Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump github.com/cilium/cilium from 1.15.5 to 1.15.6 in /backend #883

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

build(deps): bump github.com/cilium/cilium from 1.15.5 to 1.15.6 in /backend #883

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jun 13, 2024

Bumps github.com/cilium/cilium from 1.15.5 to 1.15.6.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.15.6

We are pleased to release Cilium v1.15.6 that improves background resynchronization of nodes, improves the CLI to troubleshoot connectivity issues, lowers CPU consumption with IPsec for large clusters, and brings a number of additional fixes. Thanks to all contributors, reviewers, testers, and users! ❤️

Summary of Changes

Minor Changes:

  • cilium/cilium#32872@​gandro)
  • Generate SBOMs using Syft instead of bom (Backport PR #32691, Upstream PR #32307, @​ferozsalam)
  • Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR #32748, Upstream PR #32577, @​marseel)
  • Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR #32568, Upstream PR #32336, @​giorio94)
  • ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR #32882, Upstream PR #32588, @​marseel)
  • KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (Backport PR #32568, Upstream PR #32156, @​giorio94)

Bugfixes:

  • .github/workflows: fix digests file creation (Backport PR #32889, Upstream PR #32860, @​aanm)
  • cilium/cilium#32649@​pippolo84)
  • Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (Backport PR #32500, Upstream PR #32117, @​giorio94)
  • bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (Backport PR #32691, Upstream PR #32536, @​harsimran-pabla)
  • Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (Backport PR #32889, Upstream PR #32694, @​dswaffordcw)
  • cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR #32789, Upstream PR #32725, @​gandro)
  • egressgw: Let the EGW manager relax rp_filter on egress device (Backport PR #32778, Upstream PR #32679, @​ysksuzuki)
  • Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (Backport PR #32789, Upstream PR #31671, @​foyerunix)
  • Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (Backport PR #32691, Upstream PR #32506, @​joamaki)
  • Fix PromQL query in Cilium Metrics dashboard (Backport PR #32691, Upstream PR #32017, @​mikemykhaylov)
  • Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR #32691, Upstream PR #32513, @​giorio94)
  • Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR #32691, Upstream PR #32548, @​squeed)
  • Fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. (Backport PR #32932, Upstream PR #32683, @​jschwinger233)
  • ingress: Set the default value for max_stream_timeout (Backport PR #32889, Upstream PR #31514, @​tskinn)
  • Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (Backport PR #32802, Upstream PR #32671, @​giorio94)
  • ipsec: Safely delete Xfrm state (Backport PR #32691, Upstream PR #32450, @​jschwinger233)
  • proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR #32481, Upstream PR #32367, @​sayboras)
  • Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (Backport PR #32889, Upstream PR #32338, @​stelucz)

CI Changes:

Misc Changes:

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.15.6

Summary of Changes

Minor Changes:

  • cilium/cilium#32872@​gandro)
  • Generate SBOMs using Syft instead of bom (Backport PR #32691, Upstream PR #32307, @​ferozsalam)
  • Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (Backport PR #32748, Upstream PR #32577, @​marseel)
  • Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (Backport PR #32568, Upstream PR #32336, @​giorio94)
  • ipsec: Improve CPU usage of cilum-agent in large clusters (Backport PR #32882, Upstream PR #32588, @​marseel)
  • KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (Backport PR #32568, Upstream PR #32156, @​giorio94)

Bugfixes:

  • .github/workflows: fix digests file creation (Backport PR #32889, Upstream PR #32860, @​aanm)
  • cilium/cilium#32649@​pippolo84)
  • Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (Backport PR #32500, Upstream PR #32117, @​giorio94)
  • bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (Backport PR #32691, Upstream PR #32536, @​harsimran-pabla)
  • Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (Backport PR #32889, Upstream PR #32694, @​dswaffordcw)
  • cni: Reserve local ports for DNS proxy even if IPv6 is disabled (Backport PR #32789, Upstream PR #32725, @​gandro)
  • egressgw: Let the EGW manager relax rp_filter on egress device (Backport PR #32778, Upstream PR #32679, @​ysksuzuki)
  • Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (Backport PR #32789, Upstream PR #31671, @​foyerunix)
  • Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (Backport PR #32691, Upstream PR #32506, @​joamaki)
  • Fix PromQL query in Cilium Metrics dashboard (Backport PR #32691, Upstream PR #32017, @​mikemykhaylov)
  • Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (Backport PR #32691, Upstream PR #32513, @​giorio94)
  • Fixes accidentally ignoring the preflight.nodeSelector Helm value. (Backport PR #32691, Upstream PR #32548, @​squeed)
  • Fixes unencrypted traffic among nodes when IPsec is used with L7 egress proxy. (Backport PR #32932, Upstream PR #32683, @​jschwinger233)
  • ingress: Set the default value for max_stream_timeout (Backport PR #32889, Upstream PR #31514, @​tskinn)
  • Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (Backport PR #32802, Upstream PR #32671, @​giorio94)
  • ipsec: Safely delete Xfrm state (Backport PR #32691, Upstream PR #32450, @​jschwinger233)
  • proxy: Re-enable proxy rule installation in native-routing mode for CEC (Backport PR #32481, Upstream PR #32367, @​sayboras)
  • Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (Backport PR #32889, Upstream PR #32338, @​stelucz)

CI Changes:

Misc Changes:

... (truncated)

Commits
  • a09e05e Prepare for release v1.15.6
  • 9299c0f bugtool: Add post-processing masking function for Envoy
  • 0191b1e bugtool: Add json masking function
  • b648346 docs: ipsec: remove limitation for native-routing with L7 egress policy
  • 5197d4c proxy/routes: Also routes egress proxy's return traffic to 2005
  • 7f3e1b7 iptables: Ensure iptables masquerading works for proxy traffic
  • 8dadbce Don't set 0x200 mark for proxy to world traffic in iptables PREROUTING
  • 2091036 chore(deps): update dependency cilium/hubble to v0.13.5
  • 8a6f25f fqdn: Forward-compatibility with Cilium 1.16 fqdn identities
  • 6eb495d images: update cilium-{runtime,builder}
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
build(deps): bump github.com/cilium/cilium in /backend
f9756b8 
Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.15.5 to 1.15.6.
- [Release notes](https://github.com/cilium/cilium/releases)
- [Changelog](https://github.com/cilium/cilium/blob/1.15.6/CHANGELOG.md)
- [Commits](cilium/cilium@1.15.5...1.15.6)

---
updated-dependencies:
- dependency-name: github.com/cilium/cilium
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot requested a review from a team as a code owner June 13, 2024 19:30
@dependabot dependabot bot added dependencies Pull requests that update a dependency file go PRs that update Go code labels Jun 13, 2024
@dependabot dependabot bot requested review from kimstacy and removed request for a team June 13, 2024 19:30
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kimstacy kimstacy Awaiting requested review from kimstacy kimstacy is a code owner automatically assigned from cilium/hubble-ui

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file go PRs that update Go code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
0 participants