Summary of Changes

Major Changes:

• clustermesh: add Multi-cluster Service API support (#34439, @MrFreezeex)

Minor Changes:

• Add a --kubeconfig argument to CLI (#34573, @ldlb9527)
• Add support for automatic port-forwarding in Hubble CLI Replace kubectl-based port-forwarding with native implementation in Cilium CLI (#35483, @devodev)
• Adds cilium_hive_degraded_status metric to count degraded health status levels of Hive components labeled by modules. ``` (#34824, @ovidiutirla)
• bpf,tests: Add TCP and UDP checksum validation (#34408, @viktor-kurchenko)
• CIDRGroup Except blocks now produce fewer PolicyMap entries, improving scalability. (#35139, @squeed)
• cilium-cli status: fail fast on terminal error (#35048, @nimishamehta5)
• cilium: fix integer overflow in netkit probe on 32bit platform (#35659, @devodev)
• clustermesh: add guardrails for known broken ENI/aws-chaining + cluster ID combination (#35349, @giorio94)
• daemon: rename --bpf-conntrack-accounting-enabled flag to --bpf-conntrack-accounting (#35142, @jibi)
• envoy: Bump envoy image to latest build (#35538, @sayboras)
• feat(clustermesh): Deploy in parallel the connections (#35021, @littlejo)
• feat(envoy): json logging support (#34323, @byxorna)
• Fixes slow policy import times when many network policies reference the same CIDR. (#35511, @squeed)
• gateway-api: Support latest release v1.2.0 (#35216, @sayboras)
• helm: Add configuration option for endpoint source IP verification (#34056, @CiraciNicolo)
• helm: Lower default hubble.tls.auto.certValidityDuration to 365 days (#35630, @chancez)
• hubble-relay: Return underlying connection errors when connecting to peer manager (#35632, @chancez)
• In case of an IPsec key rotation, error if the user forgot to increment the SPI per the documentation. (#34037, @smagnani96)
• ipam: lower the severity of failed cilium node update if retry is going to be performed immediately (#35479, @marseel)
• ipam: Support for static IP allocation in AWS (#34622, @antonipp)
• k8s: support for loadbalancer svc ip mode (#34780, @dakehero)
• Miscellaneous improvements to the sysdump collection (#35610, @giorio94)
• policy: add namespace index to the policy repository so we can skip trying to match namespace-specific rules for the non-matching namespaces. (#34802, @marseel)
• policy: make ToServices selectors work for in-cluster services too (#34208, @chaunceyjiang)
• Remove deprecated annotations-based L7 visibility (#35019, @tklauser)
• ServiceMonitor: Only create envoy-metrics block if Envoy is enabled (#34673, @ToroNZ)
• Strictly validate the cluster name format (#32819, @giorio94)
• wireguard: remove deprecated userspace fallback (#35158, @julianwiedmann)

Bugfixes:

• Avoid duplicate errors in health status for node-neighbor-link-updater (#35179, @wedaly)
• bgpv1: fix reconciliation of services with shared VIPs (#35333, @rastislavs)
• bgpv2: fix reconciliation of services with shared VIPs (#35166, @rastislavs)
• bgpv2: set local peering address when specified (#35552, @harsimran-pabla)
• bugfix: fixed extravolumes mount in cilium-preflight (#35386, @tokarev-artem)
• bugtool: fix cilium-health command (#35068, @ayuspin)
• Cilium datapath now gives precedence for the more specific allow rule with L7 rules when rules with port ranges are present. (#35150, @jrajahalme)
• Cilium no longer fails compiling bpf programs if listing network links is interrupted. (#35259, @jrajahalme)
• Cilium's DNS proxy no longer gets stuck for a specific five-tuple if an timeout waiting for response error is encountered. (#35589, @bimmlerd)
• cilium-dbg: fix status commands for cluster connectivity health (#33972, @darox)
• Datasource error fixed for Cilium Operator dashboard (#35420, @VergeDX)
• Fix an issue where pod-to-world traffic goes up stack when BPF host routing is enabled with tunnel. (#35098, @jschwinger233)
• Fix incorrect deletion of revNAT entries due to service ID conflict (#34552, @haozhangami)
• Fix missing flowlabel hash on SRv6 traffic. (#35498, @akaliwod)
• Fix packet drops for pod-to-pod connections that pass through ingress & egress proxy when using IPsec, caused by MTU misconfiguration. (#35173, @smagnani96)
• Fix possible disruption of long running pod to node traffic on agent restart in kvstore mode (#35673, @giorio94)
• Fix redirect from L3 device to remote endpoint via overlay network. (#35165, @julianwiedmann)
• Fixed bug in tracking policy changes that could have resulted in revert not woking in failure cases as expected. (#35109, @jrajahalme)
• Fixed Cilium CLI fatal error: concurrent map read and map write (#35311, @chaunceyjiang)
• Fixes a bug where the operator incorrectly flagged CiliumNetworkPolicies containing ICMP rules as invalid. (#35599, @squeed)
• Fixes a performance regression when ingesting network policies in clusters with large numbers of Services. (#35293, @squeed)
• gateway-api: Add service observable event handler (#33352, @sayboras)
• gha: Remove hostLegacyRouting in clustermesh (#35418, @sayboras)
• helm template function no longer errors when using k8sServiceHost: auto (#35186, @kreeuwijk)
• helm: Fix configmap unmarshal error on egressGateway.maxPolicyEntries (#35301, @hox)
• hubble: add printer for lost events (#35208, @aanm)
• hubble: fix endpoint cluster name (#35415, @kaworu)
• Ingress endpoint is now included in the lxcmap so that ARP and ND6 work for them. (#35143, @jrajahalme)
• l7lb: fix registration of flag loadbalancer-l7 (#35623, @mhofstetter)
• Log errors when reloading hubble exporter configuration dynamically and do not attempt to close os.Stdout (#35069, @chancez)
• Make LB-IPAM allow IP sharing between services with the same ports but different protocols (#34691, @ldlb9527)
• netkit: Allow ARP packets through when using host firewall. (#35070, @jrife)
• netkit: Fix issue where traffic originating from the host namespace fails to reach the pod when using endpoint routes and network policies. (#35306, @jrife)
• Policy properly propagates proxy listener name and priority from a L3 wildcard rule with policies requiring authentication. (#35381, @jrajahalme)
• treewide: Add wrapper for netlink functions that may fail with ErrDumpInterrupted (#35614, @gandro)

CI Changes:

• .github/conformance-ginkgo: replace deprecated jq flag (#35399, @aanm)
• .github/lint-build-commits: fix workflow for push events (#35264, @aanm)
• .github: do not push floating tag from PRs (#35227, @aanm)
• .github: extend timeout for tests-ipsec-upgrade workflow (#35657, @rastislavs)
• .github: remove libncurses5 from integration tests (#35408, @aanm)
• Add concurrency to e2e-upgrade tests (#34806, @aanm)
• Add concurrency to test-ipsec-upgrade (#35362, @aanm)
• Ariane: skip E2E tests when changing unit tests only (#35334, @giorio94)
• bpf: complexity-tests: add HAVE_SET_RETVAL and HAVE_NETNS_COOKIE for bpf_sock tests (#35291, @julianwiedmann)
• CI: Add channel arguments to GKE related workflows (#35522, @brlbil)
• CI: Add list and filter artifacts steps (#35172, @brlbil)
• CI: Add merge and upload composite action (#35355, @brlbil)
• ci: conformance-kind: don't explicitly enable session affinity (#35290, @julianwiedmann)
• ci: conformance-kind: re-enable flaky Aggregator test (#35286, @julianwiedmann)
• ci: datapath-verifier: bump lvh images (#35456, @julianwiedmann)
• ci: Introduce CILIUM_INSTALL_NET_PERF_EXTRA_ARGS env var (#35178, @markpash)
• ci: netperf always run hubble (#35268, @marseel)
• CI: remove unsed env variable (#35149, @brlbil)
• ci: run privileged tests in parallel except for IPSec (#35232, @marseel)
• ci: switch most remaining workflows to new IPsec key system (#35295, @julianwiedmann)
• cilium-cli: Ignore "No egress gateway found" drops (#35609, @pchaigno)
• cli/connectivity: Test strict mode encryption (#35231, @jschwinger233)
• Fix bug in testsuite where a list of Pods was initialized with several empty elements rather than allocating the buffer with space for enough elements. (#35164, @rusttech)
• Fix bug preventing the ability to build images with non-stripped binaries (#35326, @learnitall)
• gha: Update chmod command (#35400, @sayboras)
• gha: Update logic to extract gateway-api version (#35189, @sayboras)
• policy/ci: Add Complex Allow Test to Policy Engine (#35156, @nathanjsweet)
• Refactor and set a default for GH_RUNNER_EXTRA_POWER (#35267, @aanm)
• renovate: manually bump version (#35660, @julianwiedmann)
• servicemesh, ci: run internal to NodePort test (#35177, @marseel)
• workflows/gateway-api: Cover IPsec with GatewayAPI (#35584, @pchaigno)
• workflows/ipsec: Cover Ingress (#35476, @pchaigno)
• workflows: Extend IPsec tests to cover egress gateway (#35323, @pchaigno)

Misc Changes:

• .github/build-images-base: checkout base branch to get scripts (#35236, @aanm)
• .github: clean up disk for lint-build workflow (#35141, @aanm)
• .github: do not update github runners for bpf workflows (#35131, @aanm)
• .github: fix build image process to commit changes (#35262, @aanm)
• .github: increase concurrent jobs in tests-e2e-upgrade (#35225, @aanm)
• .github: remove retention days for image digests (#35457, @aanm)
• Add BMC to USERS.md (#35356, @ryebridge)
• add checks to ipv6_hdrlen return value usage during wireguard tracing in ingress path (#35345, @smagnani96)
• Add default prioriyClass system-node-critical to spire components (#35269, @Tilusch)
• Add documentation for clustermesh MCS-API support (#35114, @MrFreezeex)
• Add Koyeb to users.md (#35481, @alisdairbr)
• Add logic to detect and trace WireGuard encrypted ingress/egress packets. (#35183, @smagnani96)
• Add Scigility AG to USERS.md (#34970, @ciil)
• Adding Ecco Data and Ai to Cilium users (#35643, @Andre-Lx-Costa)
• Allow to group cells lifecycle and control the enablement leveraging the dynamic-config. (#34936, @ovidiutirla)
• api: Convert logrus to slog (#35340, @sayboras)
• auth: Convert logrus to slog (#35461, @sayboras)
• auth: fix confusing comment about mutual auth handler (#35649, @mhofstetter)
• bgpv2,doc: Update troubleshooting doc with CiliumBGPClusterConfig status conditions (#35601, @YutaroHayakawa)
• bgpv2-docs: updating troubleshooting and operations guide (#35431, @harsimran-pabla)
• bgpv2: Cleanup BGPInstance reconciler metadata (#34426, @rastislavs)
• bgpv2: defining reconciler names and priorities constants (#35181, @harsimran-pabla)
• bgpv2: Introduce MissingAuthSecret condition to PeerConfig (#35650, @YutaroHayakawa)
• bgpv2: Introduce MissingPeerConfig condition to the ClusterConfig (#35527, @YutaroHayakawa)
• bgpv2: Introduce NoMatchingNode condition to CiliumBGPClusterConfig (#35517, @YutaroHayakawa)
• bgpv2: Use instance name instead of ASN in Diff ID (#35207, @rastislavs)
• bpf: aligncheck the node_value struct (#35309, @julianwiedmann)
• bpf: clean up FORCE_LOCAL_POLICY_EVAL_AT_SOURCE macro (#35500, @julianwiedmann)
• bpf: lxc: don't clear CB_POLICY prior to local delivery (#35175, @julianwiedmann)
• bpf: lxc: handle encap_and_redirect_lxc() result with switch statement (#35691, @julianwiedmann)
• bpf: lxc: streamline ingress network policy path (#35120, @julianwiedmann)
• bpf: nat: support additional code points for IPv4 ICMP_DEST_UNREACH (#35636, @julianwiedmann)
• bpf: nodeport: split off the egress-specific parts (#35474, @julianwiedmann)
• bpf: remove CB_POLICY logic (#35239, @julianwiedmann)
• bpf: slim down EGW-related CT lookup in to-netdev (#35463, @julianwiedmann)
• Bump readme for releases v1.16.3, v1.15.10, v1.14.16 (#35412, @thorn3r)
• cec: Switch to slog for CEC (#35253, @sayboras)
• chore(deps): update all github action dependencies (main) (#35246, @cilium-renovate[bot])
• chore(deps): update all github action dependencies (main) (#35378, @cilium-renovate[bot])
• chore(deps): update all github action dependencies (main) (#35437, @cilium-renovate[bot])
• chore(deps): update all github action dependencies (main) (#35571, @cilium-renovate[bot])
• chore(deps): update all-dependencies (main) (#35221, @cilium-renovate[bot])
• chore(deps): update all-dependencies (main) (#35287, @cilium-renovate[bot])
• chore(deps): update all-dependencies (main) (#35376, @cilium-renovate[bot])
• chore(deps): update all-dependencies (main) (#35490, @cilium-renovate[bot])
• chore(deps): update all-dependencies (main) (#35524, @cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.19 (main) (#35198, @cilium-renovate[bot])
• chore(deps): update dependency renovatebot/renovate to v38.128.6 (main) (#35448, @cilium-renovate[bot])
• chore(deps): update dependency renovatebot/renovate to v38.132.2 (main) (#35572, @cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.23.2 docker digest to a7f2fc9 (main) (#35373, @cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.23.2 docker digest to ad5c126 (main) (#35568, @cilium-renovate[bot])
• chore(deps): update go to v1.23.2 (main) (#35199, @cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.30.6-1727741038-3056acb56ecfedf13398e5072c8f73320fe5e06f (main) (#35136, @cilium-renovate[bot])
• ci: fix build-images-base to not die in forks (#34950, @jsoref)
• cilium, docs: Extend requirements for L7 proxy (#35669, @borkmann)
• cilium-cli: account for opt out labels in node to node encryption tests (#35585, @giorio94)
• cilium-cli: connectivity test: support every kind of resource for tests (#35314, @squeed)
• cilium-cli: Show config.cilium.io annotations on configmap (#35020, @joamaki)
• cilium-dbg: Add "bpf ipcache delete/update" (#35454, @jschwinger233)
• cilium: add probe for netkit for more user friendly error when not supported (#35551, @borkmann)
• cilium: follow-ups on annotation mode (#35224, @borkmann)
• cilium: support service source ranges also for other types (#35512, @borkmann)
• clustermesh: add a readme explaining MCS-API implementation (#35339, @MrFreezeex)
• clustermesh: fix flaky TestRemoteClusterStatus integration test (#35122, @giorio94)
• clustermesh: refactor MCS-API derived service controller (#35039, @MrFreezeex)
• CODEOWNERS: let cilium/ipsec cover .github/actions/ipsec (#35578, @julianwiedmann)
• CODEOWNERS: pull in sig-policy for bpf/lib/policy.h (#35258, @julianwiedmann)
• connectivity: Introdue Multicast connectivity test (#34530, @yushoyamaguchi)
• container/set: fix bug in Set[T].Equal, increase test coverage (#35315, @tklauser)
• Control whether the anti-affinity rule is applied to cilium daemonset pods. Omitting the rule improves scheduling throughput for large clusters. (#35014, @sypakine)
• ctrl-runtime: lower severity of retryable reconcile errors (#35364, @giorio94)
• daemon: ensure tunnel map absence when running in native routing mode (#35544, @giorio94)
• daemon: kpr: group all SocketLB related checks together (#35450, @julianwiedmann)
• datapath: move policy map value prefix length to flags (#35534, @jrajahalme)
• datapath: require TCP EDT support and writeable skb queue_mapping (#34491, @julianwiedmann)
• dbg: envoy: Introduce possibility to change Envoy log level (#35509, @mhofstetter)
• dbg: increase limit when safely reading envoy metrics via cilium-dbg (#35528, @mhofstetter)
• doc: Fixed Gateway API vs. Ingress naming mistake (#35499, @PhilipSchmid)
• docs: Add known issue for netkit endpoint route issues (#35126, @jrife)
• docs: Add parameter to generate SSH keys for AKS "getting started" steps. (#35270, @pedroignacio13)
• docs: Change invalid Helm option --agent.enabled with --agent=false in upgrade documentation (#35288, @oneumyvakin)
• docs: clean up stale kernel requirements (#35575, @julianwiedmann)
• docs: Fix markdown in pkg/loadbalancer/experimental/README.md (#35065, @DamianSawicki)
• docs: improve KPR documentation (#35147, @julianwiedmann)
• docs: kpr: update error message regarding SocketLB tracing (#35337, @julianwiedmann)
• Docs: make ToServices selectors work for in-cluster services too (#35506, @chaunceyjiang)
• docs: network policy: remove SCTP from missing features list (#35238, @julianwiedmann)
• docs: Trivial improvements to contributor guide (#35307, @pmatulis)
• docs: tuning: XDP LB also supports tunnel routing (#35574, @julianwiedmann)
• docs: update bisect instructions (#35194, @aanm)
• docs: update default identity label filters (#35422, @marseel)
• docs: Updated contributing_guide documentation files (#35061, @AdityaK60)
• docs: XFRM reference guide for IPsec development (#35322, @pchaigno)
• Documentation/bgp: Add note about operator logs into BGP operation guide (#35580, @rastislavs)
• Enable testifylint to lint test files, and mechanically fix reported issues (#35237, @giorio94)
• Endpoint redirect cleanup (#35350, @jrajahalme)
• endpoint/policy: Keep internals separate (#35372, @jrajahalme)
• endpoint: remove deprecated and unused (*Endpoint).HasBPFPolicyMap (#35146, @tklauser)
• Envoy simplify listener setup (#35642, @jrajahalme)
• envoy: avoid syncing empty Envoy secret (#35521, @mhofstetter)
• envoy: Configure internal_address_config to avoid warning log (#35090, @sayboras)
• Fix a potential issue where VXLAN-in-ESP policies are installed erroneously when EGW is enabled. (#35549, @ldelossa)
• Fix Cilium developer community Zoom meeting link (#35516, @ptrivedi)
• Fix wrongly spelled config option in error message (#35390, @baurmatt)
• fix(deps): update all go dependencies main (main) (#35244, @cilium-renovate[bot])
• fix(deps): update all go dependencies main (main) (#35441, @cilium-renovate[bot])
• fix(deps): update all go dependencies main (main) (#35467, @cilium-renovate[bot])
• fix(deps): update aws-sdk-go-v2 monorepo (main) (#35245, @cilium-renovate[bot])
• fix(deps): update aws-sdk-go-v2 monorepo (main) (#35375, @cilium-renovate[bot])
• fix(deps): update aws-sdk-go-v2 monorepo (main) (#35435, @cilium-renovate[bot])
• fix(deps): update kubernetes packages to v0.31.2 (main) (#35570, @cilium-renovate[bot])
• fix(deps): update opentelemetry-go monorepo to v1.31.0 (main) (#35377, @cilium-renovate[bot])
• fix: hubble exporter filter test with clashing filters (#35058, @rectified95)
• fix: Temporarily disable test TestDeleteUsedCIDIsRecreated (#35159, @dlapcevic)
• Fixed Cilium CLI fatal error: concurrent map read and map write (#35396, @chaunceyjiang)
• github: action: allow to specify lvh port-forward list (#35458, @jibi)
• helm: Add certgen.generateCA value (#35602, @sderoe)
• Helm: add LoadBalancer option as comment for Hubble relay service type (#34957, @darox)
• helm: Add priorityClass & nodeSelector to certgen jobs (#35429, @adberger)
• Hive scripts and the cilium shell (#35154, @joamaki)
• hubble: Add 'release' Make target (#35561, @michi-covalent)
• hubble: Combine hubble and hubble-bin make targets (#35256, @michi-covalent)
• hubble: fix drop notify test (#35196, @rolinh)
• hubble: remove outdated //go:build go1.18 tag (#35174, @tklauser)
• hubble: Use hubble-bin target to generate release binaries (#35127, @michi-covalent)
• identity: Allow registration of additional identity handlers (#35523, @gandro)
• image: Use cilium-builder instead of golang as operator builder image (#35351, @learnitall)
• Improve compatibility with LLVM 18. (#34593, @gentoo-root)
• Improve compatibility with LLVM 18. (#35590, @gentoo-root)
• Improve the performance of endpoints correlation in service cache (#35604, @giorio94)
• install/kubernetes: fix Operator's clusterrole for pods deletion (#35193, @aanm)
• Introduce an option to control if NodeIPAM or LBIPAM should be the the default Service LoadBalancer (#35074, @MrFreezeex)
• ipsec: Refactor IPSecDir (#35346, @pchaigno)
• iptables: always warn about missing xt_socket module (#35591, @julianwiedmann)
• Log entries printed from config subsys during startup now honor logging config such as LogDriver, LogOpt or Debug. (#34620, @jingyuanliang)
• logging: consistent error attribute when emitted through logr (#35397, @giorio94)
• MAINTAINERS: Add Dorde (#35357, @pchaigno)
• MAINTAINERS: New emeritus committers (#35359, @pchaigno)
• MAINTAINERS: Update affiliations (#35352, @pchaigno)
• Make triggers less garbage intensive (#35541, @bimmlerd)
• make: add hubble cli to kind-image-fast-agent (#35344, @kaworu)
• maps/nat/stats: check the snat tuple direction as a bitmask. (#34504, @tommyp1ckles)
• minor pkg/ip fixes (#35130, @bimmlerd)
• Minor updates in configuration and community docs (#35132, @AdityaK60)
• node: remove unused GetHostMasqueradeIPv*() helpers (#35519, @julianwiedmann)
• operator-id-management: agent waits for global identities (#34867, @dlapcevic)
• operator/watchers: skip expensive debug log operations when disabled (#35605, @giorio94)
• operator: Convert logrus to slog (#35567, @sayboras)
• operator: fix Test_performCiliumNodeGC (#35317, @giorio94)
• pkg/ciliumidentity: Fix DeleteUsedCIDIsRecreated test (#35466, @ovidiutirla)
• Policy mapstate cleanups (#35233, @jrajahalme)
• Policy mapstate cleanups redux (#35305, @jrajahalme)
• policy: Add config for enabling Cilium Clusterwide Network Policy (#35405, @dlapcevic)
• policy: Add config for enabling Cilium NetworkPolicy (#35049, @dlapcevic)
• policy: Add IDManager interface (#35112, @dlapcevic)
• policy: Add PolicyRepository interface (#35067, @dlapcevic)
• policy: Add ResourcesWatcher interface to policy directory (#35110, @dlapcevic)
• policy: Do not record a change if nothing was done (#35111, @jrajahalme)
• policy: Reduce allocs when keeping track of owners (#34692, @jrajahalme)
• policy: remove unused addL4Filter ruleLabels parameter (#35398, @tklauser)
• policy: Simplify L4PolicyMap Structure (#35321, @nathanjsweet)
• policy: Wait on sync.WaitGroup only after adding to it (#35195, @jrajahalme)
• Prepare for release v1.17.0-pre.1 (#35134, @cilium-release-bot[bot])
• README.rst: Add "Powered-by-eBPF" and CNCF logos to README, link to ebpf.io and cncf.io (#35192, @sknrao)
• README: Update badge for GAPI v1.1.0 (#35217, @joestringer)
• README: Update releases (#35140, @aanm)
• Refactor Hubble as a cell (#35206, @kaworu)
• Refactor XFRM policy and state creation (#35210, @ldelossa)
• refactor: Use error definition in github.com/cilium/ebpf instead of using hard-corded error message (#35389, @yushoyamaguchi)
• Refactored the endpoint and policy packages to separate test-specific code from production code. (#35384, @roykharman)
• Reimplement experimental load-balancing tests in scripttest (#35480, @joamaki)
• Remove deprecated call to DialContext in Hubble (#34241, @davchos)
• renovate: Skip auto-upgrade for deepequal-gen (#35453, @sayboras)
• renovate: temporarily do not update GoBGP dependency (#35272, @rastislavs)
• renovate: Update allowed cilium-envoy version for stable branches (#35566, @sayboras)
• Replace inctimer package with time.After (#35653, @tklauser)
• Revert "Fixed Cilium CLI fatal error: concurrent map read and map write" (#35391, @pchaigno)
• Rework error handling logic in neighbor discovery (#35144, @pippolo84)
• servicemesh: add make target for local testing (#35169, @marseel)
• StateDB in Cilium guide (#34686, @joamaki)
• Strip quotes from modifier arg in all Dockerfiles (#35427, @hemanthmalla)
• test(notify): add tests to compare flow proto parsed from notify events (#35059, @sypakine)
• versioned: Never clean up current version (#35190, @jrajahalme)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.17.0-pre.2@sha256:9027c22b27e600e56eef6b35771629e9d14a7e9075170f516845d30b5776943d

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.17.0-pre.2@sha256:6771668172fccc9b0e76e12b61552bb2e8bd03a7954224cf3add983ca90e511d

docker-plugin

quay.io/cilium/docker-plugin:v1.17.0-pre.2@sha256:42f06a4047d35e5a051a29fe807f8348be608aa3f5775605f502177b803d51a1

hubble-relay

quay.io/cilium/hubble-relay:v1.17.0-pre.2@sha256:f37cf93adc02d60143132272169ff6e528b9271d1c46830d802271c22606720f

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.17.0-pre.2@sha256:5b0b8fb95315abc81fd58d1d891dc6818a0deacdf32451ecd5550ab5775ce096

operator-aws

quay.io/cilium/operator-aws:v1.17.0-pre.2@sha256:f26f0ff726bdab83ad97c0c53625fbd648e5d48a1c5dcba814a67c08bd33bfe3

operator-azure

quay.io/cilium/operator-azure:v1.17.0-pre.2@sha256:99e63566ea440d2b8f034088aff448c6b540e2e11a131fbe67c8106880e6511a

operator-generic

quay.io/cilium/operator-generic:v1.17.0-pre.2@sha256:2262d42f99acce0aefac822e0317f4d74668a5e76d54f736f19b75f6081184cb

operator

quay.io/cilium/operator:v1.17.0-pre.2@sha256:c942451db47217ace6b9e134734a0f148c3b0d474e9cc08a1fbe44d7b7d75be9