Update Helm release cilium to v1.13.4 #201
Loading…
Reference in a new issue
No description provided.
Delete branch "renovate/cilium-1.x"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
This PR contains the following updates:
1.13.3
->1.13.4
Release Notes
cilium/cilium
v1.13.4
: 1.13.4Compare Source
We are pleased to release Cilium v1.13.4.
This release addresses the following security issue:
It aslso contains fixes related to IPsec, datapath drop notifications, CPU overhead, downgrade path, RevSNAT for ICMPv6, as well as a range of other regular bugfixes.
See the notes below for a full description of the changes.
⚠️ Warning - IPsec ⚠️
Do NOT upgrade to this release if you are using IPsec.
Summary of Changes
Minor Changes:
enable-ipsec-key-watcher
to allow users to disable the IPsec key watcher and thus require an agent restart for the key rotation to take effect. (Backport PR #25977, Upstream PR #25893, @pchaigno)Bugfixes:
x-forwarded-for
header by adding an explicituse_remote_address: true
config to Envoy HTTP configuration to always use the actual remote address of the incoming connection rather than the value ofx-forwarded-for
header, which may originate from an untrusted source. This change has no effect on Cilium policy enforcement where the source security identity is always resolved before HTTP headers are parsed. Previous Cilium behavior of not addingx-forwarded-for
headers is retained via an explicitskip_xff_append: true
config setting, except for Cilium Ingress where the source IP address is now appended tox-forwarded-for
header. (Backport PR #25731, Upstream PR #25674, @jrajahalme)cluster-pool
,kubernetes
, andcrd
when nodes are deleted. Fix incorrect catch-all default-drop XFRM OUT policy for IPsec IPv6 traffic that could lead to leaking plain-text IPv6 traffic if combined with some other bug. (Backport PR #26079, Upstream PR #25953, @pchaigno)CI Changes:
Misc Changes:
ac58ff7
(v1.13) (#25547, @renovate[bot])Other Changes:
Docker Manifests
cilium
docker.io/cilium/cilium:v1.13.4@​sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
quay.io/cilium/cilium:v1.13.4@​sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
docker.io/cilium/cilium:stable@sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
quay.io/cilium/cilium:stable@sha256:bde8800d61aaad8b8451b10e247ac7bdeb7af187bb698f83d40ad75a38c1ee6b
clustermesh-apiserver
docker.io/cilium/clustermesh-apiserver:v1.13.4@​sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
quay.io/cilium/clustermesh-apiserver:v1.13.4@​sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
docker.io/cilium/clustermesh-apiserver:stable@sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
quay.io/cilium/clustermesh-apiserver:stable@sha256:3f2bb561ddcf45bd7c598b6846439518c6f4fc735a08e518587da8849496235a
docker-plugin
docker.io/cilium/docker-plugin:v1.13.4@​sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
quay.io/cilium/docker-plugin:v1.13.4@​sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
docker.io/cilium/docker-plugin:stable@sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
quay.io/cilium/docker-plugin:stable@sha256:1a11d2f643b92ff4ece29adf7c945795c3faacbc9a47e0089bf6fb6e944c0ae1
hubble-relay
docker.io/cilium/hubble-relay:v1.13.4@​sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
quay.io/cilium/hubble-relay:v1.13.4@​sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
docker.io/cilium/hubble-relay:stable@sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
quay.io/cilium/hubble-relay:stable@sha256:bac057a5130cf75adf5bc363292b1f2642c0c460ac9ff018fcae3daf64873871
operator-alibabacloud
docker.io/cilium/operator-alibabacloud:v1.13.4@​sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
quay.io/cilium/operator-alibabacloud:v1.13.4@​sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
docker.io/cilium/operator-alibabacloud:stable@sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
quay.io/cilium/operator-alibabacloud:stable@sha256:6938be50749205631c02d72277e35199a1adec1323c9310dc2d96911784b1a69
operator-aws
docker.io/cilium/operator-aws:v1.13.4@​sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
quay.io/cilium/operator-aws:v1.13.4@​sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
docker.io/cilium/operator-aws:stable@sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
quay.io/cilium/operator-aws:stable@sha256:c6bde19bbfe1483577f9ef375ff6de19402ac20277c451fe05729fcb9bc02a84
operator-azure
docker.io/cilium/operator-azure:v1.13.4@​sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
quay.io/cilium/operator-azure:v1.13.4@​sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
docker.io/cilium/operator-azure:stable@sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
quay.io/cilium/operator-azure:stable@sha256:55bb91b96c2e3361b3e622b42c8925a31f2f7124150666696030f15d718cd83e
operator-generic
docker.io/cilium/operator-generic:v1.13.4@​sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
quay.io/cilium/operator-generic:v1.13.4@​sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
docker.io/cilium/operator-generic:stable@sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
quay.io/cilium/operator-generic:stable@sha256:09ab77d324ef4d31f7d341f97ec5a2a4860910076046d57a2d61494d426c6301
operator
docker.io/cilium/operator:v1.13.4@​sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
quay.io/cilium/operator:v1.13.4@​sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
docker.io/cilium/operator:stable@sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
quay.io/cilium/operator:stable@sha256:f2068be1706717d0e0b29489dc0b93bf7f1940d18e0bea2def937286beb48464
Configuration
📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Renovate Bot.