fix(helm/cilium): update 1.19.0 ➼ 1.19.2

[tinfoild]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
cilium (source)	HelmChart	patch	1.19.0 → 1.19.2
cilium (source)		patch	1.19.0 → 1.19.2

---

Release Notes

cilium/cilium (cilium)

v1.19.2: 1.19.2

Compare Source

Summary of Changes

Minor Changes:

• ztunnel/helm: move ztunnel daemonset management from operator to helm (Backport PR #​44593, Upstream PR #​43763, @​nddq)

Bugfixes:

• Add rate limiting to neighbor reconciler to reduce CPU usage and memory churn (Backport PR #​44699, Upstream PR #​43928, @​dylandreimerink)
• bpf: nodeport: use hairpin redirect for L7 LB on bridge devices (Backport PR #​44760, Upstream PR #​44658, @​smagnani96)
• cilium-dbg: fix seg-fault ip get -l reserved:host (Backport PR #​44517, Upstream PR #​44443, @​aanm)
• clustermesh: fix a few minor typo/issues in the MCS-API documentation (Backport PR #​44398, Upstream PR #​44299, @​MrFreezeex)
• clustermesh: fix a goroutine leak related to EndpointSliceSync when removing cluster (Backport PR #​44517, Upstream PR #​44444, @​MrFreezeex)
• clustermesh: fix a race condition where EndpointSlices created just before a cluster is removed could be left uncleaned (Backport PR #​44517, Upstream PR #​44503, @​MrFreezeex)
• Enable Cilium upgrade and downgrade when existing XDP attach types differ from new XDP programs (Backport PR #​44496, Upstream PR #​44209, @​dylandreimerink)
• Fix a bug where node IPv6 updates and deletes were not correctly propagated to the Linux kernel neighbor subsystem. (Backport PR #​44593, Upstream PR #​44540, @​tklauser)
• Fix bug where more Helm options were gated by loadbalancer option than intended (Backport PR #​44699, Upstream PR #​42916, @​mliner)
• Fix envoy admin socket being created as world-accessible (Backport PR #​44593, Upstream PR #​44512, @​0xch4z)
• Fix IPSec key rotation race condition where packets were dropped due to XFRM states not being ready when peers started using the new key. Also adds logging for key rotation flow. (Backport PR #​44699, Upstream PR #​44335, @​daanvinken)
• Fix tearing down wrong pod's veth in aws-cni chaining when using deterministic pod names (Backport PR #​44517, Upstream PR #​44494, @​aanm)
• Fixed a bug in service load balancing where backend slot assignments could have gaps when maintenance backends exist, potentially causing traffic misrouting. (Backport PR #​44398, Upstream PR #​43902, @​Aman-Cool)
• Fixed a bug where bandwidth priority updates were not applied when only the priority annotation was changed on a Pod. (Backport PR #​44517, Upstream PR #​44329, @​zbb88888)
• Fixed an issue where wildcard FQDN network policy identities were not correctly pushed to Envoy when using SNI-based policies. (Backport PR #​44517, Upstream PR #​44462, @​liyihuang)
• Fixed VTEP ARP responses returning 00:00:00:00:00:00 MAC due to interface MAC missing from eBPF Overlay configuration. (Backport PR #​44699, Upstream PR #​44513, @​akos011221)
• gateway-api: Fix hostname intersection bug that was preventing cert-manager challenges from working correctly. (Backport PR #​44517, Upstream PR #​44492, @​youngnick)
• gateway-api: Fixed some issues with TLSRoute attachment that will be covered by new conformance tests soon. (Backport PR #​44517, Upstream PR #​44397, @​youngnick)
• Grant permissions to the cilium-operator so that it can reconcile ServiceImport when the when the admission plugin OwnerReferencesPermissionEnforcement is activated (Backport PR #​44517, Upstream PR #​44458, @​MrFreezeex)
• helm/ztunnel: Add host field to readiness probe to bind the health check port 15021 to 127.0.0.1 instead of 0.0.0.0 (Backport PR #​44593, Upstream PR #​44196, @​nddq)
• ingress: Ensure that the shared ingress exposes port 443 so that it can pass upstream loadbalancer health checks. (Backport PR #​44517, Upstream PR #​44229, @​xtineskim)
• ipam: Fix concurrent map access to multipool map (Backport PR #​44517, Upstream PR #​44150, @​christarazi)
• l7lb: fix bypassing ingress policies for local backends (Backport PR #​44800, Upstream PR #​44693, @​smagnani96)
• loadbalancer/healthserver: refresh ProxyRedirect per request (Backport PR #​44398, Upstream PR #​44286, @​mhofstetter)
• policy: Improve PASS handling for non-consecutive tiers and wildcard fallbacks (Backport PR #​44418, Upstream PR #​43917, @​TheBeeZee)

CI Changes:

• .github/workflows: eks-cluster-pool-manager: fix race condition and c… (Backport PR #​44398, Upstream PR #​44283, @​aanm)
• ci: add k8s 1.35 for AKS (Backport PR #​44699, Upstream PR #​44550, @​Artyop)
• ci: add k8s 1.35 for gke tests (Backport PR #​44699, Upstream PR #​44549, @​Artyop)
• ci: k8s 1.35 to EKS matrix (Backport PR #​44517, Upstream PR #​44403, @​Artyop)
• ci: reduce number of k8s versions tested on EKS (Backport PR #​44517, Upstream PR #​44426, @​Artyop)
• docs: Bump k8s compat version (Backport PR #​44593, Upstream PR #​44516, @​joestringer)
• gh: e2e-upgrade: don't hardcode IPsec encryption algorithm (Backport PR #​44517, Upstream PR #​44381, @​julianwiedmann)
• test/helpers: ignore error creating lease lock message (Backport PR #​44398, Upstream PR #​44282, @​aanm)

Misc Changes:

• [v1.19] fix: add Documentation/cmdref/cilium-dbg_policy_subject-selectors.md (#​44644, @​jingyuanliang)
• Added circuit breaker configuration (max connections, requests, and retries) for Cilium Envoy ingress, egress, and external envoy. (Backport PR #​44699, Upstream PR #​44195, @​liyihuang)
• bgp: Clean up unused RouteReflector and improve GoBGP test commands (Backport PR #​44632, Upstream PR #​44074, @​liyihuang)
• bgp: Introduce bgp/peers Hive Shell command (Backport PR #​44517, Upstream PR #​44067, @​YutaroHayakawa)
• bgp: Introduce bgp/routes Hive Shell command (Backport PR #​44517, Upstream PR #​44220, @​YutaroHayakawa)
• bgp: Make the BGP instance name retrievable from GoBGP (Backport PR #​44517, Upstream PR #​44024, @​YutaroHayakawa)
• chore(deps): update all github action dependencies (v1.19) (#​44475, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.19) (#​44572, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.19) (#​44673, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.19) (#​44788, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.19) (#​44573, @​cilium-renovate[bot])
• chore(deps): update base-images (v1.19) (#​44574, @​cilium-renovate[bot])
• chore(deps): update base-images (v1.19) (#​44668, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.19.2 (v1.19) (#​44568, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/certgen docker tag to v0.4.1 (v1.19) (#​44671, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1771585526-532310e626e42c7086de4ef3ea913736125bbd31 (v1.19) (#​44472, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1772889061-409b87726267dd621aab2cc455bad504fa5006d0 (v1.19) (#​44669, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1773220507-ffc0948a7ec4868e6b552a71cf4d3860e78b53cc (v1.19) (#​44723, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1773656288-7b052e66eb2cfc5ac130ce0a5be66202a10d83be (v1.19) (#​44787, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.19) (patch) (#​44473, @​cilium-renovate[bot])
• contrib: Auto-find source files in check-source-info.sh (Backport PR #​44628, Upstream PR #​44506, @​YutaroHayakawa)
• contrib: Minor cleanups for check-source-info.sh (Backport PR #​44628, Upstream PR #​44431, @​YutaroHayakawa)
• docs(ztunnel): fix some typo (Backport PR #​44398, Upstream PR #​44294, @​alagoutte)
• docs: add policy language chapter headline (Backport PR #​44398, Upstream PR #​44204, @​orangecms)
• docs: Fix duplicate --version in Helm OCI install/upgrade documentation examples. (Backport PR #​44398, Upstream PR #​44380, @​gma1k)
• docs: Fix some "parsed-literal" blocks (Backport PR #​44517, Upstream PR #​44385, @​qmonnet)
• Docs: improve docs around ipsec upgrade in 1.18 (Backport PR #​44398, Upstream PR #​44302, @​darox)
• docs: Point to cilium.io for community blogs (Backport PR #​44517, Upstream PR #​44420, @​qmonnet)
• fix(deps): update all-dependencies (v1.19) (#​44471, @​cilium-renovate[bot])
• fix(deps): update k8s.io patch updates stable (v1.19) (#​44474, @​cilium-renovate[bot])
• fix(deps): update k8s.io patch updates stable to 0f775a3 (v1.19) (#​44570, @​cilium-renovate[bot])
• fix(deps): update k8s.io patch updates stable to v0.35.2 (v1.19) (patch) (#​44571, @​cilium-renovate[bot])
• fix(deps): update module sigs.k8s.io/controller-runtime to v0.23.3 (v1.19) (#​44670, @​cilium-renovate[bot])
• fix(deps): update sigs.k8s.io/mcs-api/controllers digest to 15301c2 (v1.19) (#​44785, @​cilium-renovate[bot])
• fix(deps): update sigs.k8s.io/mcs-api/controllers digest to 6a4a49e (v1.19) (#​44672, @​cilium-renovate[bot])
• fix: helm value rendering bug for operator.unmanagedPodWatcher.intervalSeconds (Backport PR #​44517, Upstream PR #​44211, @​jayl1e)
• k8s/client/fake: let update operations respect resource versioning (Backport PR #​44398, Upstream PR #​44264, @​giorio94)
• loadbalancer/healthserver: stabilize proxy-redirect test (Backport PR #​44517, Upstream PR #​44323, @​mhofstetter)
• test: fix goleak check in combination with script tests (Backport PR #​44398, Upstream PR #​44228, @​giorio94)

Other Changes:

• [v1.19] ipam: Use existing mutex for multipool capacity synchronization (#​44777, @​christarazi)
• install: Update image digests for v1.19.1 (#​44410, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.19.2@​sha256:7bc7e0be845cae0a70241e622cd03c3b169001c9383dd84329c59ca86a8b1341

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.19.2@​sha256:d1f44a78a0d0996ab1841f7564bc6fbd6e242d4ef673a2a8bfdd7385ef68018d

docker-plugin

quay.io/cilium/docker-plugin:v1.19.2@​sha256:1ba743852ab063d83955c3917d75b2d296ff78d944d09fc1802f85f07ebee334

hubble-relay

quay.io/cilium/hubble-relay:v1.19.2@​sha256:9987c73bad48c987fd065185535fd15a6717cbe8a8caf7fc7ef0413532cf490e

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.19.2@​sha256:90bdedf6b0d3108245f8194f8c69262af2c8d839480f99d2396deed057899142

operator-aws

quay.io/cilium/operator-aws:v1.19.2@​sha256:6eaa299ad267d7b8fcb4bb17ee1008b391052e2e35f690b21783b1b23b5c0bf2

operator-azure

quay.io/cilium/operator-azure:v1.19.2@​sha256:9c040a57f4584782eda9a91f7cf3292ca5d0fb41d75f4aa41ece29d66e145293

operator-generic

quay.io/cilium/operator-generic:v1.19.2@​sha256:e363f4f634c2a66a36e01618734ea17e7b541b949b9a5632f9c180ab16de23f0

operator

quay.io/cilium/operator:v1.19.2@​sha256:56ea76f4c1dfc8a899581b35bb2fc87b3110ee57ff0ab4003ae26d5a27d81448

v1.19.1: 1.19.1

Compare Source

Summary of Changes

Bugfixes:

• clustermesh: fix CRD update permission for MCS-API CRD install (Backport PR #​44280, Upstream PR #​44224, @​Preisschild)
• Fix panic during datapath reinitialization if DirectRouting device is required but missing (Backport PR #​44280, Upstream PR #​44219, @​fristonio)
• helm: Fixed RBAC errors with operator.enabled=false by aligning cilium-tlsinterception-secrets Role/RoleBinding conditionals (Backport PR #​44280, Upstream PR #​44159, @​puwun)
• Reduces rtnl_mutex contention on SR-IOV nodes by not requesting VF information in netlink RTM_GETLINK operations (Backport PR #​44280, Upstream PR #​43517, @​pasteley)

CI Changes:

• ci: e2e: add kernel to workflow job names (Backport PR #​44127, Upstream PR #​44291, @​smagnani96)
• gh: ariane: don't run cloud workflows for LVH kernel updates (Backport PR #​44147, Upstream PR #​44109, @​julianwiedmann)
• gh: ariane: skip more workflows for LVH kernel updates (Backport PR #​44147, Upstream PR #​44115, @​julianwiedmann)

Misc Changes:

• chore(deps): update all github action dependencies (v1.19) (#​44248, @​cilium-renovate[bot])
• chore(deps): update all github action dependencies (v1.19) (#​44368, @​cilium-renovate[bot])
• chore(deps): update all-dependencies (v1.19) (#​44363, @​cilium-renovate[bot])
• chore(deps): update base-images (v1.19) (#​44247, @​cilium-renovate[bot])
• chore(deps): update cilium/cilium-cli action to v0.19.1 (v1.19) (#​44343, @​cilium-renovate[bot])
• chore(deps): update dependency cilium/cilium-cli to v0.19.1 (v1.19) (#​44400, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/busybox:1.37.0 docker digest to b3255e7 (v1.19) (#​44242, @​cilium-renovate[bot])
• chore(deps): update docker.io/library/golang:1.25.7 docker digest to 85c0ab0 (v1.19) (#​44364, @​cilium-renovate[bot])
• chore(deps): update gcr.io/distroless/static:nonroot docker digest to f9f84bd (v1.19) (#​44243, @​cilium-renovate[bot])
• chore(deps): update gcr.io/etcd-development/etcd docker tag to v3.6.8 (v1.19) (#​44365, @​cilium-renovate[bot])
• chore(deps): update module sigs.k8s.io/kube-api-linter to v0.0.0-20260206102632-39e3d06a2850 (v1.19) (#​44244, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1770265024-9828c064a10df81f1939b692b01203d88bb439e4 (v1.19) (#​44245, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1770554954-8ce3bb4eca04188f4a0a1bfbd0a06a40f90883de (v1.19) (#​44262, @​cilium-renovate[bot])
• chore(deps): update quay.io/cilium/cilium-envoy docker tag to v1.35.9-1770979049-232ed4a26881e4ab4f766f251f258ed424fff663 (v1.19) (#​44366, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.19) (patch) (#​44246, @​cilium-renovate[bot])
• chore(deps): update stable lvh-images (v1.19) (patch) (#​44367, @​cilium-renovate[bot])
• ci: e2e: improve GitHub action readability (Backport PR #​44127, Upstream PR #​44126, @​smagnani96)
• docs: Update docsearch to v4.5.4 (Backport PR #​44272, Upstream PR #​44233, @​joestringer)
• endpoint/watchdog: fetch all endpoints without programs loaded (Backport PR #​44280, Upstream PR #​44111, @​mhofstetter)
• gateway-apis: Correct supported versions in docs (#​44217, @​youngnick)
• Policy Tiers: feature-flagging, add fuzzer, fix corner cases (Backport PR #​44267, Upstream PR #​43893, @​jrajahalme)
• Policy: Fix rule origin for ordered policies (Backport PR #​44280, Upstream PR #​44178, @​jrajahalme)

