1.16.0-pre.3
Pre-releaseSummary of Changes
Major Changes:
- BGP: New BGP APIs can be used to configure Cilium BGP Control Plane. (#32426, @harsimran-pabla)
- NAT source port metrics & table (#32152, @tommyp1ckles)
Minor Changes:
- Add
CiliumNodeConfig
CRD on API v2 (#31721, @doniacld) - Added a new annotation
ingress.cilium.io/loadbalancer-class
to control theLoadBalancerClass
of a dedicated LB via the ingress. (#31650, @Sh4d1) - cilium-envoy now uses upstream filter chains for L7 LB policy enforcement. (#32119, @jrajahalme)
- CiliumEnvoyConfig CRDs now support an optional 'ports' field in services objects, limiting the redirected service frontends to the ones whose port is listed. (#32382, @jrajahalme)
- CiliumNetworkPolicies are now validated by the operator and the result set in the object's Status field. (#32727, @squeed)
- Do not include the unnecessary "localhost" SAN in autogenerated clustermesh admin certificates (#32662, @giorio94)
- gateway-api: ALPN support (#32486, @rauanmayemir)
- Generate SBOMs using Syft instead of bom (#32307, @ferozsalam)
- Helm: Add new value `.Values.clustermesh.apiserver.tls.enableSecrets. Setting this value to false will disable the creation of TLS certificate secrets for clustermesh, enabling out-of-band TLS certificate secret management. (#32196, @soggiest)
- Hubble peer's port number is inferred from the agent's configuration instead of assuming defaults (#32729, @AwesomePatrol)
- hubble: add SNAT IP flow field and filter (#32130, @kaworu)
- hubble: add support to filter Hubble flow by network interface. (#32286, @kaworu)
- hubble: add the cluster name to a flow's source and destination endpoints (#32313, @rolinh)
- Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (#32577, @marseel)
- ingress: request timeout control via operator flag & annotation (#31693, @a5r0n)
- Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (#32336, @giorio94)
- ipsec: Improve CPU usage of cilum-agent in large clusters (#32588, @marseel)
- KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (#32156, @giorio94)
- Make the overwriting behavior of install-plugins.sh configurable. (#32016, @jingyuanliang)
- Operator: expose remote clusters information through dedicated CLI command, and introduce troubleshoot commands (#32436, @giorio94)
- pkg/healthv2: reduce unecessary healthv2 debug log volume. (#32319, @tommyp1ckles)
- Report estimated expiry timers for connection-based FQDN entries (#32013, @joestringer)
- Runtime device detection and subsequent datapath reconfiguration is now the default and only mode of operation.
The enableRuntimeDeviceDetection option is now a no-op and will be removed in v1.17. (#32153, @joamaki) - Service connections that use
Direct-Server-Return
and were established prior to Cilium v1.13.3 will be disrupted, and need to be re-established. (#32642, @julianwiedmann) - Simplify rate limit configuration options for the CiliumEndpointSlice controller. (#32523, @thorn3r)
- Starting cilium-agent with large numbers of network policies should be much faster. (#32703, @squeed)
- The StateDB in-memory database library was switched to github.com/cilium/statedb with a new much faster radix tree implementation. This is used internally in the cilium-agent for storing and accessing, among others, the network devices and local node IP addresses. This state can be inspected with the "cilium-dbg statedb" commands.
cilium-dbg: Added "statedb ipsets" command
cilium-dbg: "statedb sysctl-settings" is now "statedb sysctl" (#32125, @joamaki) - Unconditionally require the clustermesh cluster configuration to be always present (#32505, @giorio94)
Bugfixes:
- Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (#32117, @giorio94)
- Avoids drops with "No mapping for NAT masquerade" for ICMP messages by local service backends. (#32155, @julianwiedmann)
- bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (#32536, @harsimran-pabla)
- Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (#32694, @dswaffordcw)
- cilium-agent: Fix crash due to skipped resource cleanup when agent is stopping due to failed start. (#32673, @joamaki)
- cilium-cni: Reserve ports that can conflict with transparent DNS proxy (#32128, @gandro)
- cni: Reserve local ports for DNS proxy even if IPv6 is disabled (#32725, @gandro)
- cni: Use correct route MTU when ENI, Azure or Alibaba Cloud IPAM is enabled (#32244, @learnitall)
- egressgw: Let the EGW manager relax rp_filter on egress device (#32679, @ysksuzuki)
- Fix bug where setting the
k8sNetworkPolicy
Helm value to false did not take effect (#32441, @hasan-alkama) - Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (#31671, @foyerunix)
- Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (#32506, @joamaki)
- Fix PromQL query in Cilium Metrics dashboard (#32017, @mikemykhaylov)
- Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (#32513, @giorio94)
- Fix selecting of endpoints by namespace labels in network policies (#30650, @Mugenor)
- Fix various bugs related to restart of StatefulSet pods that may result in connectivity issues (#31605, @christarazi)
- Fixed a bug where endpoint could become stuck due to outdated revision numbers during concurrent updates. (#32817, @ovidiutirla)
- Fixes accidentally ignoring the preflight.nodeSelector Helm value. (#32548, @squeed)
- helm: remove CriticalAddonsOnly toleration in preflight DaemonSet (#32682, @HongChenTW)
- Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (#32671, @giorio94)
- ipsec: Safely delete Xfrm state (#32450, @jschwinger233)
- proxy: Re-enable proxy rule installation in native-routing mode for CEC (#32367, @sayboras)
- Remove deprecated
hubble.ui.securityContext.enabled
from hubble-ui deployment template (#32338, @stelucz)
CI Changes:
- .github: Add permissions for workflow telemetry (#32410, @joestringer)
- Add dispatch for fqdn_perf test (#32762, @marseel)
- Add fqdn perf test (#32514, @marseel)
- Add WireGuard configurations to automated network throughput tests (#32134, @learnitall)
- bpf: Cover IPsec+KPR in complexity and compile tests (#32316, @pchaigno)
- CI/ClusterMesh: enable CiliumEndpointSlice in Conformance Cluster Mesh (#32593, @thorn3r)
- ci/ipsec-upgrade: complete the switch to cilium-dbg (#32348, @julianwiedmann)
- CI: Add job name validation (#32462, @brlbil)
- CI: enable CiliumEndpointSlice in conformance-e2e (#32403, @thorn3r)
- ci: Filter supported versions of EKS (#32304, @marseel)
- ci: Filter supported versions of GKE (#32302, @marseel)
- ci: ginkgo: increase cilium readiness timeout from 240 to 360s (#32585, @mhofstetter)
- ci: increase wait duration after upgrade/downgrade in E2E upgrade test (#32528, @mhofstetter)
- ci: l4lb: gather more infos about docker-in-docker issues (#32570, @mhofstetter)
- ci: l4lb: restart docker-in-docker container on failure (#32600, @mhofstetter)
- ci: remove k8s version 1.26 from ci-aks (#32498, @mhofstetter)
- eks: Don't use spot instances (#32553, @michi-covalent)
- fqdn: Fix benchmarking for fqdn cache test (#32276, @joestringer)
- gha: bump post-upgrade timeout in clustermesh upgrade/downgrade tests (#32347, @giorio94)
- gha: Correct number of connect retry param in LVH (#32598, @sayboras)
- gha: cover TLS auth mode in clustermesh upgrade/downgrade tests (#32684, @giorio94)
- gha: Enable Ingress controller for more e2e test (#32572, @sayboras)
- gha: test certificate generation methods in conformance clustermesh (#32654, @giorio94)
- Improve BPF complexity test coverage, fix a verifier error after LLVM upgrade. (#32170, @gentoo-root)
- renovate: Don't remove images/cilium/download-hubble.sh yet (#32440, @michi-covalent)
- Scrape cilium metrics and add custom prometheus queries (#32254, @marseel)
- Use GH_RUNNER_EXTRA_POWER for CI image workflow (#32402, @michi-covalent)
- workflows: ignore "No egress gateway found" drops (#32564, @jibi)
Misc Changes:
- .github/actions: enable passing kind config to lvh-kind action (#32398, @harsimran-pabla)
- .github: adding daemon/cmd/fqdn to sig/policy PRs (#32442, @vipul-21)
- .github: Auto-apply labels for sig/policy PRs (#32409, @joestringer)
- .github: Fix PR autolabeler (#32406, @joestringer)
- Add auto labeler for hubble-cli (#32343, @aanm)
- Add initial support for Multi-Cluster Services API in Cilium clustermesh (#32264, @MrFreezeex)
- Add Ænix to the cilium users (#32738, @kvaps)
- Added EKS-to-EKS Clustermesh Preparation guide (#32355, @network-charles)
- Always include symbols in the Agent debug image. (#32032, @EricMountain)
- api: Replace gocheck with built-in go test (#32217, @sayboras)
- background-sync: fix bootstrap issue and edge-case with 1 node (#32630, @marseel)
- BGP: Exporting peers, routes and route-policy states of BGPv2 via CLI. (#32474, @harsimran-pabla)
- bgpv2: Route policies for various reconcilers (#32383, @harsimran-pabla)
- bgpv2: Configuration guide for BGPv2 APIs (#32774, @harsimran-pabla)
- bgpv2: container labs for various types of advertisements (#32522, @harsimran-pabla)
- bgpv2: filter terminating backends from endpoint selection (#32537, @harsimran-pabla)
- bgpv2: fix pod ip pool cleanup (#32194, @harsimran-pabla)
- bgpv2: removing v2Enable feature flag (#32692, @harsimran-pabla)
- bgpv2: update multi-homing lab to use config overrides (#32775, @harsimran-pabla)
- bitlpm: Add ExactLookup Method (#32609, @nathanjsweet)
- bitlpm: Convert UintTrie to Struct (#32676, @nathanjsweet)
- bpf: ct: fix off-by-1 in ICMP packet statistics (#32393, @julianwiedmann)
- bpf: drop/trace: identify missing security identity / endpoint ID (#32562, @julianwiedmann)
- bpf: egw: delay SNAT for local client to actual egress interface (#32428, @julianwiedmann)
- bpf: host: consolidate drop notification code in to-netdev (#32422, @julianwiedmann)
- bpf: lxc: enrich trace event in cil_to_container (#32737, @julianwiedmann)
- bpf: nodeport: check for ClusterIP access earlier (#32344, @julianwiedmann)
- bpf: nodeport: clean up stale comment (#32734, @julianwiedmann)
- bpf: trace: identify ifindex 0 as TRACE_IFINDEX_UNKNOWN (#32526, @julianwiedmann)
- Bugtool commands list generation improvements (#32253, @pippolo84)
- bugtool: Deduplicate tc qdisc commands (#32455, @pippolo84)
- build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /Documentation (#32390, @dependabot[bot])
- build(deps): bump requests from 2.31.0 to 2.32.0 in /Documentation (#32626, @dependabot[bot])
- bump cni plugins to v1.5.0 (#32629, @antonipp)
- Bump timeout of lint-build-commits.yaml (#32746, @YutaroHayakawa)
- bwmap: Reconcile cilium_throttle with StateDB reconciler (#32438, @joamaki)
- cec: support resource name qualification for HTTP HealthCheckFilter (#32308, @mhofstetter)
- chore(deps): update all github action dependencies (main) (#32360, @renovate[bot])
- chore(deps): update all github action dependencies (main) (#32491, @renovate[bot])
- chore(deps): update all github action dependencies (main) (#32620, @renovate[bot])
- chore(deps): update all github action dependencies (main) (#32718, @renovate[bot])
- chore(deps): update all github action dependencies (main) (#32834, @renovate[bot])
- chore(deps): update all github action dependencies (main) (patch) (#32565, @renovate[bot])
- chore(deps): update all lvh-images main (main) (patch) (#31574, @renovate[bot])
- chore(deps): update all lvh-images main (main) (patch) (#32361, @renovate[bot])
- chore(deps): update all lvh-images main to bpf-next-20240521.012924 (main) (patch) (#32631, @renovate[bot])
- chore(deps): update all lvh-images main to bpf-next-20240529.013128 (main) (patch) (#32830, @renovate[bot])
- chore(deps): update all-dependencies (main) (#32359, @renovate[bot])
- chore(deps): update cilium/cilium-cli action to v0.16.7 (main) (#32394, @renovate[bot])
- chore(deps): update cilium/cilium-cli action to v0.16.7 (main) (#32771, @renovate[bot])
- chore(deps): update cilium/little-vm-helper action to v0.0.18 (main) (#32566, @renovate[bot])
- chore(deps): update dependency cilium/cilium-cli to v0.16.8 (main) (#32779, @renovate[bot])
- chore(deps): update dependency cilium/cilium-cli to v0.16.9 (main) (#32831, @renovate[bot])
- chore(deps): update dependency go to v1.22.3 (main) (#32772, @renovate[bot])
- chore(deps): update dependency protocolbuffers/protobuf to v27 (main) (#32767, @renovate[bot])
- chore(deps): update docker.io/library/golang:1.22.3 docker digest to f43c6f0 (main) (#32579, @renovate[bot])
- chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.14 (main) (#32832, @renovate[bot])
- chore(deps): update go to v1.22.3 (main) (#32416, @renovate[bot])
- chore(deps): update golangci/golangci-lint docker tag to v1.58.0 (main) (#32363, @renovate[bot])
- chore(deps): update golangci/golangci-lint docker tag to v1.59.0 (main) (#32833, @renovate[bot])
- chore(deps): update quay.io/cilium/hubble docker tag to v0.13.4 (main) (#32621, @renovate[bot])
- ci: GitHub action syntax fixes (#32507, @viktor-kurchenko)
- cilium-dbg: Reprint header line periodically with statedb (#32798, @joamaki)
- cilium-dbg: Use a tabwriter that remembers the widths (#32434, @joamaki)
- cleanup: Remove deprecated StringCounter (#32639, @sayboras)
- cleanup: Use context package from std libraries (#32795, @sayboras)
- clustermesh: Cleanup un-used endpoint related attributes (#32645, @sayboras)
- clustermesh: drop node observer global variables from tests (#32471, @giorio94)
- clustermesh: drop redundant OnClusterDelete from GlobalServiceCache (#32751, @giorio94)
- clustermesh: forbid connecting to cluster with same ID as local (#32753, @giorio94)
- ClusterMesh: improve validation of remote nodes and services (#32749, @giorio94)
- CODEOWNERS: add sig-scalability ownership of CiliumEndpointSlice (#32535, @thorn3r)
- common: remove unused MapStringStructToSlice (#32345, @tklauser)
- config: remove ingress & gateway api leftovers from global agent config (#32782, @mhofstetter)
- Consolidate regeneration metrics accounting (#32677, @christarazi)
- consolidate_go_stacktrace: Add '--filter lock' (#32273, @joestringer)
- contrib/scripts: remove check-assert-deep-equals (#32530, @tklauser)
- contrib: Clean up un-used scripts (#32456, @sayboras)
- contrib: Remove CHARTS_PATH dependency (#32328, @joestringer)
- contrib: Switch from 'hub' to 'gh' (#32326, @joestringer)
- daemon: Add rate-limiting to device reloading (#32527, @joamaki)
- daemon: Reserve Geneve tunnel port if enabled (#32421, @gandro)
- datapath: Remove LoadBalancerNodeAddresses & LocalAddresses methods (#30458, @joamaki)
- datapath: Replace gocheck with built-in go test (#32259, @sayboras)
- datapath: trivial cleanups for KPR config handling (#32453, @julianwiedmann)
- deps, renovate: Update GoBGP to v3.26.0 & re-enable updates by renovate (#32306, @rastislavs)
- devices: Fix panic in tests when logger used after stopping (#32551, @joamaki)
- devices: Use slog instead of logrus (#32469, @joamaki)
- doc: Added doc for ingress/GwAPI host network mode (#31839, @PhilipSchmid)
- docs: Add example for kube-apiserver entity policy (#32278, @joestringer)
- docs: add link to sig-policy meeting (#32340, @squeed)
- Docs: add note about AKS kube-apiserver entity (#32464, @darox)
- docs: Add user manual how to enable and configure multicast feature. (#32612, @fujitatomoya)
- docs: Clarify that
--labels
does not override default set (#32445, @christarazi) - docs: Clean-up Host Firewall documentation, list known issues (#32267, @qmonnet)
- docs: Describe fqdn cache entry expiration timers (#32350, @joestringer)
- docs: Fix style pitfalls in the ClusterMesh guide (#32320, @network-charles)
- docs: Remove outdated note on IPv6 BPF masqerading being incompatible with the Host Firewall (#32685, @qmonnet)
- egressgw: remove gwc.ifaceName (#32321, @julianwiedmann)
- endpointmanager: Skip warning logs for endpoints being removed (#32619, @jrajahalme)
- envoy: Update to use original source address also for external destinations (#32331, @jrajahalme)
- Expose clustermesh global service cache and hooks in the operator to prepare for MCS-API support (#32287, @MrFreezeex)
- Expose clustermesh ServicesSynced method from endpointslicesync ClusterMesh (#32538, @MrFreezeex)
- Fix crash caused while deleting LRPs with
skipRedirectFromBackend
flag set to true. (#32822, @aditighag) - Fix regression with ClusterMesh deployments failing to provision the clustermesh-apiserver Service in some cloud provider environments due to not support session affinity (#32657, @thorn3r)
- Fix threat model typo (#32752, @ferozsalam)
- fix(deps): update all go dependencies main (main) (#32362, @renovate[bot])
- fix(deps): update all go dependencies main (main) (#32490, @renovate[bot])
- fix(deps): update all go dependencies main (main) (#32509, @renovate[bot])
- fix(deps): update all go dependencies main (main) (#32622, @renovate[bot])
- fix(deps): update all go dependencies main (main) (#32717, @renovate[bot])
- fix(deps): update all go dependencies main (main) (#32743, @renovate[bot])
- fix(deps): update module github.com/aliyun/alibaba-cloud-sdk-go to v1.62.731 (main) (#32377, @renovate[bot])
- fix(deps): update module github.com/aliyun/alibaba-cloud-sdk-go to v1.62.748 (main) (#32736, @renovate[bot])
- fqdn: Change error log to warning (#32333, @jrajahalme)
- fqdn: Fix notifyOnDNSMsg benchmark (#32454, @pippolo84)
- fqdn: Fix Upgrade Issue Between PortProto Versions (#32325, @nathanjsweet)
- FQDN: some small performance optimizations around logging (#32049, @squeed)
- fqdn: updating the variable name in fqdn (#32298, @vipul-21)
- gha: Enable Envoy debug in default Cilium options (#32334, @jrajahalme)
- Grant the CiliumEndpointSlice controller a new Clientset to decouple it from the other Cilium Operator controllers. (#32353, @thorn3r)
- healthv2: Various fixes (#32549, @joamaki)
- helm: Remove CILIUM_BRANCH variable (#32776, @michi-covalent)
- hive: cast ModuleID to string (#32392, @bimmlerd)
- hubble, policy: shuffle types to reduce imports (#32378, @squeed)
- images/builder: let renovate update protoc and proto plugins (#32739, @rolinh)
- images/cilium: Move Envoy reference away from builder and runtime (#32452, @jrajahalme)
- ingress: Correct FromGroups rule Parsing (#32231, @Alex-Waring)
- Introduce clustermesh source to differentiate data retrieved from remote clusters (#32688, @giorio94)
- ipam: lower loglevel from error to warn if eni link list can't be listed (#32602, @mhofstetter)
- ipcache: Introduce the ability to inherit CIDR prefixes (#32578, @gandro)
- ipcache: Only update policy maps for new identities (#32628, @gandro)
- ipsec: minor cleanups (#31390, @julianwiedmann)
- iptables: Do not set no-track rules with empty native routing CIDR (#32648, @pippolo84)
- k8s/watcher: remove always-nil error return values (#32663, @tklauser)
- k8s: Add new fields into slim Service/Endpoint/EndpointSlice structs (#32754, @sayboras)
- k8s: cleanup k8s watcher (#32790, @mhofstetter)
- k8s: remove unused policyRepository from k8swatcher (#32773, @mhofstetter)
- k8s: use
netip.IPv{4,6}Unspecified
(#32818, @tklauser) - k8s: use cilium slices sort utility to sort Pod IP's from status (#32697, @mhofstetter)
- kvstore: Replace gocheck with built-in go test (#32261, @sayboras)
- l2announcer: Fix delete entry if no origins left (#32279, @wutz)
- loader: do ELF substitutions in memory (#32059, @lmb)
- loader: don't disable rp-filter for IPsec (#32546, @julianwiedmann)
- loader: fetch iface just once in patchHostNetdevDatapath() (#32541, @julianwiedmann)
- loader: misc fixes (#32520, @lmb)
- loader: refactor replaceDatapath to loadDatapath (#32518, @ti-mo)
- loader: Remove out-of-band data access (#32706, @joamaki)
- loader: Replace gocheck with built-in go test (#32220, @sayboras)
- makefile: check for $(CILIUM_CLI) dependency (#32424, @msune)
- Makefile: Replace release target (#32322, @joestringer)
- metallb bgp: introduce hive cell (#32806, @mhofstetter)
- Misc build system improvements (#32408, @joestringer)
- Miscellaneous improvements to the clustermesh troubleshooting guide (#32552, @giorio94)
- node-manager: fix race-condition (#32606, @marseel)
- operator/bgpv2: Fix CiliumBGPNodeConfig OwnerReference & job health reporting (#32000, @rastislavs)
- Output the etcd cluster ID as part of the remote cluster status information (#32341, @giorio94)
- pkg/cgroups: Cache pod metadata on datapath events (#32615, @aditighag)
- pkg/cgroups: Remove noisy log (#32613, @aditighag)
- pkg/clustermesh: Replace gocheck with built-in go test (#32221, @sayboras)
- pkg/egressgateway: Replace gocheck with built-in go test (#32295, @sayboras)
- pkg/endpoint: clean up DatapathRegenerationLevel (#32604, @lmb)
- pkg/endpoint: do not rely on bpf_host.o to detect host endpoint (#32521, @lmb)
- pkg/endpoint: make state synchronization atomic (#32439, @lmb)
- pkg/fqdn: Replace gocheck with built-in go test (#32281, @sayboras)
- pkg/policy: Replace gocheck with built-in go test (#32223, @sayboras)
- pkg: Fix Deny Insert Fuzz Test (#32656, @nathanjsweet)
- policy: Add Port Range Support for Policies Part 1 (#32430, @nathanjsweet)
- policy: Add Port Range Support for Policies Part 2/3 (#32675, @nathanjsweet)
- policy: fix client side validation of policies in policy import/validate command (#31924, @oblazek)
- policy: fix flaky unit test (#32808, @squeed)
- Prepare for release v1.16.0-pre.2 (#32324, @joestringer)
- README: Update releases (#32329, @joestringer)
- README: Update releases (#32554, @nebril)
- refactor: config options combined into DNS proxy config struct (#32777, @vipul-21)
- reinstate hive health metrics (#32603, @bimmlerd)
- renovate: fix config (missing comma) (#32765, @rolinh)
- renovate: ignore dependency github.com/google/go-licenses (#32848, @rolinh)
- Replace pkg/rand by standard library math/rand/v2 (#32542, @tklauser)
- restoration: checkpoint local allocator state, utilize on restoration (#32310, @squeed)
- srv6: Some cleanups for SRv6 maps (#31960, @YutaroHayakawa)
- Store zone information alongside lb{4,6}_backend entries (based on mapping from fixed-zone-mapping and values from EndpointSlices) (#31838, @AwesomePatrol)
- test: Re-enable few test suites missed as part of recent migration (#32687, @sayboras)
- test: Replace gocheck with built-in go test (#32297, @sayboras)
- test: Replace gocheck with built-in go test (#32401, @sayboras)
- test: Update Go test helpers for renamed cilium-dbg (#32661, @joestringer)
- update list of SIGs (#32477, @katiestruthers)
- Use ebpf.PossibleCPU to determine number of possible CPUs (#32323, @tklauser)
Docker Manifests
cilium
quay.io/cilium/cilium:v1.16.0-pre.3@sha256:9918241403727d99cdba7067134dc99024c8f367fc8dbeec7aa5a7c84260d8f6
clustermesh-apiserver
quay.io/cilium/clustermesh-apiserver:v1.16.0-pre.3@sha256:9348958f91942d81481878e57e6bda75463658240b51fedc9547c2024d848066
docker-plugin
quay.io/cilium/docker-plugin:v1.16.0-pre.3@sha256:446abb18b76590edb4ad35c8c410acae308030d611cb8809b58c53547afc0733
hubble-relay
quay.io/cilium/hubble-relay:v1.16.0-pre.3@sha256:41964978c06687d3db7afd29ed8205a3472c5de1d9c71a7a39b9640c651d4487
operator-alibabacloud
quay.io/cilium/operator-alibabacloud:v1.16.0-pre.3@sha256:0fbbf357ae5e62f1d0777ce34c1fb6d19e1f7b5a25c5100346d34f8cf6ad1730
operator-aws
quay.io/cilium/operator-aws:v1.16.0-pre.3@sha256:843d6c5094655448e8d1e81b46d334e00444f58bbb9e95575bd042af6871e1f0
operator-azure
quay.io/cilium/operator-azure:v1.16.0-pre.3@sha256:5682ca7ad8eea47abacad4dae2ff62d98f8f1938dcd7f17a403b673599b8b258
operator-generic
quay.io/cilium/operator-generic:v1.16.0-pre.3@sha256:565c92df436f801fa5ff3bbb8becac65114818c43e3bcaecf956c0d4c120b5a6
operator
quay.io/cilium/operator:v1.16.0-pre.3@sha256:2f114fc9627a43b435160d587e0128e0fe9256d5c0ff2dde4f703ddd807d9717