v1.9 backports 2020-12-08 #14308
Merged
v1.9 backports 2020-12-08 #14308
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
fristonio
added
backport/1.9
kind/backports
fristonio
force-pushed
the
pr/v1.9-backport-2020-12-08
branch
from
16caa66
to
f66f8f5
Compare
fristonio
requested review from
joestringer,
borkmann,
errordeveloper and
gandro
maintainer-s-little-helper
bot
assigned borkmann, errordeveloper, gandro and joestringer and unassigned errordeveloper
joestringer
approved these changes
Dec 8, 2020
fristonio
force-pushed
the
pr/v1.9-backport-2020-12-08
branch
from
f66f8f5
to
eba1154
Compare
|
test-backport-1.9 |
[ upstream commit c05e2fa ] The difference between using toRequires+toEndpoints vs. toEndpoints+toEndpoints (i.e., first is logical AND of the rules whereas second is OR) is not particularly obvious when first reading the toRequires documentation. This commit attempts to clarify this difference by completing the fromRequires example with a fromEndpoints policy. Suggested-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
[ upstream commit f15af5e ] Pip 20.3 introduced a new dependency resolver[[0]] which silently reinterprets our current requirements file in a different way to resolve the dependencies, which results the build being broken. On non-aarch64 systems, there are two requirements that satisfy the sphinx-rtd-theme package: * One provided by our own theme repository[[1]] which has nice consistent theming for the website, and * One provided by the upstream sphinx-rtd-theme package. Prior to pip 20.3, the default resolver was able to resolve this conflict to favour our custom theme, which is the one we intend to use in most cases. Unfortunately, with the new resolver, this conflict is resolved the other way. As far as I can tell, there is no "strict" mode to prescribe that pip should resolve conflicts first and fail out if the requirements are ambiguous. Instead, pip silently resolves this conflict and we do not find out that there was ambiguity until later in the process. In addition, on readthedocs.org, new versions of pip are automatically pulled upon each new docs build, which meant that from one day to the next, a previously successful build began to consistently fail with weird errors that imply a problem with the dependency but don't explain why the problem was introduced without changes to code in our build system: Theme error: no theme named 'sphinx_rtd_theme_cilium' found (missing theme.conf?) make[1]: *** [Makefile:48: html] Error 2 make: *** [Makefile:552: test-docs] Error 2 Fix the issue by disambiguating the theme dependency. [0]: http://pyfound.blogspot.com/2020/11/pip-20-3-new-resolver.html [1]: https://github.com/cilium/sphinx_rtd_theme Fixes: #14252 Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
[ upstream commit 7c616b6 ] Commit c29b3ac ("ugrade-guide: add example") added an example, but didn't update the existing values example to match it which was slightly confusing. Clarify the values.yaml example to make the options the same. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
[ upstream commit 0e3dfc6 ] Previously, tunnel and ipam key were set twice if gke.enabled was set true. This commit adds a check around tunnel key, so as to ensure that it is set only once according to the value of .Values.gke.enabled . To deduplicate ipam key, we are removing it from the code block that sets the keys if gke is enabled. This makes sure that ipam key is set only once in cilium-configmap.yaml, and requires users to explicitly set ipam using ipam.mode, if they wish to set it to something other than 'cluster-pool'. Fixes: #13999 Signed-off-by: Pranavi Roy <pranavi@accuknox.com> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
[ upstream commit bc126ef ] This commit fixes the preflight check on GKE which currently conflicts with the resource quotas that may be present from an already installed Cilium version: ``` Error: rendered manifests contain a resource that already exists. Unable to continue with install: existing resource conflict: kind: ResourceQuota, namespace: cilium, name: cilium-resource-quota ``` Fixes: 14ff743 ("gke: add resource quotas for Cilium namespace") Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
[ upstream commit 81afb1c ] This brings back the GetRealizedPolicyRuleLabelsForKey helper which is used by external client code and was accidentally removed as unused. This commit also extends the Hubble unit tests to invoke it, to avoid another accidental removal. Fixes: 0ba1967 ("pkg/endpoint: remove unused functions") Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Deepesh Pathak <deepshpathak@gmail.com>
fristonio
force-pushed
the
pr/v1.9-backport-2020-12-08
branch
from
eba1154
to
bf9b3a4
Compare
|
test-backport-1.9 |
|
retest-runtime |
|
retest-gke |
joestringer
added
the
ready-to-merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Edit:
Dropped due to verifier complexity issues:
Once this PR is merged, you can update the PR labels via: