-
Notifications
You must be signed in to change notification settings - Fork 2.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
v1.10 backports 2021-05-18 #16210
v1.10 backports 2021-05-18 #16210
Conversation
[ upstream commit 6522dfd ] Current logging has been implemented in #14878 using Warning level. As reported in #15935 this causes lots of log lines to be generated at each garbage collection cycle. The fix here is to move the log generation from Warning to Debug. Fixes: #15935 Signed-off-by: Youssef Azrak <yazrak.tech@gmail.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 3882893 ] Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit e75b46a ] Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit aaa7b8d ] We use a number of WaitXXX helper function to wait for pods to be deployed, policies to be enforced, service endpoints to be created, etc. The default frequency at which these functions check the expected output is 5s. So for namespace deletions and policy enforcements, we often wait 10s, because the output is not as expected after the first 5s check. This is unnecessary. We can instead check the output every 1s and shave off a few seconds every time we wait for something to happen (and we do that a lot!). Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 7387ca2 ] By parallelizing the verification of test cases, we save 5min. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 79e5351 ] We may spend a lot of time just waiting in these tests because the requests are sometimes expected to fail (in which case we wait for the timeout). Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 9e141aa ] For each of the host firewall test cases, we check both an allowed and a blocked request. We therefore spend a fair amount of time waiting for the timeout to occur on blocked requests. We can parallelize test cases to waste less time. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 15437e4 ] The statement to uninstall Cilium in K8sBandwidth/AfterAll doesn't match the statements to install it, meaning we could try to disable Cilium even though we never installed it. This commit fixes it. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit acab730 ] Signed-off-by: Ilya Dmitrichenko <errordeveloper@gmail.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 8aed9d9 ] It's currently possible to enable the no CT Iptables rules together with Iptables masquerading, which results in Iptables failing to masquerade traffic. With this commit, when this setup is detected, we return a fatal error. Fixes: #16046 Signed-off-by: Gilberto Bertin <gilberto@isovalent.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 5d5f5d2 ] Make use of the version 2 of AWS's instance metadata API which is recommended for security purposes. More info [here](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html) Fixes: #15520 Signed-off-by: Smaine Kahlouch <smainklh@gmail.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 107fb8f ] b2d2d69 ("docs: Add how to remove kube-proxy from existing clusters") added the howto for removing kube-proxy right into the middle of the kubeadm setup given right afterwards we talk about kubeadm join. Detangle this to make it more clear that both don't have anything to do with each other. Also add a warning to removing kube-proxy that this is disruptive. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit d5d0727 ] Given this details the various service types and our implementation, add this to further reading. Signed-off-by: Daniel Borkmann <daniel@iogearbox.net> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 465cac1 ] As pointed out in the code changes, it is expected to receive k8s events after custom-resource events as the propagation delay is often higher than CRs. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit e95a201 ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 30f3011 ] This will help users avoid running into issues during installation. It is possible that OpenShift will be updated to support this in the future. Source: https://docs.okd.io/latest/installing/installing_bare_metal/installing-bare-metal.html#machine-requirements_installing-bare-metal Signed-off-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit 8a2d2d3 ] This bash function is super close to being generically useful across different repositories, by allowing to check whether a commit is in any particular upstream (including hubble repos). Make it a bit more generic without changing the default args, that way we don't have to update any of the existing scripts. Signed-off-by: Joe Stringer <joe@cilium.io> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
[ upstream commit f3fed9a ] Wireguard keeps track of the traffic sent and receive for each peer. We print this information in `cilium debuginfo`. Because the agent failed to populate them the JSON response, the counters were always wrongly reported as zero. Signed-off-by: Sebastian Wicki <sebastian@isovalent.com> Signed-off-by: Jarno Rajahalme <jarno@isovalent.com>
test-backport-1.10 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for my commits
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for my changes.
test-1.16-netnext #16203 https://jenkins.cilium.io/job/Cilium-PR-K8s-1.16-net-next/545/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Checked all commits from external contributors 👍
test-1.18-4.9 needs further triage: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.18-kernel-4.9/1638/ |
test-runtime looks like arping issues are reappearing: #16221 https://jenkins.cilium.io/job/Cilium-PR-Runtime-4.9/4731/ |
test-1.19-5.4 needs further triage: https://jenkins.cilium.io/job/Cilium-PR-K8s-1.19-kernel-5.4/124/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
My commit looks good!
test-gke #16004 again: https://jenkins.cilium.io/job/Cilium-PR-K8s-GKE/5492/ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
👍 for my commit
cilium debuginfo
#16178 -- wireguard: Fix traffic counters incilium debuginfo
(@gandro)Once this PR is merged, you can update the PR labels via: