v1.14 Backports 2023-07-14 #26838
Merged
v1.14 Backports 2023-07-14 #26838
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
aanm
added
kind/backports
tklauser
approved these changes
Jul 14, 2023
[ upstream commit 2e9b20f ] Updating the list of exceptions for spellchecking each time we add a Helm value is painfull, and hardly useful at all. It's trivial to mark these strings as ignored to the spell-checker when building the reference, so let's just do that. Signed-off-by: Quentin Monnet <quentin@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit e846b71 ] We have accumulated a number of words in the spelling list over time, and some of them are no longer necessary (especially now that we ignore Helm value names from the Helm reference). Let's trim down the list. The following process was applied: 1. Empty the list of spelling exceptions 2. Run 'make html' to get the command to add missing words (update-spelling_wordlist.sh) 3. Run that command to add all words 4. Remove all entries starting with an upper case from the list, as some of them are unnecessary given that they have a corresponding lowercase entry (which is case-insensitive) 5. Re-run 'make html' to get the command to add the exceptions that are still missing 6. Run that command 7. Manually edit the file to make sure we don't change/add existing entries (no Git addition) 8. Re-add names of contributors that are recognised locally, but that CI fails to recognise because it doesn't have the Git history Signed-off-by: Quentin Monnet <quentin@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
…cation [ upstream commit b9ec2aa ] Go 1.20.6 added a security fix [1] which leads to stricter sanitization of the HTTP host header in the net/http client. Cilium's pkg/client currently sets the Host header to the UDS path (e.g. /var/run/cilium/cilium.sock), however the slashes in that Host header now lead net/http to reject it. RFC 7230, Section 5.4 states [2]: > If the authority component is missing or undefined for the target URI, > then a client MUST send a Host header field with an empty field-value. The authority component is undefined for the unix:// scheme. Thus, the correct value to use would be the empty string. However, this does not work due to OpenAPI runtime using the same value for the URL's host and the http client's host header. Thus, use a dummy value "localhost". [1] https://go.dev/issue/60374 [2] https://datatracker.ietf.org/doc/html/rfc7230#section-5.4 Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit ce9d4b9 ] jobs.<job>.env.job_name should be the same as the job name. Thus, adding the field 'name' to the job will make sure that connectivity tests junit test results are stored in bigquery for lookerstudio visualization. Fixes: 12d7643 ("ci/workflows: add junit reports upload") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 881c250 ] Signed-off-by: Leonard Cohnen <lc@edgeless.systems> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 39a9def ] The limitation on the number of nodes in the cluster when using IPsec applies to clustermeshes as well and is the total number of nodes. This limitation arises from the use of the node IDs, which are encoded on 16-bits. Signed-off-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit b531292 ] DumpReliablyWithCallback will skip a value callback in some situations. This may result in incorrect cilium map dumps or garbage collection. In situations where the initial key is deleted just after being retrieved, there is no previous key to fallback on. The reliable dump will attempt to use the current nextKey (that was based on the deleted current key). The local currentKey and nextKey Key types are being passed to NextKey which eventually writes the nextKey output to the nextKeys pointer location (via the bpf syscall). The currentValue was simply being assinged by the equals operator, which was copying the underlying interface pointer. Thus in this situation, the next iteration attempt was passing the same pointer twice to NextKey causing the currentKey to be set to the next key a second time - skipping a map element. Fixes #26491 Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 6acedee ] This test is an improvement on the previous TestDumpReliablyWithCallback test. The goal of this one is to provide more robust testing of the reliable dump mechanism. Specifically, it does the following: 1. Creates a map with a small number of entries, populate it with [1, maxEntries) 2. Start a goroutine that continuously dumps the map and checks that the dump contains all odd elements in the range [1, maxEntries). 3. At the same time, start another goroutine that continuously deletes and re-adds even elements in the map. The motivation here is to provide a test that better catches regressions in code that is inherently prone to race-condition. This creates a situation where we have interleaved updates and dumps, we're interested in ensuring that each dump contains all odd elements in the range [1, maxEntries). This will catch bugs and regressions related where elements are skipped in the dump. For example, while running this without the fix: 74f71841e9c037ddd10bedc3128f3b28cb023597 this will fail a majority of the time. Following this fix, this test should always pass. This was tested locally by running this several times with a million iterations - both with the fix and without. For practical purposes we will lower the number of iterations to 1000 to avoid slowing down the test suite too much. Signed-off-by: Tom Hadlaw <tom.hadlaw@isovalent.com> Signed-off-by: André Martins <andre@cilium.io>
aanm
force-pushed
the
pr/v1.14-backport-2023-07-14
branch
from
b0e54ca
to
11eae50
Compare
|
/test-backport-1.14 |
aanm
added
the
release-blocker/1.14
joestringer
approved these changes
Jul 17, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Once this PR is merged, you can update the PR labels via:
or with