Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

v1.9 backports 2021-03-12 #15331

Merged
merged 5 commits into from Mar 22, 2021
Merged

v1.9 backports 2021-03-12 #15331

merged 5 commits into from Mar 22, 2021

Conversation

kaworu
Copy link
Member

@kaworu kaworu commented Mar 12, 2021
edited

Skipped:

Once this PR is merged, you can update the PR labels via:

$ for pr in 15182 15304 15263 15194 15303; do contrib/backporting/set-labels.py $pr done 1.9; done

@AnishShah @kaworu
azure: Add the correct JSON tag to GatewayIP field in CiliumNode CRD
f396753 
[ upstream commit ba06970 ]

The incorrect JSON tag "-" was added to GatewayIP field in commit 8de6dc5
that was causing GatewayIP field to not get populated in CiliumNode CRD.

Signed-off-by: Anish Shah <anishshah@google.com>
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@kaworu kaworu requested a review from a team as a code owner March 12, 2021 11:23
@kaworu kaworu added backport/1.9 kind/backports This PR provides functionality previously merged into master. labels Mar 12, 2021
@kaworu kaworu requested review from brb, gandro and tgraf March 12, 2021 11:25
@maintainer-s-little-helper maintainer-s-little-helper bot assigned brb, gandro and tgraf and unassigned brb Mar 12, 2021
@kaworu kaworu requested a review from ti-mo March 12, 2021 11:26
@kaworu
Copy link
Member Author

kaworu commented Mar 12, 2021

@ti-mo could you take a close look at the backport of #15182 (azure: Add the correct JSON tag to GatewayIP field in CiliumNode CRD) please?

I had to resolve some conflicts and I lack context about how pkg/k8s/apis/cilium.io/v2/client/bindata.go is generated. Specifically: does it matter that the vmssName member of AzureInterface is named differently between v1.9 (VMSSName) and master (vmssName) or is it only a public/private scope change without impact?

@kaworu
Copy link
Member Author

kaworu commented Mar 12, 2021

test-backport-1.9

@AnishShah
Copy link
Contributor

AnishShah commented Mar 12, 2021
edited

The second commit of #15182 doesn't need backport I think. @aanm

@aanm
Copy link
Member

aanm commented Mar 12, 2021

The wedding commit of #15182 doesn't need backport I think. @aanm

If you mean the one with the tittle "azure: Add Gateway field to AzureInterface and deprecate GatewayIP field" I agree, we need to drop that one.

@kaworu kaworu force-pushed the pr/v1.9-backport-2021-03-12 branch from 2f6c1b6 to ebfd318 Compare March 15, 2021 08:50
tgraf and others added 3 commits March 15, 2021 09:50
@tgraf @kaworu
doc: Document minimal version of AWS CNI in chaining mode
4f704b3 
[ upstream commit a3fea6b ]

AWS CNI 1.7.9 is fixed to be compatible with Cilium.

Signed-off-by: Thomas Graf <thomas@cilium.io>
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@brb @kaworu
node: Fix CIDR comparison when updating routes
a1a0796 
[ upstream commit 508b2de ]

Previously, the CIDR comparison didn't take into account the CIDR mask.
So, if IP didn't change, but the mask did, the comparison would have not
detected the change. The result of it was that old routes could not be
removed.

Fixes: c7a83bf ("datapath/linux: New scalable routing layer via Linux datapath implementation")
Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Signed-off-by: Martynas Pumputis <m@lambda.lt>
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@AnishShah @kaworu
azure: populate ApplicationSecurityGroups field in the new IPConfigs
482a159 
[ upstream commit 272c1fe ]

Azure wants all IPConfigurations to have the same
ApplicationSecurityGroups. So if the primary IPConfiguration is already
assigned an ApplicationSecurityGroup, adding a new IPConfiguration
without any ApplicationSecurityGroup fails. So we should populate
ApplicationSecurityGroups field that is the same as ASG of other
IPConfiguration.

Signed-off-by: Anish Shah <anishshah@google.com>
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@kaworu
Copy link
Member Author

kaworu commented Mar 15, 2021

@AnishShah thank you, I've dropped "azure: Add Gateway field to AzureInterface and deprecate GatewayIP field" from this PR, please take another look!

/cc @aanm

@gandro @kaworu
ipam: Fix ENI routing for secondary CIDRs
6d17d1d 
[ upstream commit b447fde ]

Backporting note: replaced aws.ToString() by aws.StringValue(), see
https://aws.github.io/aws-sdk-go-v2/docs/migrating/#pointer-parameters

A VPC on EC2 can have secondary CIDRs which are routable within the VPC.
Subnets which are used in Cilium's ENI IPAM mode might be derived from
these secondary CIDRs, therefore we must also install routes for these
secondary CIDRs.

This commit ensures that we populate the
`CiliumNode.Status.ENI.ENIS[].VPC.CIDRs` field with these secondary
CIDRs if present. The IPAM code on the agent is already set up to
install routes for these additional CIDRs [1], but since this field was
never populated, the rules were also missing. Therefore, this fixes a
bug where routes were missing in ENI IPAM mode, causing arbitrary
connecitivty issues.

With this commit, routes are only added for CIDRs which are present when
the IP is allocated. A subsequent PR will add the functionality to
update the routes dynamically in case CIDRs are added or removed from a
VPC.

[1] https://github.com/cilium/cilium/blob/2110b11c989fe7ef8c7d9c5510c53a55cdaaa54c/pkg/ipam/crd.go#L488

Signed-off-by: Sebastian Wicki <sebastian@isovalent.com>
Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@kaworu kaworu force-pushed the pr/v1.9-backport-2021-03-12 branch from ebfd318 to 6d17d1d Compare March 15, 2021 09:10
@kaworu
Copy link
Member Author

kaworu commented Mar 15, 2021

@gandro this CI failure seems to be related to this patch. In v1.9 we have aws-sdk-go-v2@v0.24.0 vs aws-sdk-go-v2@v1.2.0
 in master.

From https://aws.github.io/aws-sdk-go-v2/docs/migrating/#pointer-parameters

When upgrading your application from AWS SDK for Go V1 to AWS SDK for Go V2, you must migrate usage of the helpers for converting from the pointer types to the non-pointer variants. For example, aws.StringValue must be updated to aws.ToString.

So I just s/ToString/StringValue/, please take a look.

@ti-mo
Copy link
Contributor

ti-mo commented Mar 15, 2021

@kaworu Correct, the struct members in azure/types/types.go were lowercased in 7cd51b6. Looks like we could backport that change as well, but might be safer to hold off since it's relatively cross-cutting.

Can't provide any context on bindata generation, sorry. ☹️ Do we generate bindata in CI and check if it dirties the repo?

gandro
gandro approved these changes Mar 15, 2021
View reviewed changes
Copy link
Member

@gandro gandro left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

My commit looks good! Thanks for fixing!

@kaworu
Copy link
Member Author

kaworu commented Mar 15, 2021

@ti-mo thanks for taking a look, @AnishShah and @aanm both commented about #15182 so hopefully they can comment also on the bindata stuff.

@kaworu
Copy link
Member Author

kaworu commented Mar 15, 2021

test-backport-1.9

@kaworu kaworu mentioned this pull request Mar 15, 2021
Merged
@AnishShah
Copy link
Contributor

I think we do check if the any changes in bindata dirties the repo. It is "Go-related checks / generate-api". But I'm not sure.

@kaworu
Copy link
Member Author

kaworu commented Mar 16, 2021

test-backport-1.9

@kaworu
Copy link
Member Author

kaworu commented Mar 19, 2021

test-1.12-netnext

@kaworu
Copy link
Member Author

kaworu commented Mar 19, 2021
edited

I think we do check if the any changes in bindata dirties the repo. It is "Go-related checks / generate-api". But I'm not sure.

@AnishShah FWIW I've checked and your statement is correct, thanks for the hint!

cilium/.github/workflows/go-check.yaml

Line 95 in 9fa8b2d

contrib/scripts/check-k8s-code-gen.sh

cilium/contrib/scripts/check-k8s-code-gen.sh

Lines 16 to 27 in 9fa8b2d

# Generate all files
make generate-k8s-api manifests go-bindata
# Check for diff
diff="$(git diff)"
if [ -n "$diff" ]; then
echo "Ungenerated deepcopy source code:"
echo "$diff"
echo "Please run make generate-k8s-api and submit your changes"
exit 1
fi

cilium/Makefile

Lines 422 to 426 in 9fa8b2d

go-bindata: $(K8S_CRD_FILES)
@$(ECHO_GEN) $@
cd "./vendor/github.com/go-bindata/go-bindata/v3/go-bindata" && \
$(GO_BINDATA) -o $(ROOT_DIR)/pkg/k8s/apis/cilium.io/v2/client/bindata.go \
$(K8S_CRD_FILES)

brb
brb approved these changes Mar 22, 2021
View reviewed changes
Copy link
Member

@brb brb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 for my changes, thanks.

@maintainer-s-little-helper maintainer-s-little-helper bot added the ready-to-merge This PR has passed all tests and received consensus from code owners to merge. label Mar 22, 2021
@nebril nebril merged commit 668aed7 into cilium:v1.9 Mar 22, 2021
@kaworu kaworu deleted the pr/v1.9-backport-2021-03-12 branch March 22, 2021 16:18
@joestringer joestringer mentioned this pull request Apr 20, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@gandro gandro gandro approved these changes

@brb brb brb approved these changes

@tgraf tgraf tgraf approved these changes

@ti-mo ti-mo ti-mo approved these changes

@jrajahalme jrajahalme jrajahalme approved these changes

Assignees

@brb brb

Labels
kind/backports This PR provides functionality previously merged into master. ready-to-merge This PR has passed all tests and received consensus from code owners to merge.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
9 participants
@kaworu @AnishShah @aanm @ti-mo @gandro @brb @tgraf @jrajahalme @nebril