v1.41.2

[gardener/gardener-extension-networking-cilium]

📰 Noteworthy

• [DEPENDENCY] cilium-envoy got updated to v1.32.5 by @domdom82 [#562]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.41.2
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.41.2
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.41.2

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.41.2
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.41.2

v1.41.1

[gardener/gardener-extension-networking-cilium]

🐛 Bug Fixes

• [OPERATOR] An issue preventing the networking-cilium extension to patch its heartbeat lease is now fixed. by @axel7born [#560]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.41.1
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.41.1
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.41.1

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.41.1
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.41.1

v1.41.0

[gardener/gardener-extension-networking-cilium]

⚠️ Breaking Changes

• [OPERATOR] The extension and admission VerticalPodAutoscaler resources now by default specify controlledValues: RequestsOnly. This means that VPA scales only the requests and not the limits. Consider removing memory limits before upgrading to this version as VPA no longer by default scales limits proportionally to the requests. by @ialidzhikov [#553]

📰 Noteworthy

• [OPERATOR] Cilium extension now supports a deny-all network policy within the kube-system namespace that will come with kubernetes v1.33 by @domdom82 [#546]

🏃 Others

• [OPERATOR] Cleanup rbac permissions. by @axel7born [#552]
• [OPERATOR] The networking-cilium extension now uses the same helm values as the provider extensions. by @ScheererJ [#547]
• [OPERATOR] The ServiceTrafficDistribution feature is being used on to make Services topology-aware when the runtime Kubernetes version is 1.31+. by @ialidzhikov [#479]
• [OPERATOR] The legacy method of providing monitoring configuration via ConfigMaps labeled with extensions.gardener.cloud/configuration=monitoring has been removed. The extension does now only uses the new contract for providing monitoring configuration. Before upgrading to this version of the extension, make sure that the deployed Gardener version supports the new monitoring contract. by @RadaBDimitrova [#551]
• [OPERATOR] Update base image from debian11 to debian12 by @MartinWeindel [#548]
• [OPERATOR] Metrics and health ports can now be configured properly via the helm chart values. by @ScheererJ [#543]
• [OPERATOR] networking-cilium no longer supports Shoots with Кubernetes version <= 1.26. by @RadaBDimitrova [#431]
• [OPERATOR] Add support for single-stack to dual-stack networking migration. by @DockToFuture [#539]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.41.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.41.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.41.0

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.41.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.41.0

v1.40.3

[gardener/gardener-extension-networking-cilium]

🏃 Others

• [OPERATOR] Fix an issue where creating IPv6-only shoots fails. by @axel7born [#550]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.40.3
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.40.3
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.40.3

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.40.3
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.40.3

v1.40.2

[gardener/gardener-extension-networking-cilium]

🏃 Others

• [OPERATOR] Metrics and health ports can now be configured properly via the helm chart values. by @ScheererJ [#543]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.40.2
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.40.2
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.40.2

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.40.2
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.40.2

v1.40.1

no release notes available

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.40.1
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.40.1
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.40.1

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.40.1
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.40.1

v1.40.0

[gardener/gardener-extension-networking-cilium]

⚠️ Breaking Changes

• [OPERATOR] The Helm charts for the application and runtime parts of the gardener-extension-admission-cilium admission controller have been separated into standalone charts. These charts now assume a Garden setup with a virtual garden. Both charts must be deployed individually: the runtime chart on the Garden runtime cluster, and the application chart on the virtual garden. Additionally, the intermediate global level in the Helm values has been removed, so you may need to adjust your provided values accordingly. by @MartinWeindel [#483]

🏃 Others

• [OPERATOR] Update to cilium v1.16.6. by @DockToFuture [#484]
• [OPERATOR] Use BPF masquerading and therefore BPF host routing in Cilium when using direct routing. by @hown3d [#350]
• [OPERATOR] Update cilium to v1.17.1 by @axel7born [#510]
• [OPERATOR] Containers, which do not require privilege escalations, now forbid privilege escalations explicitly. by @georgibaltiev [#487]
• [OPERATOR] Prepare for deployment of admission controller by gardener-operator by @MartinWeindel [#483]
• [OPERATOR] The ports used by the extension can now be specified via helm values. by @ScheererJ [#506]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.40.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.40.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.40.0

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.40.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.40.0

v1.39.0

[gardener/gardener-extension-networking-cilium]

🏃 Others

• [OPERATOR] Disable masquerading of IPv6 pod traffic which leaves the cluster. by @axel7born [#462]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.39.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.39.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.39.0

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.39.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.39.0

v1.38.0

[gardener/gardener-extension-networking-cilium]

🏃 Others

• [OPERATOR] IPv6 support is added to cilium extension for gardener shoot clusters. by @DockToFuture [#421]
• [OPERATOR] gosec was introduced for Static Application Security Testing (SAST). by @ScheererJ [#420]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.38.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.38.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.38.0

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.38.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.38.0

v1.37.0

[gardener/gardener-extension-networking-cilium]

✨ New Features

• [OPERATOR] Helm charts of extension and admission controller are published as OCI artifacts now. by @oliver-goetz [#369]

🏃 Others

• [OPERATOR] A priorityClassName can now be set for the admission deployment via the gardener-extension-admission-cilium Helm chart. by @timuthy [#362]
• [OPERATOR] Update cilium to v1.16.1 and enable cilium-envoy to enable features like (Ingress, Gateway API, Network Policies with L7 functionality, L7 Protocol Visibility). by @DockToFuture [#409]
• [OPERATOR] The networking cilium extension no longer configures min/maxAllowed in any managed VPA resource. by @ScheererJ [#408]
• [OPERATOR] Update to cilium v1.16.2. by @DockToFuture [#411]

Helm Charts

• admission-cilium-application: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-application:v1.37.0
• admission-cilium-runtime: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/admission-cilium-runtime:v1.37.0
• networking-cilium: europe-docker.pkg.dev/gardener-project/releases/charts/gardener/extensions/networking-cilium:v1.37.0

Docker Images

• gardener-extension-admission-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/admission-cilium:v1.37.0
• gardener-extension-networking-cilium: europe-docker.pkg.dev/gardener-project/releases/gardener/extensions/networking-cilium:v1.37.0