-
Notifications
You must be signed in to change notification settings - Fork 2.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.8 backports 2020-10-02 #13384
v1.8 backports 2020-10-02 #13384
Conversation
[ upstream commit 758539b ] Initial guide with results and some basic tuning options for users. Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com> Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: John Fastabend <john.fastabend@gmail.com> Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 5b68613 ] Added configuration options nodeSelector (deployments) and tolerations (daemonsets and deployments) for all the existing charts: - agent - hubble-relay - hubble-ui - managed-etcd - nodeinit - operator - preflight On the preflight one, I also simplified the tolerations with a single 'operator: Exists'. Other than that, the behaviour with default values should remain identical. Initially, my use case was to be able to avoid having the hubble-relay pods running on tainted nodes. I went forward with updating all the charts as I felt this could probably be useful for others. Signed-off-by: Maxime VISONNEAU <maxime.visonneau@gmail.com> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
42c7c9e
to
dc79d2c
Compare
test-me-please |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's still one documentation error:
Please fix the following documentation warnings:
/src/Documentation/operations/system_requirements.rst:170: WARNING: undefined label: bandwidth-manager (if the link has no caption the label must precede a section header)
Should be easy to fix with git rebase --exec "make render-docs" master
.
[ upstream commit deffa27 ] Because network namespace cookies are only available in v5.7+, on older kernels, all pods on a given node will be serviced by the same backend for a given service, for east-west traffic. Fixes: 864f2f9 ("docs: Update list of optional kernel requirements") Reported-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
dc79d2c
to
78fefca
Compare
@pchaigno I just deleted the line, sounds like "bandwidth manager" is a 1.9 feature... 🤔 |
@errordeveloper Yes, that's correct. |
@pchaigno for the rest, are you changes looking OK? I think most of them have applied cleanly. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My documentation changes look good. I checked the result by running make render-docs
rather than checking the code changes since there are a lot of code changes.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for my patches.
[ upstream commit 2371071 ] - Add multi-stream results - Add lower/higher is better labels - use (lat vs batch) and (tput vs batch) plots for TCP_RR - improve text Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 3179a47 ] It is reasonable to support encapsulation with enable-endpoint-routes. The existing code derived a new datapath mode when enable-endpoint-routes was enabled, which automatically disabled encapsulation. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 1ed8c87 ] Signed-off-by: Jed Salazar jed@isovalent.com Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 062c942 ] Signed-off-by: Jed Salazar jed@isovalent.com Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 57d3473 ] Rather then hardcoding the /sys/fs/bpf value in bugtool, use the `mountinfo` package (which exposes the information in /proc/self/mounts) to determine the correct mountpoint for the BPF filesystem. Fixes: #13218 Signed-off-by: Gilberto Bertin <gilberto@isovalent.com> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit b71cf0d ] Due to an extra `v` in the branch name, this script would fail with: $ ~/git/cilium/contrib/release/start-release.sh v1.6.12 128 fatal: 'origin/vv1.6' is not a commit and a branch 'pr/prepare-v1.6.12' cannot be created from it Signal ERR caught! Traceback (line function script): 62 main /home/joe/git/cilium/contrib/release/start-release.sh Fix it. While we're at it, update the instructions at the end for next steps, since there's also now a `submit-backport.sh` script to send the PR from the CLI. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 28b4c96 ] fsnotify Event.Op is a bit mask and testing for strict equality might not detect the event operation correctly. This patch make it so we check for fsnotify event operation consistently as documented at https://github.com/fsnotify/fsnotify. Signed-off-by: Alexandre Perrin <alex@kaworu.ch> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 7257d4a ] Since Cilium sets ownership references on pods, it needs permission to delete pods via finalizers and for that purpose it also needs permissions to set the finalizers on pods. This change is required for OpenShift, however it's based on the GC admission controller that was introduced in Kubernetes 1.5 (kubernetes/kubernetes#34829). Also add explicit permissions for finalizers on all CRs, to ensure that agent and operator can set finalizers on their own resources. Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit b769c64 ] Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit e4b3689 ] Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
[ upstream commit 55209b7 ] Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com>
78fefca
to
483c7d4
Compare
test-me-please |
test-gke |
test-k8s-1.19 |
test-backport-1.8 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for my patches, thanks!
retest-4.19 |
So I can see this in Jenkins:
It looks like an issue with local registry. @nebril can we ignore this for this 1.8 backport? |
@errordeveloper let's retest for both failed builds, just to be on the safe side (K8s-1.19-kernel-4.9 failed on provisioning). |
test-gke |
test-4.9 |
The builds that failed due to provisioning issues are not required for backport PRs (is it even expected that they fail?). All other builds are passing, so marking as |
Was too late, reviewed my backported commit. LGTM 👍 |
Labels updated. |
hubble: Support--since
requests in combination with follow-mode #13324 -- hubble: Support--since
requests in combination with follow-mode (@gandro)Once this PR is merged, you can update the PR labels via: