v1.10 backports 2021-06-01 #16384
Merged
v1.10 backports 2021-06-01 #16384
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
qmonnet
added
backport/1.10
kind/backports
ungureanuvladvictor
approved these changes
Jun 1, 2021
christarazi
approved these changes
Jun 1, 2021
michi-covalent
approved these changes
Jun 1, 2021
|
test-backport-1.10 |
gandro
approved these changes
Jun 2, 2021
pchaigno
added
the
ready-to-merge
|
Does everyone need to approve their commits in such backport pr's ? |
@h3llix Good question. It's best if all authors review, but we typically only make sure that backported commits that had conflicts are reviewed. The other commits typically matter a bit less (though that doesn't mean they can't break something). I'm not sure the backporting documentation makes that clear. If it's not the case, we should update it. |
nathanjsweet
added
the
dont-merge/needs-rebase
qmonnet
removed
the
ready-to-merge
qmonnet
force-pushed
the
pr/v1.10-backport-2021-06-01
branch
from
1e789d0
to
6db5355
Compare
qmonnet
removed
the
dont-merge/needs-rebase
|
I simply rebased on top of de53e80. No change to backported commits. |
|
test-backport-1.10 |
|
I'm seeing a lot of failures for k8s1.17-kernel-4.9 |
|
Right, there are some flakes:
As for |
[ upstream commit 415c624 ] Remove request headers from response access logs, except for 'x-request-id', which is retained for request/response correlation purposes. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit e6ae6fb ] The logic to ignore errors is inverted and the errors are still being printed as warnings. This commit inverts the logic so that only relevant warnings are printed. Fixes: 0ab4fa1 ("pkg/k8s: ignore certain ipcache errors") Fixes: 465cac1 ("pkg/k8s: ignore overwrite source "custom-resource" with "k8s" errors") Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 1e5f74d ] Regeneration logic fails if waiting-for-identity changes to ready state in a scenario like this: builder: ready -> waiting-to-regenerate .. label change etc: waiting-to-regenerate -> waiting-for-identity .. labels resolved: waiting-for-identity -> ready .. builder: (ready) -> regenerating (FAILS as this is not expected) Resolve this by giving precedence to the waiting-to-regenerate state over the waiting-for-identity state. Compensate for possibly blocking this state change in Cilium endpoint PATCH API. Signed-off-by: Jarno Rajahalme <jarno@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit f937df7 ] This commit is a partial revert of 72e6238 ("loader: Remove program and route when disable endpoint routes"). Commit 72e6238 started removing existing endpoint routes when enable-endpoint-routes is disabled in the agent. In chaining mode however, if Cilium isn't the primary CNI, it isn't responsible for the endpoint's networking. In that case, the primary CNI may install and rely on those endpoint routes and we shouldn't remove them. This commit reverts the removal of endpoint routes. We'll provide a proper solution to remove only endpoint routes Cilium "owns" in a subsequent commit. Fixes: 72e6238 ("loader: Remove program and route when disable endpoint routes") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 320ea0d ] This commit partially reverts commit a9ecab1. Disabling endpoint routes in an existing cluster is not supported for now. We first need to find a way to properly remove the endpoint routes (see previous commit) before we can support this. We keep the override of endpoint datapath config. for the host endpoint as otherwise host firewall test will error due to a failure to load bpf_host. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit db93de5 ] We need to deploy pods after Cilium is installed or they may receive the datapath corresponding to a previous Cilium installation. Fixes: 37f6192 ("test: add CI test for tail calls hooks for custom programs") Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 8da8b88 ] Commit 0875453 ("endpoint: Refactor init of EndpointDatapathConfiguration") leads to .RequireEgressProg being overwritten on endpoint creation. That in turns breaks reverse NAT when running in chaining mode [1]. This commit is a partial revert of commit 0875453, keeping only a helper function. 1 - https://github.com/cilium/cilium/blob/v1.10.0/plugins/cilium-cni/chaining/generic-veth/generic-veth.go#L165 Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 8e1ef9c ] The curl URL fails if the sha256 is no longer part of the tag. Running with `docker buildx imagetools inspect` it is possible to verify if an image digest exists regardless even if no longer belongs to a tag. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 943f792 ] github.com/Azure/azure-sdk-for-go/services/compute -> 2021-03-01 github.com/Azure/azure-sdk-for-go/services/network -> 2020-11-01 [ backport note: Update azure vendor from v50.0.0+incompatible instead of v50.2.0+incompatible as for master branch. ] Signed-off-by: Vlad Ungureanu <vladu@palantir.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 34424b0 ] This commit swaps the creation of Azure service clients to use the Azure Resource Manager baseURI which points to the right Azure cloud extracted from the environment. Signed-off-by: Vlad Ungureanu <vladu@palantir.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 2a356d9 ] Documentation changes should be backported "as far as they go" on the supported branches, so that users can get relevant information from the documentation branch associated to the software version they run. Document this as part as the criteria for backports. Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 6a3e846 ] The goal of the test is to check if curl to a clusterIP svc endpoint is redirected to both the backends when the original svc entry is restored upon LRP removal. However, the current test logic expects the same backend should be selected for all the pod clients simultaneously, and this can lengthen test duration. This doesn't seem right since backend selection is not exactly deterministic. More importantly, we only need both backends to be selected at least once for all the client pods. Flip the order in which we loop over backends and client pods. Loop over client pods first, and then make curl calls until we hit both the backends on each of the client pods. This way we can potentially avoid making some of the curl duplicate calls by not having to synchronize what backends VIP calls are redirected to across multiple nodes. Signed-off-by: Aditi Ghag <aditi@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 689a725 ] In commit ba737f3 (".github: Parallelize cleanup of multicluster setup"), I missed that gcloud can also take an --async flag to not wait for the actual cluster deletion to happen and return immediately (similarly to AKS' --no-wait). This commit therefore reverts ba737f3 (".github: Parallelize cleanup of multicluster setup") and makes use of --async instead. Signed-off-by: Paul Chaignon <paul@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit c573ff8 ] Fixes:cilium#16008 Signed-off-by: Gaurav Genani <h3llix.pvt@gmail.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit ff9be87 ] We have the equivalent for minikube. Signed-off-by: Chris Tarazi <chris@isovalent.com> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit c97f353 ] Replaced some dead links with alive ones. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 38f0af9 ] Add prefix accordingly their main usage. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 948bb90 ] [ backport note: Update action in documentation.yaml from actions/checkout@v1 instead of actions/checkout@v2 as for master branch. ] Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
[ upstream commit 42a370b ] Refactored this GH action and remove unnecessary triggers for it. Signed-off-by: André Martins <andre@cilium.io> Signed-off-by: Quentin Monnet <quentin@isovalent.com>
qmonnet
force-pushed
the
pr/v1.10-backport-2021-06-01
branch
from
6db5355
to
c447f76
Compare
|
New conflict, new rebase. |
|
test-backport-1.10 |
|
Some failures again, but all identifiable as documented flakes.
|
nathanjsweet
added
the
ready-to-merge
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
First commit: Update azure vendor from
v50.0.0+incompatibleinstead ofv50.2.0+incompatibleas for master branch.Second commit: Update action in documentation.yaml from
actions/checkout@v1instead ofactions/checkout@v2as for master branch.Skipped:
(Will be reverted in Minikube guide updates #16346; Label was removed from PR accordingly.)
Once this PR is merged, you can update the PR labels via: