v1.15 Backports 2024-04-10 #31890
Merged
v1.15 Backports 2024-04-10 #31890
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
nbusseneau
added
kind/backports
nbusseneau
requested review from
brlbil,
tklauser,
xmulligan,
vipul-21,
sayboras,
julianwiedmann,
chancez,
qmonnet,
giorio94 and
nathanjsweet
nbusseneau
had a problem deploying
to
release-base-images
GitHub Actions
Failure
sayboras
approved these changes
Apr 10, 2024
I suppose you resolved the conflicts by regenerating the images? Sorry for the additional work, I should maybe have marked this one as By the way, this commit misses your own sign-off tag, can you fix it please? |
|
@qmonnet Yeah nah I actually intended to drop this one when I realized it was touching the images, but I messed up... will fix and remove from the PR, this is indeed one of the cases where manual backport is needed. |
nbusseneau
force-pushed
the
pr/v1.15-backport-2024-04-10-05-56
branch
from
3f94073
to
290a52d
Compare
Huh, so I'm just noticing now that my automation for adding |
[ upstream commit 3d95fbc ] Signed-off-by: Chance Zibolski <chance.zibolski@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
force-pushed
the
pr/v1.15-backport-2024-04-10-05-56
branch
from
290a52d
to
608ba9e
Compare
[ upstream commit 76867e2 ] Signed-off-by: Vipul Singh <vipul21sept@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit e22c108 ] This commit updates tested azure k8s versions according to supported versions Signed-off-by: Birol Bilgin <birol@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 4d05e9f ] This commit is to make sure that the processed item in pod deletion queue is removed by explicitly call Done() function as per suggestion in godoc[^1]. The impact of not having this change will be increasing of memory in cilium agent when the hubble metrics are enabled. This might take days (if not weeks) to observe in a normal Cilium deployment due to low number of Pod deletion events (i.e. in high churn environment, the memory will be increasing in a faster pace). Testing is done before and after the changes as per below. Sample workload to simulate high number of pod deletion events ```yaml apiVersion: batch/v1 kind: Job metadata: name: pod-churn-job spec: completions: 50000000 parallelism: 100 template: metadata: labels: app: pod-churn-job spec: containers: - name: churn-app image: sandeshkv92/highpodchurn:linux_amd64 restartPolicy: Never ``` Before this change, the cilium agent memory keeps increasing from 150MB to ~500MB in less than 3 hours, while with the same workload configured and this change, the memory is quite stable for a longer period (e.g. 5 hours). [^1]: https://pkg.go.dev/k8s.io/client-go@v0.29.3/util/workqueue#Type.Get Fixes: 782f934 Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 0a79dbd ] The new log format (e.g. text-ts) is added recently in the below commit, so we need to allow it in regex. Additionally, text-ts is used as the default value if not specified or invalid. Fixes: a099bf1 Signed-off-by: Tam Mach <tam.mach@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit ecf6ff1 ] This commit adds BackendSlot value to the Service6Key.String and Service4Key.String methods. This is to prevent the service key from being deleted when the backend endpoint is deleted. Fixes: #29580 Signed-off-by: xyz-li <hui0787411@163.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 09572e2 ] If os.OpenFile returns an error we shouldn't be writing to the returned os.(*File) instance which might be nil. Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 7aa2c74 ] Files opened using os.Open{,File} need to be closed manually using os.(*File).Close to avoid leaking os.(*File) instances and file descriptors. Signed-off-by: Tobias Klauser <tobias@cilium.io> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit d4ec036 ] Signed-off-by: Dean <22192242+saintdle@users.noreply.github.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 559eb5a ] Status was incorrectly reporting the number of generic leases twice, rather than generic and lock leases. Let's fix it. Fixes: c6eb358 ("etcd: switch lock session to lease manager") Signed-off-by: Marco Iorio <marco.iorio@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 20fbf45 ] Prior to the blamed commit we ignored any errors from the L4 port extraction, and so traffic that's not supported by CT (eg ESP) would be allowed through. Restore this behaviour by explicitly checking for DROP_CT_UNKNOWN_PROTO. Fixes: 76217a1 ("bpf: nat: Handle errors from snat_v(4|6)_prepare_state()") Reported-by: Paul Chaignon <paul.chaignon@gmail.com> Signed-off-by: Julian Wiedmann <jwi@isovalent.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 3847833 ] We are moving the governance docs out of the main Cilium repo and into the Cilium community repo. They are currently published in the community repo, and this commit will finish the move by deleting them from this main repo. Changes includes deleting the governance docs from this location and updating links to point to the governance docs in the new location. Fixes: cilium/community#78 Signed-off-by: Katie Struthers <99215338+katiestruthers@users.noreply.github.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 0976a1b ] The Hubble OTel repo is going to be archived so it should be removed from the roadmap Signed-off-by: Bill Mulligan <billmulligan516@gmail.com> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
[ upstream commit 9e89397 ] Descendants and Ancestors cannot share the same traversal method, because Descendants needs to be able to select at least one in-trie key-prefix match that may not be a full match for the argument key-prefix. The old traversal method worked for the Descendants method if there happened to be an exact match of the argument key-prefix in the trie. These new tests ensure that Descendants will still return a proper list of Descendants even if there is not an exact match in the trie. Signed-off-by: Nate Sweet <nathanjsweet@pm.me> Signed-off-by: Nicolas Busseneau <nicolas@isovalent.com>
nbusseneau
force-pushed
the
pr/v1.15-backport-2024-04-10-05-56
branch
from
608ba9e
to
f207601
Compare
|
Backport of #31227 introduces a change to the upgrade guide under |
|
/test-backport-1.15 |
|
@nbusseneau as I understand, it should only be a net addition of a new label for one metric, so should not impact existing usage of the metric. Furthermore I wouldn't expect a significant change in cardinality. |
|
@nbusseneau the addition of a label to the metric should not impact the existing usage of the metric. The changes of commit looks good. Thanks ! |
vipul-21
approved these changes
Apr 10, 2024
giorio94
approved these changes
Apr 10, 2024
julianwiedmann
approved these changes
Apr 10, 2024
chancez
approved these changes
Apr 10, 2024
nathanjsweet
approved these changes
Apr 10, 2024
rolinh
approved these changes
Apr 11, 2024
brlbil
approved these changes
Apr 11, 2024
tklauser
approved these changes
Apr 11, 2024
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
PRs skipped due to conflicts:
Once this PR is merged, a GitHub action will update the labels of these PRs: