-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.7 backports 2020-11-09 #13950
v1.7 backports 2020-11-09 #13950
Conversation
[ upstream commit 73be2c1 ] To check if images are published across all repositories the `check-docker-images.sh` script will be able to perform this check of a particular release. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
[ upstream commit 86e419e ] In cluster that have some high churn of pods being created and deleted with different security identities, garbage collecting 250 identities per minute might not be sufficient. Thus, we are increasing the default limit to 2500 identities per minute. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
[ upstream commit af95561 ] The security id lookup could return nil if the identity cache isn't initialized during endpoints restore time, resulting in a crash. Hence, add a nil check before populating log record values. Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
[ upstream commit 5923daf ] There are applications that when a DNS name resolves to multiple IPs, they will store the IPs and use them past their TTL point. For example: - name resolves to IP1,IP2 - app connects to IP1 - protocol error forces disconnect - app connects to IP2 This patch keeps the IPs that map to a name alive as long as one of the IPs for the given name is alive, so that applications like the one above will not fail. Signed-off-by: Kornilios Kourtis <kornilios@isovalent.com> Signed-off-by: Tobias Klauser <tklauser@distanz.ch>
test-backport-1.7 previous failure: https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-K8s/3678/, opened #13954 |
test-missed-k8s previous failure: https://jenkins.cilium.io/job/Cilium-PR-Ginkgo-Tests-K8s/3682/ #13552 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My change looks good.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
For my patch
test-missed-k8s |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM for my changes
$(QUIET)\ | ||
HUBBLE_PROXY_VERSION=$(HUBBLE_PROXY_VERSION) \ | ||
HUBBLE_UI_VERSION=$(HUBBLE_UI_VERSION) \ | ||
MANAGED_ETCD_VERSION=$(MANAGED_ETCD_VERSION) \ | ||
ETCD_VERSION=$(ETCD_VERSION) \ | ||
NODEINIT_VERSION=$(NODEINIT_VERSION) \ | ||
CERTGEN_VERSION=`echo $(CERTGEN_VERSION) | egrep -o '^.*@' | sed 's/@//'` \ | ||
../../contrib/release/check-docker-images.sh "v$(VERSION)" | ||
|
||
.phony: all check-docker-images clean update-versions |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not the same as #13892, the target is missing and half of the versions don't make sense for the v1.7 tree where there was no hubble ui, certgen, hubble proxy, etc.
operator/flags.go in v1.7. Fixed up manually
Once this PR is merged, you can update the PR labels via: