Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump github.com/cilium/cilium from 1.13.2 to 1.13.7 #66

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 6, 2024

Bumps github.com/cilium/cilium from 1.13.2 to 1.13.7.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.13.7

We are pleased to release Cilium v1.13.7.

Known IPsec related issues have been fixed. We encourage users to test this release and report any potentially remaining issues.

Summary of Changes

Minor Changes:

  • Report the kernel error code in case of packet drops due to failures to create NAT map entries. (Backport PR #27652, Upstream PR #25883, @​julianwiedmann)

Bugfixes:

  • bpf: lxc: support Pod->Service->Pod hairpinning with endpoint routes (Backport PR #27998, Upstream PR #27798, @​ti-mo)
  • envoy: fix panic writing accesslog without L7 tags (Backport PR #27651, Upstream PR #27453, @​mhofstetter)
  • Fix a bug that affected the RevDNAT translation of IPv6 packets with extension headers. (Backport PR #27393, Upstream PR #27312, @​julianwiedmann)
  • Fix a bug that could cause an incorrect max. sequence number to be reported by cilium encrypt status when IPsec is enabled. (Backport PR #27925, Upstream PR #27656, @​pchaigno)
  • Fix a bug where cilium host IP is not read from k8s node annotations (Backport PR #27651, Upstream PR #27590, @​hemanthmalla)
  • Fix bug limiting pod-to-pod network performance under high load when tunneling and IPSec are both enabled. (Backport PR #27393, Upstream PR #27168, @​learnitall)
  • Fix bug that could cause packet drops of type XfrmOutPolBlock while rotating the IPsec key. (Backport PR #27587, Upstream PR #27319, @​jrfastab)
  • Fix connectivity issues caused by missing conntrack entry when service pod connects to itself via clusterIP. (Backport PR #27998, Upstream PR #27602, @​julianwiedmann)
  • gateway-api: Merge externally annotations and labels for kubernetes types (Backport PR #27651, Upstream PR #27251, @​farodin91)
  • ingress: fix panic on ingress rule without HTTPIngressRule (Backport PR #27925, Upstream PR #27818, @​mhofstetter)
  • IPSec fix for race on init resulting in XfrmIn errors and dropped packets (Backport PR #28022, Upstream PR #28012, @​jrfastab)
  • k8s: Restrict configuring reserved:init policy via CNP (Backport PR #28039, Upstream PR #28007, @​joestringer)
  • Prioritization of which DNS mappings to keep was suboptimal, leading to evictions of mappings related to alive connections, worsening performance of fqdn policies and causing spurious logging. (Backport PR #27925, Upstream PR #27572, @​bimmlerd)
  • proxy: Ignore visibility annotation if proxy is disabled (Backport PR #27741, Upstream PR #27597, @​sayboras)

CI Changes:

Misc Changes:

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.13.7

Summary of Changes

Minor Changes:

  • Report the kernel error code in case of packet drops due to failures to create NAT map entries. (Backport PR #27652, Upstream PR #25883, @​julianwiedmann)

Bugfixes:

  • bpf: lxc: support Pod->Service->Pod hairpinning with endpoint routes (Backport PR #27998, Upstream PR #27798, @​ti-mo)
  • envoy: fix panic writing accesslog without L7 tags (Backport PR #27651, Upstream PR #27453, @​mhofstetter)
  • Fix a bug that affected the RevDNAT translation of IPv6 packets with extension headers. (Backport PR #27393, Upstream PR #27312, @​julianwiedmann)
  • Fix a bug that could cause an incorrect max. sequence number to be reported by cilium encrypt status when IPsec is enabled. (Backport PR #27925, Upstream PR #27656, @​pchaigno)
  • Fix a bug where cilium host IP is not read from k8s node annotations (Backport PR #27651, Upstream PR #27590, @​hemanthmalla)
  • Fix bug limiting pod-to-pod network performance under high load when tunneling and IPSec are both enabled. (Backport PR #27393, Upstream PR #27168, @​learnitall)
  • Fix bug that could cause packet drops of type XfrmOutPolBlock while rotating the IPsec key. (Backport PR #27587, Upstream PR #27319, @​jrfastab)
  • Fix connectivity issues caused by missing conntrack entry when service pod connects to itself via clusterIP. (Backport PR #27998, Upstream PR #27602, @​julianwiedmann)
  • gateway-api: Merge externally annotations and labels for kubernetes types (Backport PR #27651, Upstream PR #27251, @​farodin91)
  • ingress: fix panic on ingress rule without HTTPIngressRule (Backport PR #27925, Upstream PR #27818, @​mhofstetter)
  • IPSec fix for race on init resulting in XfrmIn errors and dropped packets (Backport PR #28022, Upstream PR #28012, @​jrfastab)
  • k8s: Restrict configuring reserved:init policy via CNP (Backport PR #28039, Upstream PR #28007, @​joestringer)
  • Prioritization of which DNS mappings to keep was suboptimal, leading to evictions of mappings related to alive connections, worsening performance of fqdn policies and causing spurious logging. (Backport PR #27925, Upstream PR #27572, @​bimmlerd)
  • proxy: Ignore visibility annotation if proxy is disabled (Backport PR #27741, Upstream PR #27597, @​sayboras)

CI Changes:

Misc Changes:

... (truncated)

Commits
  • e1eb268 Prepare for release v1.13.7
  • f6ed7d9 chore(deps): update actions/checkout action to v4
  • 62acd9c chore(deps): update all lvh-images main
  • a63bd30 images: update cilium-{runtime,builder}
  • 5adf2c2 chore(deps): update docker.io/library/golang docker tag to v1.20.8
  • f9265b5 chore(deps): update sigstore/cosign-installer action to v3.1.2
  • 100b580 chore(deps): update cilium/coccicheck docker tag to v2.4
  • 4c2fda4 k8s: Add validation for init policy selection
  • 3a1a073 k8s: Restrict configuring reserved:init policy via CNP
  • fea64de k8s: Change test for reserved:init to CCNP
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.13.2 to 1.13.7.
- [Release notes](https://github.com/cilium/cilium/releases)
- [Changelog](https://github.com/cilium/cilium/blob/1.13.7/CHANGELOG.md)
- [Commits](cilium/cilium@1.13.2...1.13.7)

---
updated-dependencies:
- dependency-name: github.com/cilium/cilium
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 6, 2024
@apetruhin apetruhin merged commit 3e408fa into main Feb 6, 2024
@dependabot dependabot bot deleted the dependabot/go_modules/github.com/cilium/cilium-1.13.7 branch February 6, 2024 09:23
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant