New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.9 backports 2021-03-12 #15331
v1.9 backports 2021-03-12 #15331
Conversation
@ti-mo could you take a close look at the backport of #15182 (azure: Add the correct JSON tag to GatewayIP field in CiliumNode CRD) please? I had to resolve some conflicts and I lack context about how |
test-backport-1.9 |
2f6c1b6
to
ebfd318
Compare
[ upstream commit a3fea6b ] AWS CNI 1.7.9 is fixed to be compatible with Cilium. Signed-off-by: Thomas Graf <thomas@cilium.io> Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
[ upstream commit 508b2de ] Previously, the CIDR comparison didn't take into account the CIDR mask. So, if IP didn't change, but the mask did, the comparison would have not detected the change. The result of it was that old routes could not be removed. Fixes: c7a83bf ("datapath/linux: New scalable routing layer via Linux datapath implementation") Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Martynas Pumputis <m@lambda.lt> Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
[ upstream commit 272c1fe ] Azure wants all IPConfigurations to have the same ApplicationSecurityGroups. So if the primary IPConfiguration is already assigned an ApplicationSecurityGroup, adding a new IPConfiguration without any ApplicationSecurityGroup fails. So we should populate ApplicationSecurityGroups field that is the same as ASG of other IPConfiguration. Signed-off-by: Anish Shah <anishshah@google.com> Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
@AnishShah thank you, I've dropped "azure: Add Gateway field to AzureInterface and deprecate GatewayIP field" from this PR, please take another look! /cc @aanm |
[ upstream commit b447fde ] Backporting note: replaced aws.ToString() by aws.StringValue(), see https://aws.github.io/aws-sdk-go-v2/docs/migrating/#pointer-parameters A VPC on EC2 can have secondary CIDRs which are routable within the VPC. Subnets which are used in Cilium's ENI IPAM mode might be derived from these secondary CIDRs, therefore we must also install routes for these secondary CIDRs. This commit ensures that we populate the `CiliumNode.Status.ENI.ENIS[].VPC.CIDRs` field with these secondary CIDRs if present. The IPAM code on the agent is already set up to install routes for these additional CIDRs [1], but since this field was never populated, the rules were also missing. Therefore, this fixes a bug where routes were missing in ENI IPAM mode, causing arbitrary connecitivty issues. With this commit, routes are only added for CIDRs which are present when the IP is allocated. A subsequent PR will add the functionality to update the routes dynamically in case CIDRs are added or removed from a VPC. [1] https://github.com/cilium/cilium/blob/2110b11c989fe7ef8c7d9c5510c53a55cdaaa54c/pkg/ipam/crd.go#L488 Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Alexandre Perrin <alex@kaworu.ch>
ebfd318
to
6d17d1d
Compare
@gandro this CI failure seems to be related to this patch. In From https://aws.github.io/aws-sdk-go-v2/docs/migrating/#pointer-parameters
So I just |
@kaworu Correct, the struct members in Can't provide any context on bindata generation, sorry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My commit looks good! Thanks for fixing!
@ti-mo thanks for taking a look, @AnishShah and @aanm both commented about #15182 so hopefully they can comment also on the bindata stuff. |
test-backport-1.9 |
I think we do check if the any changes in bindata dirties the repo. It is "Go-related checks / generate-api". But I'm not sure. |
test-backport-1.9 |
test-1.12-netnext |
@AnishShah FWIW I've checked and your statement is correct, thanks for the hint! cilium/.github/workflows/go-check.yaml Line 95 in 9fa8b2d
cilium/contrib/scripts/check-k8s-code-gen.sh Lines 16 to 27 in 9fa8b2d
Lines 422 to 426 in 9fa8b2d
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for my changes, thanks.
Skipped:
RequireRouting
disable.Once this PR is merged, you can update the PR labels via: