Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

feat(helm): update chart cilium to 1.16.5 #734

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

chii-bot[bot]
Copy link
Contributor

@chii-bot chii-bot bot commented Aug 16, 2022

This PR contains the following updates:

Package Type Update Change
cilium (source) HelmChart minor 1.13.2 -> 1.16.5
cilium (source) minor 1.12.0 -> 1.16.5

⚠ Dependency Lookup Warnings ⚠

Warnings were logged while processing this repo. Please check the Dependency Dashboard for more information.


Release Notes

cilium/cilium

v1.16.5

Compare Source

Summary of Changes

Minor Changes:

Bugfixes:

  • Address potential connectivity disruption when using either L7 / DNS Network policies in combination with per-endpoint routes and hostLegacyRouting, or L7 / DNS network policies in combination with IPsec network encryption. (Backport PR #​36540, Upstream PR #​36484, @​julianwiedmann)
  • bgp: fix race in bgp stores (Backport PR #​36066, Upstream PR #​35971, @​harsimran-pabla)
  • BGPv1: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (Backport PR #​36286, Upstream PR #​36230, @​rastislavs)
  • BGPv2: Fix race by reconciliation of services with externalTrafficPolicy=Local by populating locally available services after performing service diff (Backport PR #​36286, Upstream PR #​36165, @​rastislavs)
  • Cilium agent now waits until endpoints have restored before starting accepting new xDS streams. (Backport PR #​36049, Upstream PR #​35984, @​jrajahalme)
  • Cilium no longer keeps old DNS-IP mappings alive while reaping newer ones, leading to spurious drops in connections to domains with many IPs associated. (Backport PR #​36462, Upstream PR #​36252, @​bimmlerd)
  • cilium-health-ep controller is made to be more robust against successive failures. (Backport PR #​36066, Upstream PR #​35936, @​jrajahalme)
  • DNS proxy port is no longer released when endpoint with a DNS policy fails to regenerate successfully. A potential deadlock between CEC/CCEC parser and endpoint policy update is removed. (Backport PR #​36468, Upstream PR #​36142, @​jrajahalme)
  • Envoy "initial fetch timeout" warnings are now demoted to info level, as they are expected to happen during Cilium Agent restart. (Backport PR #​36049, Upstream PR #​36060, @​jrajahalme)
  • Fix an issue where pod-to-world traffic goes up stack when BPF host routing is enabled with tunnel. (Backport PR #​35861, Upstream PR #​35098, @​jschwinger233)
  • Fix identity leak for kvstore identity mode (Backport PR #​36066, Upstream PR #​34893, @​odinuge)
  • Fix potential Cilium agent panic during endpoint restoration, occurring if the corresponding pod gets deleted while the agent is restarting. This regression only affects Cilium v1.16.4. (Backport PR #​36302, Upstream PR #​36292, @​giorio94)
  • gateway-api: Fix gateway checks for namespace (Backport PR #​36462, Upstream PR #​35452, @​sayboras)
  • gha: Remove hostLegacyRouting in clustermesh (Backport PR #​36357, Upstream PR #​35418, @​sayboras)
  • helm: Use an absolute FQDN for the Hubble peer-service endpoint to avoid incorrect DNS resolution outside the cluster (Backport PR #​36066, Upstream PR #​36005, @​devodev)
  • hubble: consistently use v as prefix for the Hubble version (Backport PR #​36286, Upstream PR #​35891, @​rolinh)
  • iptables: Fix data race in iptables manager (Backport PR #​36066, Upstream PR #​35902, @​pippolo84)
  • lrp: update LRP services with stale backends on agent restart (Backport PR #​36106, Upstream PR #​36036, @​ysksuzuki)
  • policy: Fix bug that allowed port ranges to be attached to L7 policies, which is not permitted. (#​36050, @​nathanjsweet)
  • Unbreak the cilium-dbg preflight migrate-identity command (Backport PR #​36286, Upstream PR #​36089, @​giorio94)
  • Use strconv.Itoa instead of string() for the correct behavior when converting kafka.ErrorCode from int32 to string. Add relevant unit tests for Kafka plugin and handler. (Backport PR #​36066, Upstream PR #​35856, @​nddq)

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests
cilium

quay.io/cilium/cilium:v1.16.5@​sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d
quay.io/cilium/cilium:stable@sha256:758ca0793f5995bb938a2fa219dcce63dc0b3fa7fc4ce5cc851125281fb7361d

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.5@​sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958
quay.io/cilium/clustermesh-apiserver:stable@sha256:37a7fdbef806b78ef63df9f1a9828fdddbf548d1f0e43b8eb10a6bdc8fa03958

docker-plugin

quay.io/cilium/docker-plugin:v1.16.5@​sha256:d6b4ed076ae921535c2a543d4b5b63af474288ee4501653a1f442c935beb5768
quay.io/cilium/docker-plugin:stable@sha256:d6b4ed076ae921535c2a543d4b5b63af474288ee4501653a1f442c935beb5768

hubble-relay

quay.io/cilium/hubble-relay:v1.16.5@​sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00
quay.io/cilium/hubble-relay:stable@sha256:6cfae1d1afa566ba941f03d4d7e141feddd05260e5cd0a1509aba1890a45ef00

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.5@​sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0
quay.io/cilium/operator-alibabacloud:stable@sha256:c0edf4c8d089e76d6565d3c57128b98bc6c73d14bb4590126ee746aeaedba5e0

operator-aws

quay.io/cilium/operator-aws:v1.16.5@​sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476
quay.io/cilium/operator-aws:stable@sha256:97e1fe0c2b522583033138eb10c170919d8de49d2788ceefdcff229a92210476

operator-azure

quay.io/cilium/operator-azure:v1.16.5@​sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9
quay.io/cilium/operator-azure:stable@sha256:265e2b78f572c76b523f91757083ea5f0b9b73b82f2d9714e5a8fb848e4048f9

operator-generic

quay.io/cilium/operator-generic:v1.16.5@​sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039
quay.io/cilium/operator-generic:stable@sha256:f7884848483bbcd7b1e0ccfd34ba4546f258b460cb4b7e2f06a1bcc96ef88039

operator

quay.io/cilium/operator:v1.16.5@​sha256:617896e1b23a2c4504ab2c84f17964e24dade3b5845f733b11847202230ca940
quay.io/cilium/operator:stable@sha256:617896e1b23a2c4504ab2c84f17964e24dade3b5845f733b11847202230ca940

v1.16.4

Compare Source

Security Advisories

This release addresses GHSA-xg58-75qf-9r67.

Summary of Changes

Minor Changes:

  • Added Helm option 'envoy.initialFetchTimeoutSeconds' (default 30 seconds) to override the Envoy default (15 seconds). (Backport PR #​35908, Upstream PR #​35809, @​jrajahalme)
  • clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (Backport PR #​35543, Upstream PR #​35349, @​giorio94)
  • helm: Lower default hubble.tls.auto.certValidityDuration to 365 days (Backport PR #​35781, Upstream PR #​35630, @​chancez)
  • helm: New socketLB.tracing flag (Backport PR #​35781, Upstream PR #​35747, @​pchaigno)
  • hubble-relay: Return underlying connection errors when connecting to peer manager (Backport PR #​35781, Upstream PR #​35632, @​chancez)
  • netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (Backport PR #​35543, Upstream PR #​35306, @​jrife)

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.4@​sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf
quay.io/cilium/cilium:stable@sha256:d55ec38938854133e06739b1af237932b9c4dd4e75e9b7b2ca3acc72540a44bf

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.4@​sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2
quay.io/cilium/clustermesh-apiserver:stable@sha256:b41ba9c1b32e31308e17287a24a5b8e8ed0931f70d168087001c9679bc6c5dd2

docker-plugin

quay.io/cilium/docker-plugin:v1.16.4@​sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e
quay.io/cilium/docker-plugin:stable@sha256:0e55f80fa875a1bcce87d87eae9a72b32c9db1fe9741c1f8d1bf308ef4b1193e

hubble-relay

quay.io/cilium/hubble-relay:v1.16.4@​sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2
quay.io/cilium/hubble-relay:stable@sha256:fb2c7d127a1c809f6ba23c05973f3dd00f6b6a48e4aee2da95db925a4f0351d2

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.4@​sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686
quay.io/cilium/operator-alibabacloud:stable@sha256:8d59d1c9043d0ccf40f3e16361e5c81e8044cb83695d32d750b0c352f690c686

operator-aws

quay.io/cilium/operator-aws:v1.16.4@​sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be
quay.io/cilium/operator-aws:stable@sha256:355051bbebab73ea3067bb7f0c28cfd43b584d127570cb826f794f468e2d31be

operator-azure

quay.io/cilium/operator-azure:v1.16.4@​sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de
quay.io/cilium/operator-azure:stable@sha256:475594628af6d6a807d58fcb6b7d48f5a82e0289f54ae372972b1d0536c0b6de

operator-generic

quay.io/cilium/operator-generic:v1.16.4@​sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5
quay.io/cilium/operator-generic:stable@sha256:c55a7cbe19fe0b6b28903a085334edb586a3201add9db56d2122c8485f7a51c5

operator

quay.io/cilium/operator:v1.16.4@​sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff
quay.io/cilium/operator:stable@sha256:c77643984bc17e1a93d83b58fa976d7e72ad1485ce722257594f8596899fdfff

v1.16.3

Compare Source

Summary of Changes

Bugfixes:

CI Changes:

Misc Changes:


Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.


  • If you want to rebase/retry this PR, click this checkbox.

This PR has been generated by Renovate Bot.

@chii-bot chii-bot bot requested a review from toboshii as a code owner August 16, 2022 18:26
@chii-bot chii-bot bot added renovate/helm type/minor type/patch size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. area/cluster Changes made in the cluster directory labels Aug 16, 2022
@chii-bot
Copy link
Contributor Author

chii-bot bot commented Aug 16, 2022

Path: cluster/apps/kube-system/cilium/helm-release.yaml
Version: 1.12.0 -> 1.16.5

@@ -1,1309 +1 @@
----
-# Source: cilium/templates/cilium-agent/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "cilium"
- namespace: default
----
-# Source: cilium/templates/cilium-operator/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "cilium-operator"
- namespace: default
----
-# Source: cilium/templates/hubble-relay/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "hubble-relay"
- namespace: default
----
-# Source: cilium/templates/hubble-ui/serviceaccount.yaml
-apiVersion: v1
-kind: ServiceAccount
-metadata:
- name: "hubble-ui"
- namespace: default
----
-# Source: cilium/templates/cilium-ca-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: cilium-ca
- namespace: default
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRQjRtQmpSd0pqWVFKSGZOenpuM1JyREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzdlVUZXck5ldDlmRUN0WFpFY1ZRVHRsMUpETXpSK1NHNHYxQzZ6bVB0dVVqUXFURWkKQXJlSjRuSHpuUVRSMndHbmFjd0trV0wvcWVVcmZHNDZmMHg1VzF1T05yUHBqeTZ4WncwaStWQkNiNkR1NzdYdApYc0hWenVUa0tyK25IUk5qZDhzWloxaVZiSnZlb29uRUNxb0Y2VW5sMDFCLzByWnVFYnQ1MVllY1FHNzRJSU5YCjREUHBNTXc1NVhkRVJnK1pQVVFLeTdVZXg5RWx3b2djalluYndFcnBxai9UenpqNnVrTE9pNGpBcVMvS25wRDMKajJ2Q3BQM0NPVWNrTmR6Y0pUMDdoZWVKaEozaGNCVXRFemtqNzZwVEMzVE8vekQyKzM1V2JIY1VLbGcxRFdKbAo2RXFlTDc2L1Z1ckVjeTRGcnp1ZDFQSVF5bWZkOS91Q1V4d3RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVViYlROZHozeVNEWTN0Q3JRU3pVQjRJQXc1T293RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJdDFDYWgrMXEyOGEwL3NMKzZjSWdaeG81NVM2WTZiT21mOVlxOXJHUTdvVEZSRWNtYzdtY21jCjlJVTQrdjdTRExWeWRFd0NJbGpDcS8zaWFONXZQNlNoVTR1QVhEWXlISDBwbXRJRUNqMzE0cTYxdlhHQWRpNzkKNzFERnZSTTdHYjJaNUVpSHdoYk1mTVlObTBkUkhnUGd2ZFdKY1MvQ2F5M1FZWTdtRnVMNUk2d3hlUmlhUDUxYgpHTm5uYzBYNWNFc0h3SlY0WnBWWW4xbGI5Y1BqZEtac3dMaW41WHl0M1VXUzNnTUpoTmNONlN1c2htcEVwclJXClVqMlFVeFJOcitDN1JlWlg2WjRLM0diWVpERWJsUUtFUlhCb1Jjck5xVnIwWGdSTTE2ZVB2SFcwS0ozSzRuY0EKd3FhWGIrMHJiOFFRVzlMaTlTNEJXa0x6U25LSTlvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdTNsQlZxelhyZlh4QXJWMlJIRlVFN1pkU1F6TTBma2h1TDlRdXM1ajdibEkwS2t4CklnSzNpZUp4ODUwRTBkc0JwMm5NQ3BGaS82bmxLM3h1T245TWVWdGJqamF6Nlk4dXNXY05JdmxRUW0rZzd1KzEKN1Y3QjFjN2s1Q3EvcHgwVFkzZkxHV2RZbFd5YjNxS0p4QXFxQmVsSjVkTlFmOUsyYmhHN2VkV0huRUJ1K0NDRApWK0F6NlRETU9lVjNSRVlQbVQxRUNzdTFIc2ZSSmNLSUhJMkoyOEJLNmFvLzA4ODQrcnBDem91SXdLa3Z5cDZRCjk0OXJ3cVQ5d2psSEpEWGMzQ1U5TzRYbmlZU2Q0WEFWTFJNNUkrK3FVd3QwenY4dzl2dCtWbXgzRkNwWU5RMWkKWmVoS25pKyt2MWJxeEhNdUJhODduZFR5RU1wbjNmZjdnbE1jTFFJREFRQUJBb0lCQUNiTkJkVG1tUTBNSmdHbApoUUROWTlWZ25SWU5iQ2JaSlQyVGV5WHVxWWYrSFMveWxKU3hjME02ZHRNdzRGcCt0V3pzM0tvalJSWWRGNjFVClo0djc1TndKS0gzYW5JbnVkSCtMRUpENGdMLy9VcE9oVVVuN25xcWQwNG5Wdnl6Yk83UU9peDZLNFM2cjkrYXcKUlVzcDJkNjNWZkFYT0VYOFduMlZkZlBWV2VmZ28yZmVRUlBnTGhIVXV0NEVRZGEra1dZbXRqcTJDTUJpdjdrZQpHRTByYndRRTRNMUNEN01zSnNGeU9BMXFsZ2dlQXBvTU1zcmtZMkNGWis4aHpTUFIyMzVMaGQzT2Ntb3c0TlNjClBxUnJrN2lXRG4rMExiZWNMOWVpdkVWbXZ4aEFJMGxBbEhUMVdWY3lqTmdwY0hPU3dRWEVPSTZzRWh3S0poSnAKYW5hUzRKRUNnWUVBMitxQUkxVmo0Qk9tN3hXaVM0RVFMVDZLV3gwRzF6Ry9wZXJib29aREFNejM3WitBWDJ5MgpDTEFxa1R6SmFRVTg0YkNwd1ZrK0hFMHVPYlExVjB4TkZmbG1YNGRnVC9xMW95QmViMnU1Q25UV2wwUktVQkJoCmpBWDRNa0RISE9HZVJTUFU4THV2MmtjS0ZKV3BEeE1VeEdIN0UwMGpyRjg4cjNlbENscjhmbk1DZ1lFQTJqd0cKSDM5bmg2a1lZaHd6ZUk4SlZ3M3JYMGJGZXlKWER0ak5EUldVTnNlWUNHVG83d1o0REZOemdZL2xpb0ZLdkFUOQoycnV6UWpydysyRzBsbTJPcG11aWVpMTFyOXJZSWZ1aHg1Qmo2eDBpYy9WcDJIL3JmU2pVYXM3WjR3THN5bjNJCmg1ckpIZ3FzZndFcjJKUVhsb3h0bWk1VXM2K3BUNjNUa1ROM3N0OENnWUFEcHFENTlURHpSMkErRjkzWjR3cWgKdGFnV1d5VUI3WkdBNzZVMXpZVFBQcGZmR2diSGpzWjIzblhXYzJ2a2tuR3dUWDZEOXpkUXdQZERmZnBrdUorTwovZFQxUVFvWVNkRTZKQTl0U2h5SVQraEFHcUloTWlSc2JxendLS01sbDVsSkRJODhiK0U3Zm5Kc1pRK3BjR2VuCjJ2aVFHWGUrSk5hZEV4OXFUSmhrZ1FLQmdRQ1pORG80TW9ERHcvblNKbW9iNEk1MkJ0ZU44Mmovb0lQdGNGWEQKTWJyekdmdXBLTzQ5bnhUMzBqM3NYdENPQTJZcnlIVk44U2RPLzRIZGVDSUcyTEtrTWp2RitkUDh1RzJ5cmF4TgpKUmlBSGR2cC9BZHFiYU1zSWxXOUJhb0FyRFQva240TWRLVnI2YUpmSnJ0Wk45MjNXcTQyNXYrZmhWb2ZEYkRRCjVvakprUUtCZ1FDZXVERE8vcVZRZnk4ZEl6Y3VXTmhnc2VmYTNydlhjU1JYNUVUQ2pLSTE2QWZtdXZuVVd3anIKVmxodkRvUmpwd1hFT0JWaGUzcWFETEJyeGZmcnhyU1JXa3hLQU1zTTl0M0VjYit5b0VCMFdXUXZ6SFVOenplWQoxZVlHcXFSOGE5YTIxWlo3cG4wTnVHaDdQUCtqZkpFME9WdGZiVm5GQnFiOVU2S3UrMHMvNFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
----
-# Source: cilium/templates/hubble/tls-helm/ca-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-ca-secret
- namespace: default
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRQjRtQmpSd0pqWVFKSGZOenpuM1JyREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzdlVUZXck5ldDlmRUN0WFpFY1ZRVHRsMUpETXpSK1NHNHYxQzZ6bVB0dVVqUXFURWkKQXJlSjRuSHpuUVRSMndHbmFjd0trV0wvcWVVcmZHNDZmMHg1VzF1T05yUHBqeTZ4WncwaStWQkNiNkR1NzdYdApYc0hWenVUa0tyK25IUk5qZDhzWloxaVZiSnZlb29uRUNxb0Y2VW5sMDFCLzByWnVFYnQ1MVllY1FHNzRJSU5YCjREUHBNTXc1NVhkRVJnK1pQVVFLeTdVZXg5RWx3b2djalluYndFcnBxai9UenpqNnVrTE9pNGpBcVMvS25wRDMKajJ2Q3BQM0NPVWNrTmR6Y0pUMDdoZWVKaEozaGNCVXRFemtqNzZwVEMzVE8vekQyKzM1V2JIY1VLbGcxRFdKbAo2RXFlTDc2L1Z1ckVjeTRGcnp1ZDFQSVF5bWZkOS91Q1V4d3RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVViYlROZHozeVNEWTN0Q3JRU3pVQjRJQXc1T293RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJdDFDYWgrMXEyOGEwL3NMKzZjSWdaeG81NVM2WTZiT21mOVlxOXJHUTdvVEZSRWNtYzdtY21jCjlJVTQrdjdTRExWeWRFd0NJbGpDcS8zaWFONXZQNlNoVTR1QVhEWXlISDBwbXRJRUNqMzE0cTYxdlhHQWRpNzkKNzFERnZSTTdHYjJaNUVpSHdoYk1mTVlObTBkUkhnUGd2ZFdKY1MvQ2F5M1FZWTdtRnVMNUk2d3hlUmlhUDUxYgpHTm5uYzBYNWNFc0h3SlY0WnBWWW4xbGI5Y1BqZEtac3dMaW41WHl0M1VXUzNnTUpoTmNONlN1c2htcEVwclJXClVqMlFVeFJOcitDN1JlWlg2WjRLM0diWVpERWJsUUtFUlhCb1Jjck5xVnIwWGdSTTE2ZVB2SFcwS0ozSzRuY0EKd3FhWGIrMHJiOFFRVzlMaTlTNEJXa0x6U25LSTlvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- ca.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcEFJQkFBS0NBUUVBdTNsQlZxelhyZlh4QXJWMlJIRlVFN1pkU1F6TTBma2h1TDlRdXM1ajdibEkwS2t4CklnSzNpZUp4ODUwRTBkc0JwMm5NQ3BGaS82bmxLM3h1T245TWVWdGJqamF6Nlk4dXNXY05JdmxRUW0rZzd1KzEKN1Y3QjFjN2s1Q3EvcHgwVFkzZkxHV2RZbFd5YjNxS0p4QXFxQmVsSjVkTlFmOUsyYmhHN2VkV0huRUJ1K0NDRApWK0F6NlRETU9lVjNSRVlQbVQxRUNzdTFIc2ZSSmNLSUhJMkoyOEJLNmFvLzA4ODQrcnBDem91SXdLa3Z5cDZRCjk0OXJ3cVQ5d2psSEpEWGMzQ1U5TzRYbmlZU2Q0WEFWTFJNNUkrK3FVd3QwenY4dzl2dCtWbXgzRkNwWU5RMWkKWmVoS25pKyt2MWJxeEhNdUJhODduZFR5RU1wbjNmZjdnbE1jTFFJREFRQUJBb0lCQUNiTkJkVG1tUTBNSmdHbApoUUROWTlWZ25SWU5iQ2JaSlQyVGV5WHVxWWYrSFMveWxKU3hjME02ZHRNdzRGcCt0V3pzM0tvalJSWWRGNjFVClo0djc1TndKS0gzYW5JbnVkSCtMRUpENGdMLy9VcE9oVVVuN25xcWQwNG5Wdnl6Yk83UU9peDZLNFM2cjkrYXcKUlVzcDJkNjNWZkFYT0VYOFduMlZkZlBWV2VmZ28yZmVRUlBnTGhIVXV0NEVRZGEra1dZbXRqcTJDTUJpdjdrZQpHRTByYndRRTRNMUNEN01zSnNGeU9BMXFsZ2dlQXBvTU1zcmtZMkNGWis4aHpTUFIyMzVMaGQzT2Ntb3c0TlNjClBxUnJrN2lXRG4rMExiZWNMOWVpdkVWbXZ4aEFJMGxBbEhUMVdWY3lqTmdwY0hPU3dRWEVPSTZzRWh3S0poSnAKYW5hUzRKRUNnWUVBMitxQUkxVmo0Qk9tN3hXaVM0RVFMVDZLV3gwRzF6Ry9wZXJib29aREFNejM3WitBWDJ5MgpDTEFxa1R6SmFRVTg0YkNwd1ZrK0hFMHVPYlExVjB4TkZmbG1YNGRnVC9xMW95QmViMnU1Q25UV2wwUktVQkJoCmpBWDRNa0RISE9HZVJTUFU4THV2MmtjS0ZKV3BEeE1VeEdIN0UwMGpyRjg4cjNlbENscjhmbk1DZ1lFQTJqd0cKSDM5bmg2a1lZaHd6ZUk4SlZ3M3JYMGJGZXlKWER0ak5EUldVTnNlWUNHVG83d1o0REZOemdZL2xpb0ZLdkFUOQoycnV6UWpydysyRzBsbTJPcG11aWVpMTFyOXJZSWZ1aHg1Qmo2eDBpYy9WcDJIL3JmU2pVYXM3WjR3THN5bjNJCmg1ckpIZ3FzZndFcjJKUVhsb3h0bWk1VXM2K3BUNjNUa1ROM3N0OENnWUFEcHFENTlURHpSMkErRjkzWjR3cWgKdGFnV1d5VUI3WkdBNzZVMXpZVFBQcGZmR2diSGpzWjIzblhXYzJ2a2tuR3dUWDZEOXpkUXdQZERmZnBrdUorTwovZFQxUVFvWVNkRTZKQTl0U2h5SVQraEFHcUloTWlSc2JxendLS01sbDVsSkRJODhiK0U3Zm5Kc1pRK3BjR2VuCjJ2aVFHWGUrSk5hZEV4OXFUSmhrZ1FLQmdRQ1pORG80TW9ERHcvblNKbW9iNEk1MkJ0ZU44Mmovb0lQdGNGWEQKTWJyekdmdXBLTzQ5bnhUMzBqM3NYdENPQTJZcnlIVk44U2RPLzRIZGVDSUcyTEtrTWp2RitkUDh1RzJ5cmF4TgpKUmlBSGR2cC9BZHFiYU1zSWxXOUJhb0FyRFQva240TWRLVnI2YUpmSnJ0Wk45MjNXcTQyNXYrZmhWb2ZEYkRRCjVvakprUUtCZ1FDZXVERE8vcVZRZnk4ZEl6Y3VXTmhnc2VmYTNydlhjU1JYNUVUQ2pLSTE2QWZtdXZuVVd3anIKVmxodkRvUmpwd1hFT0JWaGUzcWFETEJyeGZmcnhyU1JXa3hLQU1zTTl0M0VjYit5b0VCMFdXUXZ6SFVOenplWQoxZVlHcXFSOGE5YTIxWlo3cG4wTnVHaDdQUCtqZkpFME9WdGZiVm5GQnFiOVU2S3UrMHMvNFE9PQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
----
-# Source: cilium/templates/hubble/tls-helm/relay-client-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-relay-client-certs
- namespace: default
-type: kubernetes.io/tls
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRQjRtQmpSd0pqWVFKSGZOenpuM1JyREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzdlVUZXck5ldDlmRUN0WFpFY1ZRVHRsMUpETXpSK1NHNHYxQzZ6bVB0dVVqUXFURWkKQXJlSjRuSHpuUVRSMndHbmFjd0trV0wvcWVVcmZHNDZmMHg1VzF1T05yUHBqeTZ4WncwaStWQkNiNkR1NzdYdApYc0hWenVUa0tyK25IUk5qZDhzWloxaVZiSnZlb29uRUNxb0Y2VW5sMDFCLzByWnVFYnQ1MVllY1FHNzRJSU5YCjREUHBNTXc1NVhkRVJnK1pQVVFLeTdVZXg5RWx3b2djalluYndFcnBxai9UenpqNnVrTE9pNGpBcVMvS25wRDMKajJ2Q3BQM0NPVWNrTmR6Y0pUMDdoZWVKaEozaGNCVXRFemtqNzZwVEMzVE8vekQyKzM1V2JIY1VLbGcxRFdKbAo2RXFlTDc2L1Z1ckVjeTRGcnp1ZDFQSVF5bWZkOS91Q1V4d3RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVViYlROZHozeVNEWTN0Q3JRU3pVQjRJQXc1T293RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJdDFDYWgrMXEyOGEwL3NMKzZjSWdaeG81NVM2WTZiT21mOVlxOXJHUTdvVEZSRWNtYzdtY21jCjlJVTQrdjdTRExWeWRFd0NJbGpDcS8zaWFONXZQNlNoVTR1QVhEWXlISDBwbXRJRUNqMzE0cTYxdlhHQWRpNzkKNzFERnZSTTdHYjJaNUVpSHdoYk1mTVlObTBkUkhnUGd2ZFdKY1MvQ2F5M1FZWTdtRnVMNUk2d3hlUmlhUDUxYgpHTm5uYzBYNWNFc0h3SlY0WnBWWW4xbGI5Y1BqZEtac3dMaW41WHl0M1VXUzNnTUpoTmNONlN1c2htcEVwclJXClVqMlFVeFJOcitDN1JlWlg2WjRLM0diWVpERWJsUUtFUlhCb1Jjck5xVnIwWGdSTTE2ZVB2SFcwS0ozSzRuY0EKd3FhWGIrMHJiOFFRVzlMaTlTNEJXa0x6U25LSTlvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURTRENDQWpDZ0F3SUJBZ0lRTHI3bnhHYTRsWnkxQUIzQkRLbCtyVEFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBak1TRXdId1lEVlFRRERCZ3FMbWgxWW1Kc1pTMXlaV3hoZVM1amFXeHBkVzB1YVc4d2dnRWlNQTBHCkNTcUdTSWIzRFFFQkFRVUFBNElCRHdBd2dnRUtBb0lCQVFERUZpWloyQ3I0RWJGem00cGI2L29DdE91NFRacGcKeTBGZ2lyN0pzUm8rMmdHbGVkY0Z0Q20xdWJZQUZWV0JJQnRweDczdXJpNXVRb1Zoa0xQalpKblZGZHZNOVhlZgo2MWRwRFNSZzBmQjJpc2Fpa0dyckwzcTJCVEdMWU44dkI4OFlQc203cGVEN0NCcTFZTXU1eG1yT3lhdjlPdjQ0CmxFTTJGWUgydVB2VktCczVwalg0TWRGWnZRd2I4OXJ3VFNJRzhhTXhIQ2Y0WWN5QXJhbEpWd1lBazVYZkNvK0EKeVp1MllIUnlzUnNSNVhvanBnYXd3cXhkNkRCSEdqeUdmODhVUHhNdXhOUXVKKzlwNldTM29SMVFzNGtUMGd3VQo0ZzNhdXFDYmloSG1pNVlyanBHU1lUWlRqS0p1NmZtSGx3bDczWmx3UCtXNVBQaVlMRW41YkRsTEFnTUJBQUdqCmdZWXdnWU13RGdZRFZSMFBBUUgvQkFRREFnV2dNQjBHQTFVZEpRUVdNQlFHQ0NzR0FRVUZCd01CQmdnckJnRUYKQlFjREFqQU1CZ05WSFJNQkFmOEVBakFBTUI4R0ExVWRJd1FZTUJhQUZHMjB6WGM5OGtnMk43UXEwRXMxQWVDQQpNT1RxTUNNR0ExVWRFUVFjTUJxQ0dDb3VhSFZpWW14bExYSmxiR0Y1TG1OcGJHbDFiUzVwYnpBTkJna3Foa2lHCjl3MEJBUXNGQUFPQ0FRRUFSYVNMS2dwaTBWSXNta0RPc2duOExXNG56aGRyOTNDTHZVNUxQdEJjYXdta2dyZFIKLytQUkt2KzZOWEg2SjRadldOMjRpQlhaKzBnRWF1enQzS21udlBOZjBQMm1MMHoySzF2OGt0cU5Md3JUMHNMcgpnSUh1R0Z5aEZZalBWNm83ZkM3bjZwK2s1Vmk0KzZWMG1KVnNodlovK29VcFJhTWxmS1BZRzl4S0FNMmdqWDFLCmFMTW92OGRmTFVvclNJK3JLM01jVXhMdWRxRlNqbk5jNnVuQ2hrRUJRL3JhdzZ0OWM1WmNBZk5oeTRFQ1VKWjQKbG1BT2N4MjJlckorOVVROVdESzF5amIxa1B2cFN5UHJZMEd5T1hjOXY5QkZrWGFpM1QzNTJSdVZVMUNWYmlXOApaV0hhNE5ObWtnbEoxTndScFpYckVsR2FnQndIdGtuUkZmajNYdz09Ci0tLS0tRU5EIENFUlRJRklDQVRFLS0tLS0K
- tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFcFFJQkFBS0NBUUVBeEJZbVdkZ3ErQkd4YzV1S1crdjZBclRydUUyYVlNdEJZSXEreWJFYVB0b0JwWG5YCkJiUXB0Ym0yQUJWVmdTQWJhY2U5N3E0dWJrS0ZZWkN6NDJTWjFSWGJ6UFYzbit0WGFRMGtZTkh3ZG9yR29wQnEKNnk5NnRnVXhpMkRmTHdmUEdEN0p1NlhnK3dnYXRXREx1Y1pxenNtci9UcitPSlJETmhXQjlyajcxU2diT2FZMQorREhSV2IwTUcvUGE4RTBpQnZHak1Sd24rR0hNZ0sycFNWY0dBSk9WM3dxUGdNbWJ0bUIwY3JFYkVlVjZJNllHCnNNS3NYZWd3UnhvOGhuL1BGRDhUTHNUVUxpZnZhZWxrdDZFZFVMT0pFOUlNRk9JTjJycWdtNG9SNW91V0s0NlIKa21FMlU0eWlidW41aDVjSmU5MlpjRC9sdVR6NG1DeEorV3c1U3dJREFRQUJBb0lCQVFDRGlraFg1UWVPT25CTQpHWCtMZ3BYSTB3MStLYkR5VmVlWmwvbTgyNjI3bEF1ZXNrbG9iaCs4NU1RTzhrRFZ5bkFaV2dFejZHMEZVbUtmCnZLNndVSUJSemNRUmptbWRRZ2IxVmZlZGE3aGdEV0NMRlU1a1R3bUdxWjArM3RGWmYyZVI0Q3o4VUo3SVIvdUMKeVZoaFc1V3krdDhCbFYyTkh3aW5jMjRuMEpnL3VPYUNJaUlwN1laTE9QeUFRb0kzbXR4ZnQrV1AzNDVnRGMwLwpSUjk0cW05bXU5RHU1NnhzTTI0UmhqdlZJZzkzTFR0a2lRSnl1ZHNGOHBtckUzTDQzVmZLU0ZOTi9Wcndkdk9sCmVNMXdETEpQd1RLYWl3MUxEck0xWkNIUy9LSWtvQ1JvOHJTMGM4WFJWMWRRK0pMNGpBN1FwSkw4R3EreFQyOEoKZHh0d0tNdkJBb0dCQVBFVElVVzhiblp5Zm10OVdiN2JqbUJoOTQvZzRVeHpFY05WT0FPTys3M1NtZXltQml1LwpPaFV0Y2dTNHR6Z1RSSzhRUVo5UWtjYk02UFVSanQwaENuMjJCaFVLc001NmU5VjZ6cU4zdUZKa1BqeHV3bFVhClc0di9ZNHZBRitFTHZCczBieG5SKzhxWSt4eDNMVElnSHhwREJzUzczMEIvcDZuaDdQL09vUHhKQW9HQkFOQTUKL012VCtncjhIa2JZZ3RtZUJVaTR4ZmJhS0VmbVVtZHM1VXJQU09lRENwaVpqdHo5bFoxZzZoS3Q4bEE1MU8yNQpRQ3J2WXhxSWRuYlRqS1JLcGNqRGtJT1c0U3ZBQVlMNlBFRTdxR2FDbVpNQ3dTMENWQVZRcWlyM1c4MEUwTWRWCkxpZS95YTNCSnowenpyeTY0Y3loTUo5MHBEZFBuMUluWXQvU05zRHpBb0dCQU5HbFlqMEVCa2dwZjNrNDFIQWUKL1cwaUpTbFJWbnltWVI4dW4veXdQb3F3ZUQyTmtEWkJJV0REV2JGemRacGxYMGlpNlg2RGtaS0NKbURnK1EyaQpxejN4cXM1bnNxU05iZDJUNDluU3hrK1liMnNjb3hGaFQ1V3E3a1hkTXFiNkRvYldEWHcxMlRNeDRNYTdlV2xxCjk4RmQ0cWY1L2NkWWZGVkhiVlIwdkJsSkFvR0JBTTA0aVlVZUMyN3VJcXp5VUt4SUNLOHVwTFZ4TjRmOVlUUGIKNkhSOXJUMjNNaWRLR0xxSEZ3RC85bEtvcTR3VUkxNlVXTUM0SkxXT3p5cTN2d0poSzltZG5QMkVJN0pwejFPVwphdkpqNk1uM1o0S3prVTVaNEJOSStCM1dvdHlDSlg1LzNqaUExalZ3aThyUEY2OThoSFNZWFFLYkJBb2JhRXVnCjA5c0NKTUt2QW9HQUZGQVRLeW9Wc3paOEpGY2hhRGQyK1U0SC9hNzh3QzdoZjI0cnBiT2hhdUYvMCtHMWg5NEIKWXQ3NEpwV2FUWndsdUk0a2xLZnVoTWI0TzQ1aHIwMUR4WjFJc2JEU0pOdVl4cDU4QzNLRlRLQTUvZTNCc2RybAp3cjl1M2JEUW1TNUNYcGtvdXcwYy9mSWFidTI3S0w5RmhXK01JdWtLdWFwdERYRElmTFRpVk1FPQotLS0tLUVORCBSU0EgUFJJVkFURSBLRVktLS0tLQo=
----
-# Source: cilium/templates/hubble/tls-helm/server-secret.yaml
-apiVersion: v1
-kind: Secret
-metadata:
- name: hubble-server-certs
- namespace: default
-type: kubernetes.io/tls
-data:
- ca.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURFekNDQWZ1Z0F3SUJBZ0lRQjRtQmpSd0pqWVFKSGZOenpuM1JyREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBVU1SSXdFQVlEVlFRREV3bERhV3hwZFcwZ1EwRXdnZ0VpTUEwR0NTcUdTSWIzRFFFQkFRVUFBNElCCkR3QXdnZ0VLQW9JQkFRQzdlVUZXck5ldDlmRUN0WFpFY1ZRVHRsMUpETXpSK1NHNHYxQzZ6bVB0dVVqUXFURWkKQXJlSjRuSHpuUVRSMndHbmFjd0trV0wvcWVVcmZHNDZmMHg1VzF1T05yUHBqeTZ4WncwaStWQkNiNkR1NzdYdApYc0hWenVUa0tyK25IUk5qZDhzWloxaVZiSnZlb29uRUNxb0Y2VW5sMDFCLzByWnVFYnQ1MVllY1FHNzRJSU5YCjREUHBNTXc1NVhkRVJnK1pQVVFLeTdVZXg5RWx3b2djalluYndFcnBxai9UenpqNnVrTE9pNGpBcVMvS25wRDMKajJ2Q3BQM0NPVWNrTmR6Y0pUMDdoZWVKaEozaGNCVXRFemtqNzZwVEMzVE8vekQyKzM1V2JIY1VLbGcxRFdKbAo2RXFlTDc2L1Z1ckVjeTRGcnp1ZDFQSVF5bWZkOS91Q1V4d3RBZ01CQUFHallUQmZNQTRHQTFVZER3RUIvd1FFCkF3SUNwREFkQmdOVkhTVUVGakFVQmdnckJnRUZCUWNEQVFZSUt3WUJCUVVIQXdJd0R3WURWUjBUQVFIL0JBVXcKQXdFQi96QWRCZ05WSFE0RUZnUVViYlROZHozeVNEWTN0Q3JRU3pVQjRJQXc1T293RFFZSktvWklodmNOQVFFTApCUUFEZ2dFQkFJdDFDYWgrMXEyOGEwL3NMKzZjSWdaeG81NVM2WTZiT21mOVlxOXJHUTdvVEZSRWNtYzdtY21jCjlJVTQrdjdTRExWeWRFd0NJbGpDcS8zaWFONXZQNlNoVTR1QVhEWXlISDBwbXRJRUNqMzE0cTYxdlhHQWRpNzkKNzFERnZSTTdHYjJaNUVpSHdoYk1mTVlObTBkUkhnUGd2ZFdKY1MvQ2F5M1FZWTdtRnVMNUk2d3hlUmlhUDUxYgpHTm5uYzBYNWNFc0h3SlY0WnBWWW4xbGI5Y1BqZEtac3dMaW41WHl0M1VXUzNnTUpoTmNONlN1c2htcEVwclJXClVqMlFVeFJOcitDN1JlWlg2WjRLM0diWVpERWJsUUtFUlhCb1Jjck5xVnIwWGdSTTE2ZVB2SFcwS0ozSzRuY0EKd3FhWGIrMHJiOFFRVzlMaTlTNEJXa0x6U25LSTlvUT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.crt: LS0tLS1CRUdJTiBDRVJUSUZJQ0FURS0tLS0tCk1JSURaakNDQWs2Z0F3SUJBZ0lRRTNWNGthd3lJS2pPZE1KREx2N3VnREFOQmdrcWhraUc5dzBCQVFzRkFEQVUKTVJJd0VBWURWUVFERXdsRGFXeHBkVzBnUTBFd0hoY05NalF4TWpFNE1ERXlNelF5V2hjTk1qY3hNakU0TURFeQpNelF5V2pBeU1UQXdMZ1lEVlFRRERDY3FMaVI3UTB4VlUxUkZVbDlPUVUxRmZTNW9kV0ppYkdVdFozSndZeTVqCmFXeHBkVzB1YVc4d2dnRWlNQTBHQ1NxR1NJYjNEUUVCQVFVQUE0SUJEd0F3Z2dFS0FvSUJBUUNhRE1YZnVMYWQKMzFvMU4rNGZhRGZyNjFQc254SXRFTk1pOXpZUzY3dk83UlZwRkl5R3VHYWZGQ2tmbmZST0NmWkZNN0JrZkkyQgp6cGZKWGlwTGkyZ3FFTm1BRllLU0k0OW8zeXptV3VMZWNIZlFnZzJ1ZTlPb0crS1VnOGlUNHVZTFl1UGN4YUpVCm5uY0kxbWRWc3ZjZjRMOEJtME4zYk0vSTFST3BMd0NQUGt1TkpGZWFiQVBiR0hyKzBlT0FiS1BEdzZjR0JzRkcKR0NtQVJDYStLUUFUQ0lpUWxjYUtscUlMYTdxL21uNXU0Y3JEMVVIRGRPeHZnVlNlYUt6SzVKVlBYUTFGYVRqagp0MTNnb1hrT1hVUDhiU0Z6cmV6dUdlRWMrVCtDSXc3KzNMQ0FxV0xyUXB0N2VXSlUwSmNXaWpNZ1UxQmo3ZTJTCnJLalcwaFYySWZLTEFnTUJBQUdqZ1pVd2daSXdEZ1lEVlIwUEFRSC9CQVFEQWdXZ01CMEdBMVVkSlFRV01CUUcKQ0NzR0FRVUZCd01CQmdnckJnRUZCUWNEQWpBTUJnTlZIUk1CQWY4RUFqQUFNQjhHQTFVZEl3UVlNQmFBRkcyMAp6WGM5OGtnMk43UXEwRXMxQWVDQU1PVHFNRElHQTFVZEVRUXJNQ21DSnlvdUpIdERURlZUVkVWU1gwNUJUVVY5CkxtaDFZbUpzWlMxbmNuQmpMbU5wYkdsMWJTNXBiekFOQmdrcWhraUc5dzBCQVFzRkFBT0NBUUVBZUhQQzFqczYKa3NKK0UwdGFUc25Oc1N1WDVYNWM1VE5xcG44dUN6UXAyRkQzLzlaa1R1OHhRM3AwcmVRLzB3eEFEcmVMdmp4cwphcUNITDRDazNLRjhZZi9YWXVJRTlySk54Q2IyMHNFQk9pa1dsZUd0U2RrWW4yenhPZTQ2ZU1qS29ocnBReG0zCk9XTml3S0Y4VHNDckhTVEpKNTJVVjNib2dWOFV0SmhOczd0K2FQVVNQS25QOHZ5Szl2cnovUkZBM2U0TWZVZUgKbXlUNndlbEd0aHJVNStWS2FIZytRdDhOQkluSXNYMW5yR0NmZmpjQnU1bjUvV1VPdFR6SVN1MWRKV0dpMUl0UgptQUxPaDNveDUxQjNlM1VmSHkxNHRyL2pDR3RuSk8wQm4wUW5hdFBUK3JzMjM4QzdCODRmL2xRbk0wN004UXJhCjNBU1MzVFhKTmF3RGN3PT0KLS0tLS1FTkQgQ0VSVElGSUNBVEUtLS0tLQo=
- tls.key: LS0tLS1CRUdJTiBSU0EgUFJJVkFURSBLRVktLS0tLQpNSUlFb2dJQkFBS0NBUUVBbWd6RjM3aTJuZDlhTlRmdUgyZzM2K3RUN0o4U0xSRFRJdmMyRXV1N3p1MFZhUlNNCmhyaG1ueFFwSDUzMFRnbjJSVE93Wkh5TmdjNlh5VjRxUzR0b0toRFpnQldDa2lPUGFOOHM1bHJpM25CMzBJSU4Kcm52VHFCdmlsSVBJaytMbUMyTGozTVdpVko1M0NOWm5WYkwzSCtDL0FadERkMnpQeU5VVHFTOEFqejVMalNSWAptbXdEMnhoNi90SGpnR3lqdzhPbkJnYkJSaGdwZ0VRbXZpa0FFd2lJa0pYR2lwYWlDMnU2djVwK2J1SEt3OVZCCnczVHNiNEZVbm1pc3l1U1ZUMTBOUldrNDQ3ZGQ0S0Y1RGwxRC9HMGhjNjNzN2huaEhQay9naU1PL3R5d2dLbGkKNjBLYmUzbGlWTkNYRm9veklGTlFZKzN0a3F5bzF0SVZkaUh5aXdJREFRQUJBb0lCQUZZaDNDVXBueG1JUDJUUQpIOWo1cVlMRU1rbHo2M0s5SElCSlhyZVhqSXUzTGFoeUw5eEhrRUZUd1dhSEo0aldzeGFnUHZrQVZ4S0VFNFFvCm5WZGQyK0RoU09yL20rRGY5eGc0NkY3bjVEOWcvT3pkT284YmR3MWdnZ0J0NnFFZFZXaDZZMU1XUVp3MGVmTzgKQlV6NllvZzFYamFrdkVVeTFyN0F2RngxQmtnUU80ejI5b0dnTDNxRFAzcitheWQ0RVpoeGZvK1MxWTRmdFYzUApKYllxTGhHRkt2RjJhbkovUmtVdjNnckNndGg0VkxuQ1ZtY0hKQkVQa01vNnJWaXlkNXRPR1UzN2xvQVlHaE9YCk81NVdDd0loYThMcS9tbkkrRmVLUnU3MXpZNG1xMXZ1ZGVQT0dEZUUvdlZPY3FzRER3cTY0UVZXcFo2WFJUaEkKZm1oYUVXRUNnWUVBd3g4L0g2bzk5bEdIcjFyTXZhVzJFRFdzdG1PQXJTY2k2eWVrRjZ5eWNvYjlxb1gzeG9KdgpZMVBXZENLQXVJRmV6VGlscUtBTjBJMk5qNFExS0lmWm9wcFZyOXUvS05yeDVsNkdRYnJnRTIyd21yS2JwRzRICnZNeVppb3ZKTy9HWWhNNlNoUWtCREtxenNVdFhydFdyRTZqQkRMRnVMcGJYVmJyM3ZvTS9qWnNDZ1lFQXloMEUKb0REcERpQlc1bHJQbzNna083dTdESDBtcjdhMmtOWk9RSmVVbEJveERTY2lBNit4d2U1Y3FET0lqUlpQZzRiZgoreHJoOUxIbFZsUWRXRkovY1dZWG9iME1BQ1pLbHhGUFZTa25mR24xR0c1RG9kNzAzSHZrOUN4RjhBOHpMdkNxCnlGSjRlR0tXNFR2S3ZzbE5iOGlMSG9IczVwU2dBMmVvRXo3TzlkRUNnWUE5UjBUbHh1dHF2alFrcUJtQXZkZ3QKd3cyWXdpc1pOaDlMUnNuTC9acVZTVHZGSUFtdXVDd1BQN2NzQmVIekQvNGI2Vnh0VnNhLzVwUzhxOEtlRmZ3TgppdmE2SWdNbzY0bm8xV3JJbmMzZGpDZFlqaHMvU3FiM2JqSVNSdEJPR1JQVE1hVG1UdXViZE1pMk4zazBHVHAvCkZCSjgwQVJRY1dMek02SzJuRFdMWFFLQmdGek5iaTVQeHZNaGprVS9OVkFOL2pVZlFnZTkvMkYzTitUUlFpVU8KZEw1OE9FR2QwbFIyKzl2Y0l0ZG9zaTUyTEJSc2ZiUEM2RFYrNlpyMkRITmRqZjczcmFvcUw3Ung0SlgwOE1SZApuUy9YUng3c29rbFZJb0dLc2RvYjZoRU1LYWhJQVdMeDJ6Y0xyZFBGckpabHdCU3Z0SkZSZndGeEJQZ0xSSFZ4CnhYM0JBb0dBYjVROC9ML0M0TDgyUk1SK2ZKRDVVbFhFSDdwc0NGSGJWMjhERW42MDJqbXBxdHBlSHdxT2pBK0EKcXYxcFh4YnhHRk93SkJ5dWEybUVYQUNBQmVDdDdBZUwxdkJtUTRvSVgxYldLK2VqVEV5Y01PVUkzQkRjcTBVZAp5dzF3bGY4U2RJdWZ2R3NGUWF5dysyYXRvdnFZZDVIOGYreHpQTW00aEF4NkIvNVJyUTA9Ci0tLS0tRU5EIFJTQSBQUklWQVRFIEtFWS0tLS0tCg==
----
-# Source: cilium/templates/cilium-configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: cilium-config
- namespace: default
-data:
- # Identity allocation mode selects how identities are shared between cilium
- # nodes by setting how they are stored. The options are "crd" or "kvstore".
- # - "crd" stores identities in kubernetes as CRDs (custom resource definition).
- # These can be queried with:
- # kubectl get ciliumid
- # - "kvstore" stores identities in an etcd kvstore, that is
- # configured below. Cilium versions before 1.6 supported only the kvstore
- # backend. Upgrades from these older cilium versions should continue using
- # the kvstore by commenting out the identity-allocation-mode below, or
- # setting it to "kvstore".
- identity-allocation-mode: crd
- cilium-endpoint-gc-interval: "5m0s"
- nodes-gc-interval: "5m0s"
- # Disable the usage of CiliumEndpoint CRD
- disable-endpoint-crd: "false"
- # If you want to run cilium in debug mode change this value to true
- debug: "false"
- # The agent can be put into the following three policy enforcement modes
- # default, always and never.
- # https://docs.cilium.io/en/latest/policy/intro/#policy-enforcement-modes
- enable-policy: "default"
- # Enable IPv4 addressing. If enabled, all endpoints are allocated an IPv4
- # address.
- enable-ipv4: "true"
- # Enable IPv6 addressing. If enabled, all endpoints are allocated an IPv6
- # address.
- enable-ipv6: "false"
- # Users who wish to specify their own custom CNI configuration file must set
- # custom-cni-conf to "true", otherwise Cilium may overwrite the configuration.
- custom-cni-conf: "false"
- enable-bpf-clock-probe: "true"
- # If you want cilium monitor to aggregate tracing for packets, set this level
- # to "low", "medium", or "maximum". The higher the level, the less packets
- # that will be seen in monitor output.
- monitor-aggregation: medium
- # The monitor aggregation interval governs the typical time between monitor
- # notification events for each allowed connection.
- #
- # Only effective when monitor aggregation is set to "medium" or higher.
- monitor-aggregation-interval: 5s
- # The monitor aggregation flags determine which TCP flags which, upon the
- # first observation, cause monitor notifications to be generated.
- #
- # Only effective when monitor aggregation is set to "medium" or higher.
- monitor-aggregation-flags: all
- # Specifies the ratio (0.0-1.0) of total system memory to use for dynamic
- # sizing of the TCP CT, non-TCP CT, NAT and policy BPF maps.
- bpf-map-dynamic-size-ratio: "0.0025"
- # bpf-policy-map-max specifies the maximum number of entries in endpoint
- # policy map (per endpoint)
- bpf-policy-map-max: "16384"
- # bpf-lb-map-max specifies the maximum number of entries in bpf lb service,
- # backend and affinity maps.
- bpf-lb-map-max: "65536"
- # bpf-lb-bypass-fib-lookup instructs Cilium to enable the FIB lookup bypass
- # optimization for nodeport reverse NAT handling.
- bpf-lb-external-clusterip: "false"
- # Pre-allocation of map entries allows per-packet latency to be reduced, at
- # the expense of up-front memory allocation for the entries in the maps. The
- # default value below will minimize memory usage in the default installation;
- # users who are sensitive to latency may consider setting this to "true".
- #
- # This option was introduced in Cilium 1.4. Cilium 1.3 and earlier ignore
- # this option and behave as though it is set to "true".
- #
- # If this value is modified, then during the next Cilium startup the restore
- # of existing endpoints and tracking of ongoing connections may be disrupted.
- # As a result, reply packets may be dropped and the load-balancing decisions
- # for established connections may change.
- #
- # If this option is set to "false" during an upgrade from 1.3 or earlier to
- # 1.4 or later, then it may cause one-time disruptions during the upgrade.
- preallocate-bpf-maps: "false"
- # Regular expression matching compatible Istio sidecar istio-proxy
- # container image names
- sidecar-istio-proxy-image: "cilium/istio_proxy"
- # Name of the cluster. Only relevant when building a mesh of clusters.
- cluster-name: ${CLUSTER_NAME}
- # Unique ID of the cluster. Must be unique across all conneted clusters and
- # in the range of 1 and 255. Only relevant when building a mesh of clusters.
- cluster-id: "${CLUSTER_ID}"
- # Encapsulation mode for communication between nodes
- # Possible values:
- # - disabled
- # - vxlan (default)
- # - geneve
- tunnel: "disabled"
- # Enables L7 proxy for L7 policy enforcement and visibility
- enable-l7-proxy: "true"
- enable-ipv4-masquerade: "true"
- enable-ipv6-masquerade: "true"
- enable-xt-socket-fallback: "true"
- install-iptables-rules: "true"
- install-no-conntrack-iptables-rules: "false"
- auto-direct-node-routes: "true"
- enable-local-redirect-policy: "true"
- ipv4-native-routing-cidr: ${NETWORK_K8S_CLUSTER_CIDR}
- kube-proxy-replacement: "strict"
- kube-proxy-replacement-healthz-bind-address: "0.0.0.0:10256"
- bpf-lb-sock: "false"
- enable-health-check-nodeport: "true"
- node-port-bind-protection: "true"
- enable-auto-protect-node-port-range: "true"
- bpf-lb-mode: "dsr"
- bpf-lb-algorithm: "maglev"
- enable-svc-source-range-check: "true"
- enable-l2-neigh-discovery: "true"
- arping-refresh-period: "30s"
- enable-endpoint-routes: "true"
- enable-endpoint-health-checking: "true"
- enable-health-checking: "true"
- enable-well-known-identities: "false"
- enable-remote-node-identity: "true"
- synchronize-k8s-nodes: "true"
- operator-api-serve-addr: "127.0.0.1:9234"
- # Enable Hubble gRPC service.
- enable-hubble: "true"
- # UNIX domain socket for Hubble server to listen to.
- hubble-socket-path: "/var/run/cilium/hubble.sock"
- # Address to expose Hubble metrics (e.g. ":7070"). Metrics server will be disabled if this
- # field is not set.
- hubble-metrics-server: ":9965"
- # A space separated list of metrics to enable. See [0] for available metrics.
- #
- # https://github.com/cilium/hubble/blob/master/Documentation/metrics.md
- hubble-metrics: dns:query;ignoreAAAA drop tcp flow port-distribution icmp http
- # An additional address for Hubble server to listen to (e.g. ":4244").
- hubble-listen-address: ":4244"
- hubble-disable-tls: "false"
- hubble-tls-cert-file: /var/lib/cilium/tls/hubble/server.crt
- hubble-tls-key-file: /var/lib/cilium/tls/hubble/server.key
- hubble-tls-client-ca-files: /var/lib/cilium/tls/hubble/client-ca.crt
- ipam: "kubernetes"
- disable-cnp-status-updates: "true"
- enable-vtep: "false"
- vtep-endpoint: ""
- vtep-cidr: ""
- vtep-mask: ""
- vtep-mac: ""
- bgp-announce-lb-ip: "true"
- enable-bgp-control-plane: "false"
- bpf-root: "/sys/fs/bpf"
- cgroup-root: "/run/cilium/cgroupv2"
- enable-k8s-terminating-endpoint: "true"
- remove-cilium-node-taints: "true"
- set-cilium-is-up-condition: "true"
- unmanaged-pod-watcher-interval: "15"
- tofqdns-dns-reject-response-code: "refused"
- tofqdns-enable-dns-compression: "true"
- tofqdns-endpoint-max-ip-per-hostname: "50"
- tofqdns-idle-connection-grace-period: "0s"
- tofqdns-max-deferred-connection-deletes: "10000"
- tofqdns-min-ttl: "3600"
- tofqdns-proxy-response-max-delay: "100ms"
- agent-not-ready-taint-key: "node.cilium.io/agent-not-ready"
----
-# Source: cilium/templates/hubble-relay/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: hubble-relay-config
- namespace: default
-data:
- config.yaml: "cluster-name: ${CLUSTER_NAME}\npeer-service: \"hubble-peer.default.svc.cluster.local:443\"\nlisten-address: :4245\ndial-timeout: \nretry-timeout: \nsort-buffer-len-max: \nsort-buffer-drain-timeout: \ntls-client-cert-file: /var/lib/hubble-relay/tls/client.crt\ntls-client-key-file: /var/lib/hubble-relay/tls/client.key\ntls-hubble-server-ca-files: /var/lib/hubble-relay/tls/hubble-server-ca.crt\ndisable-server-tls: true\n"
----
-# Source: cilium/templates/hubble-ui/configmap.yaml
-apiVersion: v1
-kind: ConfigMap
-metadata:
- name: hubble-ui-nginx
- namespace: default
-data:
- nginx.conf: "server {\n listen 8081;\n listen [::]:8081;\n server_name localhost;\n root /app;\n index index.html;\n client_max_body_size 1G;\n\n location / {\n proxy_set_header Host $host;\n proxy_set_header X-Real-IP $remote_addr;\n\n # CORS\n add_header Access-Control-Allow-Methods \"GET, POST, PUT, HEAD, DELETE, OPTIONS\";\n add_header Access-Control-Allow-Origin *;\n add_header Access-Control-Max-Age 1728000;\n add_header Access-Control-Expose-Headers content-length,grpc-status,grpc-message;\n add_header Access-Control-Allow-Headers range,keep-alive,user-agent,cache-control,content-type,content-transfer-encoding,x-accept-content-transfer-encoding,x-accept-response-streaming,x-user-agent,x-grpc-web,grpc-timeout;\n if ($request_method = OPTIONS) {\n return 204;\n }\n # /CORS\n\n location /api {\n proxy_http_version 1.1;\n proxy_pass_request_headers on;\n proxy_hide_header Access-Control-Allow-Origin;\n proxy_pass http://127.0.0.1:8090;\n }\n\n location / {\n try_files $uri $uri/ /index.html;\n }\n }\n}"
----
-# Source: cilium/templates/cilium-agent/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cilium
-rules:
- - apiGroups:
- - networking.k8s.io
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - namespaces
- - services
- - pods
- - endpoints
- - nodes
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - list
- - watch
- # This is used when validating policies in preflight. This will need to stay
- # until we figure out how to avoid "get" inside the preflight, and then
- # should be removed ideally.
- - get
- - apiGroups:
- - cilium.io
- resources:
- - ciliumbgploadbalancerippools
- - ciliumbgppeeringpolicies
- - ciliumclusterwideenvoyconfigs
- - ciliumclusterwidenetworkpolicies
- - ciliumegressgatewaypolicies
- - ciliumegressnatpolicies
- - ciliumendpoints
- - ciliumendpointslices
- - ciliumenvoyconfigs
- - ciliumidentities
- - ciliumlocalredirectpolicies
- - ciliumnetworkpolicies
- - ciliumnodes
- verbs:
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumidentities
- - ciliumendpoints
- - ciliumnodes
- verbs:
- - create
- - apiGroups:
- - cilium.io
- # To synchronize garbage collection of such resources
- resources:
- - ciliumidentities
- verbs:
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpoints
- verbs:
- - delete
- - get
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes
- - ciliumnodes/status
- verbs:
- - get
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies/status
- - ciliumclusterwidenetworkpolicies/status
- - ciliumendpoints/status
- - ciliumendpoints
- verbs:
- - patch
----
-# Source: cilium/templates/cilium-operator/clusterrole.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRole
-metadata:
- name: cilium-operator
-rules:
- - apiGroups:
- - ""
- resources:
- - pods
- verbs:
- - get
- - list
- - watch
- # to automatically delete [core|kube]dns pods so that are starting to being
- # managed by Cilium
- - delete
- - apiGroups:
- - ""
- resources:
- - nodes
- verbs:
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # To remove node taints
- - nodes
- # To set NetworkUnavailable false on startup
- - nodes/status
- verbs:
- - patch
- - apiGroups:
- - discovery.k8s.io
- resources:
- - endpointslices
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # to perform LB IP allocation for BGP
- - services/status
- verbs:
- - update
- - apiGroups:
- - ""
- resources:
- # to check apiserver connectivity
- - namespaces
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- # to perform the translation of a CNP that contains `ToGroup` to its endpoints
- - services
- - endpoints
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies
- - ciliumclusterwidenetworkpolicies
- verbs:
- # Create auto-generated CNPs and CCNPs from Policies that have 'toGroups'
- - create
- - update
- - deletecollection
- # To update the status of the CNPs and CCNPs
- - patch
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnetworkpolicies/status
- - ciliumclusterwidenetworkpolicies/status
- verbs:
- # Update the auto-generated CNPs and CCNPs status.
- - patch
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpoints
- - ciliumidentities
- verbs:
- # To perform garbage collection of such resources
- - delete
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - ciliumidentities
- verbs:
- # To synchronize garbage collection of such resources
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes
- verbs:
- - create
- - update
- - get
- - list
- - watch
- # To perform CiliumNode garbage collector
- - delete
- - apiGroups:
- - cilium.io
- resources:
- - ciliumnodes/status
- verbs:
- - update
- - apiGroups:
- - cilium.io
- resources:
- - ciliumendpointslices
- - ciliumenvoyconfigs
- verbs:
- - create
- - update
- - get
- - list
- - watch
- - delete
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - create
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - update
- resourceNames:
- - ciliumbgploadbalancerippools.cilium.io
- - ciliumbgppeeringpolicies.cilium.io
- - ciliumclusterwideenvoyconfigs.cilium.io
- - ciliumclusterwidenetworkpolicies.cilium.io
- - ciliumegressgatewaypolicies.cilium.io
- - ciliumegressnatpolicies.cilium.io
- - ciliumendpoints.cilium.io
- - ciliumendpointslices.cilium.io
- - ciliumenvoyconfigs.cilium.io
- - ciliumexternalworkloads.cilium.io
- - ciliumidentities.cilium.io
- - ciliumlocalredirectpolicies.cilium.io
- - ciliumnetworkpolicies.cilium.io
- - ciliumnodes.cilium.io
- # For cilium-operator running in HA mode.
- #
- # Cilium operator running in HA mode requires the use of ResourceLock for Leader Election
- # between multiple running instances.
- # The preferred way of doing this is to use LeasesResourceLock as edits to Leases are less
- # common and fewer objects in the cluster watch "all Leases".
- - apiGroups:
- - coordination.k8s.io
- resources:
- - leases
- verbs:
- - create
- - get
- - update
----
-# Source: cilium/templates/hubble-ui/clusterrole.yaml
-kind: ClusterRole
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: hubble-ui
-rules:
- - apiGroups:
- - networking.k8s.io
- resources:
- - networkpolicies
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - ""
- resources:
- - componentstatuses
- - endpoints
- - namespaces
- - nodes
- - pods
- - services
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - apiextensions.k8s.io
- resources:
- - customresourcedefinitions
- verbs:
- - get
- - list
- - watch
- - apiGroups:
- - cilium.io
- resources:
- - "*"
- verbs:
- - get
- - list
- - watch
----
-# Source: cilium/templates/cilium-agent/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: cilium
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cilium
-subjects:
- - kind: ServiceAccount
- name: "cilium"
- namespace: default
----
-# Source: cilium/templates/cilium-operator/clusterrolebinding.yaml
-apiVersion: rbac.authorization.k8s.io/v1
-kind: ClusterRoleBinding
-metadata:
- name: cilium-operator
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: cilium-operator
-subjects:
- - kind: ServiceAccount
- name: "cilium-operator"
- namespace: default
----
-# Source: cilium/templates/hubble-ui/clusterrolebinding.yaml
-kind: ClusterRoleBinding
-apiVersion: rbac.authorization.k8s.io/v1
-metadata:
- name: hubble-ui
-roleRef:
- apiGroup: rbac.authorization.k8s.io
- kind: ClusterRole
- name: hubble-ui
-subjects:
- - kind: ServiceAccount
- name: "hubble-ui"
- namespace: default
----
-# Source: cilium/templates/hubble-relay/service.yaml
-kind: Service
-apiVersion: v1
-metadata:
- name: hubble-relay
- namespace: default
- labels:
- k8s-app: hubble-relay
-spec:
- type: "ClusterIP"
- selector:
- k8s-app: hubble-relay
- ports:
- - protocol: TCP
- port: 80
- targetPort: 4245
----
-# Source: cilium/templates/hubble-ui/service.yaml
-kind: Service
-apiVersion: v1
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
-spec:
- type: "ClusterIP"
- selector:
- k8s-app: hubble-ui
- ports:
- - name: http
- port: 80
- targetPort: 8081
----
-# Source: cilium/templates/hubble/metrics-service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: hubble-metrics
- namespace: default
- labels:
- k8s-app: hubble
- annotations:
- prometheus.io/scrape: "true"
- prometheus.io/port: "9965"
-spec:
- clusterIP: None
- type: ClusterIP
- ports:
- - name: hubble-metrics
- port: 9965
- protocol: TCP
- targetPort: hubble-metrics
- selector:
- k8s-app: cilium
----
-# Source: cilium/templates/hubble/peer-service.yaml
-apiVersion: v1
-kind: Service
-metadata:
- name: hubble-peer
- namespace: default
- labels:
- k8s-app: cilium
-spec:
- selector:
- k8s-app: cilium
- ports:
- - name: peer-service
- port: 443
- protocol: TCP
- targetPort: 4244
----
-# Source: cilium/templates/cilium-agent/daemonset.yaml
-apiVersion: apps/v1
-kind: DaemonSet
-metadata:
- name: cilium
- namespace: default
- labels:
- k8s-app: cilium
-spec:
- selector:
- matchLabels:
- k8s-app: cilium
- updateStrategy:
- rollingUpdate:
- maxUnavailable: 2
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/cilium-configmap-checksum: "c94473999dcfb5bd4ee1091b33fc2d83e3d4cee71d054e8b787677e0726d01ff"
- labels:
- k8s-app: cilium
- spec:
- containers:
- - name: cilium-agent
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- command:
- - cilium-agent
- args:
- - --config-dir=/tmp/cilium/config-map
- startupProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- failureThreshold: 105
- periodSeconds: 2
- successThreshold: 1
- livenessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 10
- timeoutSeconds: 5
- readinessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9879
- scheme: HTTP
- httpHeaders:
- - name: "brief"
- value: "true"
- periodSeconds: 30
- successThreshold: 1
- failureThreshold: 3
- timeoutSeconds: 5
- env:
- - name: K8S_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: CILIUM_K8S_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: CILIUM_CLUSTERMESH_CONFIG
- value: /var/lib/cilium/clustermesh/
- - name: CILIUM_CNI_CHAINING_MODE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: cni-chaining-mode
- optional: true
- - name: CILIUM_CUSTOM_CNI_CONF
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: custom-cni-conf
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- lifecycle:
- postStart:
- exec:
- command:
- - "/cni-install.sh"
- - "--enable-debug=false"
- - "--cni-exclusive=true"
- - "--log-file=/var/run/cilium/cilium-cni.log"
- preStop:
- exec:
- command:
- - /cni-uninstall.sh
- ports:
- - name: peer-service
- containerPort: 4244
- hostPort: 4244
- protocol: TCP
- - name: hubble-metrics
- containerPort: 9965
- hostPort: 9965
- protocol: TCP
- securityContext:
- privileged: true
- volumeMounts:
- - name: bpf-maps
- mountPath: /sys/fs/bpf
- mountPropagation: Bidirectional
- - name: cilium-run
- mountPath: /var/run/cilium
- - name: cni-path
- mountPath: /host/opt/cni/bin
- - name: etc-cni-netd
- mountPath: /host/etc/cni/net.d
- - name: clustermesh-secrets
- mountPath: /var/lib/cilium/clustermesh
- readOnly: true
- - name: cilium-config-path
- mountPath: /tmp/cilium/config-map
- readOnly: true
- # Needed to be able to load kernel modules
- - name: lib-modules
- mountPath: /lib/modules
- readOnly: true
- - name: xtables-lock
- mountPath: /run/xtables.lock
- - name: bgp-config-path
- mountPath: /var/lib/cilium/bgp
- readOnly: true
- - name: hubble-tls
- mountPath: /var/lib/cilium/tls/hubble
- readOnly: true
- initContainers:
- # Required to mount cgroup2 filesystem on the underlying Kubernetes node.
- # We use nsenter command with host's cgroup and mount namespaces enabled.
- - name: mount-cgroup
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- env:
- - name: CGROUP_ROOT
- value: /run/cilium/cgroupv2
- - name: BIN_PATH
- value: /opt/cni/bin
- command:
- - sh
- - -ec
- # The statically linked Go program binary is invoked to avoid any
- # dependency on utilities like sh and mount that can be missing on certain
- # distros installed on the underlying host. Copy the binary to the
- # same directory where we install cilium cni plugin so that exec permissions
- # are available.
- - |
- cp /usr/bin/cilium-mount /hostbin/cilium-mount;
- nsenter --cgroup=/hostproc/1/ns/cgroup --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-mount" $CGROUP_ROOT;
- rm /hostbin/cilium-mount
- volumeMounts:
- - name: hostproc
- mountPath: /hostproc
- - name: cni-path
- mountPath: /hostbin
- securityContext:
- privileged: true
- - name: apply-sysctl-overwrites
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- env:
- - name: BIN_PATH
- value: /opt/cni/bin
- command:
- - sh
- - -ec
- # The statically linked Go program binary is invoked to avoid any
- # dependency on utilities like sh that can be missing on certain
- # distros installed on the underlying host. Copy the binary to the
- # same directory where we install cilium cni plugin so that exec permissions
- # are available.
- - |
- cp /usr/bin/cilium-sysctlfix /hostbin/cilium-sysctlfix;
- nsenter --mount=/hostproc/1/ns/mnt "${BIN_PATH}/cilium-sysctlfix";
- rm /hostbin/cilium-sysctlfix
- volumeMounts:
- - name: hostproc
- mountPath: /hostproc
- - name: cni-path
- mountPath: /hostbin
- securityContext:
- privileged: true
- - name: clean-cilium-state
- image: "quay.io/cilium/cilium:v1.12.0@sha256:079baa4fa1b9fe638f96084f4e0297c84dd4fb215d29d2321dcbe54273f63ade"
- imagePullPolicy: IfNotPresent
- command:
- - /init-container.sh
- env:
- - name: CILIUM_ALL_STATE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: clean-cilium-state
- optional: true
- - name: CILIUM_BPF_STATE
- valueFrom:
- configMapKeyRef:
- name: cilium-config
- key: clean-cilium-bpf-state
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- securityContext:
- privileged: true
- volumeMounts:
- - name: bpf-maps
- mountPath: /sys/fs/bpf
- # Required to mount cgroup filesystem from the host to cilium agent pod
- - name: cilium-cgroup
- mountPath: /run/cilium/cgroupv2
- mountPropagation: HostToContainer
- - name: cilium-run
- mountPath: /var/run/cilium
- resources:
- requests:
- cpu: 100m
- memory: 100Mi # wait-for-kube-proxy
- restartPolicy: Always
- priorityClassName: system-node-critical
- serviceAccount: "cilium"
- serviceAccountName: "cilium"
- terminationGracePeriodSeconds: 1
- hostNetwork: true
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- - operator: Exists
- volumes:
- # To keep state between restarts / upgrades
- - name: cilium-run
- hostPath:
- path: /var/run/cilium
- type: DirectoryOrCreate
- # To keep state between restarts / upgrades for bpf maps
- - name: bpf-maps
- hostPath:
- path: /sys/fs/bpf
- type: DirectoryOrCreate
- # To mount cgroup2 filesystem on the host
- - name: hostproc
- hostPath:
- path: /proc
- type: Directory
- # To keep state between restarts / upgrades for cgroup2 filesystem
- - name: cilium-cgroup
- hostPath:
- path: /run/cilium/cgroupv2
- type: DirectoryOrCreate
- # To install cilium cni plugin in the host
- - name: cni-path
- hostPath:
- path: /opt/cni/bin
- type: DirectoryOrCreate
- # To install cilium cni configuration in the host
- - name: etc-cni-netd
- hostPath:
- path: /etc/cni/net.d
- type: DirectoryOrCreate
- # To be able to load kernel modules
- - name: lib-modules
- hostPath:
- path: /lib/modules
- # To access iptables concurrently with other processes (e.g. kube-proxy)
- - name: xtables-lock
- hostPath:
- path: /run/xtables.lock
- type: FileOrCreate
- # To read the clustermesh configuration
- - name: clustermesh-secrets
- secret:
- secretName: cilium-clustermesh
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- optional: true
- # To read the configuration from the config map
- - name: cilium-config-path
- configMap:
- name: cilium-config
- - name: bgp-config-path
- configMap:
- name: bgp-config
- - name: hubble-tls
- projected:
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- sources:
- - secret:
- name: hubble-server-certs
- optional: true
- items:
- - key: ca.crt
- path: client-ca.crt
- - key: tls.crt
- path: server.crt
- - key: tls.key
- path: server.key
----
-# Source: cilium/templates/cilium-operator/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: cilium-operator
- namespace: default
- labels:
- io.cilium/app: operator
- name: cilium-operator
-spec:
- # See docs on ServerCapabilities.LeasesResourceLock in file pkg/k8s/version/version.go
- # for more details.
- replicas: 2
- selector:
- matchLabels:
- io.cilium/app: operator
- name: cilium-operator
- strategy:
- rollingUpdate:
- maxSurge: 1
- maxUnavailable: 1
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/cilium-configmap-checksum: "c94473999dcfb5bd4ee1091b33fc2d83e3d4cee71d054e8b787677e0726d01ff"
- labels:
- io.cilium/app: operator
- name: cilium-operator
- spec:
- containers:
- - name: cilium-operator
- image: quay.io/cilium/operator-generic:v1.12.0@sha256:bb2a42eda766e5d4a87ee8a5433f089db81b72dd04acf6b59fcbb445a95f9410
- imagePullPolicy: IfNotPresent
- command:
- - cilium-operator-generic
- args:
- - --config-dir=/tmp/cilium/config-map
- - --debug=$(CILIUM_DEBUG)
- env:
- - name: K8S_NODE_NAME
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: spec.nodeName
- - name: CILIUM_K8S_NAMESPACE
- valueFrom:
- fieldRef:
- apiVersion: v1
- fieldPath: metadata.namespace
- - name: CILIUM_DEBUG
- valueFrom:
- configMapKeyRef:
- key: debug
- name: cilium-config
- optional: true
- - name: KUBERNETES_SERVICE_HOST
- value: "10.75.40.10"
- - name: KUBERNETES_SERVICE_PORT
- value: "6443"
- livenessProbe:
- httpGet:
- host: "127.0.0.1"
- path: /healthz
- port: 9234
- scheme: HTTP
- initialDelaySeconds: 60
- periodSeconds: 10
- timeoutSeconds: 3
- volumeMounts:
- - name: cilium-config-path
- mountPath: /tmp/cilium/config-map
- readOnly: true
- - name: bgp-config-path
- mountPath: /var/lib/cilium/bgp
- readOnly: true
- hostNetwork: true
- restartPolicy: Always
- priorityClassName: system-cluster-critical
- serviceAccount: "cilium-operator"
- serviceAccountName: "cilium-operator"
- # In HA mode, cilium-operator pods must not be scheduled on the same
- # node as they will clash with each other.
- affinity:
- podAntiAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- io.cilium/app: operator
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- tolerations:
- - operator: Exists
- volumes:
- # To read the configuration from the config map
- - name: cilium-config-path
- configMap:
- name: cilium-config
- - name: bgp-config-path
- configMap:
- name: bgp-config
----
-# Source: cilium/templates/hubble-relay/deployment.yaml
-apiVersion: apps/v1
-kind: Deployment
-metadata:
- name: hubble-relay
- namespace: default
- labels:
- k8s-app: hubble-relay
-spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: hubble-relay
- strategy:
- rollingUpdate:
- maxUnavailable: 1
- type: RollingUpdate
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/hubble-relay-configmap-checksum: "27382c733aca8bb9cc669c794dc0ce492494af3869067092d9c0bf608d6fc0c1"
- labels:
- k8s-app: hubble-relay
- spec:
- containers:
- - name: hubble-relay
- image: "quay.io/cilium/hubble-relay:v1.12.0@sha256:ca8033ea8a3112d838f958862fa76c8d895e3c8d0f5590de849b91745af5ac4d"
- imagePullPolicy: IfNotPresent
- command:
- - hubble-relay
- args:
- - serve
- ports:
- - name: grpc
- containerPort: 4245
- readinessProbe:
- tcpSocket:
- port: grpc
- livenessProbe:
- tcpSocket:
- port: grpc
- volumeMounts:
- - name: config
- mountPath: /etc/hubble-relay
- readOnly: true
- - name: tls
- mountPath: /var/lib/hubble-relay/tls
- readOnly: true
- restartPolicy: Always
- priorityClassName:
- serviceAccount: "hubble-relay"
- serviceAccountName: "hubble-relay"
- automountServiceAccountToken: false
- terminationGracePeriodSeconds: 1
- affinity:
- podAffinity:
- requiredDuringSchedulingIgnoredDuringExecution:
- - labelSelector:
- matchLabels:
- k8s-app: cilium
- topologyKey: kubernetes.io/hostname
- nodeSelector:
- kubernetes.io/os: linux
- volumes:
- - name: config
- configMap:
- name: hubble-relay-config
- items:
- - key: config.yaml
- path: config.yaml
- - name: tls
- projected:
- # note: the leading zero means this number is in octal representation: do not remove it
- defaultMode: 0400
- sources:
- - secret:
- name: hubble-relay-client-certs
- items:
- - key: ca.crt
- path: hubble-server-ca.crt
- - key: tls.crt
- path: client.crt
- - key: tls.key
- path: client.key
----
-# Source: cilium/templates/hubble-ui/deployment.yaml
-kind: Deployment
-apiVersion: apps/v1
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
-spec:
- replicas: 1
- selector:
- matchLabels:
- k8s-app: hubble-ui
- template:
- metadata:
- annotations:
- # ensure pods roll when configmap updates
- cilium.io/hubble-ui-nginx-configmap-checksum: "435dc818f7e96a252c7345d28b626abf4015434a41f7501f53816c80b7561ee0"
- labels:
- k8s-app: hubble-ui
- spec:
- securityContext:
- fsGroup: 1001
- runAsGroup: 1001
- runAsUser: 1001
- priorityClassName:
- serviceAccount: "hubble-ui"
- serviceAccountName: "hubble-ui"
- containers:
- - name: frontend
- image: "quay.io/cilium/hubble-ui:v0.9.0@sha256:0ef04e9a29212925da6bdfd0ba5b581765e41a01f1cc30563cef9b30b457fea0"
- imagePullPolicy: IfNotPresent
- ports:
- - name: http
- containerPort: 8081
- volumeMounts:
- - name: hubble-ui-nginx-conf
- mountPath: /etc/nginx/conf.d/default.conf
- subPath: nginx.conf
- - name: tmp-dir
- mountPath: /tmp
- - name: backend
- image: "quay.io/cilium/hubble-ui-backend:v0.9.0@sha256:000df6b76719f607a9edefb9af94dfd1811a6f1b6a8a9c537cba90bf12df474b"
- imagePullPolicy: IfNotPresent
- env:
- - name: EVENTS_SERVER_PORT
- value: "8090"
- - name: FLOWS_API_ADDR
- value: "hubble-relay:80"
- ports:
- - name: grpc
- containerPort: 8090
- volumeMounts:
- nodeSelector:
- kubernetes.io/os: linux
- volumes:
- - configMap:
- defaultMode: 420
- name: hubble-ui-nginx
- name: hubble-ui-nginx-conf
- - emptyDir: {}
- name: tmp-dir
----
-# Source: cilium/templates/hubble-ui/ingress.yaml
-apiVersion: networking.k8s.io/v1
-kind: Ingress
-metadata:
- name: hubble-ui
- namespace: default
- labels:
- k8s-app: hubble-ui
- annotations:
- hajimari.io/appName: hubble
- hajimari.io/enable: "true"
- hajimari.io/icon: lan
-spec:
- tls:
- - hosts:
- - hubble.${SECRET_DOMAIN}
- rules:
- - host: hubble.${SECRET_DOMAIN}
- http:
- paths:
- - path: /
- pathType: Prefix
- backend:
- service:
- name: hubble-ui
- port:
- name: http
+

@chii-bot
Copy link
Contributor Author

chii-bot bot commented Aug 16, 2022

MegaLinter status: ❌ ERROR

Descriptor Linter Files Fixed Errors Elapsed time
❌ COPYPASTE jscpd yes 2 0.95s
✅ REPOSITORY git_diff yes no 0.02s
✅ REPOSITORY secretlint yes no 1.17s
✅ YAML prettier 2 0 0.54s
✅ YAML yamllint 2 0 0.15s

See errors details in artifact MegaLinter reports on CI Job page
Set VALIDATE_ALL_CODEBASE: true in mega-linter.yml to validate all sources, not only the diff

@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 9da4e39 to bd857e1 Compare September 14, 2022 17:29
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.1 feat(helm): update chart cilium to 1.12.2 Sep 14, 2022
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.2 feat(helm): update chart cilium to 1.12.2 - autoclosed Sep 15, 2022
@chii-bot chii-bot bot closed this Sep 15, 2022
@chii-bot chii-bot bot deleted the renovate/cilium-1.x branch September 15, 2022 18:25
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.2 - autoclosed feat(helm): update chart cilium to 1.12.2 Sep 15, 2022
@chii-bot chii-bot bot reopened this Sep 15, 2022
@chii-bot chii-bot bot restored the renovate/cilium-1.x branch September 15, 2022 20:21
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from bd857e1 to 8dc1e96 Compare October 17, 2022 17:42
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.2 feat(helm): update chart cilium to 1.12.3 Oct 17, 2022
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 8dc1e96 to 909512c Compare November 17, 2022 23:20
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.3 feat(helm): update chart cilium to 1.12.4 Nov 17, 2022
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 909512c to 8503718 Compare December 20, 2022 23:16
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.4 feat(helm): update chart cilium to 1.12.5 Dec 20, 2022
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 8503718 to 4c61065 Compare January 27, 2023 14:15
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.5 feat(helm): update chart cilium to 1.12.6 Jan 27, 2023
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 4c61065 to 66704ac Compare February 14, 2023 14:17
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.6 feat(helm): update chart cilium to 1.12.7 Feb 14, 2023
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 66704ac to c36d0bc Compare February 15, 2023 15:18
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.12.7 feat(helm): update chart cilium to 1.13.0 Feb 15, 2023
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from c36d0bc to a0ec51f Compare March 17, 2023 12:31
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.13.0 feat(helm): update chart cilium to 1.13.1 Mar 17, 2023
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 9f05683 to d8404f2 Compare January 31, 2024 20:14
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.14.6 feat(helm): update chart cilium to 1.15.0 Jan 31, 2024
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.0 feat(helm): update chart cilium to 1.15.1 Feb 15, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from d8404f2 to 1264984 Compare February 15, 2024 01:01
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 1264984 to 41998f3 Compare March 13, 2024 17:14
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.1 feat(helm): update chart cilium to 1.15.2 Mar 13, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 41998f3 to e782cca Compare March 26, 2024 17:13
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.2 feat(helm): update chart cilium to 1.15.3 Mar 26, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from e782cca to 4430dd9 Compare April 12, 2024 01:02
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.3 feat(helm): update chart cilium to 1.15.4 Apr 12, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 4430dd9 to 3f28ffe Compare May 15, 2024 11:13
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.4 feat(helm): update chart cilium to 1.15.5 May 15, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 3f28ffe to da0f443 Compare June 10, 2024 17:14
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.5 feat(helm): update chart cilium to 1.15.6 Jun 10, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from da0f443 to 873d4fe Compare July 11, 2024 19:14
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.6 feat(helm): update chart cilium to 1.15.7 Jul 11, 2024
@github-advanced-security
Copy link

This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation.

@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 873d4fe to a097f86 Compare July 24, 2024 15:18
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.15.7 feat(helm): update chart cilium to 1.16.0 Jul 24, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from a097f86 to 56d3aa1 Compare August 14, 2024 13:20
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.16.0 feat(helm): update chart cilium to 1.16.1 Aug 14, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 56d3aa1 to 328fb8d Compare September 26, 2024 12:35
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.16.1 feat(helm): update chart cilium to 1.16.2 Sep 26, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 328fb8d to 999be37 Compare October 15, 2024 09:20
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.16.2 feat(helm): update chart cilium to 1.16.3 Oct 15, 2024
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 999be37 to 3883b49 Compare November 20, 2024 10:21
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.16.3 feat(helm): update chart cilium to 1.16.4 Nov 20, 2024
| datasource | package | from   | to     |
| ---------- | ------- | ------ | ------ |
| helm       | cilium  | 1.13.2 | 1.16.5 |
| helm       | cilium  | 1.12.0 | 1.16.5 |
@chii-bot chii-bot bot force-pushed the renovate/cilium-1.x branch from 3883b49 to 0bac750 Compare December 18, 2024 01:23
@chii-bot chii-bot bot changed the title feat(helm): update chart cilium to 1.16.4 feat(helm): update chart cilium to 1.16.5 Dec 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/cluster Changes made in the cluster directory renovate/helm size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. type/minor type/patch
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants