🌱 Bump github.com/cilium/cilium from 1.17.2 to 1.17.3 #377

dependabot · 2025-04-21T09:07:42Z

Bumps github.com/cilium/cilium from 1.17.2 to 1.17.3.

Release notes

Sourced from github.com/cilium/cilium's releases.

1.17.3

Summary of Changes

Minor Changes:

hubble: accurately report startup failure reason from cilium status (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#37567, @devodev)

Reject IPSec key rotation with mismatching key lengths to prevent IPv6 disruptions. (Backport PR cilium/cilium#38399, Upstream PR cilium/cilium#37936, @smagnani96)

Bugfixes:

Always detach BPF programs from cilium_wg0 when not needed. (Backport PR cilium/cilium#38184, Upstream PR cilium/cilium#38179, @smagnani96)

Avoid installing no-track rules when IP family is disabled (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38438, @ysksuzuki)

bgpv2: Fix service reconciliation by BGP peer IP change (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38620, @rastislavs)

bpf: wireguard: avoid ipcache lookup for source's security identity (Backport PR cilium/cilium#38684, Upstream PR cilium/cilium#38592, @julianwiedmann)

clustermesh: fix mcs-api count of clusters disagreeing with a conflict (the count was previously increased by one) (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#38267, @MrFreezeex)

Ensure that replies to world-to-pod ICMP in AWS ENI are routed via the correct parent interface. (Backport PR cilium/cilium#38394, Upstream PR cilium/cilium#38335, @gentoo-root)

Fix deadlock in compilation lock (Backport PR cilium/cilium#38805, Upstream PR cilium/cilium#38784, @dylandreimerink)

Fix panic caused in dual cluster setups where LRPs with skipRedirectFromBackend flag set to true are installed and IPv6 is disabled. (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38656, @aditighag)

Fix the ipv6 only cluster doesn't work with multi pool in some k8s distribution(Openshift) (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38472, @liyihuang)

Fix: cilium-operator no longer patches services on shutdown (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37967, @rsafonseca)

Fixes an issue where the agent failed to start on clusters with large numbers of network policies. (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38556, @squeed)

For configurations with --enable-identity-mark=false, don't attempt to retrieve the source identity from skb->mark. (Backport PR cilium/cilium#38800, Upstream PR cilium/cilium#38737, @julianwiedmann)

ingress: don't cleanup ingress status of unmanaged Ingress resources (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38555, @mhofstetter)

ipam/aws: properly paginate Operator DescribeNetworkInterfaces AWS API calls in ENI IPAM mode in order to avoid throttling, timeouts and errors from the API (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37983, @antonipp)

netkit: Fix issue where MAC addresses get changed by systemd in L2 mode causing health checks to fail (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#37812, @jrife)

CI Changes:

build: update golangci-lint to v2.0.0 (Backport PR cilium/cilium#38629, Upstream PR cilium/cilium#38473, @mhofstetter)

ci: build CI images within merge group (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38065, @marseel)

ci: prepare CI Image build for being required (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38320, @marseel)

cilium-cli: extend no-interrupted-connections to test Egress Gateway (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38193, @ysksuzuki)

cilium-cli: extend no-interrupted-connections to test NodePort from outside (Backport PR cilium/cilium#37797, Upstream PR cilium/cilium#37294, @ysksuzuki)

Clear traced UDP v4/v6 connections on check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38264, @smagnani96)

Ensure packet protocol before using L4 ports in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38290, @smagnani96)

Extend tracing with IP length and whether src/dst pod are CiliumInternalIP in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38281, @smagnani96)

Fix checked L4 port for UDP IPv6 packets in check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38265, @smagnani96)

Fix endianness for WireGuard UDP traffic in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38292, @smagnani96)

Fix erroneous TCP RST condition when no TCP packets in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38291, @smagnani96)

gh: aws-cni: set --enable-identity-mark=false option (Backport PR cilium/cilium#38800, Upstream PR cilium/cilium#38738, @julianwiedmann)

gh: e2e-upgrade: also test NS & EGW disruptivity during downgrade (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38511, @julianwiedmann)

gha: enable north/south conn-disrupt-test in clustermesh upgrade tests (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38554, @giorio94)

Ignore encrypt interface field when validating option.Config after initialization (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37184, @Artyop)

Introduce tracing log info for ICMP v4/v6 packets in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38278, @smagnani96)

Manual encap checks for when $skb->encapsulation is unset in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38293, @smagnani96)

Print skb pointer and correlate timestamp for subsequent trace logs in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38266, @smagnani96)

proxy/proxyports: fix flake and data race in TestPortAllocator (Backport PR cilium/cilium#38674, Upstream PR cilium/cilium#38062, @tklauser)

proxy: fix flake in TestPortAllocator test (Backport PR cilium/cilium#38674, Upstream PR cilium/cilium#38646, @mhofstetter)

Refactoring and code comments for the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38263, @smagnani96)

Report masqueraded flow through proxy in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38297, @smagnani96)

Shift header references when encap and move leak check on CiliumInternalIP in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38280, @smagnani96)

Skip tracking DNS proxy connection with CiliumInternalIPs for IPSec in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38289, @smagnani96)

... (truncated)

Changelog

Sourced from github.com/cilium/cilium's changelog.

v1.17.3

Summary of Changes

Minor Changes:

hubble: accurately report startup failure reason from cilium status (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#37567, @devodev)

Reject IPSec key rotation with mismatching key lengths to prevent IPv6 disruptions. (Backport PR cilium/cilium#38399, Upstream PR cilium/cilium#37936, @smagnani96)

Bugfixes:

Always detach BPF programs from cilium_wg0 when not needed. (Backport PR cilium/cilium#38184, Upstream PR cilium/cilium#38179, @smagnani96)

Avoid installing no-track rules when IP family is disabled (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38438, @ysksuzuki)

bgpv2: Fix service reconciliation by BGP peer IP change (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38620, @rastislavs)

bpf: wireguard: avoid ipcache lookup for source's security identity (Backport PR cilium/cilium#38684, Upstream PR cilium/cilium#38592, @julianwiedmann)

clustermesh: fix mcs-api count of clusters disagreeing with a conflict (the count was previously increased by one) (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#38267, @MrFreezeex)

Ensure that replies to world-to-pod ICMP in AWS ENI are routed via the correct parent interface. (Backport PR cilium/cilium#38394, Upstream PR cilium/cilium#38335, @gentoo-root)

Fix deadlock in compilation lock (Backport PR cilium/cilium#38805, Upstream PR cilium/cilium#38784, @dylandreimerink)

Fix panic caused in dual cluster setups where LRPs with skipRedirectFromBackend flag set to true are installed and IPv6 is disabled. (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38656, @aditighag)

Fix the ipv6 only cluster doesn't work with multi pool in some k8s distribution(Openshift) (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38472, @liyihuang)

Fix: cilium-operator no longer patches services on shutdown (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37967, @rsafonseca)

Fixes an issue where the agent failed to start on clusters with large numbers of network policies. (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38556, @squeed)

For configurations with --enable-identity-mark=false, don't attempt to retrieve the source identity from skb->mark. (Backport PR cilium/cilium#38800, Upstream PR cilium/cilium#38737, @julianwiedmann)

ingress: don't cleanup ingress status of unmanaged Ingress resources (Backport PR cilium/cilium#38700, Upstream PR cilium/cilium#38555, @mhofstetter)

ipam/aws: properly paginate Operator DescribeNetworkInterfaces AWS API calls in ENI IPAM mode in order to avoid throttling, timeouts and errors from the API (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37983, @antonipp)

netkit: Fix issue where MAC addresses get changed by systemd in L2 mode causing health checks to fail (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#37812, @jrife)

CI Changes:

build: update golangci-lint to v2.0.0 (Backport PR cilium/cilium#38629, Upstream PR cilium/cilium#38473, @mhofstetter)

ci: build CI images within merge group (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38065, @marseel)

ci: prepare CI Image build for being required (Backport PR cilium/cilium#38526, Upstream PR cilium/cilium#38320, @marseel)

cilium-cli: extend no-interrupted-connections to test Egress Gateway (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38193, @ysksuzuki)

cilium-cli: extend no-interrupted-connections to test NodePort from outside (Backport PR cilium/cilium#37797, Upstream PR cilium/cilium#37294, @ysksuzuki)

Clear traced UDP v4/v6 connections on check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38264, @smagnani96)

Ensure packet protocol before using L4 ports in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38290, @smagnani96)

Extend tracing with IP length and whether src/dst pod are CiliumInternalIP in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38281, @smagnani96)

Fix checked L4 port for UDP IPv6 packets in check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38265, @smagnani96)

Fix endianness for WireGuard UDP traffic in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38292, @smagnani96)

Fix erroneous TCP RST condition when no TCP packets in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38291, @smagnani96)

gh: aws-cni: set --enable-identity-mark=false option (Backport PR cilium/cilium#38800, Upstream PR cilium/cilium#38738, @julianwiedmann)

gh: e2e-upgrade: also test NS & EGW disruptivity during downgrade (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38511, @julianwiedmann)

gha: enable north/south conn-disrupt-test in clustermesh upgrade tests (Backport PR cilium/cilium#38527, Upstream PR cilium/cilium#38554, @giorio94)

Ignore encrypt interface field when validating option.Config after initialization (Backport PR cilium/cilium#38298, Upstream PR cilium/cilium#37184, @Artyop)

Introduce tracing log info for ICMP v4/v6 packets in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38278, @smagnani96)

Manual encap checks for when $skb->encapsulation is unset in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38293, @smagnani96)

Print skb pointer and correlate timestamp for subsequent trace logs in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38266, @smagnani96)

proxy/proxyports: fix flake and data race in TestPortAllocator (Backport PR cilium/cilium#38674, Upstream PR cilium/cilium#38062, @tklauser)

proxy: fix flake in TestPortAllocator test (Backport PR cilium/cilium#38674, Upstream PR cilium/cilium#38646, @mhofstetter)

Refactoring and code comments for the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38263, @smagnani96)

Report masqueraded flow through proxy in the check-encryption-leak script. (Backport PR cilium/cilium#38740, Upstream PR cilium/cilium#38297, @smagnani96)

Shift header references when encap and move leak check on CiliumInternalIP in the check-encryption-leak script. (Backport PR cilium/cilium#38517, Upstream PR cilium/cilium#38280, @smagnani96)

... (truncated)

Commits

3993bd0 Prepare for release v1.17.3
26232d3 chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.5-1744305...
6d2f245 images: update cilium-{runtime,builder}
dcbe254 chore(deps): update docker.io/library/golang:1.23.8 docker digest to 4f3bd60
b470512 chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.32.5-1744245...
86e3ce3 images: update cilium-{runtime,builder}
d1fd60d chore(deps): update docker.io/library/ubuntu:24.04 docker digest to 1e622c5
ab87bbe deps: Bump cilium/proxy go version
30b0b40 ingress: don't cleanup ingress status of unmanaged Ingress resources
fd1f9db lrp: Add IP family checks
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.17.2 to 1.17.3. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.17.3/CHANGELOG.md) - [Commits](cilium/cilium@1.17.2...1.17.3) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.17.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com>

codecov · 2025-04-21T09:11:18Z

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 73.15%. Comparing base (3596fa4) to head (7af2910).
Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #377   +/-   ##
=======================================
  Coverage   73.15%   73.15%           
=======================================
  Files          15       15           
  Lines        2675     2675           
=======================================
  Hits         1957     1957           
  Misses        547      547           
  Partials      171      171

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

Bumps [github.com/cilium/cilium](https://github.com/cilium/cilium) from 1.17.2 to 1.17.3. - [Release notes](https://github.com/cilium/cilium/releases) - [Changelog](https://github.com/cilium/cilium/blob/1.17.3/CHANGELOG.md) - [Commits](cilium/cilium@1.17.2...1.17.3) --- updated-dependencies: - dependency-name: github.com/cilium/cilium dependency-version: 1.17.3 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

dependabot bot added the dependencies dependency updates including security fixes label Apr 21, 2025

dependabot bot temporarily deployed to prod April 21, 2025 09:08 Inactive

rahulait approved these changes Apr 21, 2025

View reviewed changes

rahulait merged commit bc67c49 into main Apr 21, 2025
9 checks passed

dependabot bot deleted the dependabot/go_modules/github.com/cilium/cilium-1.17.3 branch April 21, 2025 15:39

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

🌱 Bump github.com/cilium/cilium from 1.17.2 to 1.17.3 #377

🌱 Bump github.com/cilium/cilium from 1.17.2 to 1.17.3 #377

Uh oh!

dependabot bot commented on behalf of github Apr 21, 2025

Uh oh!

codecov bot commented Apr 21, 2025 •

edited

Loading

Uh oh!

Uh oh!

Uh oh!

🌱 Bump github.com/cilium/cilium from 1.17.2 to 1.17.3 #377

🌱 Bump github.com/cilium/cilium from 1.17.2 to 1.17.3 #377

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 21, 2025

1.17.3

Summary of Changes

v1.17.3

Summary of Changes

Uh oh!

codecov bot commented Apr 21, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Codecov Report

Uh oh!

Uh oh!

Uh oh!

codecov bot commented Apr 21, 2025 •

edited

Loading