNFM1lOeWlLbXoxeTlDWmhqCldlbHFnOTFxYXNOS2ZjMzlsSHlxN1pzYXVCZzNKRzMvRFpBdzVZblVlKzFhWkFnWDZCQWs1U2kzYmQ3bU81ekQKWnVNTTM4VkFnYWNaUTh2MjNwTk90dmZnK1VhUHhsL3oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeWt0UVpVMXJTU0VmcW8vOHlISElxSHdFQTdWcHk0MmNQWnhxOERLeHExUHA1OVY0CnNIUmlxeWJjRXRxOE1LNWlESUtNcTQwWHRkR0dhbUtyR3FuZGpXRW8yeTVEdkZPL1BzejRFZ2QyRmJyNEx1M2MKRUpRR2wwWjdlUG9DaFljSDdNTWkyQm40bnNrcHR4SFpPK29qay9iTUtrU090SnhDTUg5M0xvOVNUSEk5am5TWQpwRjF6Qnk5aWdIVWQxeGsrSkQ3NUpNWVcwSllPTWcvUWorZ2xBZnZndUQvYTFMZjlHZWQycWlHSkQ5cXZSWVV6CjE0R01RL1hpSXdFVVZGVTJiWHVMb2JEKzdpMitPK0Qzbm5aeUZHMTFCT0twejJ6RTRnY1lCSjJBZmtnU0REZG0KSTd1UHRiOURPRjRaLzBGQmFzcEp3dDlQOTV2STVGdllPeE1jbFFJREFRQUJBb0lCQUdEODNPM0V3WVJOUWo1bgpURjNaMThlWHRlRUZVRlRNYnpWRzBpcVpVMzk5K3U0dzllMDd6N2FaS2ZoTU1OL3lLNFl0N1QydXBzaUFUVDZpClVjQzE0a2dQWmlRM3VUZ0l1dTlrSENlZ3RpZlMvWHlhZytEYTU1SU5zOU1ib3F2Y1FwdHNMeitHckNHTTl0Z1QKMGFBZE1MT1hKdW00OXVaMjZIRVNHOVVSMS9aWUVPZ1JkZmNoT2U5K2g0eHZIenJ0SkhwTnNMZTRQQ2g5NnNLbgozZ2VpK1VjQzZCWVdoR3ByLzArR2xLMjN6VWtIalowTGUwSHJ6QkxiZnVVNHlJQkIzS2ZhaXgwYTNnbDV1N2VxCjFFais2NXZpdmc1b1VZc1FoYkNSN1NvL2xTQ1YwVVpvdzk5VnNreTFlczczcjc1UjlEVURoWFRNdVFkMG1yaFMKRXZ3bHRxRUNnWUVBMmJ1NEJ2US9jL2dUcGtxaGpGTkVrbDVJNTZBWHMxSG1hTGNRdHhnVzBSNFZuSmJtWmJrNwpVeWhnVkdDRmJsT1BRNE1Yc05lK0FzQ21wclNhdTc3VVVJMXl6aWhNR0h0UGdObEJZRXpuc1J4SXNQK0xxOE9rCld3ZzdnU2xYbGxoTTdkckdjdllTNUcvdFF3Ni92bVNXajE1ZkR3N1ZYaHgvVko0MlJrbFBmNzBDZ1lFQTdkajEKVHJRR3dFOVVwUUczM3JRRkNmWkIrazJPWU9HNzBReFZTUkc5R1M0WXRMeGJkenY5NW4ybDVaeDlVczZ6Y1NIRQpvU3lBTnhCYVd2cjRSTDZsSDBCbWNaL21KRHBQaFJoMkRsSTVXeFJNV0trL0dzTTJtZVUwYkp4YVI3WkJoUmkrCi9lSWNneEh3ZWRVY0N0QjNkZEswYkFBc3pRRHhUZFhKa3pyWlVia0NnWUVBc3hoUXFBK3lQZDdac3RnQ2g5MWEKTXhjdzJxMTVzVHQxemI1L0ZrdlBRTldCSzF1SVNqWVIwVFlOL25taVozeCtCQ2RKam1IM1htWSs3akx5YitubwoxQlYxVUpRZSs2ZzZYaDdXUXJNZmhUUmhxbzJZd29GYnFMRmQyTUU3MVdQdWExdWdEcUhRS216U2VXMGhWU2VDCkhJMmduVTh6UElVdVMxa1VCYjU1a1BVQ2dZQXJHYm02UFYxTDFCUmVvbVVUY2tQSGZseU9ZeWQ5M3VvT0E5SWcKbjVwSXlkV29Tc200WGFLdzlldnVJK0dCOC9zSWNUb1VpdC9oR3BHRkV4MlNONG5zazlyOGxDRThSMlRKbFprdgpGeTlWbGVRUDNQdVdlZkdYQ2JYcVNKc0RpNzlyd3dRNU5aUTlIQzhicE1ha0h3ckd5eHZ1eGtsWURPZXRWeVJrCkRiSDc0UUtCZ0VpMHg2aUNkUHFPL1ZEalh5MDNpbW9OT1FJYWYwbFMwUlVyWTlyZHhkaU1yUlRrQzZYUnBEZWYKd0J6WlZQUWttQVB5V0o4ZWhZQWpNc0REWEFicUZrajdRWEdFcmxkL1p2RmhsRzFUZzBJZlFaRlVzdGhpbDU2MAo1VXBFVlhDQWF0cjk5YlJaQlpJZ2hXY0VWSktRclFVTFNrdlpzSnNhOHA1NDFtdnhaenNiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
----
-# Source: cilium/templates/hubble/tls-helm/ca-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-ca-secret
- namespace: default
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUtabE5hNDlZaXIvU3ZXQTEzdkxtN2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTVRFeU1ERXdNakUxTTFvWERUSTNNVEV5TURFdwpNakUxTTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF5a3RRWlUxclNTRWZxby84eUhISXFId0VBN1ZweTQyY1BaeHE4REt4cTFQcDU5VjQKc0hSaXF5YmNFdHE4TUs1aURJS01xNDBYdGRHR2FtS3JHcW5kaldFbzJ5NUR2Rk8vUHN6NEVnZDJGYnI0THUzYwpFSlFHbDBaN2VQb0NoWWNIN01NaTJCbjRuc2twdHhIWk8rb2prL2JNS2tTT3RKeENNSDkzTG85U1RISTlqblNZCnBGMXpCeTlpZ0hVZDF4aytKRDc1Sk1ZVzBKWU9NZy9RaitnbEFmdmd1RC9hMUxmOUdlZDJxaUdKRDlxdlJZVXoKMTRHTVEvWGlJd0VVVkZVMmJYdUxvYkQrN2kyK08rRDNublp5RkcxMUJPS3B6MnpFNGdjWUJKMkFma2dTRERkbQpJN3VQdGI5RE9GNFovMEZCYXNwSnd0OVA5NXZJNUZ2WU94TWNsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRUowRm11aC9yWnY5VUgwTUpXcjMydmliWlc2TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ2ViSzErZURWV0tPZWZReitaanUwUnl0T003WU14SW8vNWZaMWtycHFCUUt1TGx0QzRucldmCkVsR1NRNU1pK0ErU3k2Z2lYVEs1SDY5MllZK0xicG9BZHIvWDM5dU9zVHpJTklGaGVpdk8vcjdQeVg0NjFmSUoKM0NyRlRuRGd6UlVYdGIxWk9VaGF3ZHJwSjg1d0s0K3VLRTR6SFc4cUNTVm1KQThBaHl0M0cxRENVOGpxTWV4bApoS0dlYlltem9XVjZDSnU2NVM1b3lvbjZsME5hckljWjZna3YzditrTmRBcUZxSTNFM1lOeWlLbXoxeTlDWmhqCldlbHFnOTFxYXNOS2ZjMzlsSHlxN1pzYXVCZzNKRzMvRFpBdzVZblVlKzFhWkFnWDZCQWs1U2kzYmQ3bU81ekQKWnVNTTM4VkFnYWNaUTh2MjNwTk90dmZnK1VhUHhsL3oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb3dJQkFBS0NBUUVBeWt0UVpVMXJTU0VmcW8vOHlISElxSHdFQTdWcHk0MmNQWnhxOERLeHExUHA1OVY0CnNIUmlxeWJjRXRxOE1LNWlESUtNcTQwWHRkR0dhbUtyR3FuZGpXRW8yeTVEdkZPL1BzejRFZ2QyRmJyNEx1M2MKRUpRR2wwWjdlUG9DaFljSDdNTWkyQm40bnNrcHR4SFpPK29qay9iTUtrU090SnhDTUg5M0xvOVNUSEk5am5TWQpwRjF6Qnk5aWdIVWQxeGsrSkQ3NUpNWVcwSllPTWcvUWorZ2xBZnZndUQvYTFMZjlHZWQycWlHSkQ5cXZSWVV6CjE0R01RL1hpSXdFVVZGVTJiWHVMb2JEKzdpMitPK0Qzbm5aeUZHMTFCT0twejJ6RTRnY1lCSjJBZmtnU0REZG0KSTd1UHRiOURPRjRaLzBGQmFzcEp3dDlQOTV2STVGdllPeE1jbFFJREFRQUJBb0lCQUdEODNPM0V3WVJOUWo1bgpURjNaMThlWHRlRUZVRlRNYnpWRzBpcVpVMzk5K3U0dzllMDd6N2FaS2ZoTU1OL3lLNFl0N1QydXBzaUFUVDZpClVjQzE0a2dQWmlRM3VUZ0l1dTlrSENlZ3RpZlMvWHlhZytEYTU1SU5zOU1ib3F2Y1FwdHNMeitHckNHTTl0Z1QKMGFBZE1MT1hKdW00OXVaMjZIRVNHOVVSMS9aWUVPZ1JkZmNoT2U5K2g0eHZIenJ0SkhwTnNMZTRQQ2g5NnNLbgozZ2VpK1VjQzZCWVdoR3ByLzArR2xLMjN6VWtIalowTGUwSHJ6QkxiZnVVNHlJQkIzS2ZhaXgwYTNnbDV1N2VxCjFFais2NXZpdmc1b1VZc1FoYkNSN1NvL2xTQ1YwVVpvdzk5VnNreTFlczczcjc1UjlEVURoWFRNdVFkMG1yaFMKRXZ3bHRxRUNnWUVBMmJ1NEJ2US9jL2dUcGtxaGpGTkVrbDVJNTZBWHMxSG1hTGNRdHhnVzBSNFZuSmJtWmJrNwpVeWhnVkdDRmJsT1BRNE1Yc05lK0FzQ21wclNhdTc3VVVJMXl6aWhNR0h0UGdObEJZRXpuc1J4SXNQK0xxOE9rCld3ZzdnU2xYbGxoTTdkckdjdllTNUcvdFF3Ni92bVNXajE1ZkR3N1ZYaHgvVko0MlJrbFBmNzBDZ1lFQTdkajEKVHJRR3dFOVVwUUczM3JRRkNmWkIrazJPWU9HNzBReFZTUkc5R1M0WXRMeGJkenY5NW4ybDVaeDlVczZ6Y1NIRQpvU3lBTnhCYVd2cjRSTDZsSDBCbWNaL21KRHBQaFJoMkRsSTVXeFJNV0trL0dzTTJtZVUwYkp4YVI3WkJoUmkrCi9lSWNneEh3ZWRVY0N0QjNkZEswYkFBc3pRRHhUZFhKa3pyWlVia0NnWUVBc3hoUXFBK3lQZDdac3RnQ2g5MWEKTXhjdzJxMTVzVHQxemI1L0ZrdlBRTldCSzF1SVNqWVIwVFlOL25taVozeCtCQ2RKam1IM1htWSs3akx5YitubwoxQlYxVUpRZSs2ZzZYaDdXUXJNZmhUUmhxbzJZd29GYnFMRmQyTUU3MVdQdWExdWdEcUhRS216U2VXMGhWU2VDCkhJMmduVTh6UElVdVMxa1VCYjU1a1BVQ2dZQXJHYm02UFYxTDFCUmVvbVVUY2tQSGZseU9ZeWQ5M3VvT0E5SWcKbjVwSXlkV29Tc200WGFLdzlldnVJK0dCOC9zSWNUb1VpdC9oR3BHRkV4MlNONG5zazlyOGxDRThSMlRKbFprdgpGeTlWbGVRUDNQdVdlZkdYQ2JYcVNKc0RpNzlyd3dRNU5aUTlIQzhicE1ha0h3ckd5eHZ1eGtsWURPZXRWeVJrCkRiSDc0UUtCZ0VpMHg2aUNkUHFPL1ZEalh5MDNpbW9OT1FJYWYwbFMwUlVyWTlyZHhkaU1yUlRrQzZYUnBEZWYKd0J6WlZQUWttQVB5V0o4ZWhZQWpNc0REWEFicUZrajdRWEdFcmxkL1p2RmhsRzFUZzBJZlFaRlVzdGhpbDU2MAo1VXBFVlhDQWF0cjk5YlJaQlpJZ2hXY0VWSktRclFVTFNrdlpzSnNhOHA1NDFtdnhaenNiCi0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
----
-# Source: cilium/templates/hubble/tls-helm/relay-client-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-relay-client-certs
- namespace: default
-type: kubernetes.io/tls
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUtabE5hNDlZaXIvU3ZXQTEzdkxtN2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTVRFeU1ERXdNakUxTTFvWERUSTNNVEV5TURFdwpNakUxTTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF5a3RRWlUxclNTRWZxby84eUhISXFId0VBN1ZweTQyY1BaeHE4REt4cTFQcDU5VjQKc0hSaXF5YmNFdHE4TUs1aURJS01xNDBYdGRHR2FtS3JHcW5kaldFbzJ5NUR2Rk8vUHN6NEVnZDJGYnI0THUzYwpFSlFHbDBaN2VQb0NoWWNIN01NaTJCbjRuc2twdHhIWk8rb2prL2JNS2tTT3RKeENNSDkzTG85U1RISTlqblNZCnBGMXpCeTlpZ0hVZDF4aytKRDc1Sk1ZVzBKWU9NZy9RaitnbEFmdmd1RC9hMUxmOUdlZDJxaUdKRDlxdlJZVXoKMTRHTVEvWGlJd0VVVkZVMmJYdUxvYkQrN2kyK08rRDNublp5RkcxMUJPS3B6MnpFNGdjWUJKMkFma2dTRERkbQpJN3VQdGI5RE9GNFovMEZCYXNwSnd0OVA5NXZJNUZ2WU94TWNsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRUowRm11aC9yWnY5VUgwTUpXcjMydmliWlc2TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ2ViSzErZURWV0tPZWZReitaanUwUnl0T003WU14SW8vNWZaMWtycHFCUUt1TGx0QzRucldmCkVsR1NRNU1pK0ErU3k2Z2lYVEs1SDY5MllZK0xicG9BZHIvWDM5dU9zVHpJTklGaGVpdk8vcjdQeVg0NjFmSUoKM0NyRlRuRGd6UlVYdGIxWk9VaGF3ZHJwSjg1d0s0K3VLRTR6SFc4cUNTVm1KQThBaHl0M0cxRENVOGpxTWV4bApoS0dlYlltem9XVjZDSnU2NVM1b3lvbjZsME5hckljWjZna3YzditrTmRBcUZxSTNFM1lOeWlLbXoxeTlDWmhqCldlbHFnOTFxYXNOS2ZjMzlsSHlxN1pzYXVCZzNKRzMvRFpBdzVZblVlKzFhWkFnWDZCQWs1U2kzYmQ3bU81ekQKWnVNTTM4VkFnYWNaUTh2MjNwTk90dmZnK1VhUHhsL3oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpDZ0F3SUJBZ0lRTGt2ZDlZaWFINDc0TTVVUmlHN3VmVEFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TVRJd01UQXlNVFUwV2hjTk1qY3hNVEl3TVRBeQpNVFUwV2pBak1TRXdId1lEVlFRRERCZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFEU0JHSDh0V2dEbWJIRWd0cUxZdUF3WmlVd1B5TzIKUEt0YURQQXk1eGt6bEpLYUIvR29ZN1J5TnN6bHNaRXV3ZHlSQlVSUzN4czJCeUhRRUdzTExpTUNoZFBUU1lNeAowMkhUUFlnZHY2cVNIbzZmeXdZL2FxOUkvU2VQVVBneWdHTlp2ekFYV0ZxUzE2S1BUTXhOM1FjbklZRlJpbUFFCjRUYU1hajlvY3lUaitkQnVFQkdHb1VZMS8zanBNVXZQeXVNMTg3UjZ6eFFxQURybzd4VUtJRno3WW9peUNIMysKTmFrc0RRc0lDTUpRREZPc3B4V09uRm5SUDZKQkE3djBVdHJvTmFkQTVGUnZ4THdoZWNpV0cwNnpRUjkxMW1hWgprSkJJdWhwbnhlZDB5VzVzL1FxalhLNHYwUTZ2d3pNdW9PbkFPOHFUNGRseXlNZHZ2SVhEZ0t5L0FnTUJBQUdqCmdZWXdnWU13RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZFSjBGbXVoL3JadjlVSDBNSldyMzJ2aQpiWlc2TUNNR0ExVWRFUVFjTUJxQ0dDb3VhSFZpWW14bExYSmxiR0Y1TG1OcGJHbDFiUzVwYnpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFDM3E5WHpkU3VjTWRvdFBMMHdkZDBUekJ5MEFCODJhdlNlNFZGUDd6R09tazlvc0cKMVQrc2UzckQ4V1JIdUNxUHJ4K1NsV0RISjlIbUgrN3RYUzNrb1BnOXdUQzMzQkpDekhrZ2ExRUVBc0pUN1JhcQp3QURkdTB2ZVNocFQxL28zRkRXU0QyNGhKWmJwanpVQjJVOEpNZFpBL0VoS3ArQlVmMHVlQlpzUkZXRkdiWTg2CmlJQm5LazA0SDJFRHg1MFZyUzJHa0wxWXI3Y05naFRQREFlM3RqSmxwMXpCYVQ1REtpOW1qT2J6UlZ6V3pPQUIKczc0dTR4M2JGSTVWUzhYeWZZL20zZGVKdWxkMWNJNWdFYTdDK29QOXdZNWFuZ3BmTkdmZDd1cGZHaFBGMEVYNgpTQnhjMW1JM0wvZDRPQnErZnJUNHFWU3ZiQUVEN1c2VVkzTVI2dz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBMGdSaC9MVm9BNW14eElMYWkyTGdNR1lsTUQ4anRqeXJXZ3p3TXVjWk01U1NtZ2Z4CnFHTzBjamJNNWJHUkxzSGNrUVZFVXQ4Yk5nY2gwQkJyQ3k0akFvWFQwMG1ETWROaDB6MklIYitxa2g2T244c0cKUDJxdlNQMG5qMUQ0TW9CaldiOHdGMWhha3RlaWowek1UZDBISnlHQlVZcGdCT0UyakdvL2FITWs0L25RYmhBUgpocUZHTmY5NDZURkx6OHJqTmZPMGVzOFVLZ0E2Nk84VkNpQmMrMktJc2doOS9qV3BMQTBMQ0FqQ1VBeFRyS2NWCmpweFowVCtpUVFPNzlGTGE2RFduUU9SVWI4UzhJWG5JbGh0T3MwRWZkZFptbVpDUVNMb2FaOFhuZE1sdWJQMEsKbzF5dUw5RU9yOE16THFEcHdEdktrK0haY3NqSGI3eUZ3NENzdndJREFRQUJBb0lCQVFDNHcrUlZDRi9HOHh1RApNRUFHNnVramkybmlSVm9zeExsWGt4UnJKQWQyNnBvRGEwTytpbUZCTGxjYktSbjZVZEd6d0RkNDFSSENlWW5VCjIremd2Q2xPMmVBZS9ZaXZlREdUUDRvVjZmNnRhTGEvZkVVMTI2ejBnTXVoK1hFeU5PT3pIRkc1NkNCZkdkakoKUzU1ZVRqc3h3UGRkZm1pMVFsSFVQTkVtR2s3MVJNUFNKN1ZycjdJejZrRGd5M1dtN2hPUnEvZklxYWdqcGpqawpxdnFKZjFSMUZGaUUxdm5teVhKOStjSmNnMTFtUnFuOVhBM2tuUmFyZEkwa3p1Q0tYc1AxZG45Vnlzb21yUVlaClExWDRBU0ZGTGxPQ2ZXcUZhTllCSFlRRGJWRkRkMUh6NEI3RUNidytXTlhkU0kyWGRJSDdnaktPeDR4YnJWVjMKWWQ1VmhJdFpBb0dCQU5OMWIwVU9Pc3NEVUIwS1hxVi9pclZ1Y1cyTjlnaVNTZm90bzZ5MFRmc2NEY1ZJeWlkdwp0WXhuc29hWEROMk9nSVJLWS9uM21lRXZZMkw5VGk0ZXExMGQ2WDNEeW9SaGVtRzB6Wm5sWkdHekNEMkNrekxmCkdFS2JDSzZBRUZBVHAyYm96aXNNcnB2UzF0c1JjdVlpcWxncU0xcjFHTTZSc3ZMZEV3aHIwN1lMQW9HQkFQNUIKTmpNTkxuUG1lREV4UW9CZCtMNjlQYm1mU1gyTjFlei9SL3UrS0wzUzh0eXJjNHRiKzhNWktwT2R3Uk9kRFpaUApzclkyTUtNNlNtM0RkNVVzUXJKQjNiVXoxSitvUG5XV1k2NEZRdldXSjlhdzYycnpPSmlDNWNUbHRiaXhyNmtpCklQSlE1d0ExSEJyY002SFNFYU5EQjZRVmdMKzlRRUVoQTFiNWF4aWRBb0dBYTR0WFd1U2d6QzFVS21EaXdBTDgKMWNkazB0WVhZa2FjYnl1VkNibnR5eDk2ZFhMT3RYNWlKeFY2TzI5Sk1NbFAzWGhFSHBacDRaZ0xVUVlKSS9XZgpLODJSdWMvQkNORFd3Q2lIUkpUaEY3dEpIcGR4SzdkQkRHYnk1R1RuWndLSDZoUE8veUFGRWVVS053SkowSGVpCjhSSU5hbDRyRHF3Vk9lVnJ6NldmVi84Q2dZQWcwekI1Sk5HRGV4UzNYU0cxeXV3TFRBbEZCckNKT2grTlNtUHoKdDFneE1hUFRJM3QyV1hqR2RtQk4wSWNWemlmcjZQd3NsQkJ4Y2x3YmthbkZvNEkwMjFZUlI5RENrQWtJUzFNeApLMUs2dkJrR21hNjdEdzJXZXdmSkJOTVNOalowZ29oNFlFT0NmbGpUaXV4TGp3Qmg4SXh5L2FleW1XOUxPVVRpCkhLOWI3UUtCZ1FES3RiM1VHTUxOVVhRSmVIS1VOR2RZUkh4VUhRUDQwR2RROGl1a213bFk1SFBaYW9VckNLUGcKMVdWWUN1Ynl4WWIxQk1xZUlGSXduRHRQNGVsQ05iU0ZPUm5PT2xrQW9iT1MzdklFYVM5MlFxMDMyQ2hlT1k3OAp4MmpnbmJRenF2c0V3M0QxQUxmazA3WjcwUGNqRTJSaGwvZzdDL2FMSUI1SG9tZlRuSXlhN1E9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
----
-# Source: cilium/templates/hubble/tls-helm/server-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-server-certs
- namespace: default
-type: kubernetes.io/tls
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURGRENDQWZ5Z0F3SUJBZ0lSQUtabE5hNDlZaXIvU3ZXQTEzdkxtN2t3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTVRFeU1ERXdNakUxTTFvWERUSTNNVEV5TURFdwpNakUxTTFvd0ZERVNNQkFHQTFVRUF4TUpRMmxzYVhWdElFTkJNSUlCSWpBTkJna3Foa2lHOXcwQkFRRUZBQU9DCkFROEFNSUlCQ2dLQ0FRRUF5a3RRWlUxclNTRWZxby84eUhISXFId0VBN1ZweTQyY1BaeHE4REt4cTFQcDU5VjQKc0hSaXF5YmNFdHE4TUs1aURJS01xNDBYdGRHR2FtS3JHcW5kaldFbzJ5NUR2Rk8vUHN6NEVnZDJGYnI0THUzYwpFSlFHbDBaN2VQb0NoWWNIN01NaTJCbjRuc2twdHhIWk8rb2prL2JNS2tTT3RKeENNSDkzTG85U1RISTlqblNZCnBGMXpCeTlpZ0hVZDF4aytKRDc1Sk1ZVzBKWU9NZy9RaitnbEFmdmd1RC9hMUxmOUdlZDJxaUdKRDlxdlJZVXoKMTRHTVEvWGlJd0VVVkZVMmJYdUxvYkQrN2kyK08rRDNublp5RkcxMUJPS3B6MnpFNGdjWUJKMkFma2dTRERkbQpJN3VQdGI5RE9GNFovMEZCYXNwSnd0OVA5NXZJNUZ2WU94TWNsUUlEQVFBQm8yRXdYekFPQmdOVkhROEJBZjhFCkJBTUNBcVF3SFFZRFZSMGxCQll3RkFZSUt3WUJCUVVIQXdFR0NDc0dBUVVGQndNQ01BOEdBMVVkRXdFQi93UUYKTUFNQkFmOHdIUVlEVlIwT0JCWUVGRUowRm11aC9yWnY5VUgwTUpXcjMydmliWlc2TUEwR0NTcUdTSWIzRFFFQgpDd1VBQTRJQkFRQ2ViSzErZURWV0tPZWZReitaanUwUnl0T003WU14SW8vNWZaMWtycHFCUUt1TGx0QzRucldmCkVsR1NRNU1pK0ErU3k2Z2lYVEs1SDY5MllZK0xicG9BZHIvWDM5dU9zVHpJTklGaGVpdk8vcjdQeVg0NjFmSUoKM0NyRlRuRGd6UlVYdGIxWk9VaGF3ZHJwSjg1d0s0K3VLRTR6SFc4cUNTVm1KQThBaHl0M0cxRENVOGpxTWV4bApoS0dlYlltem9XVjZDSnU2NVM1b3lvbjZsME5hckljWjZna3YzditrTmRBcUZxSTNFM1lOeWlLbXoxeTlDWmhqCldlbHFnOTFxYXNOS2ZjMzlsSHlxN1pzYXVCZzNKRzMvRFpBdzVZblVlKzFhWkFnWDZCQWs1U2kzYmQ3bU81ekQKWnVNTTM4VkFnYWNaUTh2MjNwTk90dmZnK1VhUHhsL3oKLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaekNDQWsrZ0F3SUJBZ0lSQUtxQ0RpZ3dpNkFLMmplYUtCcitFSzh3RFFZSktvWklodmNOQVFFTEJRQXcKRkRFU01CQUdBMVVFQXhNSlEybHNhWFZ0SUVOQk1CNFhEVEkwTVRFeU1ERXdNakUxTkZvWERUSTNNVEV5TURFdwpNakUxTkZvd01qRXdNQzRHQTFVRUF3d25LaTRrZTBOTVZWTlVSVkpmVGtGTlJYMHVhSFZpWW14bExXZHljR011ClkybHNhWFZ0TG1sdk1JSUJJakFOQmdrcWhraUc5dzBCQVFFRkFBT0NBUThBTUlJQkNnS0NBUUVBcVRDMUFYVk8KN2NrUGg3alAwdnRQU0FaTjA3UUlRQ2UyekVuRW1jQ3BCRjV3bkhOYWhGVHJ6VDJ3SVlyUUVDRSthSHh1UTdCcQo1OFRRbXk3SiswK0JNZEZUSEl1Z0FxUzU5c0Ywd3RsOVpHZHYzek9xbDNYOGx2SnU5OUp2UjR0dERpRk5JRU9ECnFhWXpZUWZVTDhlV2F3dEVXSDdUVFBPNldqSmNtd0QrKzEwWjNRVWJCaTJzVWs3VWRWMmdHSFUydEU5ODZVRjAKMFdCdUJvT2R2eit0WGowNjduZTF6bElWSnpDSStxYVFSMVhpSFdrK0NWdmoxcjY0MmsxVk8wdlBaWUgvbVdocApmWjhiVW1JUEVZTEhYZVpHUFNtWmtEdlV3MnFOWm5pcE1pMUhVM05obXRmYzFXZXhJcVJXUm9IZExJbkpiRTZjClZiVnVjems2WHdOSkh3SURBUUFCbzRHVk1JR1NNQTRHQTFVZER3RUIvd1FFQXdJRm9EQWRCZ05WSFNVRUZqQVUKQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0RBWURWUjBUQVFIL0JBSXdBREFmQmdOVkhTTUVHREFXZ0JSQwpkQlpyb2Y2MmIvVkI5RENWcTk5cjRtMlZ1akF5QmdOVkhSRUVLekFwZ2ljcUxpUjdRMHhWVTFSRlVsOU9RVTFGCmZTNW9kV0ppYkdVdFozSndZeTVqYVd4cGRXMHVhVzh3RFFZSktvWklodmNOQVFFTEJRQURnZ0VCQUh4MWFOQ3UKTDlJUUhNVkVpZk51ZVh0a2JVdHF2SWlvL3pvZ0UyaWpzQzRxMThZMkg0dHljTmg3Z0ZqdHZmWHpaT3A3ZE5KYwpzZElrVEhCRzNmVXV3eDEzdERZWXFETGRKSS9PNzlJZ256L0YrWmFEaVAwRDlJcXpVUXVobncrOE5OOHFXamtvClpRdXd1V0hEWEU5dmRVaVRrYlJKdSs5eThwWkFRekQxSU85aTcza0JPZGtJSWtZR1JmRTM3di9nMFFyZnNZSTgKZzhXMHA5WDNrb0tMblJBOVU5TE0yVFlicTh4QndIRGxWNHFkL1J2WFZZNVJCTE5wRmNuMUJ5VFJNUlpJSjJlbwpLZkF1c2lRSGg2VjNyL1JBYy9ra2xSVXgvRTQ0OGVxQzBMYUxVQmFkbkRkSUZVRU1EcmJqS3pIZUI1Nm8xcUNhCmJRQ1FRTFBqTlRRTW9rYz0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBcVRDMUFYVk83Y2tQaDdqUDB2dFBTQVpOMDdRSVFDZTJ6RW5FbWNDcEJGNXduSE5hCmhGVHJ6VDJ3SVlyUUVDRSthSHh1UTdCcTU4VFFteTdKKzArQk1kRlRISXVnQXFTNTlzRjB3dGw5WkdkdjN6T3EKbDNYOGx2SnU5OUp2UjR0dERpRk5JRU9EcWFZellRZlVMOGVXYXd0RVdIN1RUUE82V2pKY213RCsrMTBaM1FVYgpCaTJzVWs3VWRWMmdHSFUydEU5ODZVRjAwV0J1Qm9PZHZ6K3RYajA2N25lMXpsSVZKekNJK3FhUVIxWGlIV2srCkNWdmoxcjY0MmsxVk8wdlBaWUgvbVdocGZaOGJVbUlQRVlMSFhlWkdQU21aa0R2VXcycU5abmlwTWkxSFUzTmgKbXRmYzFXZXhJcVJXUm9IZExJbkpiRTZjVmJWdWN6azZYd05KSHdJREFRQUJBb0lCQUFjVmV2NnNvcmxpQ2J4dApDSWFVN3lUYzNyVldmR0h6Ujd3VitwMVZhNzQ3Rmd2MjZIdFI4dTJNLzZybjNQNVA1Z1VKOExQMDF3VU5RSTYrCnpzWXU5Z0hYK2RyZ0hicittcXF5UHVsSm9lNXFSa3phSlBKaWhranJyYW5DcmRZWkNGL25GUXVjeUE1Nlh2eFoKRDVGUWtnTzVYUXMzaERGY294alRzdnpxZGNLZ2VkODFvU2VvdkgxOGdXU2p1UEEwYUphays2K1lWaVY5VEtwZwpuMCtHaFUvcHFoSkhONUxWd3RwaUFPbDMzS29UNTF0T0NDa1d2RHl2c0hnbTdTbCsxbWp1Q0FmcUMyMXJyRDZCCi92RTFHNFdiTTN1WjA0c2o4ZmxJekpXRHhrU25Sa2c2WkloRzZvdlhjSVRIbjlEUWQzeGdUcVNUNUJ3WHY3enYKRm9aL3hzRUNnWUVBejJGb0hrakFlWXZ3YXk3eXpRdkhhN1ZDR1JBdlpwZFJjaFRJZTBERmFnZCt5R0xIVm50QQpUSWxKTXdTTDUrVGJEa2l5ODY5RjQvak5ZQVZCR2Y2Uzkya0I4WkZNNm4vL1NNalVRK04wVzA3RDRxSytUNXJJCnpaNTM2Q2lVcXhJNGFDSGtYYjFRazNjREMyYlJpaDFtSVVPOGtzSVQxeHd6VGFqUzF6MC9ZdlVDZ1lFQTBOc3gKZW1GeXlEWTZzTkdDTC9wRWU1a0hNNmR2ajR5VklJdTd1VDUrU2pQQ3ZZOU03eTRBRmpsd1c1dTVEek5vQ09WZwpJdUNJY1A1cWhhRGIrQWFjZmJMeGFVZGFuK0ZZdzJnaHoxdnoyOEpnK3ptazFvNS8vRFViNU5iY0xScjJGemQzCmJ4ZHNKNGFDMTFpTGR3ajlHdjI0Q0s1NHAxODJZNGFYVXUvcTkwTUNnWUVBcDNUSVZtdjR3QzAzM2RUelNvK1EKWUhEbEJzZ0MvcHlCcjlVSWJqNUhLdThTZVUwS0dkTThnSkQ3QXE5UktkZXE2MFhZK3QwMVduaTFuaXVmL2hXTApKeTByM0p5dnQwdlVJRG5LN1dibHRqVk1COTNTUHdXRjBFTitINEZsU3g1VFhnTEFITkdhRnZtckE3SHEwZFFiCmZCRHVYTE5Ld2hDTGZOSXVMby9PZDJFQ2dZQVJCSXMzaVpFc3R4NTVJZGtWeDdLa3o0ZENzalhvNEcrV1EweDgKZjVjU3ZMejFiU083cVdmZ1o3VzhBU2hIRU0wOVRGTlZCQzZaNW1FUG1sZlNFZGZXZGlvdGhkN2dnQ0FYYS9pMQpTS3pLRDBDUHQ5YXlsTkhnM3dMeTFuOENQZHduY0NHUEw3MWtTeFdHTG5UT3NqRE5iamI4bmhxK3FJZHAvS0YvCjVJU2t1UUtCZ1FDdll3eFczUUVjaitTR3MxVzNDTW1JbktoaGhia1RJM2FhdlY1eXRreFArRjF4TXBSN2VZUDMKYVBVUjltTVVSWWJFM3VQVjJocGFtbzhQRDdQTUlSc3hXcHhjN0JFT1FYM3BPQjRPMWFySXlBSGl6L1hJYmdyWQpld1BKbGFBQ3h5bVpJUjZjNzdqL1dPVGJwcXFTSkp5eVBneTNhQWRZMTZ3czhxVVlzN3NuRnc9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
----
-# Source: cilium/templates/cilium-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cilium-config
- namespace: default
-data:
- # Identity allocation mode selects how identities are shared between cilium
- # nodes by setting how they are stored. The options are "crd" or "kvstore".
- # - "crd" stores identities in kubernetes as CRDs (custom resource definition).
- # These can be queried with:
- # kubectl get ciliumid
- # - "kvstore" stores identities in an etcd kvstore, that is
- # configured below. Cilium versions before 1.6 supported only the kvstore
- # backend. Upgrades from these older cilium versions should continue using
- # the kvstore by commenting out the identity-allocation-mode below, or
- # setting it to "kvstore".
- identity-allocation-mode: crd
- cilium-endpoint-gc-interval: "5m0s"
- nodes-gc-interval: "5m0s"
- # Disable the usage of CiliumEndpoint CRD
- disable-endpoint-crd: "false"
- # If you want to run cilium in debug mode change this value to true
- debug: "false"
- # The agent can be put into the following three policy enforcement modes
- # default, always and never.
- # https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes
- enable-policy: "default"
- # Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4
- # address.
- enable-ipv4: "true"
- # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
- # address.
- enable-ipv6: "false"
- # Users who wish to specify their own custom CNI configuration file must set
- # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
- custom-cni-conf: "false"
- enable-bpf-clock-probe: "true"
- # If you want cilium monitor to aggregate tracing for packets, set this level
- # to "low", "medium", or "maximum". The higher the level, the less packets
- # that will be seen in monitor output.
- monitor-aggregation: medium
- # The monitor aggregation interval governs the typical time between monitor
- # notification events for each allowed connection.
- #
- # Only effective when monitor aggregation is set to "medium" or higher.
- monitor-aggregation-interval: 5s
- # The monitor aggregation flags determine which TCP flags which, upon the
- # first observation, cause monitor notifications to be generated.
- #
- # Only effective when monitor aggregation is set to "medium" or higher.
- monitor-aggregation-flags: all
- # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic
- # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps.
- bpf-map-dynamic-size-ratio: "0.0025"
- # bpf-policy-map-max specifies the maximum number of entries in endpoint
- # policy map (per endpoint)
- bpf-policy-map-max: "16384"
- # bpf-lb-map-max specifies the maximum number of entries in bpf lb service,
- # backend and affinity maps.
- bpf-lb-map-max: "65536"
- # bpf-lb-bypass-fib-lookup instructs Cilium to enable the FIB lookup bypass
- # optimization for nodeport reverse NAT handling.
- bpf-lb-external-clusterip: "false"
- # Pre-allocation of map entries allows per-packet latency to be reduced, at
- # the expense of up-front memory allocation for the entries in the maps. The
- # default value below will minimize memory usage in the default installation;
- # users who are sensitive to latency may consider setting this to "true".
- #
- # This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore
- # this option and behave as though it is set to "true".
- #
- # If this value is modified, then during the next Cilium startup the restore
- # of existing endpoints and tracking of ongoing connections may be disrupted.
- # As a result, reply packets may be dropped and the load-balancing decisions
- # for established connections may change.
- #
- # If this option is set to "false" during an upgrade from 1.3 or earlier to
- # 1.4 or later, then it may cause one-time disruptions during the upgrade.
- preallocate-bpf-maps: "false"
- # Regular expression matching compatible Istio sidecar istio-proxy
- # container image names
- sidecar-istio-proxy-image: "cilium/istio_proxy"
- # Name of the cluster. Only relevant when building a mesh of clusters.
- cluster-name: ${CLUSTER_NAME}
- # Unique ID of the cluster. Must be unique across all conneted clusters and
- # in the range of 1 and 255. Only relevant when building a mesh of clusters.
- cluster-id: "${CLUSTER_ID}"
- # Encapsulation mode for communication between nodes
- # Possible values:
- # - disabled
- # - vxlan (default)
- # - geneve
- tunnel: "disabled"
- # Enables L7 proxy for L7 policy enforcement and visibility
- enable-l7-proxy: "true"
- enable-ipv4-masquerade: "true"
- enable-ipv6-masquerade: "true"
- enable-xt-socket-fallback: "true"
- install-iptables-rules: "true"
- install-no-conntrack-iptables-rules: "false"
- auto-direct-node-routes: "true"
- enable-local-redirect-policy: "true"
- ipv4-native-routing-cidr: ${NETWORK_K8S_CLUSTER_CIDR}
- kube-proxy-replacement: "strict"
- kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"
- bpf-lb-sock: "false"
- enable-health-check-nodeport: "true"
- node-port-bind-protection: "true"
- enable-auto-protect-node-port-range: "true"
- bpf-lb-mode: "dsr"
- bpf-lb-algorithm: "maglev"
- enable-svc-source-range-check: "true"
- enable-l2-neigh-discovery: "true"
- arping-refresh-period: "30s"
- enable-endpoint-routes: "true"
- enable-endpoint-health-checking: "true"
- enable-health-checking: "true"
- enable-well-known-identities: "false"
- enable-remote-node-identity: "true"
- synchronize-k8s-nodes: "true"
- operator-api-serve-addr: "127.0.0.1:9234"
- # Enable Hubble gRPC service.
- enable-hubble: "true"
- # UNIX domain socket for Hubble server to listen to.
- hubble-socket-path: "/var/run/cilium/hubble.sock"
- # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
- # field is not set.
- hubble-metrics-server: ":9965"
- # A space separated list of metrics to enable. See [0] for available metrics.
- #
- # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
- hubble-metrics: dns:query;ignoreAAAA drop tcp flow port-distribution icmp http
- # An additional address for Hubble server to listen to (e.g. ":4244").
- hubble-listen-address: ":4244"
- hubble-disable-tls: "false"
- hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
- hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
- hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
- ipam: "kubernetes"
- disable-cnp-status-updates: "true"
- enable-vtep: "false"
- vtep-endpoint: ""
- vtep-cidr: ""
- vtep-mask: ""
- vtep-mac: ""
- bgp-announce-lb-ip: "true"
- enable-bgp-control-plane: "false"
- bpf-root: "/sys/fs/bpf"
- cgroup-root: "/run/cilium/cgroupv2"
- enable-k8s-terminating-endpoint: "true"
- remove-cilium-node-taints: "true"
- set-cilium-is-up-condition: "true"
- unmanaged-pod-watcher-interval: "15"
- tofqdns-dns-reject-response-code: "refused"
- tofqdns-enable-dns-compression: "true"
- tofqdns-endpoint-max-ip-per-hostname: "50"
- tofqdns-idle-connection-grace-period: "0s"
- tofqdns-max-deferred-connection-deletes: "10000"
- tofqdns-min-ttl: "3600"
- tofqdns-proxy-response-max-delay: "100ms"
- agent-not-ready-taint-key: "node.cilium.io/agent-not-ready"
----
-# Source: cilium/templates/hubble-relay/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: hubble-relay-config
- namespace: default
-data:
- config.yaml: "cluster-name: ${CLUSTER_NAME}\npeer-service: \"hubble-peer.default.svc.cluster.local:443\"\nlisten-address: :4245\ndial-timeout: \nretry-timeout: \nsort-buffer-len-max: \nsort-buffer-drain-timeout: \ntls-client-cert-file: /var/lib/hubble-relay/tls/client.crt\ntls-client-key-file: /var/lib/hubble-relay/tls/client.key\ntls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\ndisable-server-tls: true\n"
----
-# Source: cilium/templates/hubble-ui/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: hubble-ui-nginx
- namespace: default
-data:
- nginx.conf: "server {\n listen 8081;\n listen [::]:8081;\n server_name localhost;\n root /app;\n index index.html;\n client_max_body_size 1G;\n\n location / {\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n\n # CORS\n add_header Access-Control-Allow-Methods \"GET, POST, PUT, HEAD, DELETE, OPTIONS\";\n add_header Access-Control-Allow-Origin *;\n add_header Access-Control-Max-Age 1728000;\n add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;\n add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;\n if ($request_method = OPTIONS) {\n return 204;\n }\n # /CORS\n\n location /api {\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_hide_header Access-Control-Allow-Origin;\n proxy_pass http://127.0.0.1:8090;\n }\n\n location / {\n try_files $uri $uri/ /index.html;\n }\n }\n}"
----
-# Source: cilium/templates/cilium-agent/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cilium
-rules:
- - apiGroups:
- - networking.k8s.io
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - namespaces
- - services
- - pods
- - endpoints
- - nodes
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - list
- - watch
- # This is used when validating policies in preflight. This will need to stay
- # until we figure out how to avoid "get" inside the preflight, and then
- # should be removed ideally.
- - get
- - apiGroups:
- - cilium.io
- resources:
- - ciliumbgploadbalancerippools
- - ciliumbgppeeringpolicies
- - ciliumclusterwideenvoyconfigs
- - ciliumclusterwidenetworkpolicies
- - ciliumegressgatewaypolicies
- - ciliumegressnatpolicies
- - ciliumendpoints
- - ciliumendpointslices
- - ciliumenvoyconfigs
- - ciliumidentities
- - ciliumlocalredirectpolicies
- - ciliumnetworkpolicies
- - ciliumnodes
- verbs:
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumidentities
- - ciliumendpoints
- - ciliumnodes
- verbs:
- - create
- - apiGroups:
- - cilium.io
- # To synchronize garbage collection of such resources
- resources:
- - ciliumidentities
- verbs:
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpoints
- verbs:
- - delete
- - get
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes
- - ciliumnodes/status
- verbs:
- - get
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies/status
- - ciliumclusterwidenetworkpolicies/status
- - ciliumendpoints/status
- - ciliumendpoints
- verbs:
- - patch
----
-# Source: cilium/templates/cilium-operator/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cilium-operator
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
- # to automatically delete [core|kube]dns pods so that are starting to being
- # managed by Cilium
- - delete
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # To remove node taints
- - nodes
- # To set NetworkUnavailable false on startup
- - nodes/status
- verbs:
- - patch
- - apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # to perform LB IP allocation for BGP
- - services/status
- verbs:
- - update
- - apiGroups:
- - ""
- resources:
- # to check apiserver connectivity
- - namespaces
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # to perform the translation of a CNP that contains `ToGroup` to its endpoints
- - services
- - endpoints
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies
- - ciliumclusterwidenetworkpolicies
- verbs:
- # Create auto-generated CNPs and CCNPs from Policies that have 'toGroups'
- - create
- - update
- - deletecollection
- # To update the status of the CNPs and CCNPs
- - patch
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies/status
- - ciliumclusterwidenetworkpolicies/status
- verbs:
- # Update the auto-generated CNPs and CCNPs status.
- - patch
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpoints
- - ciliumidentities
- verbs:
- # To perform garbage collection of such resources
- - delete
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumidentities
- verbs:
- # To synchronize garbage collection of such resources
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes
- verbs:
- - create
- - update
- - get
- - list
- - watch
- # To perform CiliumNode garbage collector
- - delete
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes/status
- verbs:
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpointslices
- - ciliumenvoyconfigs
- verbs:
- - create
- - update
- - get
- - list
- - watch
- - delete
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - create
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - update
- resourceNames:
- - ciliumbgploadbalancerippools.cilium.io
- - ciliumbgppeeringpolicies.cilium.io
- - ciliumclusterwideenvoyconfigs.cilium.io
- - ciliumclusterwidenetworkpolicies.cilium.io
- - ciliumegressgatewaypolicies.cilium.io
- - ciliumegressnatpolicies.cilium.io
- - ciliumendpoints.cilium.io
- - ciliumendpointslices.cilium.io
- - ciliumenvoyconfigs.cilium.io
- - ciliumexternalworkloads.cilium.io
- - ciliumidentities.cilium.io
- - ciliumlocalredirectpolicies.cilium.io
- - ciliumnetworkpolicies.cilium.io
- - ciliumnodes.cilium.io
- # For cilium-operator running in HA mode.
- #
- # Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
- # between multiple running instances.
- # The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
- # common and fewer objects in the cluster watch "all Leases".
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - create
- - get
- - update
----
-# Source: cilium/templates/hubble-ui/clusterrole.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: hubble-ui
-rules:
- - apiGroups:
- - networking.k8s.io
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - componentstatuses
- - endpoints
- - namespaces
- - nodes
- - pods
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - "*"
- verbs:
- - get
- - list
- - watch
----
-# Source: cilium/templates/cilium-agent/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: cilium
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cilium
-subjects:
- - kind: ServiceAccount
- name: "cilium"
- namespace: default
----
-# Source: cilium/templates/cilium-operator/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: cilium-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cilium-operator
-subjects:
- - kind: ServiceAccount
- name: "cilium-operator"
- namespace: default
----
-# Source: cilium/templates/hubble-ui/clusterrolebinding.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: hubble-ui
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: hubble-ui
-subjects:
- - kind: ServiceAccount
- name: "hubble-ui"
- namespace: default
----
-# Source: cilium/templates/hubble-relay/service.yaml
-kind: Service
-apiVersion: v1
-metadata:
- name: hubble-relay
- namespace: default
- labels:
- k8s-app: hubble-relay
-spec:
- type: "ClusterIP"
- selector:
- k8s-app: hubble-relay
- ports:
- - protocol: TCP
- port: 80
- targetPort: 4245
----
-# Source: cilium/templates/hubble-ui/service.yaml
-kind: Service
-apiVersion: v1
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
-spec:
- type: "ClusterIP"
- selector:
- k8s-app: hubble-ui
- ports:
- - name: http
- port: 80
- targetPort: 8081
----
-# Source: cilium/templates/hubble/metrics-service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: hubble-metrics
- namespace: default
- labels:
- k8s-app: hubble
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "9965"
-spec:
- clusterIP: None
- type: ClusterIP
- ports:
- - name: hubble-metrics
- port: 9965
- protocol: TCP
- targetPort: hubble-metrics
- selector:
- k8s-app: cilium
----
-# Source: cilium/templates/hubble/peer-service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: hubble-peer
- namespace: default
- labels:
- k8s-app: cilium
-spec:
- selector:
- k8s-app: cilium
- ports:
- - name: peer-service
- port: 443
- protocol: TCP
- targetPort: 4244
----
-# Source: cilium/templates/cilium-agent/daemonset.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: cilium
- namespace: default
- labels:
- k8s-app: cilium
-spec:
- selector:
- matchLabels:
- k8s-app: cilium
- updateStrategy:
- rollingUpdate:
- maxUnavailable: 2
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/cilium-configmap-checksum: "c94473999dcfb5bd4ee1091b33fc2d83e3d4cee71d054e8b787677e0726d01ff"
- labels:
- k8s-app: cilium
- spec:
- containers:
- - name: cilium-agent
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- command:
- - cilium-agent
- args:
- - --config-dir=/tmp/cilium/config-map
- startupProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- failureThreshold: 105
- periodSeconds: 2
- successThreshold: 1
- livenessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 10
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 3
- timeoutSeconds: 5
- env:
- - name: K8S_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: CILIUM_K8S_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: CILIUM_CLUSTERMESH_CONFIG
- value: /var/lib/cilium/clustermesh/
- - name: CILIUM_CNI_CHAINING_MODE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: cni-chaining-mode
- optional: true
- - name: CILIUM_CUSTOM_CNI_CONF
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: custom-cni-conf
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- lifecycle:
- postStart:
- exec:
- command:
- - "/cni-install.sh"
- - "--enable-debug=false"
- - "--cni-exclusive=true"
- - "--log-file=/var/run/cilium/cilium-cni.log"
- preStop:
- exec:
- command:
- - /cni-uninstall.sh
- ports:
- - name: peer-service
- containerPort: 4244
- hostPort: 4244
- protocol: TCP
- - name: hubble-metrics
- containerPort: 9965
- hostPort: 9965
- protocol: TCP
- securityContext:
- privileged: true
- volumeMounts:
- - name: bpf-maps
- mountPath: /sys/fs/bpf
- mountPropagation: Bidirectional
- - name: cilium-run
- mountPath: /var/run/cilium
- - name: cni-path
- mountPath: /host/opt/cni/bin
- - name: etc-cni-netd
- mountPath: /host/etc/cni/net.d
- - name: clustermesh-secrets
- mountPath: /var/lib/cilium/clustermesh
- readOnly: true
- - name: cilium-config-path
- mountPath: /tmp/cilium/config-map
- readOnly: true
- # Needed to be able to load kernel modules
- - name: lib-modules
- mountPath: /lib/modules
- readOnly: true
- - name: xtables-lock
- mountPath: /run/xtables.lock
- - name: bgp-config-path
- mountPath: /var/lib/cilium/bgp
- readOnly: true
- - name: hubble-tls
- mountPath: /var/lib/cilium/tls/hubble
- readOnly: true
- initContainers:
- # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
- # We use nsenter command with host's cgroup and mount namespaces enabled.
- - name: mount-cgroup
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- env:
- - name: CGROUP_ROOT
- value: /run/cilium/cgroupv2
- - name: BIN_PATH
- value: /opt/cni/bin
- command:
- - sh
- - -ec
- # The statically linked Go program binary is invoked to avoid any
- # dependency on utilities like sh and mount that can be missing on certain
- # distros installed on the underlying host. Copy the binary to the
- # same directory where we install cilium cni plugin so that exec permissions
- # are available.
- - |
- cp /usr/bin/cilium-mount /hostbin/cilium-mount;
- nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT;
- rm /hostbin/cilium-mount
- volumeMounts:
- - name: hostproc
- mountPath: /hostproc
- - name: cni-path
- mountPath: /hostbin
- securityContext:
- privileged: true
- - name: apply-sysctl-overwrites
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- env:
- - name: BIN_PATH
- value: /opt/cni/bin
- command:
- - sh
- - -ec
- # The statically linked Go program binary is invoked to avoid any
- # dependency on utilities like sh that can be missing on certain
- # distros installed on the underlying host. Copy the binary to the
- # same directory where we install cilium cni plugin so that exec permissions
- # are available.
- - |
- cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix;
- nsenter --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-sysctlfix";
- rm /hostbin/cilium-sysctlfix
- volumeMounts:
- - name: hostproc
- mountPath: /hostproc
- - name: cni-path
- mountPath: /hostbin
- securityContext:
- privileged: true
- - name: clean-cilium-state
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- command:
- - /init-container.sh
- env:
- - name: CILIUM_ALL_STATE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: clean-cilium-state
- optional: true
- - name: CILIUM_BPF_STATE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: clean-cilium-bpf-state
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- securityContext:
- privileged: true
- volumeMounts:
- - name: bpf-maps
- mountPath: /sys/fs/bpf
- # Required to mount cgroup filesystem from the host to cilium agent pod
- - name: cilium-cgroup
- mountPath: /run/cilium/cgroupv2
- mountPropagation: HostToContainer
- - name: cilium-run
- mountPath: /var/run/cilium
- resources:
- requests:
- cpu: 100m
- memory: 100Mi # wait-for-kube-proxy
- restartPolicy: Always
- priorityClassName: system-node-critical
- serviceAccount: "cilium"
- serviceAccountName: "cilium"
- terminationGracePeriodSeconds: 1
- hostNetwork: true
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- - operator: Exists
- volumes:
- # To keep state between restarts / upgrades
- - name: cilium-run
- hostPath:
- path: /var/run/cilium
- type: DirectoryOrCreate
- # To keep state between restarts / upgrades for bpf maps
- - name: bpf-maps
- hostPath:
- path: /sys/fs/bpf
- type: DirectoryOrCreate
- # To mount cgroup2 filesystem on the host
- - name: hostproc
- hostPath:
- path: /proc
- type: Directory
- # To keep state between restarts / upgrades for cgroup2 filesystem
- - name: cilium-cgroup
- hostPath:
- path: /run/cilium/cgroupv2
- type: DirectoryOrCreate
- # To install cilium cni plugin in the host
- - name: cni-path
- hostPath:
- path: /opt/cni/bin
- type: DirectoryOrCreate
- # To install cilium cni configuration in the host
- - name: etc-cni-netd
- hostPath:
- path: /etc/cni/net.d
- type: DirectoryOrCreate
- # To be able to load kernel modules
- - name: lib-modules
- hostPath:
- path: /lib/modules
- # To access iptables concurrently with other processes (e.g. kube-proxy)
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- # To read the clustermesh configuration
- - name: clustermesh-secrets
- secret:
- secretName: cilium-clustermesh
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- optional: true
- # To read the configuration from the config map
- - name: cilium-config-path
- configMap:
- name: cilium-config
- - name: bgp-config-path
- configMap:
- name: bgp-config
- - name: hubble-tls
- projected:
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- sources:
- - secret:
- name: hubble-server-certs
- optional: true
- items:
- - key: ca.crt
- path: client-ca.crt
- - key: tls.crt
- path: server.crt
- - key: tls.key
- path: server.key
----
-# Source: cilium/templates/cilium-operator/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cilium-operator
- namespace: default
- labels:
- io.cilium/app: operator
- name: cilium-operator
-spec:
- # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go
- # for more details.
- replicas: 2
- selector:
- matchLabels:
- io.cilium/app: operator
- name: cilium-operator
- strategy:
- rollingUpdate:
- maxSurge: 1
- maxUnavailable: 1
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/cilium-configmap-checksum: "c94473999dcfb5bd4ee1091b33fc2d83e3d4cee71d054e8b787677e0726d01ff"
- labels:
- io.cilium/app: operator
- name: cilium-operator
- spec:
- containers:
- - name: cilium-operator
- image: quay.io/cilium/operator-generic:v1.12.0@sha256:bb2a42eda766e5d4a87ee8a5433f089db81b72dd04acf6b59fcbb445a95f9410
- imagePullPolicy: IfNotPresent
- command:
- - cilium-operator-generic
- args:
- - --config-dir=/tmp/cilium/config-map
- - --debug=$(CILIUM_DEBUG)
- env:
- - name: K8S_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: CILIUM_K8S_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: CILIUM_DEBUG
- valueFrom:
- configMapKeyRef:
- key: debug
- name: cilium-config
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- livenessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9234
- scheme: HTTP
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 3
- volumeMounts:
- - name: cilium-config-path
- mountPath: /tmp/cilium/config-map
- readOnly: true
- - name: bgp-config-path
- mountPath: /var/lib/cilium/bgp
- readOnly: true
- hostNetwork: true
- restartPolicy: Always
- priorityClassName: system-cluster-critical
- serviceAccount: "cilium-operator"
- serviceAccountName: "cilium-operator"
- # In HA mode, cilium-operator pods must not be scheduled on the same
- # node as they will clash with each other.
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- io.cilium/app: operator
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- - operator: Exists
- volumes:
- # To read the configuration from the config map
- - name: cilium-config-path
- configMap:
- name: cilium-config
- - name: bgp-config-path
- configMap:
- name: bgp-config
----
-# Source: cilium/templates/hubble-relay/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: hubble-relay
- namespace: default
- labels:
- k8s-app: hubble-relay
-spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: hubble-relay
- strategy:
- rollingUpdate:
- maxUnavailable: 1
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/hubble-relay-configmap-checksum: "27382c733aca8bb9cc669c794dc0ce492494af3869067092d9c0bf608d6fc0c1"
- labels:
- k8s-app: hubble-relay
- spec:
- containers:
- - name: hubble-relay
- image: "quay.io/cilium/hubble-relay:v1.12.0@sha256:ca8033ea8a3112d838f958862fa76c8d895e3c8d0f5590de849b91745af5ac4d"
- imagePullPolicy: IfNotPresent
- command:
- - hubble-relay
- args:
- - serve
- ports:
- - name: grpc
- containerPort: 4245
- readinessProbe:
- tcpSocket:
- port: grpc
- livenessProbe:
- tcpSocket:
- port: grpc
- volumeMounts:
- - name: config
- mountPath: /etc/hubble-relay
- readOnly: true
- - name: tls
- mountPath: /var/lib/hubble-relay/tls
- readOnly: true
- restartPolicy: Always
- priorityClassName:
- serviceAccount: "hubble-relay"
- serviceAccountName: "hubble-relay"
- automountServiceAccountToken: false
- terminationGracePeriodSeconds: 1
- affinity:
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- volumes:
- - name: config
- configMap:
- name: hubble-relay-config
- items:
- - key: config.yaml
- path: config.yaml
- - name: tls
- projected:
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- sources:
- - secret:
- name: hubble-relay-client-certs
- items:
- - key: ca.crt
- path: hubble-server-ca.crt
- - key: tls.crt
- path: client.crt
- - key: tls.key
- path: client.key
----
-# Source: cilium/templates/hubble-ui/deployment.yaml
-kind: Deployment
-apiVersion: apps/v1
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
-spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: hubble-ui
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/hubble-ui-nginx-configmap-checksum: "435dc818f7e96a252c7345d28b626abf4015434a41f7501f53816c80b7561ee0"
- labels:
- k8s-app: hubble-ui
- spec:
- securityContext:
- fsGroup: 1001
- runAsGroup: 1001
- runAsUser: 1001
- priorityClassName:
- serviceAccount: "hubble-ui"
- serviceAccountName: "hubble-ui"
- containers:
- - name: frontend
- image: "quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0"
- imagePullPolicy: IfNotPresent
- ports:
- - name: http
- containerPort: 8081
- volumeMounts:
- - name: hubble-ui-nginx-conf
- mountPath: /etc/nginx/conf.d/default.conf
- subPath: nginx.conf
- - name: tmp-dir
- mountPath: /tmp
- - name: backend
- image: "quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b"
- imagePullPolicy: IfNotPresent
- env:
- - name: EVENTS_SERVER_PORT
- value: "8090"
- - name: FLOWS_API_ADDR
- value: "hubble-relay:80"
- ports:
- - name: grpc
- containerPort: 8090
- volumeMounts:
- nodeSelector:
- kubernetes.io/os: linux
- volumes:
- - configMap:
- defaultMode: 420
- name: hubble-ui-nginx
- name: hubble-ui-nginx-conf
- - emptyDir: {}
- name: tmp-dir
----
-# Source: cilium/templates/hubble-ui/ingress.yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
- annotations:
- hajimari.io/appName: hubble
- hajimari.io/enable: "true"
- hajimari.io/icon: lan
-spec:
- tls:
- - hosts:
- - hubble.${SECRET_DOMAIN}
- rules:
- - host: hubble.${SECRET_DOMAIN}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: hubble-ui
- port:
- name: http
+

chii-bot · 2022-08-16T18:28:57Z

MegaLinter status: ❌ ERROR

Descriptor	Linter	Files	Errors	Elapsed time
❌ COPYPASTE	jscpd	yes	2	1.0s
✅ REPOSITORY	git_diff	yes	no	0.02s
✅ REPOSITORY	secretlint	yes	no	1.24s
✅ YAML	prettier	2	0	0.56s
✅ YAML	yamllint	2	0	0.14s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

github-advanced-security · 2024-07-11T19:16:55Z

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | helm | cilium | 1.13.2 | 1.16.4 | | helm | cilium | 1.12.0 | 1.16.4 |

chii-bot bot requested a review from toboshii as a code owner August 16, 2022 18:26

chii-bot bot added renovate/helm type/minor type/patch size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. area/cluster Changes made in the cluster directory labels Aug 16, 2022

chii-bot bot force-pushed the renovate/cilium-1.x branch from 9da4e39 to bd857e1 Compare September 14, 2022 17:29

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.1~~ feat(helm): update chart cilium to 1.12.2 Sep 14, 2022

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.2~~ feat(helm): update chart cilium to 1.12.2 - autoclosed Sep 15, 2022

chii-bot bot closed this Sep 15, 2022

chii-bot bot deleted the renovate/cilium-1.x branch September 15, 2022 18:25

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.2 - autoclosed~~ feat(helm): update chart cilium to 1.12.2 Sep 15, 2022

chii-bot bot reopened this Sep 15, 2022

chii-bot bot restored the renovate/cilium-1.x branch September 15, 2022 20:21

chii-bot bot force-pushed the renovate/cilium-1.x branch from bd857e1 to 8dc1e96 Compare October 17, 2022 17:42

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.2~~ feat(helm): update chart cilium to 1.12.3 Oct 17, 2022

chii-bot bot force-pushed the renovate/cilium-1.x branch from 8dc1e96 to 909512c Compare November 17, 2022 23:20

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.3~~ feat(helm): update chart cilium to 1.12.4 Nov 17, 2022

chii-bot bot force-pushed the renovate/cilium-1.x branch from 909512c to 8503718 Compare December 20, 2022 23:16

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.4~~ feat(helm): update chart cilium to 1.12.5 Dec 20, 2022

chii-bot bot force-pushed the renovate/cilium-1.x branch from 8503718 to 4c61065 Compare January 27, 2023 14:15

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.5~~ feat(helm): update chart cilium to 1.12.6 Jan 27, 2023

chii-bot bot force-pushed the renovate/cilium-1.x branch from 4c61065 to 66704ac Compare February 14, 2023 14:17

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.6~~ feat(helm): update chart cilium to 1.12.7 Feb 14, 2023

chii-bot bot force-pushed the renovate/cilium-1.x branch from 66704ac to c36d0bc Compare February 15, 2023 15:18

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.12.7~~ feat(helm): update chart cilium to 1.13.0 Feb 15, 2023

chii-bot bot force-pushed the renovate/cilium-1.x branch from c36d0bc to a0ec51f Compare March 17, 2023 12:31

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.13.0~~ feat(helm): update chart cilium to 1.13.1 Mar 17, 2023

chii-bot bot force-pushed the renovate/cilium-1.x branch from e4672a0 to 9f05683 Compare January 18, 2024 15:16

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.14.5~~ feat(helm): update chart cilium to 1.14.6 Jan 18, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 9f05683 to d8404f2 Compare January 31, 2024 20:14

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.14.6~~ feat(helm): update chart cilium to 1.15.0 Jan 31, 2024

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.0~~ feat(helm): update chart cilium to 1.15.1 Feb 15, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from d8404f2 to 1264984 Compare February 15, 2024 01:01

chii-bot bot force-pushed the renovate/cilium-1.x branch from 1264984 to 41998f3 Compare March 13, 2024 17:14

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.1~~ feat(helm): update chart cilium to 1.15.2 Mar 13, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 41998f3 to e782cca Compare March 26, 2024 17:13

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.2~~ feat(helm): update chart cilium to 1.15.3 Mar 26, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from e782cca to 4430dd9 Compare April 12, 2024 01:02

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.3~~ feat(helm): update chart cilium to 1.15.4 Apr 12, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 4430dd9 to 3f28ffe Compare May 15, 2024 11:13

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.4~~ feat(helm): update chart cilium to 1.15.5 May 15, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 3f28ffe to da0f443 Compare June 10, 2024 17:14

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.5~~ feat(helm): update chart cilium to 1.15.6 Jun 10, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from da0f443 to 873d4fe Compare July 11, 2024 19:14

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.6~~ feat(helm): update chart cilium to 1.15.7 Jul 11, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 873d4fe to a097f86 Compare July 24, 2024 15:18

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.15.7~~ feat(helm): update chart cilium to 1.16.0 Jul 24, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from a097f86 to 56d3aa1 Compare August 14, 2024 13:20

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.16.0~~ feat(helm): update chart cilium to 1.16.1 Aug 14, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 56d3aa1 to 328fb8d Compare September 26, 2024 12:35

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.16.1~~ feat(helm): update chart cilium to 1.16.2 Sep 26, 2024

chii-bot bot force-pushed the renovate/cilium-1.x branch from 328fb8d to 999be37 Compare October 15, 2024 09:20

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.16.2~~ feat(helm): update chart cilium to 1.16.3 Oct 15, 2024

feat(helm): update chart cilium to 1.16.4

3883b49

| datasource | package | from | to | | ---------- | ------- | ------ | ------ | | helm | cilium | 1.13.2 | 1.16.4 | | helm | cilium | 1.12.0 | 1.16.4 |

chii-bot bot force-pushed the renovate/cilium-1.x branch from 999be37 to 3883b49 Compare November 20, 2024 10:21

chii-bot bot changed the title ~~feat(helm): update chart cilium to 1.16.3~~ feat(helm): update chart cilium to 1.16.4 Nov 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

feat(helm): update chart cilium to 1.16.4 #734

feat(helm): update chart cilium to 1.16.4 #734

chii-bot bot commented Aug 16, 2022 •

edited

Loading

chii-bot bot commented Aug 16, 2022 •

edited

Loading

chii-bot bot commented Aug 16, 2022 •

edited

Loading

github-advanced-security bot commented Jul 11, 2024

feat(helm): update chart cilium to 1.16.4 #734

Are you sure you want to change the base?

feat(helm): update chart cilium to 1.16.4 #734

Conversation

chii-bot bot commented Aug 16, 2022 • edited Loading

⚠ Dependency Lookup Warnings ⚠

Release Notes

v1.16.4

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.16.3

Summary of Changes

Docker Manifests

cilium

clustermesh-apiserver

docker-plugin

hubble-relay

operator-alibabacloud

operator-aws

operator-azure

operator-generic

operator

v1.16.2

Summary of Changes

Configuration

chii-bot bot commented Aug 16, 2022 • edited Loading

chii-bot bot commented Aug 16, 2022 • edited Loading

MegaLinter status: ❌ ERROR

github-advanced-security bot commented Jul 11, 2024

chii-bot bot commented Aug 16, 2022 •

edited

Loading

`v1.16.4`

`v1.16.3`

`v1.16.2`

chii-bot bot commented Aug 16, 2022 •

edited

Loading

chii-bot bot commented Aug 16, 2022 •

edited

Loading