envoy: Bump envoy image to fix SO_REUSEPORT with BPF TPROXY

Currently, if BPF TPROXY is enabled (`bpf.tproxy=true`), the BPF socket lookup for the proxy port fails because Envoys Proxy listener socket is always configured with the socket option `SO_REUSEPORT`. It ignores the fact that port reuse on the Listener socket is explicitly disabled via Envoy Listener API (`enable_reuse_port=false`) if BPF TPROXY is enabled (due to incompatibilities). Therefore, this commit bumps the envoy image to the latest version that doesn't set the socket option `SO_REUSEPORT` on the Listener socket. Relates: cilium/proxy#505 Fixes: cilium#27498 Signed-off-by: Marco Hofstetter <[email protected]>
mhofstetter · Jan 24, 2024 · dc36c73 · dc36c73
1 parent 945ad0c
commit dc36c73
Show file tree

Hide file tree

Showing 5 changed files with 7 additions and 7 deletions.
diff --git a/Documentation/helm-values.rst b/Documentation/helm-values.rst
diff --git a/images/cilium/Dockerfile b/images/cilium/Dockerfile
@@ -3,7 +3,7 @@
 
 ARG CILIUM_BUILDER_IMAGE=quay.io/cilium/cilium-builder:e2dc02fe9b2871b1f9a7468698abd536531af086@sha256:8eb964e2da3ffdaa92189d4e3161cf31c4e72300378411b69d99ff1121ced6bf
 ARG CILIUM_RUNTIME_IMAGE=quay.io/cilium/cilium-runtime:98dea50d165d236ffd2c829196ab58df9326c495@sha256:5e307ffbdc5552dc3d6f94d7ba1e5afe6a22c19af765777f4ea48f0522baf147
-ARG CILIUM_ENVOY_IMAGE=quay.io/cilium/cilium-envoy:v1.27.2-6d609cf1559365fe9e8db5a7774a313f1861e143@sha256:90c280221e269952b0fe70c2e0c7fcafe7b51e713c8a4b60eb318c5d626f0553
+ARG CILIUM_ENVOY_IMAGE=quay.io/cilium/cilium-envoy:v1.27.2-4366a60cb693c38ab1917d924f5b1d26f1e58b1e@sha256:debc09c066c11a756234ba3482f301e20ca0f99fd7f4a41fe01e49ca2fa9c50a
 
 # cilium-envoy from github.com/cilium/proxy
 #

diff --git a/install/kubernetes/Makefile.values b/install/kubernetes/Makefile.values
@@ -41,8 +41,8 @@ export CILIUM_NODEINIT_REPO:=quay.io/cilium/startup-script
 export CILIUM_NODEINIT_VERSION:=62093c5c233ea914bfa26a10ba41f8780d9b737f
 
 export CILIUM_ENVOY_REPO:=quay.io/cilium/cilium-envoy
-export CILIUM_ENVOY_VERSION:=v1.27.2-6d609cf1559365fe9e8db5a7774a313f1861e143
-export CILIUM_ENVOY_DIGEST:=sha256:90c280221e269952b0fe70c2e0c7fcafe7b51e713c8a4b60eb318c5d626f0553
+export CILIUM_ENVOY_VERSION:=v1.27.2-4366a60cb693c38ab1917d924f5b1d26f1e58b1e
+export CILIUM_ENVOY_DIGEST:=sha256:debc09c066c11a756234ba3482f301e20ca0f99fd7f4a41fe01e49ca2fa9c50a
 
 export HUBBLE_UI_BACKEND_REPO:=quay.io/cilium/hubble-ui-backend
 export HUBBLE_UI_BACKEND_VERSION:=v0.12.1

diff --git a/install/kubernetes/cilium/README.md b/install/kubernetes/cilium/README.md
diff --git a/install/kubernetes/cilium/values.yaml b/install/kubernetes/cilium/values.yaml