New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.14 Backports 2023-11-08 #29064
v1.14 Backports 2023-11-08 #29064
Conversation
/test-backport-1.14 |
3233363
to
ed2d25d
Compare
/test-backport-1.14 |
1 similar comment
/test-backport-1.14 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
One comment inline, which I missed during my previous review (and that might be worth addressing).
pkg/allocator/allocator.go
Outdated
@@ -579,7 +594,7 @@ func (a *Allocator) lockedAllocate(ctx context.Context, key AllocatorKey) (idpoo | |||
return 0, false, false, fmt.Errorf("Found master key after proceeding with new allocation for %s", k) | |||
} | |||
|
|||
err = a.backend.AllocateIDIfLocked(ctx, id, key, lock) | |||
key, err = a.backend.AllocateIDIfLocked(ctx, id, key, lock) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry, I missed this during my last review. When AllocateIDIfLocked
returns an error, the current implementation also returns a nil key. Which means that the error message below will be incorrect.
…RD mode [ upstream commit e39fcae ] In CRD mode, the Cilium agent uses CRD to create identities. After an identity is created, the agent acquires a reference for that key. This involves fetching the CRD from the local Kubernetes cache and checking for an annotation applied by cilium-operator to mark the identity for deletion. However, there may be a delay before the Cilium Identity is cached locally, leading to the 'Key allocation attempt failed' error. This patch ensures that we fallback to the newly allocated Cilium Identity if it's not found in the Kubernetes cache. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit df05754 ] We don't need to always DeepCopy Cilium Identity. We just need to perform that operation if we are going perform writes. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
[ upstream commit 3b2e1ad ] Renamed 'slave' to 'secondary' in the error messages that are presented to users. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: André Martins <andre@cilium.io>
ed2d25d
to
93ee0bf
Compare
/test-backport-1.14 |
Once this PR is merged, a GitHub action will update the labels of these PRs: