|
|
0d525d63ae
|
chore(deps): update helm release cilium to v1.19.0
lint-test-helm / lint-helm (pull_request) Successful in 25s
|
2026-02-06 03:22:25 +00:00 |
|
|
|
50fc9b4c57
|
feat: disable l2 announcement
lint-test-helm / lint-helm (push) Successful in 15s
render-manifests-push / render-manifests-push (push) Successful in 37s
renovate / renovate (push) Has been cancelled
|
2026-02-05 14:40:58 -06:00 |
|
|
|
4e78ecddaf
|
feat: enable l2 announcement
|
2026-02-05 13:17:52 -06:00 |
|
|
|
1db96b6c1b
|
fix: downgrade
lint-test-helm / lint-helm (push) Successful in 17s
render-manifests-push / render-manifests-push (push) Successful in 38s
renovate / renovate (push) Failing after 4m41s
|
2026-02-05 12:24:58 -06:00 |
|
|
|
deff987341
|
fix: set legacy host routing
lint-test-helm / lint-helm (push) Failing after 2s
render-manifests-push / render-manifests-push (push) Successful in 3m30s
renovate / renovate (push) Successful in 7m10s
|
2026-02-05 11:27:44 -06:00 |
|
|
|
d5f7531c05
|
feat: add l2 announcement
lint-test-helm / lint-helm (push) Successful in 20s
render-manifests-push / render-manifests-push (push) Successful in 50s
renovate / renovate (push) Successful in 1m31s
|
2026-02-04 22:13:45 -06:00 |
|
|
|
890e02b3f5
|
feat: specify ip
lint-test-helm / lint-helm (push) Successful in 21s
render-manifests-push / render-manifests-push (push) Successful in 39s
renovate / renovate (push) Successful in 1m46s
|
2026-02-04 22:10:19 -06:00 |
|
|
|
98f40236de
|
chore(deps): update dependency cilium/cilium to v1.19.0 (#3715)
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 19s
renovate / renovate (push) Successful in 1m17s
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cilium/cilium](https://github.com/cilium/cilium) | minor | `1.18.6` → `1.19.0` |
---
### Release Notes
<details>
<summary>cilium/cilium (cilium/cilium)</summary>
### [`v1.19.0`](https://github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0
[Compare Source](https://github.com/cilium/cilium/compare/1.18.6...1.19.0)
🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://github.com/cilium/cilium/releases/tag/v1.19.0) release!
A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩
⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details.
The full changelog can be found [here](https://github.com/cilium/cilium/blob/v1.19/CHANGELOG.md).
Here are some of the highlights:
- 🛡️ **Network Policy**
- 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://github.com/cilium/cilium/pull/43420), [@​fristonio](https://github.com/fristonio))
- 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://github.com/cilium/cilium/pull/39872), [@​aditighag](https://github.com/aditighag); [cilium/cilium#41949](https://github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://github.com/kyounghunJang))
- ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://github.com/cilium/cilium/pull/41406), [@​antonipp](https://github.com/antonipp))
- 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://github.com/MrFreezeex))
- 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://github.com/cilium/cilium/pull/39906), [@​vipul-21](https://github.com/vipul-21); [cilium/cilium#42784](https://github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://github.com/jrajahalme))
- ⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://github.com/cilium/cilium/pull/43167), [@​sayboras](https://github.com/sayboras); [cilium/cilium#40967](https://github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://github.com/TheBeeZee))
- 🔒 **Encryption & Authentication**
- 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://github.com/cilium/cilium/pull/42115), [@​rgo3](https://github.com/rgo3), [@​julianwiedmann](https://github.com/julianwiedmann))
- 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://github.com/ldelossa), [@​rgo3](https://github.com/rgo3), [@​nddq](https://github.com/nddq))
- 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19.0/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://github.com/cilium/cilium/pull/42665), [@​christarazi](https://github.com/christarazi))
- ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://github.com/cilium/cilium/pull/41997), [@​pchaigno](https://github.com/pchaigno))
- 🚠 **Networking**
- 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://github.com/gentoo-root))
- 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://github.com/tommyp1ckles))
- 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://github.com/cilium/cilium/pull/40324), [@​pchaigno](https://github.com/pchaigno))
- 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://github.com/cilium/cilium/pull/42191), [@​pippolo84](https://github.com/pippolo84))
- 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://github.com/behzad-mir); [cilium/cilium#43380](https://github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://github.com/alimehrabikoshki))
- 🕸️ **Services and Service Mesh**
- 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://github.com/cilium/cilium/pull/39648), [@​msune](https://github.com/msune))
- 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://github.com/saiaunghlyanhtet))
- ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://github.com/cilium/cilium/pull/41936), [@​youngnick](https://github.com/youngnick))
- 🛣️ **Border Gateway Protocol (BGP)**
- 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://github.com/cilium/cilium/pull/42469), [@​rastislavs](https://github.com/rastislavs))
- ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://github.com/cilium/cilium/pull/42583), [@​rastislavs](https://github.com/rastislavs))
- 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://github.com/cilium/cilium/pull/40717), [@​oblazek](https://github.com/oblazek))
- ⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://github.com/cilium/cilium/pull/42278), [@​rastislavs](https://github.com/rastislavs))
- 🛰️ **Observability**
- 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://github.com/Bigdelle))
- 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://github.com/cilium/cilium/pull/43096), [@​SRodi](https://github.com/SRodi))
- 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://github.com/cilium/cilium/pull/41693), [@​41ks](https://github.com/41ks))
- 🌅 **Performance and Scale**
- ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://github.com/jrajahalme); [cilium/cilium#42580](https://github.com/cilium/cilium/pull/42580), [@​odinuge](https://github.com/odinuge))
- 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://github.com/BenoitKnecht); [cilium/cilium#41990](https://github.com/cilium/cilium/pull/41990), [@​bersoare](https://github.com/bersoare))
- 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://github.com/cilium/cilium/pull/42529), [@​liyihuang](https://github.com/liyihuang))
- ⚙️ **Operations**
- 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://github.com/cilium/cilium/pull/43624), [@​aanm](https://github.com/aanm))
- 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://github.com/cilium/cilium/pull/42077), [@​phuhung273](https://github.com/phuhung273))
- 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://github.com/MrFreezeex))
- 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://github.com/MrFreezeex))
- 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://github.com/cilium/cilium/pull/43422), [@​aanm](https://github.com/aanm); [cilium/cilium#40569](https://github.com/cilium/cilium/pull/40569), [@​sayboras](https://github.com/sayboras); [cilium/cilium#41936](https://github.com/cilium/cilium/pull/41936), [@​youngnick](https://github.com/youngnick); [cilium/cilium#42824](https://github.com/cilium/cilium/pull/42824), [@​rastislavs](https://github.com/rastislavs)).
- 🏠 **Community**
- ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback!
- 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/).
- 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta.
- 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show.
- 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit.
To keep up to date with all the latest Cilium releases, join #release 🎉
:birthday::heart::heart::heart:🎂
This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today.
:birthday::heart::heart:❤️🎂
#### Docker Manifests
##### cilium
`quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60`
##### clustermesh-apiserver
`quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49`
##### docker-plugin
`quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50`
##### hubble-relay
`quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4`
##### operator-alibabacloud
`quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0`
##### operator-aws
`quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6`
##### operator-azure
`quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a`
##### operator-generic
`quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648`
##### operator
`quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65`
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4wLjMiLCJ1cGRhdGVkSW5WZXIiOiI0My4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImltYWdlIl19-->
Reviewed-on: #3715
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
|
2026-02-05 04:00:17 +00:00 |
|
|
|
5490094d1a
|
chore(deps): update helm release cilium to v1.19.0 (#3699)
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 16s
renovate / renovate (push) Has been cancelled
This PR contains the following updates:
| Package | Update | Change |
|---|---|---|
| [cilium](https://cilium.io/) ([source](https://github.com/cilium/cilium)) | minor | `1.18.6` → `1.19.0` |
---
### Release Notes
<details>
<summary>cilium/cilium (cilium)</summary>
### [`v1.19.0`](https://github.com/cilium/cilium/releases/tag/v1.19.0): 1.19.0
[Compare Source](https://github.com/cilium/cilium/compare/1.18.6...1.19.0)
🎉 **Release Announcement** 🎉: We are excited to announce the [Cilium 1.19.0](https://github.com/cilium/cilium/releases/tag/v1.19.0) release!
A total of **2934 new commits** have been contributed to this release by a growing community of over **1010 developers** and over **23,600 GitHub stars**! 🤩
⚠️ You may need to take action during upgrade to Cilium v1.19 if you use Network Policies, Cluster Mesh, LoadBalancer IPAM or BGP. See the [Upgrade Guide](https://docs.cilium.io/en/v1.19/operations/upgrade/#upgrade-notes) for more details.
The full changelog can be found [here](https://github.com/cilium/cilium/blob/v1.19/CHANGELOG.md).
Here are some of the highlights:
- 🛡️ **Network Policy**
- 🃏 **Multi-Level DNS Matches**: DNS Policies match pattern now support a wildcard prefix(*`**.`*) to match multilevel subdomain as pattern prefix. ([cilium/cilium#43420](https://github.com/cilium/cilium/pull/43420), [@​fristonio](https://github.com/fristonio))
- 📡 **Match New Protocols**: You can now match VRRP and IGMP protocols in host firewall rules. ([cilium/cilium#39872](https://github.com/cilium/cilium/pull/39872), [@​aditighag](https://github.com/aditighag); [cilium/cilium#41949](https://github.com/cilium/cilium/pull/41949), [@​kyounghunJang](https://github.com/kyounghunJang))
- ⛔ **Actively Deny Connections**: When Network Policies deny a connection, Cilium can return ICMPv4 "Destination unreachable" messages for a friendlier deny. ([cilium/cilium#41406](https://github.com/cilium/cilium/pull/41406), [@​antonipp](https://github.com/antonipp))
- 🌐 **Select Clusters Explicitly**: When network policy selectors don't explicitly define a cluster for communication to be allowed, they will now default to only allowing the local cluster. ([cilium/cilium#40609](https://github.com/cilium/cilium/pull/40609), [@​MrFreezeex](https://github.com/MrFreezeex))
- 🔧 **Unlock Future Work**: This release brings several internal improvements to the network policy engine in preparation for features planned in the next Cilium minor release ([cilium/cilium#39906](https://github.com/cilium/cilium/pull/39906), [@​vipul-21](https://github.com/vipul-21); [cilium/cilium#42784](https://github.com/cilium/cilium/pull/42784), [cilium/cilium#42896](https://github.com/cilium/cilium/pull/42896), [@​jrajahalme](https://github.com/jrajahalme))
- ⚠️ **Deprecate underutilized features**: To focus on solving common problems Cilium users face, this release deprecates the Kafka protocol match fields (beta), as well as the `ToRequires` and `FromRequires` policy fields. ([cilium/cilium#43167](https://github.com/cilium/cilium/pull/43167), [@​sayboras](https://github.com/sayboras); [cilium/cilium#40967](https://github.com/cilium/cilium/pull/40967), [@​TheBeeZee](https://github.com/TheBeeZee))
- 🔒 **Encryption & Authentication**
- 🔐 **Encryption Strict Modes**: Both IPsec and WireGuard transparent encryption modes now support a "strict mode" to require traffic to be encrypted between nodes. Unencrypted traffic will be dropped in this mode. ([cilium/cilium#39239](https://github.com/cilium/cilium/pull/39239), [cilium/cilium#42115](https://github.com/cilium/cilium/pull/42115), [@​rgo3](https://github.com/rgo3), [@​julianwiedmann](https://github.com/julianwiedmann))
- 🚇 **Ztunnel Beta**: You can enroll namespaces into Ztunnel, which enables TCP connections between workloads to be transparently encrypted and authenticated. ([cilium/cilium#42766](https://github.com/cilium/cilium/pull/42766), [cilium/cilium#42819](https://github.com/cilium/cilium/pull/42819), [cilium/cilium#43227](https://github.com/cilium/cilium/pull/43227) and others, [@​ldelossa](https://github.com/ldelossa), [@​rgo3](https://github.com/rgo3), [@​nddq](https://github.com/nddq))
- 👥 **Mutual Authentication**: The out-of-band [Mutual Authentication](https://docs.cilium.io/en/v1.19.0/network/servicemesh/mutual-authentication/mutual-authentication/) feature is now disabled by default, pending community feedback. If you have a requirement for mTLS, consider trying the new Ztunnel integration. ([cilium/cilium#42665](https://github.com/cilium/cilium/pull/42665), [@​christarazi](https://github.com/christarazi))
- ↪️ **Accelerate IPsec**: The IPsec encryption mode now supports BPF Host Routing for faster route lookups ([cilium/cilium#41997](https://github.com/cilium/cilium/pull/41997), [@​pchaigno](https://github.com/pchaigno))
- 🚠 **Networking**
- 🚀 **BIG TCP in Tunnels**: Leverage upcoming Linux support for BIG TCP when communicating over UDP-based tunnels such as VXLAN and Geneve. ([cilium/cilium#43416](https://github.com/cilium/cilium/pull/43416), [@​gentoo-root](https://github.com/gentoo-root))
- 🥌 **Packetization-Layer Path MTU Discovery**: Detect maximum transmission unit (MTU) sizes for network paths using TCP. ([cilium/cilium#42012](https://github.com/cilium/cilium/pull/42012), [cilium/cilium#43710](https://github.com/cilium/cilium/pull/43710), [@​tommyp1ckles](https://github.com/tommyp1ckles))
- 🚆 **IPv6 Underlay**: You can now choose IPv6 for the tunnel underlay address family on dual-stack clusters. ([cilium/cilium#40324](https://github.com/cilium/cilium/pull/40324), [@​pchaigno](https://github.com/pchaigno))
- 🏷️ **Multi-Pool IPAM is ready for wider use**: Update the Multi-Pool IPAM feature to work with IPsec and direct routing modes, and promote it from Beta to Stable. ([cilium/cilium#40460](https://github.com/cilium/cilium/pull/40460), [cilium/cilium#42191](https://github.com/cilium/cilium/pull/42191), [@​pippolo84](https://github.com/pippolo84))
- 🎭 **More Configurable Masquerade**: IP Masquerade configuration can now be customized for traffic sent to nodes in other IP subnets, and addresses in IPAM pools can be excluded from masquerade ([cilium/cilium#37568](https://github.com/cilium/cilium/pull/37568), [@​behzad-mir](https://github.com/behzad-mir); [cilium/cilium#43380](https://github.com/cilium/cilium/pull/43380), [@​alimehrabikoshki](https://github.com/alimehrabikoshki))
- 🕸️ **Services and Service Mesh**
- 📣 **Layer-2 Announcements**: Add support for Neighbor Discovery Advertisements for IPv6 Layer-2 Announcements. ([cilium/cilium#39648](https://github.com/cilium/cilium/pull/39648), [@​msune](https://github.com/msune))
- 🔁 **IPv6 Service Loopback**: Pods can now connect to themselves via a Kubernetes "loopback service" using IPv6. ([cilium/cilium#39594](https://github.com/cilium/cilium/pull/39594), [@​saiaunghlyanhtet](https://github.com/saiaunghlyanhtet))
- ⛩️ **Gateway API Enhancements**: Cilium's GAMMA support now includes support for using GRPCRoute as well as HTTPRoute. ([cilium/cilium#41936](https://github.com/cilium/cilium/pull/41936), [@​youngnick](https://github.com/youngnick))
- 🛣️ **Border Gateway Protocol (BGP)**
- 🔌 **Advertise Addresses from Interfaces**: There's a new Interface BGP advertisement type that allows advertisement of IPs assigned on local interfaces. This can be useful for example in multi-homing setups, where a common node's loopback address can be advertised via multiple BGP sessions over different network interfaces. ([cilium/cilium#42469](https://github.com/cilium/cilium/pull/42469), [@​rastislavs](https://github.com/rastislavs))
- ✉️ **Override Source IP addresses**: You can override the auto-generated BGP session source IP with the IP address applied on the configured `sourceInterface` to allow binding the BGP connection to the loopback address which is not tied to the specific physical interface's lifecycle ([cilium/cilium#42583](https://github.com/cilium/cilium/pull/42583), [@​rastislavs](https://github.com/rastislavs))
- 🔁 **Withdraw Empty Routes**: Optionally withdraw BGP routes when a service has 0 endpoints, to allow balancing to a different DC/cluster with `externalTrafficPolicy=Cluster` ([cilium/cilium#40717](https://github.com/cilium/cilium/pull/40717), [@​oblazek](https://github.com/oblazek))
- ⚠️ **Move to `cilium.io/v2` API**: The support for the older `CiliumBGPPeeringPolicy` v1 API is now removed and should be replaced with v2 APIs. ([cilium/cilium#42278](https://github.com/cilium/cilium/pull/42278), [@​rastislavs](https://github.com/rastislavs))
- 🛰️ **Observability**
- 🔬 **Trace IP Options**: Configure Cilium and Hubble to trace specific packets through the cluster using IP Options. ([cilium/cilium#41306](https://github.com/cilium/cilium/pull/41306), [@​Bigdelle](https://github.com/Bigdelle))
- 🚩 **Filter Encrypted Flows**: Filter flows when using the `hubble` command line to understand the encryption status of the traffic, either `--encrypted` or `--unencrypted`. ([cilium/cilium#43096](https://github.com/cilium/cilium/pull/43096), [@​SRodi](https://github.com/SRodi))
- 🔖 **Tag Drops with Policy Names**: Hubble v1.Events drop messages now include which Network Policy caused the drop. ([cilium/cilium#41693](https://github.com/cilium/cilium/pull/41693), [@​41ks](https://github.com/41ks))
- 🌅 **Performance and Scale**
- ⚡ **Faster Network Policy Computation**: Improve Cilium resource usage for handling selectors in network policies. ([cilium/cilium#42008](https://github.com/cilium/cilium/pull/42008), [@​jrajahalme](https://github.com/jrajahalme); [cilium/cilium#42580](https://github.com/cilium/cilium/pull/42580), [@​odinuge](https://github.com/odinuge))
- 🔌 **More Efficient Connection Tracking**: Several improvements have been made to reduce the number of connections being tracked by Cilium, particularly when using Geneve, VXLAN or WireGuard. ([cilium/cilium#38782](https://github.com/cilium/cilium/pull/38782), [@​BenoitKnecht](https://github.com/BenoitKnecht); [cilium/cilium#41990](https://github.com/cilium/cilium/pull/41990), [@​bersoare](https://github.com/bersoare))
- 💾 **Better Scale in AWS**: Reduce memory usage for cilium-operator in large AWS environments with many resources. ([cilium/cilium#42529](https://github.com/cilium/cilium/pull/42529), [@​liyihuang](https://github.com/liyihuang))
- ⚙️ **Operations**
- 📦 **Access Helm charts via Registry**: Helm charts are also available under `quay.io/cilium/charts/cilium` ([cilium/cilium#43624](https://github.com/cilium/cilium/pull/43624), [@​aanm](https://github.com/aanm))
- 📊 **Metrics Encryption**: Add TLS/mTLS support for Prometheus metrics exposed by the Cilium Operator. ([cilium/cilium#42077](https://github.com/cilium/cilium/pull/42077), [@​phuhung273](https://github.com/phuhung273))
- 🤖 **Easier Multi-Cluster install**: There's now support for auto-installing the Custom Resource Definitions (CRDs) for Multi-Cluster Services (MCS). ([cilium/cilium#40729](https://github.com/cilium/cilium/pull/40729), [@​MrFreezeex](https://github.com/MrFreezeex))
- 📜 **Simpler Certificate Management**: Streamline Cluster Mesh and Hubble certificate generation when using GitOps approaches. ([cilium/cilium#42298](https://github.com/cilium/cilium/pull/42298), [@​MrFreezeex](https://github.com/MrFreezeex))
- 🛠️ **Cilium dependencies** were updated to Kubernetes v1.35, Envoy v1.35, Gateway API v1.4, and GoBGP v3.37. ([cilium/cilium#43422](https://github.com/cilium/cilium/pull/43422), [@​aanm](https://github.com/aanm); [cilium/cilium#40569](https://github.com/cilium/cilium/pull/40569), [@​sayboras](https://github.com/sayboras); [cilium/cilium#41936](https://github.com/cilium/cilium/pull/41936), [@​youngnick](https://github.com/youngnick); [cilium/cilium#42824](https://github.com/cilium/cilium/pull/42824), [@​rastislavs](https://github.com/rastislavs)).
- 🏠 **Community**
- ❤️ **Production Case Studies**: Many end-users have stepped forward to tell their stories running Cilium in production. If your company wants to submit their case studies let us know. We would love to hear your feedback!
- 📰 See studies with [Airbnb](https://youtu.be/7KHenRXNGAw?si=ldTS-X_W0svxo429\&t=546), [Cloudera](https://aws.amazon.com/blogs/migration-and-modernization/scaling-clouderas-development-environment-leveraging-amazon-eks-karpenter-bottlerocket-and-cilium-for-hybrid-cloud/),[ Cybozu](https://www.cncf.io/case-studies/cybozu/), [ESnet](https://www.cncf.io/case-studies/esnet/),[ Nutanix](https://www.cncf.io/case-studies/nutanix/), [OVHcloud](https://corporate.ovhcloud.com/en-gb/newsroom/news/ovhcloud-managed-kubernetes-service-standard-3az/), [TikTok](https://www.youtube.com/watch?v=y0qlhiKtDGo), [University of Wisconsin–Madison](https://www.cncf.io/case-studies/university-of-wisconsin-madison/).
- 🇺🇸 **Atlanta Events**: The community gathered at [CiliumCon](https://www.youtube.com/playlist?list=PLDg_GiBbAx-mOnWuzd_NXoRfuW9HZAxeZ) and the [Cilium Developer Summit](https://github.com/cilium/dev-summits/blob/main/2025-NA/README.md) in Atlanta.
- 🇳🇱 **Amsterdam Events**: Meet us at the upcoming [CiliumCon](https://events.linuxfoundation.org/kubecon-cloudnativecon-europe/co-located-events/ciliumcon/) and [Cilium Developer Summit](https://github.com/cilium/dev-summits/tree/main/2026-EU) in Amsterdam, March 23-27. [Read more](https://cilium.io/blog/2026/01/23/cilium-at-kubecon-eu-2026/) about where to find Cilium during the show.
- 🔟 **Cilium is 10**: Read the [2025 Cilium Annual Report](https://www.cncf.io/wp-content/uploads/2025/12/cilium-annual-report-2025-final.pdf) to see the latest project milestones, a decade on from its first commit.
To keep up to date with all the latest Cilium releases, join #release 🎉
:birthday::heart::heart::heart:🎂
This is a very special release for Cilium, as it celebrates **10 years** since the first commit. We couldn’t be more proud of what this project has accomplished. All the GitHub issues, pull requests, reviews, stars, forks, Docker pulls, Helm installs, Kubernetes applies, CI runs, bug reports, design docs, discussions, meetings, Slack messages, YouTube streams, eCHO episodes, conference talks, blog posts, demos, and presentations have made the project the success it is today.
:birthday::heart::heart:❤️🎂
##### Docker Manifests
##### cilium
`quay.io/cilium/cilium:v1.19.0@​sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60`
##### clustermesh-apiserver
`quay.io/cilium/clustermesh-apiserver:v1.19.0@​sha256:0e3b89fdb116eb0f5579fe8ee3fabb1a7c4d97987a1ae927491d9185785d4a49`
##### docker-plugin
`quay.io/cilium/docker-plugin:v1.19.0@​sha256:35727047384f3d7a2684885003b266bf7a7add8fc66ca564b222f71c16057f50`
##### hubble-relay
`quay.io/cilium/hubble-relay:v1.19.0@​sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4`
##### operator-alibabacloud
`quay.io/cilium/operator-alibabacloud:v1.19.0@​sha256:5cb3d6981c233616037f3e13b5bc0020d114ad8db1b7360618b224e4c0b02ef0`
##### operator-aws
`quay.io/cilium/operator-aws:v1.19.0@​sha256:7a236ae256a4fbd3f72d516921131eba5b43f401ba37cdee5cd0e8c26f9263e6`
##### operator-azure
`quay.io/cilium/operator-azure:v1.19.0@​sha256:6ae7e0d75c74836af3600b775201c89ea7fcc13d6e08fdb0c52927309f31cd2a`
##### operator-generic
`quay.io/cilium/operator-generic:v1.19.0@​sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648`
##### operator
`quay.io/cilium/operator:v1.19.0@​sha256:deca84f442752dca0745dd09b13e8004569414839019ad79ac58f9fcaa3b9d65`
</details>
---
### Configuration
📅 **Schedule**: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).
🚦 **Automerge**: Disabled by config. Please merge this manually once you are satisfied.
♻ **Rebasing**: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.
🔕 **Ignore**: Close this PR and you won't be reminded about this update again.
---
- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check this box
---
This PR has been generated by [Renovate Bot](https://github.com/renovatebot/renovate).
<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiI0My4wLjIiLCJ1cGRhdGVkSW5WZXIiOiI0My4wLjMiLCJ0YXJnZXRCcmFuY2giOiJtYWluIiwibGFiZWxzIjpbImNoYXJ0Il19-->
Reviewed-on: #3699
Co-authored-by: Renovate Bot <renovate-bot@alexlebens.net>
Co-committed-by: Renovate Bot <renovate-bot@alexlebens.net>
|
2026-02-05 03:59:16 +00:00 |
|
|
|
19ffd3bb2f
|
feat: switch gateway
lint-test-helm / lint-helm (push) Successful in 16s
render-manifests-push / render-manifests-push (push) Successful in 50s
lint-test-docker / lint-docker-compose (push) Successful in 1m20s
renovate / renovate (push) Successful in 1m45s
|
2026-02-04 21:55:11 -06:00 |
|
|
|
b973102274
|
feat: change address
lint-test-helm / lint-helm (push) Successful in 21s
render-manifests-push / render-manifests-push (push) Successful in 48s
renovate / renovate (push) Successful in 1m50s
|
2026-02-04 21:53:49 -06:00 |
|
|
|
c1860ad8fd
|
feat: add address
lint-test-helm / lint-helm (push) Successful in 18s
render-manifests-push / render-manifests-push (push) Successful in 30s
renovate / renovate (push) Successful in 1m44s
|
2026-02-04 21:45:55 -06:00 |
|
|
|
cc1bab42ae
|
feat: enable gateway
lint-test-helm / lint-helm (push) Successful in 16s
render-manifests-push / render-manifests-push (push) Successful in 31s
renovate / renovate (push) Successful in 1m33s
|
2026-02-04 21:34:23 -06:00 |
|
|
|
521184fa37
|
feat: upgrade crd before 1.19
lint-test-helm / lint-helm (push) Successful in 14s
render-manifests-push / render-manifests-push (push) Successful in 48s
renovate / renovate (push) Has been cancelled
|
2026-02-04 21:33:03 -06:00 |
|
|
|
f46ac98970
|
chore(deps): update appVersions
lint-test-helm / lint-helm (push) Successful in 16s
renovate / renovate (push) Successful in 11m40s
render-manifests-push / render-manifests-push (push) Successful in 12m20s
|
2026-01-23 17:05:18 -06:00 |
|
|
|
914dd14c81
|
fix: align renovate custom manager to appVersion updates on Chart
lint-test-helm / lint-helm (push) Successful in 12s
render-manifests-push / render-manifests-push (push) Successful in 49m21s
renovate / renovate (push) Successful in 13m16s
|
2026-01-23 14:49:38 -06:00 |
|
|
|
b36493d895
|
Update Helm release cilium to v1.18.6 (#3190)
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 19s
renovate / renovate (push) Successful in 1m41s
|
2026-01-14 11:02:58 +00:00 |
|
|
|
e1b563c5b4
|
disable l2
lint-test-helm / lint-helm (push) Successful in 11s
render-manifests-push / render-manifests-push (push) Successful in 26s
renovate / renovate (push) Successful in 1m13s
|
2025-12-31 16:26:20 -06:00 |
|
|
|
2df8383d89
|
enable
|
2025-12-25 19:26:38 -06:00 |
|
|
|
92b015a51d
|
disable cilium gateway
lint-test-helm / lint-helm (push) Successful in 8s
lint-test-docker / lint-docker-compose (push) Successful in 20s
render-manifests-push / render-manifests-push (push) Successful in 1m9s
renovate / renovate (push) Successful in 1m52s
|
2025-12-25 19:18:39 -06:00 |
|
|
|
9a718514cb
|
change dns
lint-test-helm / lint-helm (push) Successful in 8s
lint-test-docker / lint-docker-compose (push) Successful in 20s
render-manifests-push / render-manifests-push (push) Successful in 41s
renovate / renovate (push) Successful in 1m16s
|
2025-12-25 19:09:56 -06:00 |
|
|
|
11533db68a
|
add l2 announcement
lint-test-helm / lint-helm (push) Successful in 12s
render-manifests-push / render-manifests-push (push) Successful in 25s
renovate / renovate (push) Successful in 1m14s
|
2025-12-25 18:38:59 -06:00 |
|
|
|
afc8865217
|
add l2 announce
lint-test-helm / lint-helm (push) Successful in 9s
render-manifests-push / render-manifests-push (push) Successful in 38s
renovate / renovate (push) Successful in 1m16s
|
2025-12-25 18:36:35 -06:00 |
|
|
|
b40eb7a8db
|
switch gateway
lint-test-helm / lint-helm (push) Successful in 14s
render-manifests-push / render-manifests-push (push) Successful in 44s
renovate / renovate (push) Successful in 1m14s
|
2025-12-25 17:25:41 -06:00 |
|
|
|
9c1f8bd45c
|
add gateway
lint-test-helm / lint-helm (push) Successful in 10s
render-manifests-push / render-manifests-push (push) Successful in 2m6s
renovate / renovate (push) Successful in 1m37s
|
2025-12-25 03:27:44 +00:00 |
|
|
|
eb6ff2df76
|
renovate update chart appVersion
lint-test-helm / lint-helm (push) Successful in 15s
renovate / renovate (push) Successful in 1m10s
render-manifests-push / render-manifests-push (push) Successful in 5m54s
|
2025-12-23 17:37:47 -06:00 |
|
|
|
f20c4483e8
|
update chart
|
2025-12-23 16:51:27 -06:00 |
|
|
|
76a4741f2d
|
Update Helm release cilium to v1.18.5 (#2653)
render-manifests-push / render-manifests-push (push) Has been skipped
lint-test-helm / lint-helm (push) Successful in 13s
renovate / renovate (push) Has been cancelled
|
2025-12-17 16:05:37 +00:00 |
|
|
|
171ab5c01a
|
change to cron
lint-test-helm / lint-helm (push) Successful in 14s
render-manifests-push / render-manifests-push (push) Successful in 27s
renovate / renovate (push) Has been cancelled
|
2025-12-11 19:26:38 -06:00 |
|
|
|
cbf9f4e048
|
change tls auto method
lint-test-helm / lint-helm (push) Successful in 14s
render-manifests-push / render-manifests-push (push) Successful in 36s
renovate / renovate (push) Has been cancelled
|
2025-12-11 19:11:51 -06:00 |
|
|
|
dcc30342b8
|
update appVersion
|
2025-12-11 17:21:25 -06:00 |
|
|
|
8291048a8f
|
add check
lint-test-helm / helm-lint (push) Successful in 14s
render-manifests / render-manifests (push) Successful in 41s
renovate / renovate (push) Successful in 1m9s
|
2025-12-02 20:05:57 -06:00 |
|
|
|
cc2f89f9fc
|
migrate
lint-test-helm / helm-lint (push) Successful in 8s
render-manifests / render-manifests (push) Successful in 19s
renovate / renovate (push) Successful in 1m17s
|
2025-12-02 17:36:59 -06:00 |
|
