fix(deps): update module github.com/cilium/cilium to v1.16.0-pre.3

[renovate]

This PR contains the following updates:

Package	Change	Age	Adoption	Passing	Confidence
github.com/cilium/cilium	v1.16.0-pre.2 -> v1.16.0-pre.3

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

cilium/cilium (github.com/cilium/cilium)

v1.16.0-pre.3: 1.16.0-pre.3

Compare Source

Summary of Changes

Major Changes:

• BGP: New BGP APIs can be used to configure Cilium BGP Control Plane. (#​32426, @​harsimran-pabla)
• NAT source port metrics & table (#​32152, @​tommyp1ckles)

Minor Changes:

• Add CiliumNodeConfig CRD on API v2 (#​31721, @​doniacld)
• Added a new annotation ingress.cilium.io/loadbalancer-class to control the LoadBalancerClass of a dedicated LB via the ingress. (#​31650, @​Sh4d1)
• cilium-envoy now uses upstream filter chains for L7 LB policy enforcement. (#​32119, @​jrajahalme)
• CiliumEnvoyConfig CRDs now support an optional 'ports' field in services objects, limiting the redirected service frontends to the ones whose port is listed. (#​32382, @​jrajahalme)
• CiliumNetworkPolicies are now validated by the operator and the result set in the object's Status field. (#​32727, @​squeed)
• Do not include the unnecessary "localhost" SAN in autogenerated clustermesh admin certificates (#​32662, @​giorio94)
• gateway-api: ALPN support (#​32486, @​rauanmayemir)
• Generate SBOMs using Syft instead of bom (#​32307, @​ferozsalam)
• Helm: Add new value `.Values.clustermesh.apiserver.tls.enableSecrets. Setting this value to false will disable the creation of TLS certificate secrets for clustermesh, enabling out-of-band TLS certificate secret management. (#​32196, @​soggiest)
• Hubble peer's port number is inferred from the agent's configuration instead of assuming defaults (#​32729, @​AwesomePatrol)
• hubble: add SNAT IP flow field and filter (#​32130, @​kaworu)
• hubble: add support to filter Hubble flow by network interface. (#​32286, @​kaworu)
• hubble: add the cluster name to a flow's source and destination endpoints (#​32313, @​rolinh)
• Improved background resynchronization of nodes. Before all nodes were being updated at the same time, now we spread updates over time to average out CPU usage. (#​32577, @​marseel)
• ingress: request timeout control via operator flag & annotation (#​31693, @​a5r0n)
• Introduce CLI commands to troubleshoot connectivity issues to the etcd kvstore and clustermesh control plane (#​32336, @​giorio94)
• ipsec: Improve CPU usage of cilum-agent in large clusters (#​32588, @​marseel)
• KVStoreMesh: expose remote clusters information and introduce dedicated CLI command (#​32156, @​giorio94)
• Make the overwriting behavior of install-plugins.sh configurable. (#​32016, @​jingyuanliang)
• Operator: expose remote clusters information through dedicated CLI command, and introduce troubleshoot commands (#​32436, @​giorio94)
• pkg/healthv2: reduce unecessary healthv2 debug log volume. (#​32319, @​tommyp1ckles)
• Report estimated expiry timers for connection-based FQDN entries (#​32013, @​joestringer)
• Runtime device detection and subsequent datapath reconfiguration is now the default and only mode of operation.
  The enableRuntimeDeviceDetection option is now a no-op and will be removed in v1.17. (#​32153, @​joamaki)
• Service connections that use Direct-Server-Return and were established prior to Cilium v1.13.3 will be disrupted, and need to be re-established. (#​32642, @​julianwiedmann)
• Simplify rate limit configuration options for the CiliumEndpointSlice controller. (#​32523, @​thorn3r)
• Starting cilium-agent with large numbers of network policies should be much faster. (#​32703, @​squeed)
• The StateDB in-memory database library was switched to github.com/cilium/statedb with a new much faster radix tree implementation. This is used internally in the cilium-agent for storing and accessing, among others, the network devices and local node IP addresses. This state can be inspected with the "cilium-dbg statedb" commands.
  cilium-dbg: Added "statedb ipsets" command
  cilium-dbg: "statedb sysctl-settings" is now "statedb sysctl" (#​32125, @​joamaki)
• Unconditionally require the clustermesh cluster configuration to be always present (#​32505, @​giorio94)

Bugfixes:

• Add missing kvstore-max-consecutive-quorum-errors option to clustermesh-apiserver/kvstoremesh binaries (#​32117, @​giorio94)
• Avoids drops with "No mapping for NAT masquerade" for ICMP messages by local service backends. (#​32155, @​julianwiedmann)
• bgp: service eTP=local, withdraw route when last backend on the node goes in terminating state (#​32536, @​harsimran-pabla)
• Cilium BGPv1 Reconciler - Handle updated and deprecated Cidr fields for CiliumLoadBalancerIPPool (#​32694, @​dswaffordcw)
• cilium-agent: Fix crash due to skipped resource cleanup when agent is stopping due to failed start. (#​32673, @​joamaki)
• cilium-cni: Reserve ports that can conflict with transparent DNS proxy (#​32128, @​gandro)
• cni: Reserve local ports for DNS proxy even if IPv6 is disabled (#​32725, @​gandro)
• cni: Use correct route MTU when ENI, Azure or Alibaba Cloud IPAM is enabled (#​32244, @​learnitall)
• egressgw: Let the EGW manager relax rp_filter on egress device (#​32679, @​ysksuzuki)
• Fix bug where setting the k8sNetworkPolicy Helm value to false did not take effect (#​32441, @​hasan-alkama)
• Fix DNS proxy regression from Cilium 1.15 on IPv4 only nodes (#​31671, @​foyerunix)
• Fix indexing bug in the logic for picking NodePort addresses. In rare cases this may have caused wrong address to be selected for NodePort use, or an out-of-bounds access. (#​32506, @​joamaki)
• Fix PromQL query in Cilium Metrics dashboard (#​32017, @​mikemykhaylov)
• Fix rare race condition afflicting clustermesh when disconnecting from a remote cluster, possibly causing the agent to panic (#​32513, @​giorio94)
• Fix selecting of endpoints by namespace labels in network policies (#​30650, @​Mugenor)
• Fix various bugs related to restart of StatefulSet pods that may result in connectivity issues (#​31605, @​christarazi)
• Fixed a bug where endpoint could become stuck due to outdated revision numbers during concurrent updates. (#​32817, @​ovidiutirla)
• Fixes accidentally ignoring the preflight.nodeSelector Helm value. (#​32548, @​squeed)
• helm: remove CriticalAddonsOnly toleration in preflight DaemonSet (#​32682, @​HongChenTW)
• Introduce timeout when waiting for the initial synchronization from remote clusters, to avoid blocking forever necessary GC operations in case of clustermesh misconfigurations. (#​32671, @​giorio94)
• ipsec: Safely delete Xfrm state (#​32450, @​jschwinger233)
• proxy: Re-enable proxy rule installation in native-routing mode for CEC (#​32367, @​sayboras)
• Remove deprecated hubble.ui.securityContext.enabled from hubble-ui deployment template (#​32338, @​stelucz)

CI Changes:

• .github: Add permissions for workflow telemetry (#​32410, @​joestringer)
• Add dispatch for fqdn_perf test (#​32762, @​marseel)
• Add fqdn perf test (#​32514, @​marseel)
• Add WireGuard configurations to automated network throughput tests (#​32134, @​learnitall)
• bpf: Cover IPsec+KPR in complexity and compile tests (#​32316, @​pchaigno)
• CI/ClusterMesh: enable CiliumEndpointSlice in Conformance Cluster Mesh (#​32593, @​thorn3r)
• ci/ipsec-upgrade: complete the switch to cilium-dbg (#​32348, @​julianwiedmann)
• CI: Add job name validation (#​32462, @​brlbil)
• CI: enable CiliumEndpointSlice in conformance-e2e (#​32403, @​thorn3r)
• ci: Filter supported versions of EKS (#​32304, @​marseel)
• ci: Filter supported versions of GKE (#​32302, @​marseel)
• ci: ginkgo: increase cilium readiness timeout from 240 to 360s (#​32585, @​mhofstetter)
• ci: increase wait duration after upgrade/downgrade in E2E upgrade test (#​32528, @​mhofstetter)
• ci: l4lb: gather more infos about docker-in-docker issues (#​32570, @​mhofstetter)
• ci: l4lb: restart docker-in-docker container on failure (#​32600, @​mhofstetter)
• ci: remove k8s version 1.26 from ci-aks (#​32498, @​mhofstetter)
• eks: Don't use spot instances (#​32553, @​michi-covalent)
• fqdn: Fix benchmarking for fqdn cache test (#​32276, @​joestringer)
• gha: bump post-upgrade timeout in clustermesh upgrade/downgrade tests (#​32347, @​giorio94)
• gha: Correct number of connect retry param in LVH (#​32598, @​sayboras)
• gha: cover TLS auth mode in clustermesh upgrade/downgrade tests (#​32684, @​giorio94)
• gha: Enable Ingress controller for more e2e test (#​32572, @​sayboras)
• gha: test certificate generation methods in conformance clustermesh (#​32654, @​giorio94)
• Improve BPF complexity test coverage, fix a verifier error after LLVM upgrade. (#​32170, @​gentoo-root)
• renovate: Don't remove images/cilium/download-hubble.sh yet (#​32440, @​michi-covalent)
• Scrape cilium metrics and add custom prometheus queries (#​32254, @​marseel)
• Use GH_RUNNER_EXTRA_POWER for CI image workflow (#​32402, @​michi-covalent)
• workflows: ignore "No egress gateway found" drops (#​32564, @​jibi)

Misc Changes:

• .github/actions: enable passing kind config to lvh-kind action (#​32398, @​harsimran-pabla)
• .github: adding daemon/cmd/fqdn to sig/policy PRs (#​32442, @​vipul-21)
• .github: Auto-apply labels for sig/policy PRs (#​32409, @​joestringer)
• .github: Fix PR autolabeler (#​32406, @​joestringer)
• Add auto labeler for hubble-cli (#​32343, @​aanm)
• Add initial support for Multi-Cluster Services API in Cilium clustermesh (#​32264, @​MrFreezeex)
• Add Ænix to the cilium users (#​32738, @​kvaps)
• Added EKS-to-EKS Clustermesh Preparation guide (#​32355, @​network-charles)
• Always include symbols in the Agent debug image. (#​32032, @​EricMountain)
• api: Replace gocheck with built-in go test (#​32217, @​sayboras)
• background-sync: fix bootstrap issue and edge-case with 1 node (#​32630, @​marseel)
• BGP: Exporting peers, routes and route-policy states of BGPv2 via CLI. (#​32474, @​harsimran-pabla)
• bgpv2: Route policies for various reconcilers (#​32383, @​harsimran-pabla)
• bgpv2: Configuration guide for BGPv2 APIs (#​32774, @​harsimran-pabla)
• bgpv2: container labs for various types of advertisements (#​32522, @​harsimran-pabla)
• bgpv2: filter terminating backends from endpoint selection (#​32537, @​harsimran-pabla)
• bgpv2: fix pod ip pool cleanup (#​32194, @​harsimran-pabla)
• bgpv2: removing v2Enable feature flag (#​32692, @​harsimran-pabla)
• bgpv2: update multi-homing lab to use config overrides (#​32775, @​harsimran-pabla)
• bitlpm: Add ExactLookup Method (#​32609, @​nathanjsweet)
• bitlpm: Convert UintTrie to Struct (#​32676, @​nathanjsweet)
• bpf: ct: fix off-by-1 in ICMP packet statistics (#​32393, @​julianwiedmann)
• bpf: drop/trace: identify missing security identity / endpoint ID (#​32562, @​julianwiedmann)
• bpf: egw: delay SNAT for local client to actual egress interface (#​32428, @​julianwiedmann)
• bpf: host: consolidate drop notification code in to-netdev (#​32422, @​julianwiedmann)
• bpf: lxc: enrich trace event in cil_to_container (#​32737, @​julianwiedmann)
• bpf: nodeport: check for ClusterIP access earlier (#​32344, @​julianwiedmann)
• bpf: nodeport: clean up stale comment (#​32734, @​julianwiedmann)
• bpf: trace: identify ifindex 0 as TRACE_IFINDEX_UNKNOWN (#​32526, @​julianwiedmann)
• Bugtool commands list generation improvements (#​32253, @​pippolo84)
• bugtool: Deduplicate tc qdisc commands (#​32455, @​pippolo84)
• build(deps): bump jinja2 from 3.1.3 to 3.1.4 in /Documentation (#​32390, @​dependabot[bot])
• build(deps): bump requests from 2.31.0 to 2.32.0 in /Documentation (#​32626, @​dependabot[bot])
• bump cni plugins to v1.5.0 (#​32629, @​antonipp)
• Bump timeout of lint-build-commits.yaml (#​32746, @​YutaroHayakawa)
• bwmap: Reconcile cilium_throttle with StateDB reconciler (#​32438, @​joamaki)
• cec: support resource name qualification for HTTP HealthCheckFilter (#​32308, @​mhofstetter)
• chore(deps): update all github action dependencies (main) (#​32360, @​renovate[bot])
• chore(deps): update all github action dependencies (main) (#​32491, @​renovate[bot])
• chore(deps): update all github action dependencies (main) (#​32620, @​renovate[bot])
• chore(deps): update all github action dependencies (main) (#​32718, @​renovate[bot])
• chore(deps): update all github action dependencies (main) (#​32834, @​renovate[bot])
• chore(deps): update all github action dependencies (main) (patch) (#​32565, @​renovate[bot])
• chore(deps): update all lvh-images main (main) (patch) (#​31574, @​renovate[bot])
• chore(deps): update all lvh-images main (main) (patch) (#​32361, @​renovate[bot])
• chore(deps): update all lvh-images main to bpf-next-20240521.012924 (main) (patch) (#​32631, @​renovate[bot])
• chore(deps): update all lvh-images main to bpf-next-20240529.013128 (main) (patch) (#​32830, @​renovate[bot])
• chore(deps): update all-dependencies (main) (#​32359, @​renovate[bot])
• chore(deps): update cilium/cilium-cli action to v0.16.7 (main) (#​32394, @​renovate[bot])
• chore(deps): update cilium/cilium-cli action to v0.16.7 (main) (#​32771, @​renovate[bot])
• chore(deps): update cilium/little-vm-helper action to v0.0.18 (main) (#​32566, @​renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.8 (main) (#​32779, @​renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.16.9 (main) (#​32831, @​renovate[bot])
• chore(deps): update dependency go to v1.22.3 (main) (#​32772, @​renovate[bot])
• chore(deps): update dependency protocolbuffers/protobuf to v27 (main) (#​32767, @​renovate[bot])
• chore(deps): update docker.io/library/golang:1.22.3 docker digest to f43c6f0 (main) (#​32579, @​renovate[bot])
• chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.5.14 (main) (#​32832, @​renovate[bot])
• chore(deps): update go to v1.22.3 (main) (#​32416, @​renovate[bot])
• chore(deps): update golangci/golangci-lint docker tag to v1.58.0 (main) (#​32363, @​renovate[bot])
• chore(deps): update golangci/golangci-lint docker tag to v1.59.0 (main) (#​32833, @​renovate[bot])
• chore(deps): update quay.io/cilium/hubble docker tag to v0.13.4 (main) (#​32621, @​renovate[bot])
• ci: GitHub action syntax fixes (#​32507, @​viktor-kurchenko)
• cilium-dbg: Reprint header line periodically with statedb (#​32798, @​joamaki)
• cilium-dbg: Use a tabwriter that remembers the widths (#​32434, @​joamaki)
• cleanup: Remove deprecated StringCounter (#​32639, @​sayboras)
• cleanup: Use context package from std libraries (#​32795, @​sayboras)
• clustermesh: Cleanup un-used endpoint related attributes (#​32645, @​sayboras)
• clustermesh: drop node observer global variables from tests (#​32471, @​giorio94)
• clustermesh: drop redundant OnClusterDelete from GlobalServiceCache (#​32751, @​giorio94)
• clustermesh: forbid connecting to cluster with same ID as local (#​32753, @​giorio94)
• ClusterMesh: improve validation of remote nodes and services (#​32749, @​giorio94)
• CODEOWNERS: add sig-scalability ownership of CiliumEndpointSlice (#​32535, @​thorn3r)
• common: remove unused MapStringStructToSlice (#​32345, @​tklauser)
• config: remove ingress & gateway api leftovers from global agent config (#​32782, @​mhofstetter)
• Consolidate regeneration metrics accounting (#​32677, @​christarazi)
• consolidate_go_stacktrace: Add '--filter lock' (#​32273, @​joestringer)
• contrib/scripts: remove check-assert-deep-equals (#​32530, @​tklauser)
• contrib: Clean up un-used scripts (#​32456, @​sayboras)
• contrib: Remove CHARTS_PATH dependency (#​32328, @​joestringer)
• contrib: Switch from 'hub' to 'gh' (#​32326, @​joestringer)
• daemon: Add rate-limiting to device reloading (#​32527, @​joamaki)
• daemon: Reserve Geneve tunnel port if enabled (#​32421, @​gandro)
• datapath: Remove LoadBalancerNodeAddresses & LocalAddresses methods (#​30458, @​joamaki)
• datapath: Replace gocheck with built-in go test (#​32259, @​sayboras)
• datapath: trivial cleanups for KPR config handling (#​32453, @​julianwiedmann)
• deps, renovate: Update GoBGP to v3.26.0 & re-enable updates by renovate (#​32306, @​rastislavs)
• devices: Fix panic in tests when logger used after stopping (#​32551, @​joamaki)
• devices: Use slog instead of logrus (#​32469, @​joamaki)
• doc: Added doc for ingress/GwAPI host network mode (#​31839, @​PhilipSchmid)
• docs: Add example for kube-apiserver entity policy (#​32278, @​joestringer)
• docs: add link to sig-policy meeting (#​32340, @​squeed)
• Docs: add note about AKS kube-apiserver entity (#​32464, @​darox)
• docs: Add user manual how to enable and configure multicast feature. (#​32612, @​fujitatomoya)
• docs: Clarify that --labels does not override default set (#​32445, @​christarazi)
• docs: Clean-up Host Firewall documentation, list known issues (#​32267, @​qmonnet)
• docs: Describe fqdn cache entry expiration timers (#​32350, @​joestringer)
• docs: Fix style pitfalls in the ClusterMesh guide (#​32320, @​network-charles)
• docs: Remove outdated note on IPv6 BPF masqerading being incompatible with the Host Firewall (#​32685, @​qmonnet)
• egressgw: remove gwc.ifaceName (#​32321, @​julianwiedmann)
• endpointmanager: Skip warning logs for endpoints being removed (#​32619, @​jrajahalme)
• envoy: Update to use original source address also for external destinations (#​32331, @​jrajahalme)
• Expose clustermesh global service cache and hooks in the operator to prepare for MCS-API support (#​32287, @​MrFreezeex)
• Expose clustermesh ServicesSynced method from endpointslicesync ClusterMesh (#​32538, @​MrFreezeex)
• Fix crash caused while deleting LRPs with skipRedirectFromBackend flag set to true. (#​32822, @​aditighag)
• Fix regression with ClusterMesh deployments failing to provision the clustermesh-apiserver Service in some cloud provider environments due to not support session affinity (#​32657, @​thorn3r)
• Fix threat model typo (#​32752, @​ferozsalam)
• fix(deps): update all go dependencies main (main) (#​32362, @​renovate[bot])
• fix(deps): update all go dependencies main (main) (#​32490, @​renovate[bot])
• fix(deps): update all go dependencies main (main) (#​32509, @​renovate[bot])
• fix(deps): update all go dependencies main (main) (#​32622, @​renovate[bot])
• fix(deps): update all go dependencies main (main) (#​32717, @​renovate[bot])
• fix(deps): update all go dependencies main (main) (#​32743, @​renovate[bot])
• fix(deps): update module github.com/aliyun/alibaba-cloud-sdk-go to v1.62.731 (main) (#​32377, @​renovate[bot])
• fix(deps): update module github.com/aliyun/alibaba-cloud-sdk-go to v1.62.748 (main) (#​32736, @​renovate[bot])
• fqdn: Change error log to warning (#​32333, @​jrajahalme)
• fqdn: Fix notifyOnDNSMsg benchmark (#​32454, @​pippolo84)
• fqdn: Fix Upgrade Issue Between PortProto Versions (#​32325, @​nathanjsweet)
• FQDN: some small performance optimizations around logging (#​32049, @​squeed)
• fqdn: updating the variable name in fqdn (#​32298, @​vipul-21)
• gha: Enable Envoy debug in default Cilium options (#​32334, @​jrajahalme)
• Grant the CiliumEndpointSlice controller a new Clientset to decouple it from the other Cilium Operator controllers. (#​32353, @​thorn3r)
• healthv2: Various fixes (#​32549, @​joamaki)
• helm: Remove CILIUM_BRANCH variable (#​32776, @​michi-covalent)
• hive: cast ModuleID to string (#​32392, @​bimmlerd)
• hubble, policy: shuffle types to reduce imports (#​32378, @​squeed)
• images/builder: let renovate update protoc and proto plugins (#​32739, @​rolinh)
• images/cilium: Move Envoy reference away from builder and runtime (#​32452, @​jrajahalme)
• ingress: Correct FromGroups rule Parsing (#​32231, @​Alex-Waring)
• Introduce clustermesh source to differentiate data retrieved from remote clusters (#​32688, @​giorio94)
• ipam: lower loglevel from error to warn if eni link list can't be listed (#​32602, @​mhofstetter)
• ipcache: Introduce the ability to inherit CIDR prefixes (#​32578, @​gandro)
• ipcache: Only update policy maps for new identities (#​32628, @​gandro)
• ipsec: minor cleanups (#​31390, @​julianwiedmann)
• iptables: Do not set no-track rules with empty native routing CIDR (#​32648, @​pippolo84)
• k8s/watcher: remove always-nil error return values (#​32663, @​tklauser)
• k8s: Add new fields into slim Service/Endpoint/EndpointSlice structs (#​32754, @​sayboras)
• k8s: cleanup k8s watcher (#​32790, @​mhofstetter)
• k8s: remove unused policyRepository from k8swatcher (#​32773, @​mhofstetter)
• k8s: use netip.IPv{4,6}Unspecified (#​32818, @​tklauser)
• k8s: use cilium slices sort utility to sort Pod IP's from status (#​32697, @​mhofstetter)
• kvstore: Replace gocheck with built-in go test (#​32261, @​sayboras)
• l2announcer: Fix delete entry if no origins left (#​32279, @​wutz)
• loader: do ELF substitutions in memory (#​32059, @​lmb)
• loader: don't disable rp-filter for IPsec (#​32546, @​julianwiedmann)
• loader: fetch iface just once in patchHostNetdevDatapath() (#​32541, @​julianwiedmann)
• loader: misc fixes (#​32520, @​lmb)
• loader: refactor replaceDatapath to loadDatapath (#​32518, @​ti-mo)
• loader: Remove out-of-band data access (#​32706, @​joamaki)
• loader: Replace gocheck with built-in go test (#​32220, @​sayboras)
• makefile: check for $(CILIUM_CLI) dependency (#​32424, @​msune)
• Makefile: Replace release target (#​32322, @​joestringer)
• metallb bgp: introduce hive cell (#​32806, @​mhofstetter)
• Misc build system improvements (#​32408, @​joestringer)
• Miscellaneous improvements to the clustermesh troubleshooting guide (#​32552, @​giorio94)
• node-manager: fix race-condition (#​32606, @​marseel)
• operator/bgpv2: Fix CiliumBGPNodeConfig OwnerReference & job health reporting (#​32000, @​rastislavs)
• Output the etcd cluster ID as part of the remote cluster status information (#​32341, @​giorio94)
• pkg/cgroups: Cache pod metadata on datapath events (#​32615, @​aditighag)
• pkg/cgroups: Remove noisy log (#​32613, @​aditighag)
• pkg/clustermesh: Replace gocheck with built-in go test (#​32221, @​sayboras)
• pkg/egressgateway: Replace gocheck with built-in go test (#​32295, @​sayboras)
• pkg/endpoint: clean up DatapathRegenerationLevel (#​32604, @​lmb)
• pkg/endpoint: do not rely on bpf_host.o to detect host endpoint (#​32521, @​lmb)
• pkg/endpoint: make state synchronization atomic (#​32439, @​lmb)
• pkg/fqdn: Replace gocheck with built-in go test (#​32281, @​sayboras)
• pkg/policy: Replace gocheck with built-in go test (#​32223, @​sayboras)
• pkg: Fix Deny Insert Fuzz Test (#​32656, @​nathanjsweet)
• policy: Add Port Range Support for Policies Part 1 (#​32430, @​nathanjsweet)
• policy: Add Port Range Support for Policies Part 2/3 (#​32675, @​nathanjsweet)
• policy: fix client side validation of policies in policy import/validate command (#​31924, @​oblazek)
• policy: fix flaky unit test (#​32808, @​squeed)
• Prepare for release v1.16.0-pre.2 (#​32324, @​joestringer)
• README: Update releases (#​32329, @​joestringer)
• README: Update releases (#​32554, @​nebril)
• refactor: config options combined into DNS proxy config struct (#​32777, @​vipul-21)
• reinstate hive health metrics (#​32603, @​bimmlerd)
• renovate: fix config (missing comma) (#​32765, @​rolinh)
• renovate: ignore dependency github.com/google/go-licenses (#​32848, @​rolinh)
• Replace pkg/rand by standard library math/rand/v2 (#​32542, @​tklauser)
• restoration: checkpoint local allocator state, utilize on restoration (#​32310, @​squeed)
• srv6: Some cleanups for SRv6 maps (#​31960, @​YutaroHayakawa)
• Store zone information alongside lb{4,6}_backend entries (based on mapping from fixed-zone-mapping and values from EndpointSlices) (#​31838, @​AwesomePatrol)
• test: Re-enable few test suites missed as part of recent migration (#​32687, @​sayboras)
• test: Replace gocheck with built-in go test (#​32297, @​sayboras)
• test: Replace gocheck with built-in go test (#​32401, @​sayboras)
• test: Update Go test helpers for renamed cilium-dbg (#​32661, @​joestringer)
• update list of SIGs (#​32477, @​katiestruthers)
• Use ebpf.PossibleCPU to determine number of possible CPUs (#​32323, @​tklauser)

Docker Manifests

cilium

quay.io/cilium/cilium:v1.16.0-pre.3@​sha256:9918241403727d99cdba7067134dc99024c8f367fc8dbeec7aa5a7c84260d8f6

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.16.0-pre.3@​sha256:9348958f91942d81481878e57e6bda75463658240b51fedc9547c2024d848066

docker-plugin

quay.io/cilium/docker-plugin:v1.16.0-pre.3@​sha256:446abb18b76590edb4ad35c8c410acae308030d611cb8809b58c53547afc0733

hubble-relay

quay.io/cilium/hubble-relay:v1.16.0-pre.3@​sha256:41964978c06687d3db7afd29ed8205a3472c5de1d9c71a7a39b9640c651d4487

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.16.0-pre.3@​sha256:0fbbf357ae5e62f1d0777ce34c1fb6d19e1f7b5a25c5100346d34f8cf6ad1730

operator-aws

quay.io/cilium/operator-aws:v1.16.0-pre.3@​sha256:843d6c5094655448e8d1e81b46d334e00444f58bbb9e95575bd042af6871e1f0

operator-azure

quay.io/cilium/operator-azure:v1.16.0-pre.3@​sha256:5682ca7ad8eea47abacad4dae2ff62d98f8f1938dcd7f17a403b673599b8b258

operator-generic

quay.io/cilium/operator-generic:v1.16.0-pre.3@​sha256:565c92df436f801fa5ff3bbb8becac65114818c43e3bcaecf956c0d4c120b5a6

operator

quay.io/cilium/operator:v1.16.0-pre.3@​sha256:2f114fc9627a43b435160d587e0128e0fe9256d5c0ff2dde4f703ddd807d9717

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Mend Renovate. View repository job log here.

[renovate]

ℹ Artifact update notice

File name: go.mod

In order to perform the update(s) described in the table above, Renovate ran the go get command, which resulted in the following additional change(s):

• 19 additional dependencies were updated

Details:

Package	Change
github.com/cilium/hive	v0.0.0-20240425092031-f6d2f20c979b -> v0.0.0-20240529072208-d997f86e4219
github.com/docker/docker	v26.1.0+incompatible -> v26.1.3+incompatible
github.com/fatih/color	v1.16.0 -> v1.17.0
github.com/klauspost/compress	v1.17.0 -> v1.17.2
github.com/mackerelio/go-osstat	v0.2.4 -> v0.2.5
github.com/pelletier/go-toml/v2	v2.2.1 -> v2.2.2
github.com/prometheus/client_golang	v1.19.0 -> v1.19.1
github.com/prometheus/procfs	v0.14.0 -> v0.15.1
github.com/spf13/viper	v1.18.2 -> v1.19.0
github.com/vishvananda/netlink	v1.2.1-beta.2.0.20231127184239-0ced8385386a -> v1.2.1-beta.2.0.20240524165444-4d4ba1473f21
go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp	v0.47.0 -> v0.49.0
go.opentelemetry.io/otel	v1.26.0 -> v1.27.0
go.opentelemetry.io/otel/metric	v1.26.0 -> v1.27.0
go.opentelemetry.io/otel/trace	v1.26.0 -> v1.27.0
golang.org/x/exp	v0.0.0-20240416160154-fe59bbe5cc7f -> v0.0.0-20240531132922-fd00a4e0eefc
golang.org/x/net	v0.24.0 -> v0.25.0
golang.org/x/tools	v0.20.0 -> v0.21.0
google.golang.org/genproto/googleapis/rpc	v0.0.0-20240429193739-8cf5692501f6 -> v0.0.0-20240528184218-531527333157
google.golang.org/protobuf	v1.34.0 -> v1.34.1