Other Changes:

• install: Update image digests for v1.19.0 (#​44172, @​cilium-release-bot[bot])

Docker Manifests

cilium

quay.io/cilium/cilium:v1.19.1@​sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792

clustermesh-apiserver

quay.io/cilium/clustermesh-apiserver:v1.19.1@​sha256:56d6c3dc13b50126b80ecb571707a0ea97f6db694182b9d61efd386d04e5bb28

docker-plugin

quay.io/cilium/docker-plugin:v1.19.1@​sha256:6edfbf46ca484b1ed961f3c7382159ba7f0227e7af692159e99e8d4810ecaf34

hubble-relay

quay.io/cilium/hubble-relay:v1.19.1@​sha256:d8c4e13bc36a56179292bb52bc6255379cb94cb873700d316ea3139b1bdb8165

operator-alibabacloud

quay.io/cilium/operator-alibabacloud:v1.19.1@​sha256:837b12f4239e88ea5b4b5708ab982c319a94ee05edaecaafe5fd0e5b1962f554

operator-aws

quay.io/cilium/operator-aws:v1.19.1@​sha256:18913d05a6c4d205f0b7126c4723bb9ccbd4dc24403da46ed0f9f4bf2a142804

operator-azure

quay.io/cilium/operator-azure:v1.19.1@​sha256:82bce78603056e709d4c4e9f9ebb25c222c36d8a07f8c05381c2372d9078eca8

operator-generic

quay.io/cilium/operator-generic:v1.19.1@​sha256:e7278d763e448bf6c184b0682cf98cdca078d58a27e1b2f3c906792670aa211a

operator

quay.io/cilium/operator:v1.19.1@​sha256:93a6306d4543f1d8eccd79d6770c00ef4d4791f66326d97f9851f9d316e70141

---

Configuration

📅 Schedule: Branch creation - At any time (no schedule defined), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about these updates again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[cloudflare-workers-and-pages]

Deploying jjgadgets-biohazard with    Cloudflare Pages

Latest commit:	6dae012
Status:	✅  Deploy successful!
Preview URL:	https://40d35e04.jjgadgets-biohazard.pages.dev
Branch Preview URL:	https://renovate-patch-cilium.jjgadgets-biohazard.pages.dev

View logs

[tinfoild]

kube/helmrelease/out00

--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium

@@ -30,13 +30,13 @@

         appArmorProfile:
           type: Unconfined
         seccompProfile:
           type: Unconfined
       containers:
       - name: cilium-agent
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         command:
         - cilium-agent
         args:
         - --config-dir=/tmp/cilium/config-map
         startupProbe:
@@ -212,13 +212,13 @@

           mountPath: /tmp
         - name: hubble-flowlog-config
           mountPath: /flowlog-config
           readOnly: true
       initContainers:
       - name: config
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         command:
         - cilium-dbg
         - build-config
         - --k8s-api-server-urls=https://1:6443 https://2:6443 https://3:6443
         env:
@@ -240,13 +240,13 @@

           capabilities:
             add:
             - NET_ADMIN
             drop:
             - ALL
       - name: apply-sysctl-overwrites
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         env:
         - name: BIN_PATH
           value: /opt/cni/bin
         command:
         - sh
@@ -270,13 +270,13 @@

             - SYS_ADMIN
             - SYS_CHROOT
             - SYS_PTRACE
             drop:
             - ALL
       - name: mount-bpf-fs
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         args:
         - mount | grep "/sys/fs/bpf type bpf" || mount -t bpf bpf /sys/fs/bpf
         command:
         - /bin/bash
         - -c
@@ -286,13 +286,13 @@

           privileged: true
         volumeMounts:
         - name: bpf-maps
           mountPath: /sys/fs/bpf
           mountPropagation: Bidirectional
       - name: clean-cilium-state
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         command:
         - /init-container.sh
         env:
         - name: CILIUM_ALL_STATE
           valueFrom:
@@ -330,13 +330,13 @@

         - name: cilium-cgroup
           mountPath: /sys/fs/cgroup
           mountPropagation: HostToContainer
         - name: cilium-run
           mountPath: /var/run/cilium
       - name: install-cni-binaries
-        image: quay.io/cilium/cilium:v1.19.0@sha256:be9f8571c2e114b3e12e41f785f2356ade703b2eac936aa878805565f0468c60
+        image: quay.io/cilium/cilium:v1.19.1@sha256:41f1f74a0000de8656f1de4088ea00c8f2d49d6edea579034c73c5fd5fe01792
         imagePullPolicy: IfNotPresent
         command:
         - /install-plugin.sh
         resources:
           limits:
             cpu: 1
--- HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

+++ HelmRelease: kube-system/cilium DaemonSet: kube-system/cilium-envoy

@@ -28,13 +28,13 @@

     spec:
       securityContext:
         appArmorProfile:
           type: Unconfined
       containers:
       - name: cilium-envoy
-        image: quay.io/cilium/cilium-envoy:v1.35.9-1768828720-c6e4827ebca9c47af2a3a6540c563c30947bae29@sha256:696582a3391ce05a62edb4140e6a99f774351f363f5b5d7f1581f3a244430249
+        image: quay.io/cilium/cilium-envoy:v1.35.9-1770979049-232ed4a26881e4ab4f766f251f258ed424fff663@sha256:8188114a2768b5f49d6ce58e168b20d765e0fbc64eee0d83241aa2b150ccd788
         imagePullPolicy: IfNotPresent
         command:
         - /usr/bin/cilium-envoy-starter
         args:
         - --
         - -c /var/run/cilium/envoy/bootstrap-config.json
--- HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

+++ HelmRelease: kube-system/cilium Deployment: kube-system/cilium-operator

@@ -32,13 +32,13 @@

     spec:
       securityContext:
         seccompProfile:
           type: RuntimeDefault
       containers:
       - name: cilium-operator
-        image: quay.io/cilium/operator-generic:v1.19.0@sha256:5b04006015e5800307dc6314676edc4c0bb7ac2fc7848be2b94b43bb030ab648
+        image: quay.io/cilium/operator-generic:v1.19.1@sha256:e7278d763e448bf6c184b0682cf98cdca078d58a27e1b2f3c906792670aa211a
         imagePullPolicy: IfNotPresent
         command:
         - cilium-operator-generic
         args:
         - --config-dir=/tmp/cilium/config-map
         - --debug=
--- HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

+++ HelmRelease: kube-system/cilium Deployment: kube-system/hubble-relay

@@ -39,13 +39,13 @@

             - ALL
           runAsGroup: 65532
           runAsNonRoot: true
           runAsUser: 65532
           seccompProfile:
             type: RuntimeDefault
-        image: quay.io/cilium/hubble-relay:v1.19.0@sha256:7f17e5bb51a9f35bbc8e7a9ad5e347f03ff8003c2e5cc81171e8727a10bf03b4
+        image: quay.io/cilium/hubble-relay:v1.19.1@sha256:d8c4e13bc36a56179292bb52bc6255379cb94cb873700d316ea3139b1bdb8165
         imagePullPolicy: IfNotPresent
         command:
         - hubble-relay
         args:
         - serve
         ports:

[tinfoild]

kube/kustomization/out00

--- kube/deploy/core/_networking/cilium/app Kustomization: flux-system/1-core-1-networking-cilium-app HelmRelease: kube-system/cilium

+++ kube/deploy/core/_networking/cilium/app Kustomization: flux-system/1-core-1-networking-cilium-app HelmRelease: kube-system/cilium

@@ -16,13 +16,13 @@

     spec:
       chart: cilium
       sourceRef:
         kind: HelmRepository
         name: cilium-charts
         namespace: flux-system
-      version: 1.19.0
+      version: 1.19.2
   interval: 5m
   timeout: 1h
   values:
     bgpControlPlane:
       enabled: true
     dashboards: