-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.13: CI: Conformance E2E: egress-gateway test fails with "Failed to get identity labels for endpoint, skipping update to egress policy." #31174
Comments
Hmm, looks like it is missing from the map on the first agent pod (i.e.
update Hmm, it's also in the ipcache:
But there's an identity label update happening at almost the exact same time, perhaps a race condition between the egress-gateway plumbing and updating the ipcache/identities?
|
Looking at: https://github.com/cilium/cilium/blob/v1.13/pkg/egressgateway/manager.go#L197 I'm wondering what would prevent a potential race where the remote identity is inserted locally following the endpoint, thus creating a situation where the identity lookup fails when reconciling egressgateway. (I looked at both v1.13 and main, the codes changed a lot since 1.13 however the same question remains). @julianwiedmann @joestringer any ideas? |
If there is indeed potential for a race condition, it seems like we'd see what we saw in this test, a failed reconciliation of egress gateway map data. |
Sounds like what was fixed with #26457, and not backported to v1.13. It's awfully late to now fix this in v1.13, but not much to be done if CI is hitting it :/. |
This issue has been automatically marked as stale because it has not |
This issue has not seen any activity since it was marked stale. |
CI failure
https://github.com/cilium/cilium/actions/runs/8153579410/job/22285262328#step:13:178
sysdump: too big
...
The text was updated successfully, but these errors were encountered: