andrei/homeops
1
0
Fork 0
Code Issues 2 Pull requests 15 Projects Releases 3 Packages Wiki Activity Actions

fix(container): update quay.io/cilium/charts/cilium ( 1.19.3 → 1.19.4 ) #199

Open
renovate[bot] wants to merge 1 commit from renovate/quay.io-cilium-charts-cilium-1.19.x into main
pull from: renovate/quay.io-cilium-charts-cilium-1.19.x
merge into: andrei:main
Conversation 2 Commits 1 Files changed 4 +4 -4
renovate[bot] commented 2026-05-13 21:18:14 +00:00 (Migrated from github.com)
Copy link

This PR contains the following updates:

Package Update Change
quay.io/cilium/charts/cilium (source) patch 1.19.31.19.4

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

Release Notes

cilium/cilium (quay.io/cilium/charts/cilium)

v1.19.4: 1.19.4

Compare Source

Summary of Changes

Minor Changes:

  • cilium-agent: when --k8s-service-proxy-name is set, EndpointSlices are now filtered by the service.kubernetes.io/service-proxy-name label at the watch level, matching how Services are already filtered, operators with hand-managed EndpointSlices must stamp the matching label on those slices. (Backport PR #​45755, Upstream PR #​45504, @​HadrienPatte)
  • iptables-based masquerading: Ensure iptables rules respect longest prefix match by sorting routes by mask length when enable-masquerade-to-route-source is enabled (Backport PR #​45630, Upstream PR #​45192, @​liyihuang)
  • operator/spire: make SPIRE client configurable for ztunnel (Backport PR #​45356, Upstream PR #​44136, @​nddq)
  • pkg/endpoint: skip logger rebuild on policy revision updates (Backport PR #​45630, Upstream PR #​45533, @​sjohnsonpal)

Bugfixes:

CI Changes:

Misc Changes:

Other Changes:

Docker Manifests
cilium

quay.io/cilium/cilium:v1.19.4@​sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.19.4@​sha256:9e40006b2e2b6e66d047f9af52577a93b39d9532958ec6d88d46820bb59ab643

docker-plugin

quay.io/cilium/docker-plugin:v1.19.4@​sha256:720dc5839de8c30acf655ad790866cf89b7691047a020e7b4a4bd66883fbf4d1

hubble-relay

quay.io/cilium/hubble-relay:v1.19.4@​sha256:59af8c0d561e560c2a042e7600a3496bc0367df8fbf868aa68d5834c8ec1a431

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.19.4@​sha256:693b1e61f22beaa9a0f68aa4056ba873465da96da6382f3276978d01544450dd

operator-aws

quay.io/cilium/operator-aws:v1.19.4@​sha256:9e41b3959d941a0b60ba187f5a2572305846248efb89ac59c18fd25a032f568d

operator-azure

quay.io/cilium/operator-azure:v1.19.4@​sha256:8203f4e5e65c658fe2367a570c7bba5779859982bd3cc263662e35e690be3417

operator-generic

quay.io/cilium/operator-generic:v1.19.4@​sha256:1aa2b62735e7d8ab49ee840ae59c346932024c88901579121395c1271b435f71

operator

quay.io/cilium/operator:v1.19.4@​sha256:7edc61725901e32a13e180c5290d43df5292f5f49c6d654c94a0be2faf52e71e

Configuration

📅 Schedule: (UTC)

  • Branch creation
    • At any time (no schedule defined)
  • Automerge
    • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

  • If you want to rebase/retry this PR, check this box

This PR was generated by Mend Renovate. View the repository job log.

This PR contains the following updates: | Package | Update | Change | |---|---|---| | [quay.io/cilium/charts/cilium](https://cilium.io/) ([source](https://redirect.github.com/cilium/cilium)) | patch | `1.19.3` → `1.19.4` | --- > [!WARNING] > Some dependencies could not be looked up. Check the [Dependency Dashboard](../issues/132) for more information. --- ### Release Notes <details> <summary>cilium/cilium (quay.io/cilium/charts/cilium)</summary> ### [`v1.19.4`](https://redirect.github.com/cilium/cilium/releases/tag/v1.19.4): 1.19.4 [Compare Source](https://redirect.github.com/cilium/cilium/compare/1.19.3...1.19.4) ## Summary of Changes **Minor Changes:** - cilium-agent: when `--k8s-service-proxy-name` is set, `EndpointSlices` are now filtered by the `service.kubernetes.io/service-proxy-name` label at the watch level, matching how `Services` are already filtered, operators with hand-managed `EndpointSlices` must stamp the matching label on those slices. (Backport PR [#&#8203;45755](https://redirect.github.com/cilium/cilium/issues/45755), Upstream PR [#&#8203;45504](https://redirect.github.com/cilium/cilium/issues/45504), [@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte)) - iptables-based masquerading: Ensure iptables rules respect longest prefix match by sorting routes by mask length when enable-masquerade-to-route-source is enabled (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45192](https://redirect.github.com/cilium/cilium/issues/45192), [@&#8203;liyihuang](https://redirect.github.com/liyihuang)) - operator/spire: make SPIRE client configurable for ztunnel (Backport PR [#&#8203;45356](https://redirect.github.com/cilium/cilium/issues/45356), Upstream PR [#&#8203;44136](https://redirect.github.com/cilium/cilium/issues/44136), [@&#8203;nddq](https://redirect.github.com/nddq)) - pkg/endpoint: skip logger rebuild on policy revision updates (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45533](https://redirect.github.com/cilium/cilium/issues/45533), [@&#8203;sjohnsonpal](https://redirect.github.com/sjohnsonpal)) **Bugfixes:** - bpf: egressgw: respect egress ifindex during FIB lookup (Backport PR [#&#8203;45695](https://redirect.github.com/cilium/cilium/issues/45695), Upstream PR [#&#8203;45661](https://redirect.github.com/cilium/cilium/issues/45661), [@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann)) - bpf: host: fix source identity for IPsec trace in to-netdev (Backport PR [#&#8203;45594](https://redirect.github.com/cilium/cilium/issues/45594), Upstream PR [#&#8203;45588](https://redirect.github.com/cilium/cilium/issues/45588), [@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann)) - cilium-dbg: `cilium map list` now displays "unknown" instead of 0 for maps that do not support cache-based entry counting. (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;44951](https://redirect.github.com/cilium/cilium/issues/44951), [@&#8203;skymensch](https://redirect.github.com/skymensch)) - cilium: Fix incorrect IPv6 BIG TCP display (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45529](https://redirect.github.com/cilium/cilium/issues/45529), [@&#8203;pchaigno](https://redirect.github.com/pchaigno)) - clustermesh: fails gracefully instead of crashing when EndpointSliceSync is not able to setup the EndpointSlice watch (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;45402](https://redirect.github.com/cilium/cilium/issues/45402), [@&#8203;MrFreezeex](https://redirect.github.com/MrFreezeex)) - clustermesh: Fix Helm typo preventing to add annotations when setting `clustermesh.apiserver.tls.auto.method: certmanager` (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45576](https://redirect.github.com/cilium/cilium/issues/45576), [@&#8203;owayss](https://redirect.github.com/owayss)) - Fix cilium-agent crash when a transient network error occurs during CiliumNode update. The agent now retries instead of calling Fatal. (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;44526](https://redirect.github.com/cilium/cilium/issues/44526), [@&#8203;nebojsaj1726](https://redirect.github.com/nebojsaj1726)) - Fix CiliumLocalRedirectPolicy addressMatcher overriding an existing Service's frontend when its backend pods are not yet Ready. (Backport PR [#&#8203;45584](https://redirect.github.com/cilium/cilium/issues/45584), Upstream PR [#&#8203;45522](https://redirect.github.com/cilium/cilium/issues/45522), [@&#8203;ysksuzuki](https://redirect.github.com/ysksuzuki)) - Fix dedicated Ingress reconciliation panic on invalid TLS passthrough rules (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;45737](https://redirect.github.com/cilium/cilium/issues/45737), [@&#8203;weizhoublue](https://redirect.github.com/weizhoublue)) - Fix host L7 policy operation (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;45030](https://redirect.github.com/cilium/cilium/issues/45030), [@&#8203;atykhyy](https://redirect.github.com/atykhyy)) - Fix IPsec packet drops during rolling restart with key rotation by deferring SPI advertisement until XFRM states are ready (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;44701](https://redirect.github.com/cilium/cilium/issues/44701), [@&#8203;hbangT](https://redirect.github.com/hbangT)) - Fix issue where datapath reinitialization may get stuck when triggered from the local API (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45557](https://redirect.github.com/cilium/cilium/issues/45557), [@&#8203;jrife](https://redirect.github.com/jrife)) - Fix missing global service backends in Cluster Mesh when multiple service ports point to the same target port. (Backport PR [#&#8203;45356](https://redirect.github.com/cilium/cilium/issues/45356), Upstream PR [#&#8203;45179](https://redirect.github.com/cilium/cilium/issues/45179), [@&#8203;RiccardoAtzori91](https://redirect.github.com/RiccardoAtzori91)) - fix(egressGateway): skip unmatched gateways when using multiple gateway (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;44705](https://redirect.github.com/cilium/cilium/issues/44705), [@&#8203;ieth0](https://redirect.github.com/ieth0)) - fix(gateway-api): prevent silent disable on CRD discovery timeout (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;44662](https://redirect.github.com/cilium/cilium/issues/44662), [@&#8203;aslafy-z](https://redirect.github.com/aslafy-z)) - fix(ipsec): panic in parseSPI on malformed input (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;44815](https://redirect.github.com/cilium/cilium/issues/44815), [@&#8203;isoyuki](https://redirect.github.com/isoyuki)) - Fixed intermittent ARP failures for LoadBalancer services caused by pointer reuse during BPF map iteration in the L2 responder reconciler. (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45197](https://redirect.github.com/cilium/cilium/issues/45197), [@&#8203;Krishnachaitanyakc](https://redirect.github.com/Krishnachaitanyakc)) - Fixed SocketLB returning EPERM instead of EHOSTUNREACH when a Service has no backends. (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45185](https://redirect.github.com/cilium/cilium/issues/45185), [@&#8203;chez-shanpu](https://redirect.github.com/chez-shanpu)) - Fixes an issue where L7 LoadBalancer and Ingress traffic would be dropped on certain kernel versions when Cilium is attached to a bridge network device. (Backport PR [#&#8203;45755](https://redirect.github.com/cilium/cilium/issues/45755), Upstream PR [#&#8203;45582](https://redirect.github.com/cilium/cilium/issues/45582), [@&#8203;liyihuang](https://redirect.github.com/liyihuang)) - Fixes dropped packets on ingress when full header not in linear skb area (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;45195](https://redirect.github.com/cilium/cilium/issues/45195), [@&#8203;javiercardona-work](https://redirect.github.com/javiercardona-work)) - hubble-relay: fix TLS config variable shadowing preventing cleanup on shutdown (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45085](https://redirect.github.com/cilium/cilium/issues/45085), [@&#8203;Aprazor](https://redirect.github.com/Aprazor)) - policy: Fix CCG matching for duplicate label keys (Backport PR [#&#8203;45356](https://redirect.github.com/cilium/cilium/issues/45356), Upstream PR [#&#8203;45225](https://redirect.github.com/cilium/cilium/issues/45225), [@&#8203;christarazi](https://redirect.github.com/christarazi)) - Respect backends for BGP only when they are in state: active (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45286](https://redirect.github.com/cilium/cilium/issues/45286), [@&#8203;CallMeFoxie](https://redirect.github.com/CallMeFoxie)) - secretsync recreate synced secret when source secret type changes (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;45721](https://redirect.github.com/cilium/cilium/issues/45721), [@&#8203;ssam18](https://redirect.github.com/ssam18)) - wireguard: clamp cilium\_wg0 MTU to IPV6\_MIN\_MTU (1280) when IPv6 is enabled, preventing silent packet loss in tunnel+encryption mode with constrained path MTU (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;45425](https://redirect.github.com/cilium/cilium/issues/45425), [@&#8203;tibrezus](https://redirect.github.com/tibrezus)) **CI Changes:** - .github/workflows: skip full test suite for workflow\_dispatch on dev … (Backport PR [#&#8203;45356](https://redirect.github.com/cilium/cilium/issues/45356), Upstream PR [#&#8203;45285](https://redirect.github.com/cilium/cilium/issues/45285), [@&#8203;aanm](https://redirect.github.com/aanm)) - complexity-diff: Small improvements (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45556](https://redirect.github.com/cilium/cilium/issues/45556), [@&#8203;pchaigno](https://redirect.github.com/pchaigno)) - contrib: fix typo in identity\_is\_node.cocci (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45505](https://redirect.github.com/cilium/cilium/issues/45505), [@&#8203;julianwiedmann](https://redirect.github.com/julianwiedmann)) - datapath/loader: Add map count to verifier complexity records (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;44652](https://redirect.github.com/cilium/cilium/issues/44652), [@&#8203;dylandreimerink](https://redirect.github.com/dylandreimerink)) - gha/clustermesh: use OCI registry for cert-manager (Backport PR [#&#8203;45356](https://redirect.github.com/cilium/cilium/issues/45356), Upstream PR [#&#8203;45326](https://redirect.github.com/cilium/cilium/issues/45326), [@&#8203;giorio94](https://redirect.github.com/giorio94)) - logging: Update leader election log level override (Backport PR [#&#8203;45496](https://redirect.github.com/cilium/cilium/issues/45496), Upstream PR [#&#8203;45358](https://redirect.github.com/cilium/cilium/issues/45358), [@&#8203;joamaki](https://redirect.github.com/joamaki)) - Use extra power github runner if available for multi-pool CI workflow (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45555](https://redirect.github.com/cilium/cilium/issues/45555), [@&#8203;fristonio](https://redirect.github.com/fristonio)) **Misc Changes:** - \[v1.19] deps: bump x/net to v0.53 ([#&#8203;45935](https://redirect.github.com/cilium/cilium/issues/45935), [@&#8203;ferozsalam](https://redirect.github.com/ferozsalam)) - Add documentation and warnings on DNS interception (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;45525](https://redirect.github.com/cilium/cilium/issues/45525), [@&#8203;ferozsalam](https://redirect.github.com/ferozsalam)) - chore(deps): update all external docker images dependencies to v0.13.5 (v1.19) (patch) ([#&#8203;45462](https://redirect.github.com/cilium/cilium/issues/45462), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.19) ([#&#8203;45467](https://redirect.github.com/cilium/cilium/issues/45467), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.19) ([#&#8203;45728](https://redirect.github.com/cilium/cilium/issues/45728), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.19) ([#&#8203;45747](https://redirect.github.com/cilium/cilium/issues/45747), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.19) ([#&#8203;45870](https://redirect.github.com/cilium/cilium/issues/45870), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update all github action dependencies (v1.19) ([#&#8203;45882](https://redirect.github.com/cilium/cilium/issues/45882), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.19) ([#&#8203;45466](https://redirect.github.com/cilium/cilium/issues/45466), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.19) ([#&#8203;45615](https://redirect.github.com/cilium/cilium/issues/45615), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images (v1.19) ([#&#8203;45729](https://redirect.github.com/cilium/cilium/issues/45729), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update base-images to v1.25.10 (v1.19) ([#&#8203;45902](https://redirect.github.com/cilium/cilium/issues/45902), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/cilium digest to [`354584b`](https://redirect.github.com/cilium/cilium/commit/354584b) (v1.19) ([#&#8203;45614](https://redirect.github.com/cilium/cilium/issues/45614), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/cilium digest to [`6663075`](https://redirect.github.com/cilium/cilium/commit/6663075) (v1.19) ([#&#8203;45481](https://redirect.github.com/cilium/cilium/issues/45481), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/cilium digest to [`6e3229e`](https://redirect.github.com/cilium/cilium/commit/6e3229e) (v1.19) ([#&#8203;45620](https://redirect.github.com/cilium/cilium/issues/45620), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update cilium/cilium digest to [`b782452`](https://redirect.github.com/cilium/cilium/commit/b782452) (v1.19) ([#&#8203;45488](https://redirect.github.com/cilium/cilium/issues/45488), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update dependency bufbuild/buf to v1.69.0 (v1.19) ([#&#8203;45872](https://redirect.github.com/cilium/cilium/issues/45872), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update module github.com/moby/spdystream to v0.5.1 \[security] (v1.19) ([#&#8203;45431](https://redirect.github.com/cilium/cilium/issues/45431), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update module sigs.k8s.io/kube-api-linter to v0.0.0-20260416084302-2b3d1fe14578 (v1.19) ([#&#8203;45463](https://redirect.github.com/cilium/cilium/issues/45463), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update module sigs.k8s.io/kube-api-linter to v0.0.0-20260423112246-3fa174937a6b (v1.19) ([#&#8203;45730](https://redirect.github.com/cilium/cilium/issues/45730), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update module sigs.k8s.io/kube-api-linter to v0.0.0-20260505141229-de8f85687fd2 (v1.19) ([#&#8203;45881](https://redirect.github.com/cilium/cilium/issues/45881), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/certgen docker tag to v0.4.3 (v1.19) ([#&#8203;45501](https://redirect.github.com/cilium/cilium/issues/45501), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.36.6-1776352947-78da350f53f63526ff6487f2e1f3b14d2062ce17 (v1.19) ([#&#8203;45464](https://redirect.github.com/cilium/cilium/issues/45464), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - ci: make registry configurable ([#&#8203;45437](https://redirect.github.com/cilium/cilium/issues/45437), [@&#8203;Artyop](https://redirect.github.com/Artyop)) - docs(policy): update namespace label support (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;44922](https://redirect.github.com/cilium/cilium/issues/44922), [@&#8203;lconnery](https://redirect.github.com/lconnery)) - docs: add small CiliumCIDRGroup scalability callout (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;45763](https://redirect.github.com/cilium/cilium/issues/45763), [@&#8203;squeed](https://redirect.github.com/squeed)) - Fail hive health tree script command if no status is found for filter (Backport PR [#&#8203;45888](https://redirect.github.com/cilium/cilium/issues/45888), Upstream PR [#&#8203;45554](https://redirect.github.com/cilium/cilium/issues/45554), [@&#8203;fristonio](https://redirect.github.com/fristonio)) - Fix Endpoint regeneration health reporting (Backport PR [#&#8203;45630](https://redirect.github.com/cilium/cilium/issues/45630), Upstream PR [#&#8203;45011](https://redirect.github.com/cilium/cilium/issues/45011), [@&#8203;fristonio](https://redirect.github.com/fristonio)) - fix(deps): update k8s.io patch updates stable to v0.35.4 (v1.19) (patch) ([#&#8203;45465](https://redirect.github.com/cilium/cilium/issues/45465), [@&#8203;cilium-renovate](https://redirect.github.com/cilium-renovate)\[bot]) - helm: allow overriding of external images in charts (Backport PR [#&#8203;45634](https://redirect.github.com/cilium/cilium/issues/45634), Upstream PR [#&#8203;45597](https://redirect.github.com/cilium/cilium/issues/45597), [@&#8203;sekhar-isovalent](https://redirect.github.com/sekhar-isovalent)) - helm: do not set operator health port as hostPort when hostNetwork is disabled (Backport PR [#&#8203;45673](https://redirect.github.com/cilium/cilium/issues/45673), Upstream PR [#&#8203;45386](https://redirect.github.com/cilium/cilium/issues/45386), [@&#8203;robinelfrink](https://redirect.github.com/robinelfrink)) - loadbalancer/reflectors: Filter `EndpointSlice` watch by service labels (Backport PR [#&#8203;45755](https://redirect.github.com/cilium/cilium/issues/45755), Upstream PR [#&#8203;45528](https://redirect.github.com/cilium/cilium/issues/45528), [@&#8203;HadrienPatte](https://redirect.github.com/HadrienPatte)) **Other Changes:** - \[v1.19] ipam: fix data race in MultiPoolManager node update ([#&#8203;45521](https://redirect.github.com/cilium/cilium/issues/45521), [@&#8203;Kunalbehbud](https://redirect.github.com/Kunalbehbud)) - chore(deps): update quay.io/cilium/cilium-envoy ([#&#8203;45908](https://redirect.github.com/cilium/cilium/issues/45908), [@&#8203;sayboras](https://redirect.github.com/sayboras)) - install: Restore RBAC for ciliumbgppeeringpolicies to allow for gradual upgrade of Cilium pods from `v1.18` to `v1.19`. ([#&#8203;45829](https://redirect.github.com/cilium/cilium/issues/45829), [@&#8203;rastislavs](https://redirect.github.com/rastislavs)) - install: Update image digests for v1.19.3 ([#&#8203;45401](https://redirect.github.com/cilium/cilium/issues/45401), [@&#8203;cilium-release-bot](https://redirect.github.com/cilium-release-bot)\[bot]) - v1.19: bpf: Reduce stack usage and complexity of `tail_handle_snat_fwd_ipv6` ([#&#8203;45360](https://redirect.github.com/cilium/cilium/issues/45360), [@&#8203;pchaigno](https://redirect.github.com/pchaigno)) ##### Docker Manifests ##### cilium `quay.io/cilium/cilium:v1.19.4@&#8203;sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c` ##### clustermesh-apiserver `quay.io/cilium/clustermesh-apiserver:v1.19.4@&#8203;sha256:9e40006b2e2b6e66d047f9af52577a93b39d9532958ec6d88d46820bb59ab643` ##### docker-plugin `quay.io/cilium/docker-plugin:v1.19.4@&#8203;sha256:720dc5839de8c30acf655ad790866cf89b7691047a020e7b4a4bd66883fbf4d1` ##### hubble-relay `quay.io/cilium/hubble-relay:v1.19.4@&#8203;sha256:59af8c0d561e560c2a042e7600a3496bc0367df8fbf868aa68d5834c8ec1a431` ##### operator-alibabacloud `quay.io/cilium/operator-alibabacloud:v1.19.4@&#8203;sha256:693b1e61f22beaa9a0f68aa4056ba873465da96da6382f3276978d01544450dd` ##### operator-aws `quay.io/cilium/operator-aws:v1.19.4@&#8203;sha256:9e41b3959d941a0b60ba187f5a2572305846248efb89ac59c18fd25a032f568d` ##### operator-azure `quay.io/cilium/operator-azure:v1.19.4@&#8203;sha256:8203f4e5e65c658fe2367a570c7bba5779859982bd3cc263662e35e690be3417` ##### operator-generic `quay.io/cilium/operator-generic:v1.19.4@&#8203;sha256:1aa2b62735e7d8ab49ee840ae59c346932024c88901579121395c1271b435f71` ##### operator `quay.io/cilium/operator:v1.19.4@&#8203;sha256:7edc61725901e32a13e180c5290d43df5292f5f49c6d654c94a0be2faf52e71e` </details> --- ### Configuration 📅 **Schedule**: (UTC) - Branch creation - At any time (no schedule defined) - Automerge - At any time (no schedule defined) 🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied. ♻ **Rebasing**: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox. 🔕 **Ignore**: Close this PR and you won't be reminded about these updates again. --- - [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box --- This PR was generated by [Mend Renovate](https://mend.io/renovate/). View the [repository job log](https://developer.mend.io/github/andrei-iacobb/homeops). <!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4xNzMuNiIsInVwZGF0ZWRJblZlciI6IjQzLjE4Mi4yIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZS9jb250YWluZXIiLCJ0eXBlL3BhdGNoIl19-->
github-actions[bot] commented 2026-05-13 21:19:08 +00:00 (Migrated from github.com)
Copy link
--- kubernetes/apps/kube-system/cilium/app Kustomization: kube-system/cilium OCIRepository: kube-system/cilium

+++ kubernetes/apps/kube-system/cilium/app Kustomization: kube-system/cilium OCIRepository: kube-system/cilium

@@ -10,9 +10,9 @@

 spec:
   interval: 15m
   layerSelector:
     mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip
     operation: copy
   ref:
-    tag: 1.19.3
+    tag: 1.19.4
   url: oci://quay.io/cilium/charts/cilium
<!-- add-pr-comment:199/kubernetes/kustomization --> ```diff --- kubernetes/apps/kube-system/cilium/app Kustomization: kube-system/cilium OCIRepository: kube-system/cilium +++ kubernetes/apps/kube-system/cilium/app Kustomization: kube-system/cilium OCIRepository: kube-system/cilium @@ -10,9 +10,9 @@ spec: interval: 15m layerSelector: mediaType: application/vnd.cncf.helm.chart.content.v1.tar+gzip operation: copy ref: - tag: 1.19.3 + tag: 1.19.4 url: oci://quay.io/cilium/charts/cilium ```
github-actions[bot] commented 2026-05-13 21:19:13 +00:00 (Migrated from github.com)
Copy link
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium

@@ -53,12 +53,13 @@

   - watch
   - get
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
+  - ciliumbgppeeringpolicies
   - ciliumbgpnodeconfigs
   - ciliumbgpadvertisements
   - ciliumbgppeerconfigs
   - ciliumclusterwideenvoyconfigs
   - ciliumclusterwidenetworkpolicies
   - ciliumegressgatewaypolicies
--- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator

@@ -185,12 +185,13 @@

   - ciliumgatewayclassconfigs.cilium.io
 - apiGroups:
   - cilium.io
   resources:
   - ciliumloadbalancerippools
   - ciliumpodippools
+  - ciliumbgppeeringpolicies
   - ciliumbgpclusterconfigs
   - ciliumbgpnodeconfigoverrides
   - ciliumbgppeerconfigs
   verbs:
   - get
   - list
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -30,13 +30,13 @@

         appArmorProfile:
           type: Unconfined
         seccompProfile:
           type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -197,13 +197,13 @@

         - name: xtables-lock
           mountPath: /run/xtables.lock
         - name: tmp
           mountPath: /tmp
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         command:
         - cilium-dbg
         - build-config
         env:
         - name: K8S_NODE_NAME
@@ -228,13 +228,13 @@

           capabilities:
             add:
             - NET_ADMIN
             drop:
             - ALL
       - name: mount-cgroup
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         env:
         - name: CGROUP_ROOT
           value: /sys/fs/cgroup
         - name: BIN_PATH
           value: /opt/cni/bin
@@ -260,13 +260,13 @@

             - SYS_ADMIN
             - SYS_CHROOT
             - SYS_PTRACE
             drop:
             - ALL
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - bash
@@ -290,13 +290,13 @@

             - SYS_ADMIN
             - SYS_CHROOT
             - SYS_PTRACE
             drop:
             - ALL
       - name: mount-bpf-fs
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         args:
         - mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf
         command:
         - /bin/bash
         - -c
@@ -306,13 +306,13 @@

           privileged: true
         volumeMounts:
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -354,13 +354,13 @@

         - name: cilium-cgroup
           mountPath: /sys/fs/cgroup
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10
+        image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           limits:
             cpu: 1
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -32,13 +32,13 @@

     spec:
       securityContext:
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.19.3@sha256:205b09b0ed6accbf9fe688d312a9f0fcfc6a316fc081c23fbffb472af5dd62cd
+        image: quay.io/cilium/operator-generic:v1.19.4@sha256:1aa2b62735e7d8ab49ee840ae59c346932024c88901579121395c1271b435f71
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=$(CILIUM_DEBUG)
<!-- add-pr-comment:199/kubernetes/helmrelease --> ```diff --- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium +++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium @@ -53,12 +53,13 @@ - watch - get - apiGroups: - cilium.io resources: - ciliumloadbalancerippools + - ciliumbgppeeringpolicies - ciliumbgpnodeconfigs - ciliumbgpadvertisements - ciliumbgppeerconfigs - ciliumclusterwideenvoyconfigs - ciliumclusterwidenetworkpolicies - ciliumegressgatewaypolicies --- HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator +++ HelmRelease: kube-system/cilium ClusterRole: kube-system/cilium-operator @@ -185,12 +185,13 @@ - ciliumgatewayclassconfigs.cilium.io - apiGroups: - cilium.io resources: - ciliumloadbalancerippools - ciliumpodippools + - ciliumbgppeeringpolicies - ciliumbgpclusterconfigs - ciliumbgpnodeconfigoverrides - ciliumbgppeerconfigs verbs: - get - list --- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium +++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium @@ -30,13 +30,13 @@ appArmorProfile: type: Unconfined seccompProfile: type: Unconfined containers: - name: cilium-agent - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent command: - cilium-agent args: - --config-dir=/tmp/cilium/config-map startupProbe: @@ -197,13 +197,13 @@ - name: xtables-lock mountPath: /run/xtables.lock - name: tmp mountPath: /tmp initContainers: - name: config - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent command: - cilium-dbg - build-config env: - name: K8S_NODE_NAME @@ -228,13 +228,13 @@ capabilities: add: - NET_ADMIN drop: - ALL - name: mount-cgroup - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent env: - name: CGROUP_ROOT value: /sys/fs/cgroup - name: BIN_PATH value: /opt/cni/bin @@ -260,13 +260,13 @@ - SYS_ADMIN - SYS_CHROOT - SYS_PTRACE drop: - ALL - name: apply-sysctl-overwrites - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent env: - name: BIN_PATH value: /opt/cni/bin command: - bash @@ -290,13 +290,13 @@ - SYS_ADMIN - SYS_CHROOT - SYS_PTRACE drop: - ALL - name: mount-bpf-fs - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent args: - mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf command: - /bin/bash - -c @@ -306,13 +306,13 @@ privileged: true volumeMounts: - name: bpf-maps mountPath: /sys/fs/bpf mountPropagation: Bidirectional - name: clean-cilium-state - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent command: - /init-container.sh env: - name: CILIUM_ALL_STATE valueFrom: @@ -354,13 +354,13 @@ - name: cilium-cgroup mountPath: /sys/fs/cgroup mountPropagation: HostToContainer - name: cilium-run mountPath: /var/run/cilium - name: install-cni-binaries - image: quay.io/cilium/cilium:v1.19.3@sha256:2e61680593cddca8b6c055f6d4c849d87a26a1c91c7e3b8b56c7fb76ab7b7b10 + image: quay.io/cilium/cilium:v1.19.4@sha256:2eb67991eaa9368ba199c2fac2c573cb0ffdeb79184533344f42fc9a7ff6af3c imagePullPolicy: IfNotPresent command: - /install-plugin.sh resources: limits: cpu: 1 --- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator +++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator @@ -32,13 +32,13 @@ spec: securityContext: seccompProfile: type: RuntimeDefault containers: - name: cilium-operator - image: quay.io/cilium/operator-generic:v1.19.3@sha256:205b09b0ed6accbf9fe688d312a9f0fcfc6a316fc081c23fbffb472af5dd62cd + image: quay.io/cilium/operator-generic:v1.19.4@sha256:1aa2b62735e7d8ab49ee840ae59c346932024c88901579121395c1271b435f71 imagePullPolicy: IfNotPresent command: - cilium-operator-generic args: - --config-dir=/tmp/cilium/config-map - --debug=$(CILIUM_DEBUG) ```
This pull request can be merged automatically.
This branch is out-of-date with the base branch
You are not authorized to merge this pull request.
View command line instructions

Checkout

From your project repository, check out a new branch and test the changes.
git fetch -u origin renovate/quay.io-cilium-charts-cilium-1.19.x:renovate/quay.io-cilium-charts-cilium-1.19.x
git switch renovate/quay.io-cilium-charts-cilium-1.19.x

Merge

Merge the changes and update on Forgejo.

Warning: The "Autodetect manual merge" setting is not enabled for this repository, you will have to mark this pull request as manually merged afterwards.

git switch main
git merge --no-ff renovate/quay.io-cilium-charts-cilium-1.19.x
git switch renovate/quay.io-cilium-charts-cilium-1.19.x
git rebase main
git switch main
git merge --ff-only renovate/quay.io-cilium-charts-cilium-1.19.x
git switch renovate/quay.io-cilium-charts-cilium-1.19.x
git rebase main
git switch main
git merge --no-ff renovate/quay.io-cilium-charts-cilium-1.19.x
git switch main
git merge --squash renovate/quay.io-cilium-charts-cilium-1.19.x
git switch main
git merge --ff-only renovate/quay.io-cilium-charts-cilium-1.19.x
git switch main
git merge renovate/quay.io-cilium-charts-cilium-1.19.x
git push origin main
Sign in to join this conversation.
Reviewers
No reviewers
Labels
Clear labels   
area/bootstrap

   
area/docs

   
area/github

   
area/kubernetes

   
area/mise

   
area/renovate

   
area/scripts

   
area/talos

   
area/taskfile

   
area/templates

   
community

   
hold

   
renovate/container

   
renovate/github-action

   
renovate/github-release

   
renovate/grafana-dashboard

   
renovate/helm

   
type/digest

   
type/major

   
type/minor

   
type/patch
No labels
area/bootstrap
area/docs
area/github
area/kubernetes
area/mise
area/renovate
area/scripts
area/talos
area/taskfile
area/templates
community
hold
renovate/container
renovate/github-action
renovate/github-release
renovate/grafana-dashboard
renovate/helm
type/digest
type/major
type/minor
type/patch
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
andrei/homeops!199
No description provided.