Feat: update cilium to 1.17.2 (#89)

* feat: bump tigera operator to 1.36.5 and calico to 3.29.2

* feat: update drone CI with tigera 1.32

* feat: update release notes and compatibility matrix

* feat: update tigera manifests to be compatible with kustomize 5.6.0

* feat: bump all e2e test images with the last version that includes kustomize 5.6.0

* fix: prepare release note step only on v* tags

* feat: remove namespace: kube-system, it's now incompatible with kustomize 5.6.0 because it will also patch the "Namespace" object , in the "metadata.name" field

* feat: remove namespace: kube-system, it's now incompatible with kustomize 5.6.0 because it will also patch the "Namespace" object , in the "metadata.name" field

* feat: update cilium manifests with 1.17.2

* feat: update maintenance files + remove namespace on main kustomization.yaml file

* docs: update cilium readme

* feat: update drone CI, remove version 1.28 on both cilium and calico, made calico and cilium CIs parallel

* feat: align CI with cilium PR

* docs: update unreleased.md with cilium 1.17.2

* feat: update echoserver to 1.10, 1.0 was too old and imcompatible with containerd 2.0

Author: nutellinoit

docs/releases/unreleased.md

@@ -10,7 +10,7 @@ Welcome to the latest release of the `Networking` module of [`Kubernetes Fury Di
 
 | Component         | Supported Version                                                                | Previous Version |
 | ----------------- | -------------------------------------------------------------------------------- | ---------------- |
-| `cilium`          | [`v1.16.3`](https://github.com/cilium/cilium/releases/tag/v1.15.2)               | No update        |
+| `cilium`          | [`v1.17.2`](https://github.com/cilium/cilium/releases/tag/v1.17.2)               | v1.16.3          |
 | `ip-masq`         | [`v2.8.0`](https://github.com/kubernetes-sigs/ip-masq-agent/releases/tag/v2.8.0) | No update        |
 | `tigera-operator` | [`v1.36.5`](https://github.com/tigera/operator/releases/tag/v1.36.5)             | v1.36.1          |
 

katalog/cilium/MAINTENANCE.md

@@ -10,7 +10,7 @@ To update the Cilium package with upstream, please follow the next steps.
 helm repo add cilium https://helm.cilium.io/
 helm repo update
 helm search repo cilium/cilium
-helm pull cilium/cilium --version 1.16.3 --untar --untardir /tmp
+helm pull cilium/cilium --version 1.17.2 --untar --untardir /tmp
 ```
 
 1.2. Compare the `MAINTENANCE.values.yaml` with the one from the chart `/tmp/cilium/values.yaml` and port the changes that are needed. For example, update the image tags and check that parameters that were in use are still valid.

katalog/cilium/MAINTENANCE.values.yaml

@@ -7,7 +7,7 @@
 image:
   override: ~
   repository: "registry.sighup.io/fury/cilium/cilium"
-  tag: "v1.16.3"
+  tag: "v1.17.2"
   useDigest: false
 
 # -- Affinity for cilium-agent.
@@ -76,7 +76,7 @@ hubble:
     image:
       override: ~
       repository: "registry.sighup.io/fury/cilium/hubble-relay"
-      tag: "v1.16.3"
+      tag: "v1.17.2"
 
       useDigest: false
       pullPolicy: "IfNotPresent"
@@ -120,7 +120,7 @@ hubble:
       image:
         override: ~
         repository: "registry.sighup.io/fury/cilium/hubble-ui-backend"
-        tag: "v0.13.1"
+        tag: "v0.13.2"
 
         useDigest: false
         pullPolicy: "IfNotPresent"
@@ -138,7 +138,7 @@ hubble:
       image:
         override: ~
         repository: "registry.sighup.io/fury/cilium/hubble-ui"
-        tag: "v0.13.1"
+        tag: "v0.13.2"
         useDigest: false
         pullPolicy: "IfNotPresent"
 
@@ -170,15 +170,26 @@ identityChangeGracePeriod: ""
 # routing and full KPR mode. Moreover, this option cannot be enabled when Cilium
 # is running in a managed Kubernetes environment or in a chained CNI setup.
 installNoConntrackIptablesRules: false
-
-
+ipam:
+  mode: "cluster-pool"
+  installUplinkRoutesForDelegatedIPAM: false
+  operator:
+    clusterPoolIPv4PodCIDRList: ["10.0.0.0/8"]
+    clusterPoolIPv4MaskSize: 24
+    clusterPoolIPv6PodCIDRList: ["fd00::/104"]
+    clusterPoolIPv6MaskSize: 120
+
+defaultLBServiceIPAM: lbipam
+nodeIPAM:
+  enabled: false
 # -- Configure the eBPF-based ip-masq-agent
 ipMasqAgent:
   enabled: false
-  # the config of nonMasqueradeCIDRs
-  # config:
-  # nonMasqueradeCIDRs: []
-  # masqLinkLocal: false
+# the config of nonMasqueradeCIDRs
+# config:
+#   nonMasqueradeCIDRs: []
+#   masqLinkLocal: false
+#   masqLinkLocalIPv6: false
 
 # iptablesLockTimeout defines the iptables "--wait" option when invoked from Cilium.
 # iptablesLockTimeout: "5s"
@@ -192,14 +203,14 @@ ipv6:
   enabled: false
 
 # -- Configure Kubernetes specific configuration
-k8s: {}
+k8s:
   # -- requireIPv4PodCIDR enables waiting for Kubernetes to provide the PodCIDR
   # range via the Kubernetes node resource
-  # requireIPv4PodCIDR: false
+  requireIPv4PodCIDR: false
 
   # -- requireIPv6PodCIDR enables waiting for Kubernetes to provide the PodCIDR
   # range via the Kubernetes node resource
-# requireIPv6PodCIDR: false
+  requireIPv6PodCIDR: false
 # -- Enable Layer 7 network policy.
 l7Proxy: true
 
@@ -219,6 +230,7 @@ logSystemLoad: false
 
 # -- Configure prometheus metrics on the configured port at /metrics
 prometheus:
+  metricsService: true
   enabled: true
   port: 9962
   serviceMonitor:
@@ -259,7 +271,7 @@ operator:
   image:
     override: ~
     repository: "registry.sighup.io/fury/cilium/operator"
-    tag: "v1.16.3"
+    tag: "v1.17.2"
 
     useDigest: false
     pullPolicy: "IfNotPresent"
@@ -268,6 +280,7 @@ operator:
   # -- Enable prometheus metrics for cilium-operator on the configured port at
   # /metrics
   prometheus:
+    metricsService: true
     enabled: true
     port: 9963
     serviceMonitor:

katalog/cilium/README.md

@@ -15,16 +15,16 @@ Additionally, we deploy hubble component as an observability tool on the network
 ## Image repository and tag
 
 - cilium images:
-  - `registry.sighup.io/fury/cilium/cilium:v1.13.3`
-  - `registry.sighup.io/fury/cilium/operator-generic:v1.13.3`
-  - `registry.sighup.io/fury/cilium/hubble-ui-backend:v0.11.0`
-  - `registry.sighup.io/fury/cilium/hubble-ui:v0.11.0`
-  - `registry.sighup.io/fury/cilium/hubble-relay:v1.13.3`
+  - `registry.sighup.io/fury/cilium/cilium`
+  - `registry.sighup.io/fury/cilium/operator-generic`
+  - `registry.sighup.io/fury/cilium/hubble-ui-backend`
+  - `registry.sighup.io/fury/cilium/hubble-ui`
+  - `registry.sighup.io/fury/cilium/hubble-relay`
 
 ## Requirements
 
-- Kubernetes >= `1.24.X`.
-- Kustomize >= `v3.5.3`.
+- Kubernetes >= `1.29.X`.
+- Kustomize >= `v5.6.0`.
 - [prometheus-operator from KFD monitoring module][prometheus-operator]
 - [cert-manager from KFD ingress module][cert-manager]