New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.14 Backports 2024-02-08 #30680
v1.14 Backports 2024-02-08 #30680
Conversation
[ upstream commit b09561c ] The only functions left in egress_policies.h are SRv6 related. Let's rename this to 'srv6.h' and update references to the old file name. Signed-off-by: ldelossa <louis.delos@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2de0fea ] Include a trace reason for SRv6 encapsulation and decapsulation. This greatly improves the debugging process, indicating whether SRv6 VPN related packets are processed by our datapath. Signed-off-by: ldelossa <louis.delos@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit a6bfb79 ] Consider encap/decap as egress/ingress (respectively) and both as unknown reply ct status. Signed-off-by: Alexandre Perrin <alex@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit ed26b07 ] AWS SDK now returns a dedicated error code to indicate the scenario where a subnet is out of capacity for /28 prefixes. This commit updates the fallback logic. The existing fallback logic does not work anymore since the code changed from InvalidParameterValue to InsufficientCidrBlocks Reported-by: Benjamin Pineau <benjamin.pineau@datadoghq.com> Signed-off-by: Hemanth Malla <hemanth.malla@datadoghq.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit bde37df ] Like in other GitHub actions workflows triggered by Ariane, mention the trigger phrase in the workflow name. Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2823114 ] ci-verifier uses the lvh complexity-test image, not the kind image. Adjust the dependency accordingly. Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit bd67597 ] b20038e ("gha: explicilty specify beefier runner type for clustermesh workflows") explicitly configured beefier runners for clustermesh workflows, as they require more power to host two multi-node kind clusters. However, this change turned out to have unexpected billing consequences, even though GitHub recently upgraded [1] the default runners for OSS projects to 4 vCPU and 16GiB of RAM (the same specs of the runner which had been configured). Hence, let's revert this change, and instead make the runner type configurable through an environment variable. This will also make it easier to change the runner type in the future, if needed. [1]: https://github.blog/2024-01-17-github-hosted-runners-double-the-power-for-open-source/ Fixes: b20038e ("gha: explicilty specify beefier runner type for clustermesh workflows") Suggested-by: André Martins <andre@cilium.io> Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 2c29d8f ] Currently, cloud regions for schedule tests are all over the world. The observation is tests in or close to us regions takes significatly less time than other regions. This causes some of tests being canceled due to timeouts. This commit changes regions to only US or closest regions. Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 92c2641 ] Signed-off-by: chaunceyjiang <chaunceyjiang@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
808febc
to
13d3a5e
Compare
/test-backport-1.14 |
13d3a5e
to
19f2e8f
Compare
[ upstream commit a1089a7 ] [ backporter's notes: we keep masquerade set to false on upgrade tests for 1.14 due to limitations outlined in #14350. However we still backport the rest of the changes as regular non-upgrade tests still benefit from it. ] Currently, BPF masquerade was always disabled in the clustermesh E2E tests due to unintended interactions with Docker iptables rules breaking DNS resolution [1]. Instead, let's explicitly configure external upstream DNS servers for coredns, so that we can also enable this feature when KPR is enabled. While being there, let's also make the KPR setting explicit, instead of relying on the Cilium CLI configuration (which is based on whether the kube-proxy daemonset is present or not). [1]: #23283 Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 51b3076 ] Signed-off-by: gailsuccess <157372272+gailsuccess@users.noreply.github.com>
19f2e8f
to
ddea402
Compare
/test-backport-1.14 |
The expected All testing has passed, awaiting for reviews now. |
This should be ready to merge as soon as reviews are in. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks, looks good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for #30525
Once this PR is merged, a GitHub action will update the labels of these PRs: